]>
Commit | Line | Data |
---|---|---|
17508851 TB |
1 | /* |
2 | * Copyright (C) 2012 Tobias Brunner | |
3 | * Copyright (C) 2012 Giuliano Grassi | |
4 | * Copyright (C) 2012 Ralf Sager | |
19ef2aec TB |
5 | * |
6 | * Copyright (C) secunet Security Networks AG | |
17508851 TB |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
18 | #include "android_ipsec.h" | |
d4f76751 | 19 | #include "../charonservice.h" |
17508851 | 20 | |
f05b4272 | 21 | #include <utils/debug.h> |
17508851 | 22 | #include <library.h> |
8394ea2a | 23 | #include <daemon.h> |
17508851 TB |
24 | #include <ipsec.h> |
25 | ||
26 | typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t; | |
27 | ||
28 | struct private_kernel_android_ipsec_t { | |
29 | ||
30 | /** | |
31 | * Public kernel interface | |
32 | */ | |
33 | kernel_android_ipsec_t public; | |
34 | ||
35 | /** | |
36 | * Listener for lifetime expire events | |
37 | */ | |
38 | ipsec_event_listener_t ipsec_listener; | |
39 | }; | |
40 | ||
41 | /** | |
b3ab7a48 | 42 | * Callback registered with libipsec. |
17508851 | 43 | */ |
b12c53ce | 44 | static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard) |
17508851 | 45 | { |
8394ea2a | 46 | charon->kernel->expire(charon->kernel, protocol, spi, dst, hard); |
17508851 TB |
47 | } |
48 | ||
49 | METHOD(kernel_ipsec_t, get_spi, status_t, | |
50 | private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, | |
b12c53ce | 51 | uint8_t protocol, uint32_t *spi) |
17508851 | 52 | { |
3e779ff5 | 53 | return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); |
17508851 TB |
54 | } |
55 | ||
56 | METHOD(kernel_ipsec_t, get_cpi, status_t, | |
57 | private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, | |
b12c53ce | 58 | uint16_t *cpi) |
17508851 TB |
59 | { |
60 | return NOT_SUPPORTED; | |
61 | } | |
62 | ||
63 | METHOD(kernel_ipsec_t, add_sa, status_t, | |
89da06ac TB |
64 | private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id, |
65 | kernel_ipsec_add_sa_t *data) | |
17508851 | 66 | { |
89da06ac TB |
67 | return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, |
68 | data->reqid, id->mark, data->tfc, data->lifetime, | |
69 | data->enc_alg, data->enc_key, data->int_alg, data->int_key, | |
70 | data->mode, data->ipcomp, data->cpi, data->initiator, | |
71 | data->encap, data->esn, data->inbound, data->update); | |
17508851 TB |
72 | } |
73 | ||
74 | METHOD(kernel_ipsec_t, update_sa, status_t, | |
89da06ac TB |
75 | private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id, |
76 | kernel_ipsec_update_sa_t *data) | |
17508851 | 77 | { |
89da06ac TB |
78 | return ipsec->sas->update_sa(ipsec->sas, id->spi, id->proto, data->cpi, |
79 | id->src, id->dst, data->new_src, data->new_dst, data->encap, | |
80 | data->new_encap, id->mark); | |
17508851 TB |
81 | } |
82 | ||
83 | METHOD(kernel_ipsec_t, query_sa, status_t, | |
89da06ac TB |
84 | private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id, |
85 | kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, | |
86 | time_t *time) | |
17508851 | 87 | { |
89da06ac TB |
88 | return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi, |
89 | id->proto, id->mark, bytes, packets, time); | |
17508851 TB |
90 | } |
91 | ||
92 | METHOD(kernel_ipsec_t, del_sa, status_t, | |
89da06ac TB |
93 | private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id, |
94 | kernel_ipsec_del_sa_t *data) | |
17508851 | 95 | { |
89da06ac TB |
