Added implementation for VTI add/remove address
This change adds implementation details for add/remove addresses onto a VTI. Bug: 73675031 Test: New tests added, passing on Walleye Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
This commit is contained in:
Benedict Wong
@@ -16,6 +16,7 @@
|
|||||||
|
|
||||||
package android.net;
|
package android.net;
|
||||||
|
|
||||||
|
import android.net.LinkAddress;
|
||||||
import android.net.Network;
|
import android.net.Network;
|
||||||
import android.net.IpSecConfig;
|
import android.net.IpSecConfig;
|
||||||
import android.net.IpSecUdpEncapResponse;
|
import android.net.IpSecUdpEncapResponse;
|
||||||
@@ -48,11 +49,11 @@ interface IIpSecService
|
|||||||
|
|
||||||
void addAddressToTunnelInterface(
|
void addAddressToTunnelInterface(
|
||||||
int tunnelResourceId,
|
int tunnelResourceId,
|
||||||
String localAddr);
|
in LinkAddress localAddr);
|
||||||
|
|
||||||
void removeAddressFromTunnelInterface(
|
void removeAddressFromTunnelInterface(
|
||||||
int tunnelResourceId,
|
int tunnelResourceId,
|
||||||
String localAddr);
|
in LinkAddress localAddr);
|
||||||
|
|
||||||
void deleteTunnelInterface(int resourceId);
|
void deleteTunnelInterface(int resourceId);
|
||||||
|
|
||||||
|
|||||||
@@ -660,10 +660,14 @@ public final class IpSecManager {
|
|||||||
* tunneled traffic.
|
* tunneled traffic.
|
||||||
*
|
*
|
||||||
* @param address the local address for traffic inside the tunnel
|
* @param address the local address for traffic inside the tunnel
|
||||||
* @throws IOException if the address could not be added
|
|
||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
public void addAddress(LinkAddress address) throws IOException {
|
public void addAddress(LinkAddress address) {
|
||||||
|
try {
|
||||||
|
mService.addAddressToTunnelInterface(mResourceId, address);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -672,10 +676,14 @@ public final class IpSecManager {
|
|||||||
* <p>Remove an address which was previously added to the IpSecTunnelInterface
|
* <p>Remove an address which was previously added to the IpSecTunnelInterface
|
||||||
*
|
*
|
||||||
* @param address to be removed
|
* @param address to be removed
|
||||||
* @throws IOException if the address could not be removed
|
|
||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
public void removeAddress(LinkAddress address) throws IOException {
|
public void removeAddress(LinkAddress address) {
|
||||||
|
try {
|
||||||
|
mService.removeAddressFromTunnelInterface(mResourceId, address);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private IpSecTunnelInterface(@NonNull IIpSecService service,
|
private IpSecTunnelInterface(@NonNull IIpSecService service,
|
||||||
|
|||||||
@@ -36,6 +36,7 @@ import android.net.IpSecTransform;
|
|||||||
import android.net.IpSecTransformResponse;
|
import android.net.IpSecTransformResponse;
|
||||||
import android.net.IpSecTunnelInterfaceResponse;
|
import android.net.IpSecTunnelInterfaceResponse;
|
||||||
import android.net.IpSecUdpEncapResponse;
|
import android.net.IpSecUdpEncapResponse;
|
||||||
|
import android.net.LinkAddress;
|
||||||
import android.net.Network;
|
import android.net.Network;
|
||||||
import android.net.NetworkUtils;
|
import android.net.NetworkUtils;
|
||||||
import android.net.TrafficStats;
|
import android.net.TrafficStats;
|
||||||
@@ -618,10 +619,8 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
spi,
|
spi,
|
||||||
mConfig.getMarkValue(),
|
mConfig.getMarkValue(),
|
||||||
mConfig.getMarkMask());
|
mConfig.getMarkMask());
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (RemoteException | ServiceSpecificException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId, e);
|
||||||
} catch (RemoteException e) {
|
|
||||||
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
getResourceTracker().give();
|
getResourceTracker().give();
|
||||||
@@ -681,10 +680,8 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
.getNetdInstance()
|
.getNetdInstance()
|
||||||
.ipSecDeleteSecurityAssociation(
|
.ipSecDeleteSecurityAssociation(
|
||||||
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
|
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (ServiceSpecificException | RemoteException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
|
||||||
} catch (RemoteException e) {
|
|
||||||
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
|
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
|
||||||
@@ -829,15 +826,13 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (ServiceSpecificException | RemoteException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
|
||||||
} catch (RemoteException e) {
|
|
||||||
Log.e(
|
Log.e(
|
||||||
TAG,
|
TAG,
|
||||||
"Failed to delete VTI with interface name: "
|
"Failed to delete VTI with interface name: "
|
||||||
+ mInterfaceName
|
+ mInterfaceName
|
||||||
+ " and id: "
|
+ " and id: "
|
||||||
+ mResourceId);
|
+ mResourceId, e);
|
||||||
}
|
}
|
||||||
|
|
||||||
getResourceTracker().give();
|
getResourceTracker().give();
|
||||||
@@ -1319,7 +1314,9 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
* from multiple local IP addresses over the same tunnel.
|
* from multiple local IP addresses over the same tunnel.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public synchronized void addAddressToTunnelInterface(int tunnelResourceId, String localAddr) {
|
public synchronized void addAddressToTunnelInterface(
|
||||||
|
int tunnelResourceId, LinkAddress localAddr) {
|
||||||
|
enforceNetworkStackPermission();
|
||||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||||
|
|
||||||
// Get tunnelInterface record; if no such interface is found, will throw
|
// Get tunnelInterface record; if no such interface is found, will throw
|
||||||
@@ -1327,8 +1324,21 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||||
|
|
||||||
// TODO: Add calls to netd:
|
try {
|
||||||
// Add address to TunnelInterface
|
// We can assume general validity of the IP address, since we get them as a
|
||||||
|
// LinkAddress, which does some validation.
|
||||||
|
mSrvConfig
|
||||||
|
.getNetdInstance()
|
||||||
|
.interfaceAddAddress(
|
||||||
|
tunnelInterfaceInfo.mInterfaceName,
|
||||||
|
localAddr.getAddress().getHostAddress(),
|
||||||
|
localAddr.getPrefixLength());
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
} catch (ServiceSpecificException e) {
|
||||||
|
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||||
|
throw new IllegalArgumentException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1337,7 +1347,8 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public synchronized void removeAddressFromTunnelInterface(
|
public synchronized void removeAddressFromTunnelInterface(
|
||||||
int tunnelResourceId, String localAddr) {
|
int tunnelResourceId, LinkAddress localAddr) {
|
||||||
|
enforceNetworkStackPermission();
|
||||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||||
|
|
||||||
// Get tunnelInterface record; if no such interface is found, will throw
|
// Get tunnelInterface record; if no such interface is found, will throw
|
||||||
@@ -1345,8 +1356,21 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||||
|
|
||||||
// TODO: Add calls to netd:
|
try {
|
||||||
// Remove address from TunnelInterface
|
// We can assume general validity of the IP address, since we get them as a
|
||||||
|
// LinkAddress, which does some validation.
|
||||||
|
mSrvConfig
|
||||||
|
.getNetdInstance()
|
||||||
|
.interfaceDelAddress(
|
||||||
|
tunnelInterfaceInfo.mInterfaceName,
|
||||||
|
localAddr.getAddress().getHostAddress(),
|
||||||
|
localAddr.getPrefixLength());
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
} catch (ServiceSpecificException e) {
|
||||||
|
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||||
|
throw new IllegalArgumentException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user