From: Tobias Brunner Date: Thu, 15 Oct 2020 15:28:46 +0000 (+0200) Subject: android: Add flag to enable IPv6 transport addresses X-Git-Tag: 5.9.1rc1~4^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35819143878ff1d315001153a6eb504efbb38e9d;p=thirdparty%2Fstrongswan.git android: Add flag to enable IPv6 transport addresses --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java index eb863867d3..1f077529da 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java @@ -36,6 +36,7 @@ public class VpnProfile implements Cloneable public static final int FLAGS_DISABLE_OCSP = 1 << 2; public static final int FLAGS_STRICT_REVOCATION = 1 << 3; public static final int FLAGS_RSA_PSS = 1 << 4; + public static final int FLAGS_IPv6_TRANSPORT = 1 << 5; private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate; private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps; diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java index 5cf2fe5d36..da6ea63741 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java @@ -288,7 +288,8 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe SimpleFetcher.enable(); addNotification(); mBuilderAdapter.setProfile(mCurrentProfile); - if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD))) + if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD), + (mCurrentProfile.getFlags() & VpnProfile.FLAGS_IPv6_TRANSPORT) != 0)) { Log.i(TAG, "charon started"); @@ -775,9 +776,10 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe * @param logfile absolute path to the logfile * @param appdir absolute path to the data directory of the app * @param byod enable BYOD features + * @param ipv6 enable IPv6 transport * @return TRUE if initialization was successful */ - public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod); + public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod, boolean ipv6); /** * Deinitialize charon, provided by libandroidbridge.so diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c index ba7a10ddb2..c1c1e3acd5 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c @@ -744,7 +744,7 @@ static job_requeue_t initiate(private_android_service_t *this) auth_cfg_t *auth; ike_cfg_create_t ike = { .version = IKEV2, - .local = "0.0.0.0", + .local = "", .local_port = charon->socket->get_port(charon->socket, FALSE), .force_encap = TRUE, .fragmentation = FRAGMENTATION_YES, diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c index 6426e45029..16e31d84d6 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c @@ -479,7 +479,7 @@ static bool charonservice_register(plugin_t *plugin, plugin_feature_t *feature, /** * Set strongswan.conf options */ -static void set_options(char *logfile) +static void set_options(char *logfile, jboolean ipv6) { lib->settings->set_int(lib->settings, "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL); @@ -516,10 +516,10 @@ static void set_options(char *logfile) * information */ lib->settings->set_bool(lib->settings, "charon.plugins.socket-default.set_source", FALSE); - /* the Linux kernel does currently not support UDP encaspulation for IPv6 - * so lets disable IPv6 for now to avoid issues with dual-stack gateways */ + /* the Linux kernel only supports UDP encap for IPv6 since 5.8, so let's use + * IPv6 only if requested, to avoid issues with older dual-stack servers */ lib->settings->set_bool(lib->settings, - "charon.plugins.socket-default.use_ipv6", FALSE); + "charon.plugins.socket-default.use_ipv6", ipv6); #ifdef USE_BYOD lib->settings->set_str(lib->settings, @@ -634,7 +634,7 @@ static void __attribute__ ((constructor))register_logger() * Initialize charon and the libraries via JNI */ JNI_METHOD(CharonVpnService, initializeCharon, jboolean, - jobject builder, jstring jlogfile, jstring jappdir, jboolean byod) + jobject builder, jstring jlogfile, jstring jappdir, jboolean byod, jboolean ipv6) { struct sigaction action; struct utsname utsname; @@ -656,7 +656,7 @@ JNI_METHOD(CharonVpnService, initializeCharon, jboolean, /* set options before initializing other libraries that might read them */ logfile = androidjni_convert_jstring(env, jlogfile); - set_options(logfile); + set_options(logfile, ipv6); free(logfile); if (!libipsec_init())