Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0a431804 authored by Lorenzo Colitti's avatar Lorenzo Colitti Committed by Android (Google) Code Review
Browse files

Merge changes from topic "cherrypicker-L33200000955045139:N22000001272520181" into tm-qpr-dev 

* changes:
  Add a retry mechanism when error is recoverable
  Enable MOBIKE in IKEv2 VPN
  Use token to identify IKE Session
parents 65a3d8eb 4dc410d5

services/core/java/com/android/server/connectivity/Vpn.java

+409 −69

File changed.

Preview size limit exceeded, changes collapsed.

services/core/java/com/android/server/connectivity/VpnIkev2Utils.java

+42 −26
Original line number Diff line number Diff line
@@ -68,6 +68,7 @@ import android.net.ipsec.ike.IkeRfc822AddrIdentification; 
import android.net.ipsec.ike.IkeSaProposal;

import android.net.ipsec.ike.IkeSessionCallback;

import android.net.ipsec.ike.IkeSessionConfiguration;

import android.net.ipsec.ike.IkeSessionConnectionInfo;

import android.net.ipsec.ike.IkeSessionParams;

import android.net.ipsec.ike.IkeTrafficSelector;

import android.net.ipsec.ike.TunnelModeChildSessionParams;
@@ -107,6 +108,7 @@ public class VpnIkev2Utils { 
                new IkeSessionParams.Builder(context)

                        .setServerHostname(profile.getServerAddr())

                        .setNetwork(network)

                        .addIkeOption(IkeSessionParams.IKE_OPTION_MOBIKE)

                        .setLocalIdentification(localId)

                        .setRemoteIdentification(remoteId);

        setIkeAuth(profile, ikeOptionsBuilder);
@@ -298,72 +300,79 @@ public class VpnIkev2Utils { 
    static class IkeSessionCallbackImpl implements IkeSessionCallback {

        private final String mTag;

        private final Vpn.IkeV2VpnRunnerCallback mCallback;

        private final Network mNetwork;

        private final int mToken;



        IkeSessionCallbackImpl(String tag, Vpn.IkeV2VpnRunnerCallback callback, Network network) {

        IkeSessionCallbackImpl(String tag, Vpn.IkeV2VpnRunnerCallback callback, int token) {

            mTag = tag;

            mCallback = callback;

            mNetwork = network;

            mToken = token;

        }



        @Override

        public void onOpened(@NonNull IkeSessionConfiguration ikeSessionConfig) {

            Log.d(mTag, "IkeOpened for network " + mNetwork);

            // Nothing to do here.

            Log.d(mTag, "IkeOpened for token " + mToken);

            mCallback.onIkeOpened(mToken, ikeSessionConfig);

        }



        @Override

        public void onClosed() {

            Log.d(mTag, "IkeClosed for network " + mNetwork);

            mCallback.onSessionLost(mNetwork, null); // Server requested session closure. Retry?

            Log.d(mTag, "IkeClosed for token " + mToken);

            mCallback.onSessionLost(mToken, null); // Server requested session closure. Retry?

        }



        @Override

        public void onClosedExceptionally(@NonNull IkeException exception) {

            Log.d(mTag, "IkeClosedExceptionally for network " + mNetwork, exception);

            mCallback.onSessionLost(mNetwork, exception);

            Log.d(mTag, "IkeClosedExceptionally for token " + mToken, exception);

            mCallback.onSessionLost(mToken, exception);

        }



        @Override

        public void onError(@NonNull IkeProtocolException exception) {

            Log.d(mTag, "IkeError for network " + mNetwork, exception);

            Log.d(mTag, "IkeError for token " + mToken, exception);

            // Non-fatal, log and continue.

        }



        @Override

        public void onIkeSessionConnectionInfoChanged(

                @NonNull IkeSessionConnectionInfo connectionInfo) {

            Log.d(mTag, "onIkeSessionConnectionInfoChanged for token " + mToken);

            mCallback.onIkeConnectionInfoChanged(mToken, connectionInfo);

        }

    }



    static class ChildSessionCallbackImpl implements ChildSessionCallback {

        private final String mTag;

        private final Vpn.IkeV2VpnRunnerCallback mCallback;

        private final Network mNetwork;

        private final int mToken;



        ChildSessionCallbackImpl(String tag, Vpn.IkeV2VpnRunnerCallback callback, Network network) {

        ChildSessionCallbackImpl(String tag, Vpn.IkeV2VpnRunnerCallback callback, int token) {

            mTag = tag;

            mCallback = callback;

            mNetwork = network;

            mToken = token;

        }



        @Override

        public void onOpened(@NonNull ChildSessionConfiguration childConfig) {

            Log.d(mTag, "ChildOpened for network " + mNetwork);

            mCallback.onChildOpened(mNetwork, childConfig);

            Log.d(mTag, "ChildOpened for token " + mToken);

            mCallback.onChildOpened(mToken, childConfig);

        }



        @Override

        public void onClosed() {

            Log.d(mTag, "ChildClosed for network " + mNetwork);

            mCallback.onSessionLost(mNetwork, null);

            Log.d(mTag, "ChildClosed for token " + mToken);

            mCallback.onSessionLost(mToken, null);

        }



        @Override

        public void onClosedExceptionally(@NonNull IkeException exception) {

            Log.d(mTag, "ChildClosedExceptionally for network " + mNetwork, exception);

            mCallback.onSessionLost(mNetwork, exception);

            Log.d(mTag, "ChildClosedExceptionally for token " + mToken, exception);

            mCallback.onSessionLost(mToken, exception);

        }



        @Override

        public void onIpSecTransformCreated(@NonNull IpSecTransform transform, int direction) {

            Log.d(mTag, "ChildTransformCreated; Direction: " + direction + "; network " + mNetwork);

            mCallback.onChildTransformCreated(mNetwork, transform, direction);

            Log.d(mTag, "ChildTransformCreated; Direction: " + direction + "; token " + mToken);

            mCallback.onChildTransformCreated(mToken, transform, direction);

        }



        @Override
@@ -371,8 +380,15 @@ public class VpnIkev2Utils { 
            // Nothing to be done; no references to the IpSecTransform are held by the

            // Ikev2VpnRunner (or this callback class), and this transform will be closed by the

            // IKE library.

            Log.d(mTag,

                    "ChildTransformDeleted; Direction: " + direction + "; for network " + mNetwork);

            Log.d(mTag, "ChildTransformDeleted; Direction: " + direction + "; for token " + mToken);

        }



        @Override

        public void onIpSecTransformsMigrated(

                @NonNull IpSecTransform inIpSecTransform,

                @NonNull IpSecTransform outIpSecTransform) {

            Log.d(mTag, "ChildTransformsMigrated; token " + mToken);

            mCallback.onChildMigrated(mToken, inIpSecTransform, outIpSecTransform);

        }

    }
@@ -390,7 +406,7 @@ public class VpnIkev2Utils { 


        @Override

        public void onAvailable(@NonNull Network network) {

            Log.d(mTag, "Starting IKEv2/IPsec session on new network: " + network);

            Log.d(mTag, "onAvailable called for network: " + network);

            mExecutor.execute(() -> mCallback.onDefaultNetworkChanged(network));

        }
@@ -412,8 +428,8 @@ public class VpnIkev2Utils { 


        @Override

        public void onLost(@NonNull Network network) {

            Log.d(mTag, "Tearing down; lost network: " + network);

            mExecutor.execute(() -> mCallback.onSessionLost(network, null));

            Log.d(mTag, "onLost called for network: " + network);

            mExecutor.execute(() -> mCallback.onDefaultNetworkLost(network));

        }

    }