Use const for IANA protcol numbers
This commit is contained in:
parent
19b968849f
commit
735a6aaa39
1 changed files with 30 additions and 13 deletions
43
acls.go
43
acls.go
|
@ -37,6 +37,23 @@ const (
|
||||||
expectedTokenItems = 2
|
expectedTokenItems = 2
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// For some reason golang.org/x/net/internal/iana is an internal package
|
||||||
|
const (
|
||||||
|
protocolICMP = 1 // Internet Control Message
|
||||||
|
protocolIGMP = 2 // Internet Group Management
|
||||||
|
protocolIPv4 = 4 // IPv4 encapsulation
|
||||||
|
protocolTCP = 6 // Transmission Control
|
||||||
|
protocolEGP = 8 // Exterior Gateway Protocol
|
||||||
|
protocolIGP = 9 // any private interior gateway (used by Cisco for their IGRP)
|
||||||
|
protocolUDP = 17 // User Datagram
|
||||||
|
protocolGRE = 47 // Generic Routing Encapsulation
|
||||||
|
protocolESP = 50 // Encap Security Payload
|
||||||
|
protocolAH = 51 // Authentication Header
|
||||||
|
protocolIPv6ICMP = 58 // ICMP for IPv6
|
||||||
|
protocolSCTP = 132 // Stream Control Transmission Protocol
|
||||||
|
ProtocolFC = 133 // Fibre Channel
|
||||||
|
)
|
||||||
|
|
||||||
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
|
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
|
||||||
func (h *Headscale) LoadACLPolicy(path string) error {
|
func (h *Headscale) LoadACLPolicy(path string) error {
|
||||||
log.Debug().
|
log.Debug().
|
||||||
|
@ -238,36 +255,36 @@ func (h *Headscale) generateACLPolicyDest(
|
||||||
func parseProtocol(protocol string) ([]int, bool, error) {
|
func parseProtocol(protocol string) ([]int, bool, error) {
|
||||||
switch protocol {
|
switch protocol {
|
||||||
case "":
|
case "":
|
||||||
return []int{1, 58, 6, 17}, false, nil
|
return []int{protocolICMP, protocolIPv6ICMP, protocolTCP, protocolUDP}, false, nil
|
||||||
case "igmp":
|
case "igmp":
|
||||||
return []int{2}, true, nil
|
return []int{protocolIGMP}, true, nil
|
||||||
case "ipv4", "ip-in-ip":
|
case "ipv4", "ip-in-ip":
|
||||||
return []int{4}, true, nil
|
return []int{protocolIPv4}, true, nil
|
||||||
case "tcp":
|
case "tcp":
|
||||||
return []int{6}, false, nil
|
return []int{protocolTCP}, false, nil
|
||||||
case "egp":
|
case "egp":
|
||||||
return []int{8}, true, nil
|
return []int{protocolEGP}, true, nil
|
||||||
case "igp":
|
case "igp":
|
||||||
return []int{9}, true, nil
|
return []int{protocolIGP}, true, nil
|
||||||
case "udp":
|
case "udp":
|
||||||
return []int{17}, false, nil
|
return []int{protocolUDP}, false, nil
|
||||||
case "gre":
|
case "gre":
|
||||||
return []int{47}, true, nil
|
return []int{protocolGRE}, true, nil
|
||||||
case "esp":
|
case "esp":
|
||||||
return []int{50}, true, nil
|
return []int{protocolESP}, true, nil
|
||||||
case "ah":
|
case "ah":
|
||||||
return []int{51}, true, nil
|
return []int{protocolAH}, true, nil
|
||||||
case "sctp":
|
case "sctp":
|
||||||
return []int{132}, false, nil
|
return []int{protocolSCTP}, false, nil
|
||||||
case "icmp":
|
case "icmp":
|
||||||
return []int{1, 58}, true, nil
|
return []int{protocolICMP, protocolIPv6ICMP}, true, nil
|
||||||
|
|
||||||
default:
|
default:
|
||||||
protocolNumber, err := strconv.Atoi(protocol)
|
protocolNumber, err := strconv.Atoi(protocol)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, false, err
|
return nil, false, err
|
||||||
}
|
}
|
||||||
needsWildcard := protocolNumber != 6 && protocolNumber != 17 && protocolNumber != 132 // nolint
|
needsWildcard := protocolNumber != protocolTCP && protocolNumber != protocolUDP && protocolNumber != protocolSCTP
|
||||||
|
|
||||||
return []int{protocolNumber}, needsWildcard, nil
|
return []int{protocolNumber}, needsWildcard, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue