akillibulut
/
kilo
kopia lustrzana https://github.com/squat/kilo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
							// Copyright 2019 the Kilo authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package encapsulation

import (
	"fmt"
	"net"

	"github.com/squat/kilo/pkg/iproute"
	"github.com/squat/kilo/pkg/iptables"
)

// Strategy identifies which packets within a location should
// be encapsulated.
type Strategy string

const (
	// Never indicates that no packets within a location
	// should be encapsulated.
	Never Strategy = "never"
	// CrossSubnet indicates that only packets that
	// traverse subnets within a location should be encapsulated.
	CrossSubnet Strategy = "crosssubnet"
	// Always indicates that all packets within a location
	// should be encapsulated.
	Always Strategy = "always"
)

// Interface can configure
// the encapsulation interface, init itself,
// get the encapsulation interface index,
// set the interface IP address,
// return the required IPTables rules,
// return the encapsulation strategy,
// and clean up any changes applied to the backend.
type Interface interface {
	CleanUp() error
	Index() int
	Init(int) error
	Rules([]*net.IPNet) []iptables.Rule
	Set(*net.IPNet) error
	Strategy() Strategy
}

type ipip struct {
	iface    int
	strategy Strategy
}

// NewIPIP returns an encapsulation that uses IPIP.
func NewIPIP(strategy Strategy) Interface {
	return &ipip{strategy: strategy}
}

// CleanUp will remove any created IPIP devices.
func (i *ipip) CleanUp() error {
	if err := iproute.DeleteAddresses(i.iface); err != nil {
		return nil
	}
	return iproute.RemoveInterface(i.iface)
}

// Index returns the index of the IPIP interface.
func (i *ipip) Index() int {
	return i.iface
}

// Init initializes the IPIP interface.
func (i *ipip) Init(base int) error {
	iface, err := iproute.NewIPIP(base)
	if err != nil {
		return fmt.Errorf("failed to create tunnel interface: %v", err)
	}
	if err := iproute.Set(iface, true); err != nil {
		return fmt.Errorf("failed to set tunnel interface up: %v", err)
	}
	i.iface = iface
	return nil
}

// Rules returns a set of iptables rules that are necessary
// when traffic between nodes must be encapsulated.
func (i *ipip) Rules(nodes []*net.IPNet) []iptables.Rule {
	return iptables.IPIPRules(nodes)
}

// Set sets the IP address of the IPIP interface.
func (i *ipip) Set(cidr *net.IPNet) error {
	return iproute.SetAddress(i.iface, cidr)
}

// Strategy returns the configured strategy for encapsulation.
func (i *ipip) Strategy() Strategy {
	return i.strategy
}