netlink: xfrm, add optional field to XfrmPolicyTmpl

Add optional field in XfrmPolicyTmpl to template code so users can configure template optional values. Tested via: $ go test -exec sudo . -run XfrmPolicyWithOptional ok github.com/vishvananda/netlink 0.009s Co-authored-by: Joe Stringer <joe@cilium.io> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com>
2025-09-26 20:01:13 +08:00 · 2021-02-22 16:51:33 -08:00
parent c21bda41e9
commit 66fce01bfa
3 changed files with 36 additions and 7 deletions
--- a/xfrm_policy.go
+++ b/xfrm_policy.go
@@ -58,12 +58,13 @@ func (a PolicyAction) String() string {
 // policy. These rules are matched with XfrmState to determine encryption
 // and authentication algorithms.
 type XfrmPolicyTmpl struct {
-	Dst   net.IP
-	Src   net.IP
-	Proto Proto
-	Mode  Mode
-	Spi   int
-	Reqid int
+	Dst      net.IP
+	Src      net.IP
+	Proto    Proto
+	Mode     Mode
+	Spi      int
+	Reqid    int
+	Optional int
 }

 func (t XfrmPolicyTmpl) String() string {
--- a/xfrm_policy_linux.go
+++ b/xfrm_policy_linux.go
@@ -79,6 +79,7 @@ func (h *Handle) xfrmPolicyAddOrUpdate(policy *XfrmPolicy, nlProto int) error {
 		userTmpl.XfrmId.Spi = nl.Swap32(uint32(tmpl.Spi))
 		userTmpl.Mode = uint8(tmpl.Mode)
 		userTmpl.Reqid = uint32(tmpl.Reqid)
+		userTmpl.Optional = uint8(tmpl.Optional)
 		userTmpl.Aalgos = ^uint32(0)
 		userTmpl.Ealgos = ^uint32(0)
 		userTmpl.Calgos = ^uint32(0)
@@ -247,6 +248,7 @@ func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
 				resTmpl.Mode = Mode(tmpl.Mode)
 				resTmpl.Spi = int(nl.Swap32(tmpl.XfrmId.Spi))
 				resTmpl.Reqid = int(tmpl.Reqid)
+				resTmpl.Optional = int(tmpl.Optional)
 				policy.Tmpls = append(policy.Tmpls, resTmpl)
 			}
 		case nl.XFRMA_MARK:
--- a/xfrm_policy_test.go
+++ b/xfrm_policy_test.go
@@ -190,6 +190,31 @@ func TestXfrmPolicyWithIfid(t *testing.T) {
 	}
 }

+func TestXfrmPolicyWithOptional(t *testing.T) {
+	minKernelRequired(t, 4, 19)
+	defer setUpNetlinkTest(t)()
+
+	pol := getPolicy()
+	pol.Tmpls[0].Optional = 1
+
+	if err := XfrmPolicyAdd(pol); err != nil {
+		t.Fatal(err)
+	}
+	policies, err := XfrmPolicyList(FAMILY_ALL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(policies) != 1 {
+		t.Fatalf("unexpected number of policies: %d", len(policies))
+	}
+	if !comparePolicies(pol, &policies[0]) {
+		t.Fatalf("unexpected policy returned.\nExpected: %v.\nGot %v", pol, policies[0])
+	}
+	if err = XfrmPolicyDel(&policies[0]); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func comparePolicies(a, b *XfrmPolicy) bool {
 	if a == b {
 		return true
@@ -212,7 +237,8 @@ func compareTemplates(a, b []XfrmPolicyTmpl) bool {
 	for i, ta := range a {
 		tb := b[i]
 		if !ta.Dst.Equal(tb.Dst) || !ta.Src.Equal(tb.Src) || ta.Spi != tb.Spi ||
-			ta.Mode != tb.Mode || ta.Reqid != tb.Reqid || ta.Proto != tb.Proto {
+			ta.Mode != tb.Mode || ta.Reqid != tb.Reqid || ta.Proto != tb.Proto ||
+			ta.Optional != tb.Optional {
 			return false
 		}
 	}