fix: esp: prioriy for esp policy

VERSION

@@ -1 +1 @@
-5.10.5
+5.10.6

core/version.h

@@ -10,8 +10,8 @@
 #ifndef OPENUDP_VERSION_H
 #define OPENUDP_VERSION_H 1
 
-#define CORE_PACKAGE_STRING  "opencore 5.10.5"
-#define CORE_PACKAGE_VERSION "5.10.5"
+#define CORE_PACKAGE_STRING  "opencore 5.10.6"
+#define CORE_PACKAGE_VERSION "5.10.6"
 
 #define CORE_LIB_VERSION     0
 #define CORE_LIB_REVISION    0

pkg/config/esp.go

@@ -89,8 +89,16 @@ func (s *EspState) Correct(obj *EspState) {
 }
 
 type ESPPolicy struct {
-	Source string `json:"source,omitempty"`
-	Dest   string `json:"destination,omitempty"`
+	Source   string `json:"source,omitempty"`
+	Dest     string `json:"destination,omitempty"`
+	Priority int    `json:"priority"`
+}
+
+func (p *ESPPolicy) Correct() {
+	if p.Source == "" {
+		p.Source = "0.0.0.0/0"
+	}
+	p.Priority = 128 - libol.GetPrefixLen(p.Dest)
 }
 
 type ESPMember struct {
@@ -120,19 +128,18 @@ func (m *ESPMember) Correct(state *EspState) {
 	}
 	found := -1
 	for index, pol := range m.Policies {
-		if pol.Source == "" {
-			pol.Source = "0.0.0.0/0"
-		}
+		pol.Correct()
 		if pol.Dest != m.Peer {
 			continue
 		}
 		found = index
 	}
 	if found < 0 {
-		m.Policies = append(m.Policies, &ESPPolicy{
-			Source: "0.0.0.0/0",
-			Dest:   m.Peer,
-		})
+		pol := &ESPPolicy{
+			Dest: m.Peer,
+		}
+		pol.Correct()
+		m.Policies = append(m.Policies, pol)
 	}
 }
 
@@ -147,6 +154,7 @@ func (m *ESPMember) AddPolicy(obj *ESPPolicy) {
 		break
 	}
 	if found < 0 {
+		obj.Correct()
 		m.Policies = append(m.Policies, obj)
 	}
 }

pkg/libol/utils.go

@@ -257,6 +257,15 @@ func ParseAddr(addr string) net.IP {
 	return net.ParseIP(ip)
 }
 
+func GetPrefixLen(addr string) int {
+	values := strings.SplitN(addr, "/", 2)
+	if len(values) == 2 {
+		size, _ := strconv.Atoi(values[1])
+		return size
+	}
+	return 32
+}
+
 func ParseNet(addr string) (*net.IPNet, error) {
 	if _, ipNet, err := net.ParseCIDR(addr); err != nil {
 		return nil, err

pkg/schema/esp.go

@@ -27,12 +27,13 @@ type EspState struct {
 }
 
 type EspPolicy struct {
-	Name   string `json:"name"`
-	Spi    int    `json:"spi"`
-	Local  net.IP `json:"local"`
-	Remote net.IP `json:"remote"`
-	Source string `json:"source"`
-	Dest   string `json:"destination"`
+	Name     string `json:"name"`
+	Spi      int    `json:"spi"`
+	Local    net.IP `json:"local"`
+	Remote   net.IP `json:"remote"`
+	Source   string `json:"source"`
+	Dest     string `json:"destination"`
+	Priority int    `json:"priority"`
 }
 
 type EspMember struct {

pkg/switch/esp.go

@@ -78,13 +78,15 @@ type PolicyParameter struct {
 	local, remote net.IP
 	src, dst      *net.IPNet
 	dir           nl.Dir
+	pri           int
 }
 
 func (w *EspWorker) newPolicy(args PolicyParameter) *nl.XfrmPolicy {
 	policy := &nl.XfrmPolicy{
-		Src: args.src,
-		Dst: args.dst,
-		Dir: args.dir,
+		Src:      args.src,
+		Dst:      args.dst,
+		Dir:      args.dir,
+		Priority: args.pri,
 	}
 	tmpl := nl.XfrmPolicyTmpl{
 		Src:   args.local,
@@ -139,21 +141,21 @@ func (w *EspWorker) addPolicy(mp *models.EspPolicy) {
 	}
 	w.out.Info("EspWorker.addPolicy %s-%s", mp.Source, mp.Dest)
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Local, mp.Remote, src, dst, nl.XFRM_DIR_OUT,
+		spi, mp.Local, mp.Remote, src, dst, nl.XFRM_DIR_OUT, mp.Priority,
 	}); po != nil {
 		mp.Out = po
 	} else {
 		return
 	}
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_FWD,
+		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_FWD, mp.Priority,
 	}); po != nil {
 		mp.Fwd = po
 	} else {
 		return
 	}
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_IN,
+		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_IN, mp.Priority,
 	}); po != nil {
 		mp.In = po
 	} else {
@@ -199,12 +201,13 @@ func (w *EspWorker) updateXfrm() {
 			}
 			mp := &models.EspPolicy{
 				EspPolicy: &schema.EspPolicy{
-					Name:   w.spec.Name,
-					Spi:    mem.Spi,
-					Local:  state.LocalIp,
-					Remote: state.RemoteIp,
-					Source: pol.Source,
-					Dest:   pol.Dest,
+					Name:     w.spec.Name,
+					Spi:      mem.Spi,
+					Local:    state.LocalIp,
+					Remote:   state.RemoteIp,
+					Source:   pol.Source,
+					Dest:     pol.Dest,
+					Priority: pol.Priority,
 				},
 			}
 			w.addPolicy(mp)