96 | return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, |
97 | data->cpi, id->mark); | |
17508851 TB |
98 | } |
99 | ||
100 | METHOD(kernel_ipsec_t, flush_sas, status_t, | |
101 | private_kernel_android_ipsec_t *this) | |
102 | { | |
103 | return ipsec->sas->flush_sas(ipsec->sas); | |
104 | } | |
105 | ||
106 | METHOD(kernel_ipsec_t, add_policy, status_t, | |
89da06ac TB |
107 | private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id, |
108 | kernel_ipsec_manage_policy_t *data) | |
17508851 | 109 | { |
89da06ac TB |
110 | return ipsec->policies->add_policy(ipsec->policies, data->src, data->dst, |
111 | id->src_ts, id->dst_ts, id->dir, | |
112 | data->type, data->sa, id->mark, | |
113 | data->prio); | |
17508851 TB |
114 | } |
115 | ||
116 | METHOD(kernel_ipsec_t, query_policy, status_t, | |
89da06ac TB |
117 | private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id, |
118 | kernel_ipsec_query_policy_t *data, time_t *use_time) | |
17508851 TB |
119 | { |
120 | return NOT_SUPPORTED; | |
121 | } | |
122 | ||
123 | METHOD(kernel_ipsec_t, del_policy, status_t, | |
89da06ac TB |
124 | private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id, |
125 | kernel_ipsec_manage_policy_t *data) | |
17508851 | 126 | { |
89da06ac TB |
127 | return ipsec->policies->del_policy(ipsec->policies, data->src, data->dst, |
128 | id->src_ts, id->dst_ts, id->dir, | |
129 | data->type, data->sa, id->mark, | |
130 | data->prio); | |
17508851 TB |
131 | } |
132 | ||
133 | METHOD(kernel_ipsec_t, flush_policies, status_t, | |
134 | private_kernel_android_ipsec_t *this) | |
135 | { | |
136 | ipsec->policies->flush_policies(ipsec->policies); | |
137 | return SUCCESS; | |
138 | } | |
139 | ||
140 | METHOD(kernel_ipsec_t, bypass_socket, bool, | |
141 | private_kernel_android_ipsec_t *this, int fd, int family) | |
142 | { | |
d4f76751 | 143 | return charonservice->bypass_socket(charonservice, fd, family); |
17508851 TB |
144 | } |
145 | ||
146 | METHOD(kernel_ipsec_t, enable_udp_decap, bool, | |
b12c53ce | 147 | private_kernel_android_ipsec_t *this, int fd, int family, uint16_t port) |
17508851 TB |
148 | { |
149 | return NOT_SUPPORTED; | |
150 | } | |
151 | ||
152 | METHOD(kernel_ipsec_t, destroy, void, | |
153 | private_kernel_android_ipsec_t *this) | |
154 | { | |
155 | ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener); | |
156 | free(this); | |
157 | } | |
158 | ||
159 | /* | |
160 | * Described in header. | |
161 | */ | |
162 | kernel_android_ipsec_t *kernel_android_ipsec_create() | |
163 | { | |
164 | private_kernel_android_ipsec_t *this; | |
165 | ||
166 | INIT(this, | |
167 | .public = { | |
168 | .interface = { | |
169 | .get_spi = _get_spi, | |
170 | .get_cpi = _get_cpi, | |
171 | .add_sa = _add_sa, | |
172 | .update_sa = _update_sa, | |
173 | .query_sa = _query_sa, | |
174 | .del_sa = _del_sa, | |
175 | .flush_sas = _flush_sas, | |
176 | .add_policy = _add_policy, | |
177 | .query_policy = _query_policy, | |
178 | .del_policy = _del_policy, | |
179 | .flush_policies = _flush_policies, | |
180 | .bypass_socket = _bypass_socket, | |
181 | .enable_udp_decap = _enable_udp_decap, | |
182 | .destroy = _destroy, | |
183 | }, | |
184 | }, | |
185 | .ipsec_listener = { | |
186 | .expire = expire, | |
187 | }, | |
188 | ); | |
189 | ||
190 | ipsec->events->register_listener(ipsec->events, &this->ipsec_listener); | |
191 | ||
192 | return &this->public; | |
193 | } |