Pass around XfrmSelector instead of its parameters.
Bug: 70371070
Test: all xfrm tests pass on android-4.9
Change-Id: Iaa6b5fce4d8c5ab3039d434e6ac0bac88acbf88d
diff --git a/net/test/xfrm.py b/net/test/xfrm.py
index b3dff33..4f7e578 100755
--- a/net/test/xfrm.py
+++ b/net/test/xfrm.py
@@ -22,6 +22,8 @@
from socket import * # pylint: disable=wildcard-import
import struct
+import net_test
+import csocket
import cstruct
import netlink
@@ -219,6 +221,24 @@
return padded
+def EmptySelector(family):
+ """A selector that matches all packets of the specified address family."""
+ return XfrmSelector(family=family)
+
+
+def SrcDstSelector(src, dst):
+ """A selector that matches packets between the specified IP addresses."""
+ srcver = csocket.AddressVersion(src)
+ dstver = csocket.AddressVersion(dst)
+ if srcver != dstver:
+ raise ValueError("Cross-address family selector specified: %s -> %s" %
+ (src, dst))
+ prefixlen = net_test.AddressLengthBits(srcver)
+ family = net_test.GetAddressFamily(srcver)
+ return XfrmSelector(saddr=PaddedAddress(src), daddr=PaddedAddress(dst),
+ prefixlen_s=prefixlen, prefixlen_d=prefixlen, family=family)
+
+
class Xfrm(netlink.NetlinkSocket):
"""Netlink interface to xfrm."""
@@ -337,8 +357,9 @@
def AddMinimalSaInfo(self, src, dst, spi, proto, mode, reqid,
encryption, encryption_key,
auth_trunc, auth_trunc_key, encap,
- mark, mark_mask, output_mark, sel_family=AF_UNSPEC):
- selector = XfrmSelector(family=sel_family)
+ mark, mark_mask, output_mark, selector=None):
+ if selector is None:
+ selector = EmptySelector(AF_UNSPEC)
xfrm_id = XfrmId((PaddedAddress(dst), spi, proto))
family = AF_INET6 if ":" in dst else AF_INET
nlattrs = self._NlAttr(XFRMA_ALG_CRYPT,
diff --git a/net/test/xfrm_base.py b/net/test/xfrm_base.py
index c550769..89cf114 100644
--- a/net/test/xfrm_base.py
+++ b/net/test/xfrm_base.py
@@ -69,8 +69,7 @@
# Create a selector that matches all packets of the specified address family.
# It's not actually used to select traffic, that will be done by the socket
# policy, which selects the SA entry (i.e., xfrm state) via the SPI and reqid.
- selector = xfrm.XfrmSelector(
- daddr=XFRM_ADDR_ANY, saddr=XFRM_ADDR_ANY, family=family)
+ selector = xfrm.EmptySelector(family=family)
# Create a user policy that specifies that all outbound packets matching the
# (essentially no-op) selector should be encrypted.
diff --git a/net/test/xfrm_tunnel_test.py b/net/test/xfrm_tunnel_test.py
index ae64c32..0fb4aeb 100755
--- a/net/test/xfrm_tunnel_test.py
+++ b/net/test/xfrm_tunnel_test.py
@@ -91,11 +91,7 @@
# TODO: Take encryption and auth parameters.
def _CreateXfrmTunnel(self,
direction,
- inner_family,
- src_addr,
- src_prefixlen,
- dst_addr,
- dst_prefixlen,
+ selector,
outer_family,
tsrc_addr,
tdst_addr,
@@ -109,12 +105,7 @@
Args:
direction: XFRM_POLICY_IN or XFRM_POLICY_OUT
- inner_family: The address family (AF_INET or AF_INET6) of the tunneled
- packets
- src_addr: The source address of the inner packets to be tunneled
- src_prefixlen: The number of bits in src_addr to match
- dst_addr: The destination address of the inner packets to be tunneled
- dst_prefixlen: The number of bits in dst_addr to match
+ selector: An XfrmSelector that specifies the packets to be transformed.
outer_family: The address family (AF_INET or AF_INET6) the tunnel
tsrc_addr: The source address of the tunneled packets
tdst_addr: The destination address of the tunneled packets
@@ -139,17 +130,10 @@
mark,
xfrm_base.MARK_MASK_ALL if mark is not None else None,
output_mark,
- sel_family=inner_family)
-
- sel = xfrm.XfrmSelector(
- daddr=xfrm.PaddedAddress(dst_addr),
- saddr=xfrm.PaddedAddress(src_addr),
- prefixlen_d=dst_prefixlen,
- prefixlen_s=src_prefixlen,
- family=inner_family)
+ selector=selector)
policy = xfrm.XfrmUserpolicyInfo(
- sel=sel,
+ sel=selector,
lft=xfrm.NO_LIFETIME_CFG,
curlft=xfrm.NO_LIFETIME_CUR,
priority=100,
@@ -191,13 +175,10 @@
remote_inner = self._GetRemoteInnerAddress(inner_version)
local_outer = self.MyAddress(outer_version, underlying_netid)
remote_outer = self._GetRemoteOuterAddress(outer_version)
+
self._CreateXfrmTunnel(
direction=xfrm.XFRM_POLICY_OUT,
- inner_family=net_test.GetAddressFamily(inner_version),
- src_addr=local_inner,
- src_prefixlen=net_test.AddressLengthBits(inner_version),
- dst_addr=remote_inner,
- dst_prefixlen=net_test.AddressLengthBits(inner_version),
+ selector=xfrm.SrcDstSelector(local_inner, remote_inner),
outer_family=net_test.GetAddressFamily(outer_version),
tsrc_addr=local_outer,
tdst_addr=remote_outer,
@@ -318,14 +299,9 @@
# For the VTI, the selectors are wildcard since packets will only
# be selected if they have the appropriate mark, hence the inner
# addresses are wildcard.
- inner_addr = net_test.GetWildcardAddress(inner_version)
self._CreateXfrmTunnel(
direction=xfrm.XFRM_POLICY_OUT,
- inner_family=net_test.GetAddressFamily(inner_version),
- src_addr=inner_addr,
- src_prefixlen=0,
- dst_addr=inner_addr,
- dst_prefixlen=0,
+ selector=xfrm.EmptySelector(net_test.GetAddressFamily(inner_version)),
outer_family=net_test.GetAddressFamily(outer_version),
tsrc_addr=local_outer,
tdst_addr=remote_outer,
@@ -335,11 +311,7 @@
self._CreateXfrmTunnel(
direction=xfrm.XFRM_POLICY_IN,
- inner_family=net_test.GetAddressFamily(inner_version),
- src_addr=inner_addr,
- src_prefixlen=0,
- dst_addr=inner_addr,
- dst_prefixlen=0,
+ selector=xfrm.EmptySelector(net_test.GetAddressFamily(inner_version)),
outer_family=net_test.GetAddressFamily(outer_version),
tsrc_addr=remote_outer,
tdst_addr=local_outer,