Adding XFRM mark support for xfrm global policy
The xfrm mark will be sent to kernel in XFRMA_MARK netlink
attribute.
Bug: 63589600
Test: runtest -x server/netd_unit_test.cpp
Change-Id: If2d2fdda2d0b3959ed79a3b948b033d76e4236aa
diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index 43be62b..250a5f6 100644
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp
@@ -489,6 +489,8 @@
const std::string& destinationAddress,
int64_t underlyingNetworkHandle,
int32_t spi,
+ int32_t markValue,
+ int32_t markMask,
const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
@@ -501,7 +503,7 @@
return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
transformId, mode, sourceAddress, destinationAddress,
underlyingNetworkHandle,
- spi,
+ spi, markValue, markMask,
authAlgo, authKey, authTruncBits,
cryptAlgo, cryptKey, cryptTruncBits,
aeadAlgo, aeadKey, aeadIcvBits,
@@ -512,7 +514,9 @@
int32_t transformId,
const std::string& sourceAddress,
const std::string& destinationAddress,
- int32_t spi) {
+ int32_t spi,
+ int32_t markValue,
+ int32_t markMask) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecDeleteSecurityAssociation()");
@@ -520,7 +524,9 @@
transformId,
sourceAddress,
destinationAddress,
- spi));
+ spi,
+ markValue,
+ markMask));
}
binder::Status NetdNativeService::ipSecApplyTransportModeTransform(