Merge "Fix minor bugs with tunnel mode implementation" am: cb9cd96c50 am: b7afa3f6fb
am: 25cb38a9b7
Change-Id: Ie74c4edcc7586e0220ff948222010e126841e8f7
This commit is contained in:
Benedict Wong
@@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable {
|
|||||||
mConfig.setMode(MODE_TUNNEL);
|
mConfig.setMode(MODE_TUNNEL);
|
||||||
mConfig.setSourceAddress(sourceAddress.getHostAddress());
|
mConfig.setSourceAddress(sourceAddress.getHostAddress());
|
||||||
mConfig.setSpiResourceId(spi.getResourceId());
|
mConfig.setSpiResourceId(spi.getResourceId());
|
||||||
return new IpSecTransform(mContext, mConfig);
|
return new IpSecTransform(mContext, mConfig).activate();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
private static final String NETD_SERVICE_NAME = "netd";
|
private static final String NETD_SERVICE_NAME = "netd";
|
||||||
private static final int[] DIRECTIONS =
|
private static final int[] DIRECTIONS =
|
||||||
new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN};
|
new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN};
|
||||||
|
private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"};
|
||||||
|
|
||||||
private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
|
private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
|
||||||
private static final int MAX_PORT_BIND_ATTEMPTS = 10;
|
private static final int MAX_PORT_BIND_ATTEMPTS = 10;
|
||||||
@@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
.append(mTransformQuotaTracker)
|
.append(mTransformQuotaTracker)
|
||||||
.append(", mSocketQuotaTracker=")
|
.append(", mSocketQuotaTracker=")
|
||||||
.append(mSocketQuotaTracker)
|
.append(mSocketQuotaTracker)
|
||||||
|
.append(", mTunnelQuotaTracker=")
|
||||||
|
.append(mTunnelQuotaTracker)
|
||||||
.append(", mSpiRecords=")
|
.append(", mSpiRecords=")
|
||||||
.append(mSpiRecords)
|
.append(mSpiRecords)
|
||||||
.append(", mTransformRecords=")
|
.append(", mTransformRecords=")
|
||||||
.append(mTransformRecords)
|
.append(mTransformRecords)
|
||||||
.append(", mEncapSocketRecords=")
|
.append(", mEncapSocketRecords=")
|
||||||
.append(mEncapSocketRecords)
|
.append(mEncapSocketRecords)
|
||||||
|
.append(", mTunnelInterfaceRecords=")
|
||||||
|
.append(mTunnelInterfaceRecords)
|
||||||
.append("}")
|
.append("}")
|
||||||
.toString();
|
.toString();
|
||||||
}
|
}
|
||||||
@@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
try {
|
try {
|
||||||
mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName);
|
mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName);
|
||||||
|
|
||||||
for (int direction : DIRECTIONS) {
|
for(String wildcardAddr : WILDCARD_ADDRESSES) {
|
||||||
int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey;
|
for (int direction : DIRECTIONS) {
|
||||||
mSrvConfig
|
int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey;
|
||||||
.getNetdInstance()
|
mSrvConfig
|
||||||
.ipSecDeleteSecurityPolicy(
|
.getNetdInstance()
|
||||||
0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff);
|
.ipSecDeleteSecurityPolicy(
|
||||||
|
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (ServiceSpecificException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
||||||
@@ -1261,19 +1268,21 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
.getNetdInstance()
|
.getNetdInstance()
|
||||||
.addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey);
|
.addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey);
|
||||||
|
|
||||||
for (int direction : DIRECTIONS) {
|
for(String wildcardAddr : WILDCARD_ADDRESSES) {
|
||||||
int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey;
|
for (int direction : DIRECTIONS) {
|
||||||
|
int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey;
|
||||||
|
|
||||||
mSrvConfig
|
mSrvConfig
|
||||||
.getNetdInstance()
|
.getNetdInstance()
|
||||||
.ipSecAddSecurityPolicy(
|
.ipSecAddSecurityPolicy(
|
||||||
0, // Use 0 for reqId
|
0, // Use 0 for reqId
|
||||||
direction,
|
direction,
|
||||||
"",
|
wildcardAddr,
|
||||||
"",
|
wildcardAddr,
|
||||||
0,
|
0,
|
||||||
mark,
|
mark,
|
||||||
0xffffffff);
|
0xffffffff);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
userRecord.mTunnelInterfaceRecords.put(
|
userRecord.mTunnelInterfaceRecords.put(
|
||||||
@@ -1646,16 +1655,18 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork());
|
c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork());
|
||||||
|
|
||||||
// If outbound, also add SPI to the policy.
|
// If outbound, also add SPI to the policy.
|
||||||
mSrvConfig
|
for(String wildcardAddr : WILDCARD_ADDRESSES) {
|
||||||
.getNetdInstance()
|
mSrvConfig
|
||||||
.ipSecUpdateSecurityPolicy(
|
.getNetdInstance()
|
||||||
0, // Use 0 for reqId
|
.ipSecUpdateSecurityPolicy(
|
||||||
direction,
|
0, // Use 0 for reqId
|
||||||
"",
|
direction,
|
||||||
"",
|
wildcardAddr,
|
||||||
transformInfo.getSpiRecord().getSpi(),
|
wildcardAddr,
|
||||||
mark,
|
transformInfo.getSpiRecord().getSpi(),
|
||||||
0xffffffff);
|
mark,
|
||||||
|
0xffffffff);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update SA with tunnel mark (ikey or okey based on direction)
|
// Update SA with tunnel mark (ikey or okey based on direction)
|
||||||
|
|||||||
Reference in New Issue
Block a user