Add XfrmController to NetdNativeService
Add a new controller to Netd that can handle IPSec XFRM
commands from the framework.
-Add new XfrmController controller
-Connect XfrmController to Controllers
-Add APIs in XfrmController for creating Transport IpSec Assocs
Bug: 34811756
Test: 34812052
Change-Id: If518a53a83fa76ea4c866992055a741ae064c30d
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index dd01dbc..fbe860c 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h
@@ -63,6 +63,52 @@
// Metrics reporting level set / get (internal use only).
binder::Status getMetricsReportingLevel(int *reportingLevel) override;
binder::Status setMetricsReportingLevel(const int reportingLevel) override;
+
+ binder::Status ipSecAllocateSpi(
+ int32_t transformId,
+ int32_t direction,
+ const std::string& localAddress,
+ const std::string& remoteAddress,
+ int32_t inSpi,
+ int32_t* outSpi);
+
+ binder::Status ipSecAddSecurityAssociation(
+ int32_t transformId,
+ int32_t mode,
+ int32_t direction,
+ const std::string& localAddress,
+ const std::string& remoteAddress,
+ int64_t underlyingNetworkHandle,
+ int32_t spi,
+ const std::string& authAlgo,
+ const std::vector<uint8_t>& authKey,
+ int32_t authTruncBits,
+ const std::string& cryptAlgo,
+ const std::vector<uint8_t>& cryptKey,
+ int32_t cryptTruncBits,
+ int32_t encapType,
+ int32_t encapLocalPort,
+ int32_t encapRemotePort,
+ int32_t* allocatedSpi);
+
+ binder::Status ipSecDeleteSecurityAssociation(
+ int32_t transformId,
+ int32_t direction,
+ const std::string& localAddress,
+ const std::string& remoteAddress,
+ int32_t spi);
+
+ binder::Status ipSecApplyTransportModeTransform(
+ const android::base::unique_fd& socket,
+ int32_t transformId,
+ int32_t direction,
+ const std::string& localAddress,
+ const std::string& remoteAddress,
+ int32_t spi);
+
+ binder::Status ipSecRemoveTransportModeTransform(
+ const android::base::unique_fd& socket);
+
};
} // namespace net