Loading core/java/android/net/Ikev2VpnProfile.java +5 −0 Original line number Diff line number Diff line Loading @@ -1108,6 +1108,11 @@ public final class Ikev2VpnProfile extends PlatformVpnProfile { /** * Sets the enabled state of the automatic NAT-T keepalive timers * * Note that if this builder was constructed with a {@link IkeTunnelConnectionParams}, * but this is called with {@code true}, the framework will automatically choose the * appropriate keepalive timer and ignore the settings in the session params embedded * in the connection params. * * @param isEnabled {@code true} to enable automatic keepalive timers, based on internal * platform signals. Defaults to {@code false}. * @return this {@link Builder} object to facilitate chaining of method calls Loading services/core/java/com/android/server/connectivity/Vpn.java +63 −8 Original line number Diff line number Diff line Loading @@ -25,6 +25,8 @@ import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.RouteInfo.RTN_THROW; import static android.net.RouteInfo.RTN_UNREACHABLE; import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN; import static android.net.ipsec.ike.IkeSessionParams.ESP_ENCAP_TYPE_AUTO; import static android.net.ipsec.ike.IkeSessionParams.ESP_IP_VERSION_AUTO; import static android.os.PowerWhitelistManager.REASON_VPN; import static android.os.UserHandle.PER_USER_RANGE; Loading Loading @@ -251,6 +253,13 @@ public class Vpn { */ private static final int STARTING_TOKEN = -1; // TODO : read this from carrier config instead of a constant @VisibleForTesting public static final int AUTOMATIC_KEEPALIVE_DELAY_SECONDS = 30; // Default keepalive timeout for carrier config is 5 minutes. Mimic this. private static final int DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT = 5 * 60; // TODO: create separate trackers for each unique VPN to support // automated reconnection Loading Loading @@ -3071,6 +3080,7 @@ public class Vpn { prepareStatusIntent(); } agentConnect(this::onValidationStatus); mSession.setUnderpinnedNetwork(mNetworkAgent.getNetwork()); return; // Link properties are already sent. } else { // Underlying networks also set in agentConnect() Loading Loading @@ -3179,6 +3189,7 @@ public class Vpn { if (!removedAddrs.isEmpty()) { startNewNetworkAgent( mNetworkAgent, "MTU too low for IPv6; restarting network agent"); mSession.setUnderpinnedNetwork(mNetworkAgent.getNetwork()); for (LinkAddress removed : removedAddrs) { mTunnelIface.removeAddress( Loading Loading @@ -3251,14 +3262,22 @@ public class Vpn { private IkeSessionParams getIkeSessionParams(@NonNull Network underlyingNetwork) { final IkeTunnelConnectionParams ikeTunConnParams = mProfile.getIkeTunnelConnectionParams(); final IkeSessionParams.Builder builder; if (ikeTunConnParams != null) { final IkeSessionParams.Builder builder = new IkeSessionParams.Builder(ikeTunConnParams.getIkeSessionParams()) builder = new IkeSessionParams.Builder(ikeTunConnParams.getIkeSessionParams()) .setNetwork(underlyingNetwork); return builder.build(); } else { return VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, underlyingNetwork); builder = VpnIkev2Utils.makeIkeSessionParamsBuilder(mContext, mProfile, underlyingNetwork); } if (mProfile.isAutomaticNattKeepaliveTimerEnabled()) { builder.setNattKeepAliveDelaySeconds(guessNattKeepaliveTimerForNetwork()); } if (mProfile.isAutomaticIpVersionSelectionEnabled()) { builder.setIpVersion(guessEspIpVersionForNetwork()); builder.setEncapType(guessEspEncapTypeForNetwork()); } return builder.build(); } @NonNull Loading Loading @@ -3322,6 +3341,23 @@ public class Vpn { startIkeSession(underlyingNetwork); } private int guessEspIpVersionForNetwork() { // TODO : guess the IP version based on carrier if auto IP version selection is enabled return ESP_IP_VERSION_AUTO; } private int guessEspEncapTypeForNetwork() { // TODO : guess the ESP encap type based on carrier if auto IP version selection is // enabled return ESP_ENCAP_TYPE_AUTO; } private int guessNattKeepaliveTimerForNetwork() { // TODO : guess the keepalive delay based on carrier if auto keepalive timer is // enabled return AUTOMATIC_KEEPALIVE_DELAY_SECONDS; } boolean maybeMigrateIkeSession(@NonNull Network underlyingNetwork) { if (mSession == null || !mMobikeEnabled) return false; Loading @@ -3331,7 +3367,20 @@ public class Vpn { + mCurrentToken + " to network " + underlyingNetwork); mSession.setNetwork(underlyingNetwork); final