Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3c7f0c2 authored by Yan Yan's avatar Yan Yan Committed by Android (Google) Code Review
Browse files

Merge changes from topic "ikeparams-api-change-rvc-dev" into rvc-dev

* changes:
  Pass server address directly to IKE.
  Remove UdpEncapsulationSocket references in VPNs
parents cb3d162c a9159882
Loading
Loading
Loading
Loading
+4 −24
Original line number Diff line number Diff line
@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile;
import android.net.IpPrefix;
import android.net.IpSecManager;
import android.net.IpSecManager.IpSecTunnelInterface;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
import android.net.LinkAddress;
import android.net.LinkProperties;
@@ -2201,7 +2200,6 @@ public class Vpn {
        /** Signal to ensure shutdown is honored even if a new Network is connected. */
        private boolean mIsRunning = true;

        @Nullable private UdpEncapsulationSocket mEncapSocket;
        @Nullable private IpSecTunnelInterface mTunnelIface;
        @Nullable private IkeSession mSession;
        @Nullable private Network mActiveNetwork;
@@ -2352,29 +2350,21 @@ public class Vpn {
                    resetIkeState();
                    mActiveNetwork = network;

                    // TODO(b/149356682): Update this based on new IKE API
                    mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();

                    // TODO(b/149356682): Update this based on new IKE API
                    final IkeSessionParams ikeSessionParams =
                            VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);
                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);
                    final ChildSessionParams childSessionParams =
                            VpnIkev2Utils.buildChildSessionParams();

                    // TODO: Remove the need for adding two unused addresses with
                    // IPsec tunnels.
                    final InetAddress address = InetAddress.getLocalHost();
                    mTunnelIface =
                            mIpSecManager.createIpSecTunnelInterface(
                                    ikeSessionParams.getServerAddress() /* unused */,
                                    ikeSessionParams.getServerAddress() /* unused */,
                                    address /* unused */,
                                    address /* unused */,
                                    network);
                    mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());

                    // Socket must be bound to prevent network switches from causing
                    // the IKE teardown to fail/timeout.
                    // TODO(b/149356682): Update this based on new IKE API
                    network.bindSocket(mEncapSocket.getFileDescriptor());

                    mSession = mIkev2SessionCreator.createIkeSession(
                            mContext,
                            ikeSessionParams,
@@ -2459,16 +2449,6 @@ public class Vpn {
                mSession.kill(); // Kill here to make sure all resources are released immediately
                mSession = null;
            }

            // TODO(b/149356682): Update this based on new IKE API
            if (mEncapSocket != null) {
                try {
                    mEncapSocket.close();
                } catch (IOException e) {
                    Log.e(TAG, "Failed to close encap socket", e);
                }
                mEncapSocket = null;
            }
        }

        /**
+5 −9
Original line number Diff line number Diff line
@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;

import android.annotation.NonNull;
import android.content.Context;
import android.net.Ikev2VpnProfile;
import android.net.InetAddresses;
import android.net.IpPrefix;
import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
import android.net.Network;
import android.net.RouteInfo;
@@ -84,18 +84,14 @@ import java.util.List;
 */
public class VpnIkev2Utils {
    static IkeSessionParams buildIkeSessionParams(
            @NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {
        // TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported
        //                    until then. All others throw IAE (caught by caller).
        final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());
            @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {
        final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity());
        final IkeIdentification remoteId = parseIkeIdentification(profile.getServerAddr());

        // TODO(b/149356682): Update this based on new IKE API.
        final IkeSessionParams.Builder ikeOptionsBuilder =
                new IkeSessionParams.Builder()
                        .setServerAddress(serverAddr)
                        .setUdpEncapsulationSocket(socket)
                new IkeSessionParams.Builder(context)
                        .setServerHostname(profile.getServerAddr())
                        .setNetwork(network)
                        .setLocalIdentification(localId)
                        .setRemoteIdentification(remoteId);
        setIkeAuth(profile, ikeOptionsBuilder);