Commit Graph

29 Commits

Author SHA1 Message Date
Paul Chaignon
7f66fb2805 Support mask for XfrmState's output mark
XfrmState currently doesn't allow setting the mask for the output mark.
As a result, setting an output mark always clears all bits. This commit
adds support for the mask value.

Signed-off-by: Paul Chaignon <paul@cilium.io>
2020-12-30 07:19:35 -08:00
Laurent Bernaille
e906d22624 Add support for output-mark 2019-09-16 08:26:04 -07:00
Matt Ellison
1e2e7ab670 Add Support for Virtual XFRM Interfaces
XFRM interfaces are available in Linux Kernel 4.19+

When an IF_ID is applied to a XFRM policy and state, the corresponding
traffic will be sent through the virtual interface with the same IF_ID.
2019-01-05 11:40:40 -08:00
Julian Kornberger
aa5b058fc0 Simplify code 2018-10-30 10:31:46 -07:00
Alessandro Boch
d35d6b58e1 Clarify ESN bitmap length construction logic
Signed-off-by: Alessandro Boch <aboch@tetrationanalytics.com>
2018-02-06 12:37:32 -08:00
Alessandro Boch
71fa81e220 Expose xfrm state's current and window statistics
- aggregate window stats with packet counter stats

Signed-off-by: Alessandro Boch <aboch@tetrationanalytics.com>
2017-10-29 20:38:38 -07:00
Ian Bishop
0e3b74dbe2 replace syscall with golang.org/x/sys/unix 2017-10-26 09:45:08 -07:00
Martynas Pumputis
43948793f6 Add support of ESN 2017-02-03 08:10:37 -08:00
Martynas Pumputis
3c27c1c1e3 Add XfrmAllocSpi 2017-02-02 13:02:12 -08:00
Martynas Pumputis
9a7970b3b6 Add XfrmMonitor
The implementation subscribes only to XFRMNLGRP_EXPIRE.
2017-02-02 12:58:44 -08:00
Alessandro Boch
9dee363ad4 Fix bug in xfrmStateGetOrDelete (#155)
- It fails if source address attribute
  is passed in 4 byte notation

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-07-29 08:59:42 -07:00
Alessandro Boch
2b8dd8b419 Add support for Authenticated Encryption with Associated Data (AEAD) (#147)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-06-29 11:10:41 -05:00
Alessandro Boch
6dd9989b51 Allow user to set xfrm state limits (#123)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-18 10:20:27 -07:00
Alessandro Boch
f9bc7a684e Support xfrm state/policy flush (#122)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-13 16:42:24 -07:00
Alessandro Boch
d975f28755 XFRM Get/Delete state/policy should share same code (#119)
- Currently they are not and GET methods are passing
  the wrong structure. Also they are setting the incorrect
  XFRM_F_DUMP flag. Because of this, current get methods
  do not return expected error when query target is not found.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-12 13:16:26 -07:00
Alessandro Boch
f116a3048a Use package empty handle for pkg APIs (#117)
- Package methods only need an empty handle.
  Not a regular Handle with a couple of
  sockets creation/delete.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 16:55:00 -07:00
Alessandro Boch
cb0b035c41 Provide method to query for specific policy (#115)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 16:52:35 -07:00
Alessandro Boch
a123807666 Allow to program L4 fields in policy selector (#113)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 09:19:18 -07:00
Alessandro Boch
14f41c27fa Provide netlink handle (#104)
- Ties to a netlink socket. All client requests
  will re-use same socket. Socket released at
  handle deletion.
- Also network namespace can be specified during
  handle creation. Socket will be opened on the
  specified network namespace.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 11:35:49 -07:00
Alessandro Boch
096107b4d7 Implement ip xfrm state get (#114)
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 11:32:17 -07:00
Alessandro Boch
7ec3682687 Support xfrm state/policy update
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-03 22:52:55 -07:00
Alessandro Boch
18e9389da5 Add Mark field to xrfm state and policy (#110)
* Add Mark to xrfm state

Signed-off-by: Alessandro Boch <aboch@docker.com>

* Add Mark to xfrm policies

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-04-30 20:31:59 -07:00
Darren Shepherd
be0a6ea35c Do not send nl attributes in XfrmStateList
Signed-off-by: Darren Shepherd <darren@rancher.com>
2016-01-22 07:52:34 -07:00
Alexander Morozov
12f4097df1 Fix some style issues as suggested by golint
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-18 17:41:46 -07:00
Vishvananda Ishaya
1a26b9f251 Move all low level calls into nl subpackage 2014-09-18 19:04:48 -07:00
Vishvananda Ishaya
c074f56200 Add support for XfrmState Encapsulation 2014-09-15 17:05:35 -07:00
Vishvananda Ishaya
e676db42c0 Add support for ReplayWindow in XfrmState 2014-09-15 16:13:06 -07:00
Vishvananda Ishaya
f093b431aa Set the limits for Xfrm to infinite 2014-09-14 18:26:20 -07:00
Vishvananda Ishaya
8dab8b7462 Initial commit of netlink package 2014-08-31 20:34:46 -07:00