commit 420ceac3e36c26c583949827116315b67b5427a3
author Nathan Harold <nharold@google.com> Wed Apr 05 19:36:59 2017 -0700
committer Nathan Harold <nharold@google.com> Mon Apr 24 18:38:01 2017 -0700
tree d32dbe56a77912b89f864eaef4b5f84d55fea867
parent e2dd4c7ccab83878703d9bb12aa9bca12c63994c

Add UDP Encap Support to XfrmController

-Add xfrm_encap_tmpl to ADDSA

Bug: 34812052
Test: cts - IpSecManagerTest:testUdpEncapsulation()

Change-Id: I743a2dbe4f5a497b2f77f7713a68e8970adfb7de

server/XfrmController.h

diff --git a/server/XfrmController.h b/server/XfrmController.h
index 0f2c95a..1c9b406 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h
@@ -23,6 +23,7 @@
 #include <utility> // for pair
 
 #include <linux/netlink.h>
+#include <linux/udp.h>
 #include <linux/xfrm.h>
 #include <sysutils/SocketClient.h>
 #include <utils/RWLock.h>
@@ -39,7 +40,7 @@
 class XfrmSocket {
 public:
     virtual void close() {
-        if (mSock > 0) {
+        if (mSock >= 0) {
             ::close(mSock);
         }
         mSock = -1;
@@ -68,12 +69,24 @@
     TUNNEL = XFRM_MODE_TUNNEL,
 };
 
+enum struct XfrmEncapType : uint16_t {
+    NONE = 0,
+    ESPINUDP_NON_IKE = UDP_ENCAP_ESPINUDP_NON_IKE,
+    ESPINUDP = UDP_ENCAP_ESPINUDP
+};
+
 struct XfrmAlgo {
     std::string name;
     std::vector<uint8_t> key;
     uint16_t truncLenBits;
 };
 
+struct XfrmEncap {
+    XfrmEncapType type;
+    uint16_t srcPort;
+    uint16_t dstPort;
+};
+
 struct XfrmSaId {
     XfrmDirection direction;
     xfrm_address_t dstAddr; // network order
@@ -88,6 +101,7 @@
     XfrmAlgo crypt;
     int netId;
     XfrmMode mode;
+    XfrmEncap encap;
 };
 
 class XfrmController {
@@ -164,13 +178,13 @@
     struct nlattr_algo_crypt {
         nlattr hdr;
         xfrm_algo crypt;
-        uint8_t key[MAX_ALGO_LENGTH]; // 1024 bit key, TODO: move off stack
+        uint8_t key[MAX_ALGO_LENGTH];
     };
 
     struct nlattr_algo_auth {
         nlattr hdr;
         xfrm_algo_auth auth;
-        uint8_t key[MAX_ALGO_LENGTH]; // 1024 bit key, TODO: move off stack
+        uint8_t key[MAX_ALGO_LENGTH];
     };
 
     struct nlattr_user_tmpl {
@@ -178,6 +192,12 @@
         xfrm_user_tmpl tmpl;
     };
 
+    struct nlattr_encap_tmpl {
+        nlattr hdr;
+        xfrm_encap_tmpl tmpl;
+    };
+
+
     // helper function for filling in the XfrmSaInfo structure
     static int fillXfrmSaId(int32_t direction, const std::string& localAddress,
                             const std::string& remoteAddress, int32_t spi, XfrmSaId* xfrmId);
@@ -193,6 +213,7 @@
     // Shared between Transport and Tunnel Mode
     static int fillNlAttrXfrmAlgoEnc(const XfrmAlgo& in_algo, nlattr_algo_crypt* algo);
     static int fillNlAttrXfrmAlgoAuth(const XfrmAlgo& in_algo, nlattr_algo_auth* algo);
+    static int fillNlAttrXfrmEncapTmpl(const XfrmSaInfo& record, nlattr_encap_tmpl* tmpl);
 
     // Functions for Creating a Transport Mode SA
     static int createTransportModeSecurityAssociation(const XfrmSaInfo& record,