From 1feeb28c971cd3337f17f7cd1471ed22d5e20df8 Mon Sep 17 00:00:00 2001
From: Daniel Ding <danieldin95@163.com>
Date: Thu, 18 Aug 2022 22:48:22 +0800
Subject: [PATCH] fix: esp: prioriy for esp policy

---
 VERSION            |  2 +-
 core/version.h     |  4 ++--
 pkg/config/esp.go  | 26 +++++++++++++++++---------
 pkg/libol/utils.go |  9 +++++++++
 pkg/schema/esp.go  | 13 +++++++------
 pkg/switch/esp.go  | 27 +++++++++++++++------------
 6 files changed, 51 insertions(+), 30 deletions(-)

diff --git a/VERSION b/VERSION
index a839680..4209030 100755
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.10.5
+5.10.6
diff --git a/core/version.h b/core/version.h
index 5111adb..c8d03f2 100644
--- a/core/version.h
+++ b/core/version.h
@@ -10,8 +10,8 @@
 #ifndef OPENUDP_VERSION_H
 #define OPENUDP_VERSION_H 1
 
-#define CORE_PACKAGE_STRING  "opencore 5.10.5"
-#define CORE_PACKAGE_VERSION "5.10.5"
+#define CORE_PACKAGE_STRING  "opencore 5.10.6"
+#define CORE_PACKAGE_VERSION "5.10.6"
 
 #define CORE_LIB_VERSION     0
 #define CORE_LIB_REVISION    0
diff --git a/pkg/config/esp.go b/pkg/config/esp.go
index 4b6a8e6..f18cd66 100755
--- a/pkg/config/esp.go
+++ b/pkg/config/esp.go
@@ -89,8 +89,16 @@ func (s *EspState) Correct(obj *EspState) {
 }
 
 type ESPPolicy struct {
-	Source string `json:"source,omitempty"`
-	Dest   string `json:"destination,omitempty"`
+	Source   string `json:"source,omitempty"`
+	Dest     string `json:"destination,omitempty"`
+	Priority int    `json:"priority"`
+}
+
+func (p *ESPPolicy) Correct() {
+	if p.Source == "" {
+		p.Source = "0.0.0.0/0"
+	}
+	p.Priority = 128 - libol.GetPrefixLen(p.Dest)
 }
 
 type ESPMember struct {
@@ -120,19 +128,18 @@ func (m *ESPMember) Correct(state *EspState) {
 	}
 	found := -1
 	for index, pol := range m.Policies {
-		if pol.Source == "" {
-			pol.Source = "0.0.0.0/0"
-		}
+		pol.Correct()
 		if pol.Dest != m.Peer {
 			continue
 		}
 		found = index
 	}
 	if found < 0 {
-		m.Policies = append(m.Policies, &ESPPolicy{
-			Source: "0.0.0.0/0",
-			Dest:   m.Peer,
-		})
+		pol := &ESPPolicy{
+			Dest: m.Peer,
+		}
+		pol.Correct()
+		m.Policies = append(m.Policies, pol)
 	}
 }
 
@@ -147,6 +154,7 @@ func (m *ESPMember) AddPolicy(obj *ESPPolicy) {
 		break
 	}
 	if found < 0 {
+		obj.Correct()
 		m.Policies = append(m.Policies, obj)
 	}
 }
diff --git a/pkg/libol/utils.go b/pkg/libol/utils.go
index 803e875..236cab9 100755
--- a/pkg/libol/utils.go
+++ b/pkg/libol/utils.go
@@ -257,6 +257,15 @@ func ParseAddr(addr string) net.IP {
 	return net.ParseIP(ip)
 }
 
+func GetPrefixLen(addr string) int {
+	values := strings.SplitN(addr, "/", 2)
+	if len(values) == 2 {
+		size, _ := strconv.Atoi(values[1])
+		return size
+	}
+	return 32
+}
+
 func ParseNet(addr string) (*net.IPNet, error) {
 	if _, ipNet, err := net.ParseCIDR(addr); err != nil {
 		return nil, err
diff --git a/pkg/schema/esp.go b/pkg/schema/esp.go
index 560bde5..bdaefb3 100644
--- a/pkg/schema/esp.go
+++ b/pkg/schema/esp.go
@@ -27,12 +27,13 @@ type EspState struct {
 }
 
 type EspPolicy struct {
-	Name   string `json:"name"`
-	Spi    int    `json:"spi"`
-	Local  net.IP `json:"local"`
-	Remote net.IP `json:"remote"`
-	Source string `json:"source"`
-	Dest   string `json:"destination"`
+	Name     string `json:"name"`
+	Spi      int    `json:"spi"`
+	Local    net.IP `json:"local"`
+	Remote   net.IP `json:"remote"`
+	Source   string `json:"source"`
+	Dest     string `json:"destination"`
+	Priority int    `json:"priority"`
 }
 
 type EspMember struct {
diff --git a/pkg/switch/esp.go b/pkg/switch/esp.go
index 62ebd43..73e6e73 100755
--- a/pkg/switch/esp.go
+++ b/pkg/switch/esp.go
@@ -78,13 +78,15 @@ type PolicyParameter struct {
 	local, remote net.IP
 	src, dst      *net.IPNet
 	dir           nl.Dir
+	pri           int
 }
 
 func (w *EspWorker) newPolicy(args PolicyParameter) *nl.XfrmPolicy {
 	policy := &nl.XfrmPolicy{
-		Src: args.src,
-		Dst: args.dst,
-		Dir: args.dir,
+		Src:      args.src,
+		Dst:      args.dst,
+		Dir:      args.dir,
+		Priority: args.pri,
 	}
 	tmpl := nl.XfrmPolicyTmpl{
 		Src:   args.local,
@@ -139,21 +141,21 @@ func (w *EspWorker) addPolicy(mp *models.EspPolicy) {
 	}
 	w.out.Info("EspWorker.addPolicy %s-%s", mp.Source, mp.Dest)
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Local, mp.Remote, src, dst, nl.XFRM_DIR_OUT,
+		spi, mp.Local, mp.Remote, src, dst, nl.XFRM_DIR_OUT, mp.Priority,
 	}); po != nil {
 		mp.Out = po
 	} else {
 		return
 	}
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_FWD,
+		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_FWD, mp.Priority,
 	}); po != nil {
 		mp.Fwd = po
 	} else {
 		return
 	}
 	if po := w.newPolicy(PolicyParameter{
-		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_IN,
+		spi, mp.Remote, mp.Local, dst, src, nl.XFRM_DIR_IN, mp.Priority,
 	}); po != nil {
 		mp.In = po
 	} else {
@@ -199,12 +201,13 @@ func (w *EspWorker) updateXfrm() {
 			}
 			mp := &models.EspPolicy{
 				EspPolicy: &schema.EspPolicy{
-					Name:   w.spec.Name,
-					Spi:    mem.Spi,
-					Local:  state.LocalIp,
-					Remote: state.RemoteIp,
-					Source: pol.Source,
-					Dest:   pol.Dest,
+					Name:     w.spec.Name,
+					Spi:      mem.Spi,
+					Local:    state.LocalIp,
+					Remote:   state.RemoteIp,
+					Source:   pol.Source,
+					Dest:     pol.Dest,
+					Priority: pol.Priority,
 				},
 			}
 			w.addPolicy(mp)