Add XFRM Interface creation logic
This change adds logic to create XFRM interfaces.
AddVirtualTunnelInterface and RemoveVirtualTunnelInterface also have
been renamed to the more standard ipSec* naming scheme, as well as
returning a Status instead of integers as part of extracting common
code.
This patch should change no functionality.
This is part of a patch set to enable XFRM-I support, with automatic
fallbacks to VTI in XfrmController (1/3)
Bug: 77856928
Test: Binder, unit tests passing on devices with, and without XFRM-I
Change-Id: I403b01f7817715117faa270277db67ba40bbf6dd
diff --git a/server/XfrmController.h b/server/XfrmController.h
index 784c046..b2f0bff 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h
@@ -22,6 +22,7 @@
#include <string>
#include <utility> // for pair
+#include <linux/if.h>
#include <linux/if_link.h>
#include <linux/if_tunnel.h>
#include <linux/netlink.h>
@@ -182,12 +183,12 @@
int32_t direction, int32_t markValue,
int32_t markMask);
- static int addVirtualTunnelInterface(const std::string& deviceName,
- const std::string& localAddress,
- const std::string& remoteAddress, int32_t ikey,
- int32_t okey, bool isUpdate);
+ static netdutils::Status ipSecAddTunnelInterface(const std::string& deviceName,
+ const std::string& localAddress,
+ const std::string& remoteAddress, int32_t ikey,
+ int32_t okey, bool isUpdate);
- static int removeVirtualTunnelInterface(const std::string& deviceName);
+ static netdutils::Status ipSecRemoveTunnelInterface(const std::string& deviceName);
// Some XFRM netlink attributes comprise a header, a struct, and some data
// after the struct. We wrap all of those in one struct for easier
@@ -249,7 +250,20 @@
__u32 outputMark;
};
-private:
+ // Container for the content of an XFRMA_IF_ID netlink attribute.
+ // Exposed for testing
+ struct nlattr_xfrm_interface_id {
+ nlattr hdr;
+ __u32 if_id;
+ };
+
+ // Exposed for testing
+ struct nlattr_payload_u32 {
+ nlattr hdr;
+ uint32_t value;
+ };
+
+ private:
/*
* This is a workaround for a kernel bug in the 32bit netlink compat layer
* that has been present on x86_64 kernels since 2010 with no fix on the
@@ -350,6 +364,7 @@
static int fillNlAttrXfrmMark(const XfrmCommonInfo& record, nlattr_xfrm_mark* mark);
static int fillNlAttrXfrmOutputMark(const __u32 underlyingNetId,
nlattr_xfrm_output_mark* output_mark);
+ static int fillNlAttrXfrmIntfId(const __u32 intf_id_value, nlattr_xfrm_interface_id* intf_id);
static netdutils::Status allocateSpi(const XfrmSaInfo& record, uint32_t minSpi, uint32_t maxSpi,
uint32_t* outSpi, const XfrmSocket& sock);
@@ -371,6 +386,14 @@
static netdutils::Status flushSaDb(const XfrmSocket& s);
static netdutils::Status flushPolicyDb(const XfrmSocket& s);
+ static netdutils::Status ipSecAddXfrmInterface(const std::string& deviceName,
+ int32_t underlyingInterface, int32_t interfaceId,
+ uint16_t flags);
+ static netdutils::Status ipSecAddVirtualTunnelInterface(const std::string& deviceName,
+ const std::string& localAddress,
+ const std::string& remoteAddress,
+ int32_t ikey, int32_t okey,
+ uint16_t flags);
// END TODO(messagerefactor)
};