Merge "Fix minor bugs with tunnel mode implementation" (cb9cd96c) · Commits · e / os / android_frameworks_base

core/java/android/net/IpSecTransform.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable {
		mConfig.setMode(MODE_TUNNEL);
		mConfig.setSourceAddress(sourceAddress.getHostAddress());
		mConfig.setSpiResourceId(spi.getResourceId());
		return new IpSecTransform(mContext, mConfig);
		return new IpSecTransform(mContext, mConfig).activate();
		}

		/**

services/core/java/com/android/server/IpSecService.java

+34 −23

Original line number	Diff line number	Diff line
		@@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub {
		private static final String NETD_SERVICE_NAME = "netd";
		private static final int[] DIRECTIONS =
		new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN};
		private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"};

		private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
		private static final int MAX_PORT_BIND_ATTEMPTS = 10;
		@@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub {
		.append(mTransformQuotaTracker)
		.append(", mSocketQuotaTracker=")
		.append(mSocketQuotaTracker)
		.append(", mTunnelQuotaTracker=")
		.append(mTunnelQuotaTracker)
		.append(", mSpiRecords=")
		.append(mSpiRecords)
		.append(", mTransformRecords=")
		.append(mTransformRecords)
		.append(", mEncapSocketRecords=")
		.append(mEncapSocketRecords)
		.append(", mTunnelInterfaceRecords=")
		.append(mTunnelInterfaceRecords)
		.append("}")
		.toString();
		}
		@@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub {
		try {
		mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName);

		for(String wildcardAddr : WILDCARD_ADDRESSES) {
		for (int direction : DIRECTIONS) {
		int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey;
		mSrvConfig
		.getNetdInstance()
		.ipSecDeleteSecurityPolicy(
		0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff);
		0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
		}
		}
		} catch (ServiceSpecificException e) {
		// FIXME: get the error code and throw is at an IOException from Errno Exception
		@@ -1261,6 +1268,7 @@ public class IpSecService extends IIpSecService.Stub {
		.getNetdInstance()
		.addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey);

		for(String wildcardAddr : WILDCARD_ADDRESSES) {
		for (int direction : DIRECTIONS) {
		int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey;

		@@ -1269,12 +1277,13 @@ public class IpSecService extends IIpSecService.Stub {
		.ipSecAddSecurityPolicy(
		0, // Use 0 for reqId
		direction,
		"",
		"",
		wildcardAddr,
		wildcardAddr,
		0,
		mark,
		0xffffffff);
		}
		}

		userRecord.mTunnelInterfaceRecords.put(
		resourceId,
		@@ -1646,17 +1655,19 @@ public class IpSecService extends IIpSecService.Stub {
		c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork());

		// If outbound, also add SPI to the policy.
		for(String wildcardAddr : WILDCARD_ADDRESSES) {
		mSrvConfig
		.getNetdInstance()
		.ipSecUpdateSecurityPolicy(
		0, // Use 0 for reqId
		direction,
		"",
		"",
		wildcardAddr,
		wildcardAddr,
		transformInfo.getSpiRecord().getSpi(),
		mark,
		0xffffffff);
		}
		}

		// Update SA with tunnel mark (ikey or okey based on direction)
		createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord);