[thirdparty/strongswan.git] / src / frontends / android / app / src / main / jni / libandroidbridge / kernel / android_ipsec.c

/*
 * Copyright (C) 2012 Tobias Brunner
 * Copyright (C) 2012 Giuliano Grassi
 * Copyright (C) 2012 Ralf Sager
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.  *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "android_ipsec.h"
#include "../charonservice.h"

#include <utils/debug.h>
#include <library.h>
#include <daemon.h>
#include <ipsec.h>

typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;

struct private_kernel_android_ipsec_t {

	/**
	 * Public kernel interface
	 */
	kernel_android_ipsec_t public;

	/**
	 * Listener for lifetime expire events
	 */
	ipsec_event_listener_t ipsec_listener;
};

/**
 * Callback registered with libipsec.
 */
static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
{
	charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
}

METHOD(kernel_ipsec_t, get_spi, status_t,
	private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
	uint8_t protocol, uint32_t *spi)
{
	return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi);
}

METHOD(kernel_ipsec_t, get_cpi, status_t,
	private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
	uint16_t *cpi)
{
	return NOT_SUPPORTED;
}

METHOD(kernel_ipsec_t, add_sa, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
	kernel_ipsec_add_sa_t *data)
{
	return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
					data->reqid, id->mark, data->tfc, data->lifetime,
					data->enc_alg, data->enc_key, data->int_alg, data->int_key,
					data->mode, data->ipcomp, data->cpi, data->initiator,
					data->encap, data->esn, data->inbound, data->update);
}

METHOD(kernel_ipsec_t, update_sa, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
	kernel_ipsec_update_sa_t *data)
{
	return ipsec->sas->update_sa(ipsec->sas, id->spi, id->proto, data->cpi,
					id->src, id->dst, data->new_src, data->new_dst, data->encap,
					data->new_encap, id->mark);
}

METHOD(kernel_ipsec_t, query_sa, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
	kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
	time_t *time)
{
	return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi,
								id->proto, id->mark, bytes, packets, time);
}

METHOD(kernel_ipsec_t, del_sa, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
	kernel_ipsec_del_sa_t *data)
{
	return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
							  data->cpi, id->mark);
}

METHOD(kernel_ipsec_t, flush_sas, status_t,
	private_kernel_android_ipsec_t *this)
{
	return ipsec->sas->flush_sas(ipsec->sas);
}

METHOD(kernel_ipsec_t, add_policy, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id,
	kernel_ipsec_manage_policy_t *data)
{
	return ipsec->policies->add_policy(ipsec->policies, data->src, data->dst,
									   id->src_ts, id->dst_ts, id->dir,
									   data->type, data->sa, id->mark,
									   data->prio);
}

METHOD(kernel_ipsec_t, query_policy, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id,
	kernel_ipsec_query_policy_t *data, time_t *use_time)
{
	return NOT_SUPPORTED;
}

METHOD(kernel_ipsec_t, del_policy, status_t,
	private_kernel_android_ipsec_t *this, kernel_ipsec_policy_id_t *id,
	kernel_ipsec_manage_policy_t *data)
{
	return ipsec->policies->del_policy(ipsec->policies, data->src, data->dst,
									   id->src_ts, id->dst_ts, id->dir,
									   data->type, data->sa, id->mark,
									   data->prio);
}

METHOD(kernel_ipsec_t, flush_policies, status_t,
	private_kernel_android_ipsec_t *this)
{
	ipsec->policies->flush_policies(ipsec->policies);
	return SUCCESS;
}

METHOD(kernel_ipsec_t, bypass_socket, bool,
	private_kernel_android_ipsec_t *this, int fd, int family)
{
	return charonservice->bypass_socket(charonservice, fd, family);
}

METHOD(kernel_ipsec_t, enable_udp_decap, bool,
	private_kernel_android_ipsec_t *this, int fd, int family, uint16_t port)
{
	return NOT_SUPPORTED;
}

METHOD(kernel_ipsec_t, destroy, void,
	private_kernel_android_ipsec_t *this)
{
	ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
	free(this);
}

/*
 * Described in header.
 */
kernel_android_ipsec_t *kernel_android_ipsec_create()
{
	private_kernel_android_ipsec_t *this;

	INIT(this,
		.public = {
			.interface = {
				.get_spi = _get_spi,
				.get_cpi = _get_cpi,
				.add_sa  = _add_sa,
				.update_sa = _update_sa,
				.query_sa = _query_sa,
				.del_sa = _del_sa,
				.flush_sas = _flush_sas,
				.add_policy = _add_policy,
				.query_policy = _query_policy,
				.del_policy = _del_policy,
				.flush_policies = _flush_policies,
				.bypass_socket = _bypass_socket,
				.enable_udp_decap = _enable_udp_decap,
				.destroy = _destroy,
			},
		},
		.ipsec_listener = {
			.expire = expire,
		},
	);

	ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);

	return &this->public;
}
Commit	Line	Data
17508851 TB	1	/*
	2	* Copyright (C) 2012 Tobias Brunner
	3	* Copyright (C) 2012 Giuliano Grassi
	4	* Copyright (C) 2012 Ralf Sager
19ef2aec TB	5	*
19ef2aec TB	6	* Copyright (C) secunet Security Networks AG
17508851 TB	7	*
	8	* This program is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the
	10	* Free Software Foundation; either version 2 of the License, or (at your
	11	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. *
	12	* This program is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	* for more details.
	16	*/
	17
	18	#include "android_ipsec.h"
d4f76751	19	#include "../charonservice.h"
17508851	20
f05b4272	21	#include <utils/debug.h>
17508851	22	#include <library.h>
8394ea2a	23	#include <daemon.h>
17508851 TB	24	#include <ipsec.h>
	25
	26	typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;
	27
	28	struct private_kernel_android_ipsec_t {
	29
	30	/**
	31	* Public kernel interface
	32	*/
	33	kernel_android_ipsec_t public;
	34
	35	/**
	36	* Listener for lifetime expire events
	37	*/
	38	ipsec_event_listener_t ipsec_listener;
	39	};
	40
	41	/**
b3ab7a48	42	* Callback registered with libipsec.
17508851	43	*/
b12c53ce	44	static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
17508851	45	{
8394ea2a	46	charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
17508851 TB	47	}
	48
	49	METHOD(kernel_ipsec_t, get_spi, status_t,
	50	private_kernel_android_ipsec_t this, host_t src, host_t *dst,
b12c53ce	51	uint8_t protocol, uint32_t *spi)
17508851	52	{
3e779ff5	53	return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi);
17508851 TB	54	}
	55
	56	METHOD(kernel_ipsec_t, get_cpi, status_t,
	57	private_kernel_android_ipsec_t this, host_t src, host_t *dst,
b12c53ce	58	uint16_t *cpi)
17508851 TB	59	{
	60	return NOT_SUPPORTED;
	61	}
	62
	63	METHOD(kernel_ipsec_t, add_sa, status_t,
89da06ac TB	64	private_kernel_android_ipsec_t this, kernel_ipsec_sa_id_t id,
89da06ac TB	65	kernel_ipsec_add_sa_t *data)
17508851	66	{
89da06ac TB	67	return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
	68	data->reqid, id->mark, data->tfc, data->lifetime,
	69	data->enc_alg, data->enc_key, data->int_alg, data->int_key,
	70	data->mode, data->ipcomp, data->cpi, data->initiator,
	71	data->encap, data->esn, data->inbound, data->update);
17508851 TB	72	}
	73
	74	METHOD(kernel_ipsec_t, update_sa, status_t,
89da06ac TB	75	private_kernel_android_ipsec_t this, kernel_ipsec_sa_id_t id,
89da06ac TB	76	kernel_ipsec_update_sa_t *data)
17508851	77	{
89da06ac TB	78	return ipsec->sas->update_sa(ipsec->sas, id->spi, id->proto, data->cpi,
	79	id->src, id->dst, data->new_src, data->new_dst, data->encap,
	80	data->new_encap, id->mark);
17508851 TB	81	}
	82
	83	METHOD(kernel_ipsec_t, query_sa, status_t,
89da06ac TB	84	private_kernel_android_ipsec_t this, kernel_ipsec_sa_id_t id,
	85	kernel_ipsec_query_sa_t data, uint64_t bytes, uint64_t *packets,
	86	time_t *time)
17508851	87	{
89da06ac TB	88	return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi,
89da06ac TB	89	id->proto, id->mark, bytes, packets, time);
17508851 TB	90	}
	91
	92	METHOD(kernel_ipsec_t, del_sa, status_t,
89da06ac TB	93	private_kernel_android_ipsec_t this, kernel_ipsec_sa_id_t id,
89da06ac TB	94	kernel_ipsec_del_sa_t *data)
17508851	95	{
89da06ac TB	96	return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
89da06ac TB	97	data->cpi, id->mark);
17508851 TB	98	}
	99
	100	METHOD(kernel_ipsec_t, flush_sas, status_t,
	101	private_kernel_android_ipsec_t *this)
	102	{
	103	return ipsec->sas->flush_sas(ipsec->sas);
	104	}
	105
	106	METHOD(kernel_ipsec_t, add_policy, status_t,
89da06ac TB	107	private_kernel_android_ipsec_t this, kernel_ipsec_policy_id_t id,
89da06ac TB	108	kernel_ipsec_manage_policy_t *data)
17508851	109	{
89da06ac TB	110	return ipsec->policies->add_policy(ipsec->policies, data->src, data->dst,
	111	id->src_ts, id->dst_ts, id->dir,
	112	data->type, data->sa, id->mark,
	113	data->prio);
17508851 TB	114	}
	115
	116	METHOD(kernel_ipsec_t, query_policy, status_t,
89da06ac TB	117	private_kernel_android_ipsec_t this, kernel_ipsec_policy_id_t id,
89da06ac TB	118	kernel_ipsec_query_policy_t data, time_t use_time)
17508851 TB	119	{
	120	return NOT_SUPPORTED;
	121	}
	122
	123	METHOD(kernel_ipsec_t, del_policy, status_t,
89da06ac TB	124	private_kernel_android_ipsec_t this, kernel_ipsec_policy_id_t id,
89da06ac TB	125	kernel_ipsec_manage_policy_t *data)
17508851	126	{
89da06ac TB	127	return ipsec->policies->del_policy(ipsec->policies, data->src, data->dst,
	128	id->src_ts, id->dst_ts, id->dir,
	129	data->type, data->sa, id->mark,
	130	data->prio);
17508851 TB	131	}
	132
	133	METHOD(kernel_ipsec_t, flush_policies, status_t,
	134	private_kernel_android_ipsec_t *this)
	135	{
	136	ipsec->policies->flush_policies(ipsec->policies);
	137	return SUCCESS;
	138	}
	139
	140	METHOD(kernel_ipsec_t, bypass_socket, bool,
	141	private_kernel_android_ipsec_t *this, int fd, int family)
	142	{
d4f76751	143	return charonservice->bypass_socket(charonservice, fd, family);
17508851 TB	144	}
	145
	146	METHOD(kernel_ipsec_t, enable_udp_decap, bool,
b12c53ce	147	private_kernel_android_ipsec_t *this, int fd, int family, uint16_t port)
17508851 TB	148	{
	149	return NOT_SUPPORTED;
	150	}
	151
	152	METHOD(kernel_ipsec_t, destroy, void,
	153	private_kernel_android_ipsec_t *this)
	154	{
	155	ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
	156	free(this);
	157	}
	158
	159	/*
	160	* Described in header.
	161	*/
	162	kernel_android_ipsec_t *kernel_android_ipsec_create()
	163	{
	164	private_kernel_android_ipsec_t *this;
	165
	166	INIT(this,
	167	.public = {
	168	.interface = {
	169	.get_spi = _get_spi,
	170	.get_cpi = _get_cpi,
	171	.add_sa = _add_sa,
	172	.update_sa = _update_sa,
	173	.query_sa = _query_sa,
	174	.del_sa = _del_sa,
	175	.flush_sas = _flush_sas,
	176	.add_policy = _add_policy,
	177	.query_policy = _query_policy,
	178	.del_policy = _del_policy,
	179	.flush_policies = _flush_policies,
	180	.bypass_socket = _bypass_socket,
	181	.enable_udp_decap = _enable_udp_decap,
	182	.destroy = _destroy,
	183	},
	184	},
	185	.ipsec_listener = {
	186	.expire = expire,
	187	},
	188	);
	189
	190	ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
	191
	192	return &this->public;
	193	}