Use const for IANA protcol numbers

This commit is contained in:
Juan Font Alonso 2022-06-11 14:09:08 +02:00
parent 19b968849f
commit 735a6aaa39

43
acls.go
View File

@ -37,6 +37,23 @@ const (
expectedTokenItems = 2 expectedTokenItems = 2
) )
// For some reason golang.org/x/net/internal/iana is an internal package
const (
protocolICMP = 1 // Internet Control Message
protocolIGMP = 2 // Internet Group Management
protocolIPv4 = 4 // IPv4 encapsulation
protocolTCP = 6 // Transmission Control
protocolEGP = 8 // Exterior Gateway Protocol
protocolIGP = 9 // any private interior gateway (used by Cisco for their IGRP)
protocolUDP = 17 // User Datagram
protocolGRE = 47 // Generic Routing Encapsulation
protocolESP = 50 // Encap Security Payload
protocolAH = 51 // Authentication Header
protocolIPv6ICMP = 58 // ICMP for IPv6
protocolSCTP = 132 // Stream Control Transmission Protocol
ProtocolFC = 133 // Fibre Channel
)
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules. // LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
func (h *Headscale) LoadACLPolicy(path string) error { func (h *Headscale) LoadACLPolicy(path string) error {
log.Debug(). log.Debug().
@ -238,36 +255,36 @@ func (h *Headscale) generateACLPolicyDest(
func parseProtocol(protocol string) ([]int, bool, error) { func parseProtocol(protocol string) ([]int, bool, error) {
switch protocol { switch protocol {
case "": case "":
return []int{1, 58, 6, 17}, false, nil return []int{protocolICMP, protocolIPv6ICMP, protocolTCP, protocolUDP}, false, nil
case "igmp": case "igmp":
return []int{2}, true, nil return []int{protocolIGMP}, true, nil
case "ipv4", "ip-in-ip": case "ipv4", "ip-in-ip":
return []int{4}, true, nil return []int{protocolIPv4}, true, nil
case "tcp": case "tcp":
return []int{6}, false, nil return []int{protocolTCP}, false, nil
case "egp": case "egp":
return []int{8}, true, nil return []int{protocolEGP}, true, nil
case "igp": case "igp":
return []int{9}, true, nil return []int{protocolIGP}, true, nil
case "udp": case "udp":
return []int{17}, false, nil return []int{protocolUDP}, false, nil
case "gre": case "gre":
return []int{47}, true, nil return []int{protocolGRE}, true, nil
case "esp": case "esp":
return []int{50}, true, nil return []int{protocolESP}, true, nil
case "ah": case "ah":
return []int{51}, true, nil return []int{protocolAH}, true, nil
case "sctp": case "sctp":
return []int{132}, false, nil return []int{protocolSCTP}, false, nil
case "icmp": case "icmp":
return []int{1, 58}, true, nil return []int{protocolICMP, protocolIPv6ICMP}, true, nil
default: default:
protocolNumber, err := strconv.Atoi(protocol) protocolNumber, err := strconv.Atoi(protocol)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }
needsWildcard := protocolNumber != 6 && protocolNumber != 17 && protocolNumber != 132 // nolint needsWildcard := protocolNumber != protocolTCP && protocolNumber != protocolUDP && protocolNumber != protocolSCTP
return []int{protocolNumber}, needsWildcard, nil return []int{protocolNumber}, needsWildcard, nil
} }