int ipVersion = mProfile.isAutomaticIpVersionSelectionEnabled() ? guessEspIpVersionForNetwork() : ESP_IP_VERSION_AUTO; final int encapType = mProfile.isAutomaticIpVersionSelectionEnabled() ? guessEspEncapTypeForNetwork() : ESP_ENCAP_TYPE_AUTO; final int keepaliveDelaySeconds; if (mProfile.isAutomaticNattKeepaliveTimerEnabled()) { keepaliveDelaySeconds = guessNattKeepaliveTimerForNetwork(); } else if (mProfile.getIkeTunnelConnectionParams() != null) { keepaliveDelaySeconds = mProfile.getIkeTunnelConnectionParams() .getIkeSessionParams().getNattKeepAliveDelaySeconds(); } else { keepaliveDelaySeconds = DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT; } mSession.setNetwork(underlyingNetwork, ipVersion, encapType, keepaliveDelaySeconds); return true; } Loading Loading @@ -4661,8 +4710,14 @@ public class Vpn { } /** Update the underlying network of the IKE Session */ public void setNetwork(@NonNull Network network) { mImpl.setNetwork(network); public void setNetwork(@NonNull Network network, int ipVersion, int encapType, int keepaliveDelaySeconds) { mImpl.setNetwork(network, ipVersion, encapType, keepaliveDelaySeconds); } /** Set the underpinned network */ public void setUnderpinnedNetwork(@NonNull Network underpinnedNetwork) { mImpl.setUnderpinnedNetwork(underpinnedNetwork); } /** Forcibly terminate the IKE Session */ Loading services/core/java/com/android/server/connectivity/VpnIkev2Utils.java +2 −2 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ import java.util.concurrent.Executor; public class VpnIkev2Utils { private static final String TAG = VpnIkev2Utils.class.getSimpleName(); static IkeSessionParams buildIkeSessionParams( static IkeSessionParams.Builder makeIkeSessionParamsBuilder( @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) { final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity()); final IkeIdentification remoteId = parseIkeIdentification(profile.getServerAddr()); Loading @@ -117,7 +117,7 @@ public class VpnIkev2Utils { ikeOptionsBuilder.addSaProposal(ikeProposal); } return ikeOptionsBuilder.build(); return ikeOptionsBuilder; } static ChildSessionParams buildChildSessionParams(List<String> allowedAlgorithms) { Loading Loading
core/java/android/net/Ikev2VpnProfile.java +5 −0 Original line number Diff line number Diff line Loading @@ -1108,6 +1108,11 @@ public final class Ikev2VpnProfile extends PlatformVpnProfile { /** * Sets the enabled state of the automatic NAT-T keepalive timers * * Note that if this builder was constructed with a {@link IkeTunnelConnectionParams}, * but this is called with {@code true}, the framework will automatically choose the * appropriate keepalive timer and ignore the settings in the session params embedded * in the connection params. * * @param isEnabled {@code true} to enable automatic keepalive timers, based on internal * platform signals. Defaults to {@code false}. * @return this {@link Builder} object to facilitate chaining of method calls Loading
services/core/java/com/android/server/connectivity/Vpn.java +63 −8 Original line number Diff line number Diff line Loading @@ -25,6 +25,8 @@ import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.RouteInfo.RTN_THROW; import static android.net.RouteInfo.RTN_UNREACHABLE; import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN; import static android.net.ipsec.ike.IkeSessionParams.ESP_ENCAP_TYPE_AUTO; import static android.net.ipsec.ike.IkeSessionParams.ESP_IP_VERSION_AUTO; import static android.os.PowerWhitelistManager.REASON_VPN; import static android.os.UserHandle.PER_USER_RANGE; Loading Loading @@ -251,6 +253,13 @@ public class Vpn { */ private static final int STARTING_TOKEN = -1; // TODO : read this from carrier config instead of a constant @VisibleForTesting public static final int AUTOMATIC_KEEPALIVE_DELAY_SECONDS = 30; // Default keepalive timeout for carrier config is 5 minutes. Mimic this. private static final int DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT = 5 * 60; // TODO: create separate trackers for each unique VPN to support // automated reconnection Loading Loading @@ -3071,6 +3080,7 @@ public class Vpn { prepareStatusIntent(); } agentConnect(this::onValidationStatus); mSession.setUnderpinnedNetwork(mNetworkAgent.getNetwork()); return; // Link properties are already sent. } else { // Underlying networks also set in agentConnect() Loading Loading @@ -3179,6 +3189,7 @@ public