Merge "Added implementation for VTI add/remove address"
This commit is contained in:
Benedict Wong
@@ -16,6 +16,7 @@
|
||||
|
||||
package android.net;
|
||||
|
||||
import android.net.LinkAddress;
|
||||
import android.net.Network;
|
||||
import android.net.IpSecConfig;
|
||||
import android.net.IpSecUdpEncapResponse;
|
||||
@@ -48,11 +49,11 @@ interface IIpSecService
|
||||
|
||||
void addAddressToTunnelInterface(
|
||||
int tunnelResourceId,
|
||||
String localAddr);
|
||||
in LinkAddress localAddr);
|
||||
|
||||
void removeAddressFromTunnelInterface(
|
||||
int tunnelResourceId,
|
||||
String localAddr);
|
||||
in LinkAddress localAddr);
|
||||
|
||||
void deleteTunnelInterface(int resourceId);
|
||||
|
||||
|
||||
@@ -656,10 +656,14 @@ public final class IpSecManager {
|
||||
* tunneled traffic.
|
||||
*
|
||||
* @param address the local address for traffic inside the tunnel
|
||||
* @throws IOException if the address could not be added
|
||||
* @hide
|
||||
*/
|
||||
public void addAddress(LinkAddress address) throws IOException {
|
||||
public void addAddress(LinkAddress address) {
|
||||
try {
|
||||
mService.addAddressToTunnelInterface(mResourceId, address);
|
||||
} catch (RemoteException e) {
|
||||
throw e.rethrowFromSystemServer();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -668,10 +672,14 @@ public final class IpSecManager {
|
||||
* <p>Remove an address which was previously added to the IpSecTunnelInterface
|
||||
*
|
||||
* @param address to be removed
|
||||
* @throws IOException if the address could not be removed
|
||||
* @hide
|
||||
*/
|
||||
public void removeAddress(LinkAddress address) throws IOException {
|
||||
public void removeAddress(LinkAddress address) {
|
||||
try {
|
||||
mService.removeAddressFromTunnelInterface(mResourceId, address);
|
||||
} catch (RemoteException e) {
|
||||
throw e.rethrowFromSystemServer();
|
||||
}
|
||||
}
|
||||
|
||||
private IpSecTunnelInterface(@NonNull IIpSecService service,
|
||||
|
||||
@@ -36,6 +36,7 @@ import android.net.IpSecTransform;
|
||||
import android.net.IpSecTransformResponse;
|
||||
import android.net.IpSecTunnelInterfaceResponse;
|
||||
import android.net.IpSecUdpEncapResponse;
|
||||
import android.net.LinkAddress;
|
||||
import android.net.Network;
|
||||
import android.net.NetworkUtils;
|
||||
import android.net.TrafficStats;
|
||||
@@ -618,10 +619,8 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
spi,
|
||||
mConfig.getMarkValue(),
|
||||
mConfig.getMarkMask());
|
||||
} catch (ServiceSpecificException e) {
|
||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
||||
} catch (RemoteException e) {
|
||||
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId);
|
||||
} catch (RemoteException | ServiceSpecificException e) {
|
||||
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId, e);
|
||||
}
|
||||
|
||||
getResourceTracker().give();
|
||||
@@ -681,10 +680,8 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
.getNetdInstance()
|
||||
.ipSecDeleteSecurityAssociation(
|
||||
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
|
||||
} catch (ServiceSpecificException e) {
|
||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
||||
} catch (RemoteException e) {
|
||||
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId);
|
||||
} catch (ServiceSpecificException | RemoteException e) {
|
||||
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
|
||||
}
|
||||
|
||||
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
|
||||
@@ -829,15 +826,13 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
||||
}
|
||||
}
|
||||
} catch (ServiceSpecificException e) {
|
||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
||||
} catch (RemoteException e) {
|
||||
} catch (ServiceSpecificException | RemoteException e) {
|
||||
Log.e(
|
||||
TAG,
|
||||
"Failed to delete VTI with interface name: "
|
||||
+ mInterfaceName
|
||||
+ " and id: "
|
||||
+ mResourceId);
|
||||
+ mResourceId, e);
|
||||
}
|
||||
|
||||
getResourceTracker().give();
|
||||
@@ -1319,7 +1314,9 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
* from multiple local IP addresses over the same tunnel.
|
||||
*/
|
||||
@Override
|
||||
public synchronized void addAddressToTunnelInterface(int tunnelResourceId, String localAddr) {
|
||||
public synchronized void addAddressToTunnelInterface(
|
||||
int tunnelResourceId, LinkAddress localAddr) {
|
||||
enforceNetworkStackPermission();
|
||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||
|
||||
// Get tunnelInterface record; if no such interface is found, will throw
|
||||
@@ -1327,8 +1324,21 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||
|
||||
// TODO: Add calls to netd:
|
||||
// Add address to TunnelInterface
|
||||
try {
|
||||
// We can assume general validity of the IP address, since we get them as a
|
||||
// LinkAddress, which does some validation.
|
||||
mSrvConfig
|
||||
.getNetdInstance()
|
||||
.interfaceAddAddress(
|
||||
tunnelInterfaceInfo.mInterfaceName,
|
||||
localAddr.getAddress().getHostAddress(),
|
||||
localAddr.getPrefixLength());
|
||||
} catch (RemoteException e) {
|
||||
throw e.rethrowFromSystemServer();
|
||||
} catch (ServiceSpecificException e) {
|
||||
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||
throw new IllegalArgumentException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1337,7 +1347,8 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
*/
|
||||
@Override
|
||||
public synchronized void removeAddressFromTunnelInterface(
|
||||
int tunnelResourceId, String localAddr) {
|
||||
int tunnelResourceId, LinkAddress localAddr) {
|
||||
enforceNetworkStackPermission();
|
||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||
|
||||
// Get tunnelInterface record; if no such interface is found, will throw
|
||||
@@ -1345,8 +1356,21 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||
|
||||
// TODO: Add calls to netd:
|
||||
// Remove address from TunnelInterface
|
||||
try {
|
||||
// We can assume general validity of the IP address, since we get them as a
|
||||
// LinkAddress, which does some validation.
|
||||
mSrvConfig
|
||||
.getNetdInstance()
|
||||
.interfaceDelAddress(
|
||||
tunnelInterfaceInfo.mInterfaceName,
|
||||
localAddr.getAddress().getHostAddress(),
|
||||
localAddr.getPrefixLength());
|
||||
} catch (RemoteException e) {
|
||||
throw e.rethrowFromSystemServer();
|
||||
} catch (ServiceSpecificException e) {
|
||||
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||
throw new IllegalArgumentException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user