title: Add ipsec tunnel mode to support cross clusters and elastic ip

description: add explanatory note Signed-off-by: GreatLazyMan <[email protected]>
kosmos-io · Jan 18, 2024 · b37d661 · b37d661
1 parent d1a6fda
commit b37d661
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/pkg/apis/kosmos/v1alpha1/nodeconfig_types.go b/pkg/apis/kosmos/v1alpha1/nodeconfig_types.go
@@ -105,10 +105,12 @@ func (a *Arp) Compare(v Arp) bool {
 }
 
 /*
-Just like linux command:
+Use this struct like linux command:
 
 	ip xfrm policy add src $LeftNet dst $RightNet dir $Dir \
 	                   tmpl src $LeftIP dst $RightIP proto esp reqid $ReqID mode tunnel
+	ip xfrm policy del src $LeftNet dst $RightNet dir $Dir \
+	                   tmpl src $LeftIP dst $RightIP proto esp reqid $ReqID mode tunnel
 */
 type XfrmPolicy struct {
 	LeftIP   string `json:"leftip"`
@@ -129,9 +131,10 @@ func (a *XfrmPolicy) Compare(v XfrmPolicy) bool {
 }
 
 /*
-Just like linux command:
+Use this struct like linux command:
 
-	ip xfrm state add src $LeftIP dst $RightIP proto esp spi $SPI reqid $ReqID mode tunnel aead 'rfc4106(gcm(aes))' $PSK 128
+	ip xfrm state add src $LeftIP dst $RightIP proto esp spi $ID reqid $ID mode tunnel aead 'rfc4106(gcm(aes))' $PSK 128
+	ip xfrm state del src $LeftIP dst $RightIP proto esp spi $ID reqid $ID mode tunnel aead 'rfc4106(gcm(aes))' $PSK 128
 */
 type XfrmState struct {
 	LeftIP  string `json:"leftip"`

diff --git a/pkg/clusterlink/network/xfrm_policy.go b/pkg/clusterlink/network/xfrm_policy.go
@@ -15,6 +15,12 @@ import (
 
 // For reference:
 // https://github.com/flannel-io/flannel
+/*
+Use this func like linux command:
+
+	ip xfrm policy add src $srcNet dst $dstNet dir $dir \
+	                   tmpl src $srcIP dst $dstIP proto esp reqid $reqID mode tunnel
+*/
 func AddXFRMPolicy(srcNet, dstNet *net.IPNet, srcIP, dstIP net.IP, dir netlink.Dir, reqID int) error {
 	policy := &netlink.XfrmPolicy{
 		Src: srcNet,
@@ -50,6 +56,12 @@ func AddXFRMPolicy(srcNet, dstNet *net.IPNet, srcIP, dstIP net.IP, dir netlink.D
 	return nil
 }
 
+/*
+Use this func like linux command:
+
+	ip xfrm policy del src $srcNet dst $dstNet dir $dir \
+	                   tmpl src $srcIP dst $dstIP proto esp reqid $reqID mode tunnel
+*/
 func DeleteXFRMPolicy(srcNet, dstNet *net.IPNet, srcIP, dstIP net.IP, dir netlink.Dir, reqID int) error {
 	policy := netlink.XfrmPolicy{
 		Src: srcNet,
@@ -76,6 +88,11 @@ func DeleteXFRMPolicy(srcNet, dstNet *net.IPNet, srcIP, dstIP net.IP, dir netlin
 	return nil
 }
 
+/*
+Use this func like linux command:
+
+	ip xfrm state add src $srcIP dst $dstIP proto esp spi $spi reqid $reqID mode tunnel aead 'rfc4106(gcm(aes))' $psk 128
+*/
 func AddXFRMState(srcIP, dstIP net.IP, reqID int, spi int, psk string) error {
 	k, _ := hex.DecodeString(psk)
 	state := netlink.XfrmState{
@@ -110,6 +127,11 @@ func AddXFRMState(srcIP, dstIP net.IP, reqID int, spi int, psk string) error {
 	return nil
 }
 
+/*
+Use this func like linux command:
+
+	ip xfrm state del src $srcIP dst $dstIP proto esp spi $spi reqid $reqID mode tunnel aead 'rfc4106(gcm(aes))' $psk 128
+*/
 func DeleteXFRMState(srcIP, dstIP net.IP, reqID int, spi int, psk string) error {
 	k, _ := hex.DecodeString(psk)
 	state := netlink.XfrmState{