class Vpn { if (!removedAddrs.isEmpty()) { startNewNetworkAgent( mNetworkAgent, "MTU too low for IPv6; restarting network agent"); mSession.setUnderpinnedNetwork(mNetworkAgent.getNetwork()); for (LinkAddress removed : removedAddrs) { mTunnelIface.removeAddress( Loading Loading @@ -3251,14 +3262,22 @@ public class Vpn { private IkeSessionParams getIkeSessionParams(@NonNull Network underlyingNetwork) { final IkeTunnelConnectionParams ikeTunConnParams = mProfile.getIkeTunnelConnectionParams(); final IkeSessionParams.Builder builder; if (ikeTunConnParams != null) { final IkeSessionParams.Builder builder = new IkeSessionParams.Builder(ikeTunConnParams.getIkeSessionParams()) builder = new IkeSessionParams.Builder(ikeTunConnParams.getIkeSessionParams()) .setNetwork(underlyingNetwork); return builder.build(); } else { return VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, underlyingNetwork); builder = VpnIkev2Utils.makeIkeSessionParamsBuilder(mContext, mProfile, underlyingNetwork); } if (mProfile.isAutomaticNattKeepaliveTimerEnabled()) { builder.setNattKeepAliveDelaySeconds(guessNattKeepaliveTimerForNetwork()); } if (mProfile.isAutomaticIpVersionSelectionEnabled()) { builder.setIpVersion(guessEspIpVersionForNetwork()); builder.setEncapType(guessEspEncapTypeForNetwork()); } return builder.build(); } @NonNull Loading Loading @@ -3322,6 +3341,23 @@ public class Vpn { startIkeSession(underlyingNetwork); } private int guessEspIpVersionForNetwork() { // TODO : guess the IP version based on carrier if auto IP version selection is enabled return ESP_IP_VERSION_AUTO; } private int guessEspEncapTypeForNetwork() { // TODO : guess the ESP encap type based on carrier if auto IP version selection is // enabled return ESP_ENCAP_TYPE_AUTO; } private int guessNattKeepaliveTimerForNetwork() { // TODO : guess the keepalive delay based on carrier if auto keepalive timer is // enabled return AUTOMATIC_KEEPALIVE_DELAY_SECONDS; } boolean maybeMigrateIkeSession(@NonNull Network underlyingNetwork) { if (mSession == null || !mMobikeEnabled) return false; Loading @@ -3331,7 +3367,20 @@ public class Vpn { + mCurrentToken + " to network " + underlyingNetwork); mSession.setNetwork(underlyingNetwork); final int ipVersion = mProfile.isAutomaticIpVersionSelectionEnabled() ? guessEspIpVersionForNetwork() : ESP_IP_VERSION_AUTO; final int encapType = mProfile.isAutomaticIpVersionSelectionEnabled() ? guessEspEncapTypeForNetwork() : ESP_ENCAP_TYPE_AUTO; final int keepaliveDelaySeconds; if (mProfile.isAutomaticNattKeepaliveTimerEnabled()) { keepaliveDelaySeconds = guessNattKeepaliveTimerForNetwork(); } else if (mProfile.getIkeTunnelConnectionParams() != null) { keepaliveDelaySeconds = mProfile.getIkeTunnelConnectionParams() .getIkeSessionParams().getNattKeepAliveDelaySeconds(); } else { keepaliveDelaySeconds = DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT; } mSession.setNetwork(underlyingNetwork, ipVersion, encapType, keepaliveDelaySeconds); return true; } Loading Loading @@ -4661,8 +4710,14 @@ public class Vpn { } /** Update the underlying network of the IKE Session */ public void setNetwork(@NonNull Network network) { mImpl.setNetwork(network); public void setNetwork(@NonNull Network network, int ipVersion, int encapType, int keepaliveDelaySeconds) { mImpl.setNetwork(network, ipVersion, encapType, keepaliveDelaySeconds); } /** Set the underpinned network */ public void setUnderpinnedNetwork(@NonNull Network underpinnedNetwork) { mImpl.setUnderpinnedNetwork(underpinnedNetwork); } /** Forcibly terminate the IKE Session */ Loading
services/core/java/com/android/server/connectivity/VpnIkev2Utils.java +2 −2 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ import java.util.concurrent.Executor; public class VpnIkev2Utils { private static final String TAG = VpnIkev2Utils.class.getSimpleName(); static IkeSessionParams buildIkeSessionParams( static IkeSessionParams.Builder makeIkeSessionParamsBuilder( @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) { final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity()); final IkeIdentification remoteId = parseIkeIdentification(profile.getServerAddr()); Loading @@ -117,7 +117,7 @@ public class VpnIkev2Utils { ikeOptionsBuilder.addSaProposal(ikeProposal); } return ikeOptionsBuilder.build(); return ikeOptionsBuilder; } static ChildSessionParams buildChildSessionParams(List<String> allowedAlgorithms) { Loading
