LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Fix minor bugs with tunnel mode implementation" am: cb9cd96c50

Browse Source 
am: b7afa3f6fb

Change-Id: I9c2a844d9ccc401a34d0e6318506406e8c33fab6
This commit is contained in:
Benedict Wong
2018-02-01 03:49:45 +00:00
committed by android-build-merger
parent b9d614d4df 7660370a83
commit 25cb38a9b7
2 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/android/net/IpSecTransform.java
View File

@@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable {
mConfig.setMode(MODE_TUNNEL);
mConfig.setSourceAddress(sourceAddress.getHostAddress());
mConfig.setSpiResourceId(spi.getResourceId());
return new IpSecTransform(mContext, mConfig);
return new IpSecTransform(mContext, mConfig).activate();
}
/**

21
services/core/java/com/android/server/IpSecService.java
View File

@@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub {
private static final String NETD_SERVICE_NAME = "netd";
private static final int[] DIRECTIONS =
new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN};
private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"};
private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
private static final int MAX_PORT_BIND_ATTEMPTS = 10;
@@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub {
.append(mTransformQuotaTracker)
.append(", mSocketQuotaTracker=")
.append(mSocketQuotaTracker)
.append(", mTunnelQuotaTracker=")
.append(mTunnelQuotaTracker)
.append(", mSpiRecords=")
.append(mSpiRecords)
.append(", mTransformRecords=")
.append(mTransformRecords)
.append(", mEncapSocketRecords=")
.append(mEncapSocketRecords)
.append(", mTunnelInterfaceRecords=")
.append(mTunnelInterfaceRecords)
.append("}")
.toString();
}
@@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub {
try {
mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName);
for(String wildcardAddr : WILDCARD_ADDRESSES) {
for (int direction : DIRECTIONS) {
int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey;
mSrvConfig
.getNetdInstance()
.ipSecDeleteSecurityPolicy(
0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff);
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
}
}
} catch (ServiceSpecificException e) {
// FIXME: get the error code and throw is at an IOException from Errno Exception
@@ -1261,6 +1268,7 @@ public class IpSecService extends IIpSecService.Stub {
.getNetdInstance()
.addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey);
for(String wildcardAddr : WILDCARD_ADDRESSES) {
for (int direction : DIRECTIONS) {
int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey;
@@ -1269,12 +1277,13 @@ public class IpSecService extends IIpSecService.Stub {
.ipSecAddSecurityPolicy(
0, // Use 0 for reqId
direction,
"",
"",
wildcardAddr,
wildcardAddr,
0,
mark,
0xffffffff);
}
}
userRecord.mTunnelInterfaceRecords.put(
resourceId,
@@ -1646,17 +1655,19 @@ public class IpSecService extends IIpSecService.Stub {
c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork());
// If outbound, also add SPI to the policy.
for(String wildcardAddr : WILDCARD_ADDRESSES) {
mSrvConfig
.getNetdInstance()
.ipSecUpdateSecurityPolicy(
0, // Use 0 for reqId
direction,
"",
"",
wildcardAddr,
wildcardAddr,
transformInfo.getSpiRecord().getSpi(),
mark,
0xffffffff);
}
}
// Update SA with tunnel mark (ikey or okey based on direction)
createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord);