Add XFRM-I support to XfrmController This patch adds support for creating and managing XFRM interfaces, adding xfrm_if_id parameters to all relevant netlink calls. This is part of a patch set to enable XFRM-I support, with automatic fallbacks to VTI in XfrmController (2/3) Bug: 77856928 Test: Xfrm, Binder tests updated, passing Change-Id: I09869e6a0000384c9c4d0aef1de4d5434c33374a

commit: a450e727f492f3153dc2db06468c0c94d5760361 [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Mon May 07 10:29:02 2018 -0700
committer: Benedict Wong <benedictwong@google.com> Thu Nov 22 02:32:49 2018 -0800
tree: 8fdd4d5872a6a8bf2ce601ab02619ca8d977d4a2
parent: 319f17e3f9a85312627083dff6fbbb43ca022304 [diff] [blame]
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index dcac193..4b86f59 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h

@@ -166,34 +166,20 @@
             int32_t* outSpi);
 
     binder::Status ipSecAddSecurityAssociation(
-            int32_t transformId,
-            int32_t mode,
-            const std::string& sourceAddress,
-            const std::string& destinationAddress,
-            int32_t underlyingNetId,
-            int32_t spi,
-            int32_t markValue,
-            int32_t markMask,
-            const std::string& authAlgo,
-            const std::vector<uint8_t>& authKey,
-            int32_t authTruncBits,
-            const std::string& cryptAlgo,
-            const std::vector<uint8_t>& cryptKey,
-            int32_t cryptTruncBits,
-            const std::string& aeadAlgo,
-            const std::vector<uint8_t>& aeadKey,
-            int32_t aeadIcvBits,
-            int32_t encapType,
-            int32_t encapLocalPort,
-            int32_t encapRemotePort);
+            int32_t transformId, int32_t mode, const std::string& sourceAddress,
+            const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
+            int32_t markValue, int32_t markMask, const std::string& authAlgo,
+            const std::vector<uint8_t>& authKey, int32_t authTruncBits,
+            const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey,
+            int32_t cryptTruncBits, const std::string& aeadAlgo,
+            const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
+            int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId);
 
-    binder::Status ipSecDeleteSecurityAssociation(
-            int32_t transformId,
-            const std::string& sourceAddress,
-            const std::string& destinationAddress,
-            int32_t spi,
-            int32_t markValue,
-            int32_t markMask);
+    binder::Status ipSecDeleteSecurityAssociation(int32_t transformId,
+                                                  const std::string& sourceAddress,
+                                                  const std::string& destinationAddress,
+                                                  int32_t spi, int32_t markValue, int32_t markMask,
+                                                  int32_t interfaceId);
 
     binder::Status ipSecApplyTransportModeTransform(
             const android::base::unique_fd& socket,
@@ -209,28 +195,29 @@
     binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
                                           int32_t direction, const std::string& tmplSrcAddress,
                                           const std::string& tmplDstAddress, int32_t spi,
-                                          int32_t markValue, int32_t markMask);
+                                          int32_t markValue, int32_t markMask, int32_t interfaceId);
 
     binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
                                              int32_t direction, const std::string& tmplSrcAddress,
                                              const std::string& tmplDstAddress, int32_t spi,
-                                             int32_t markValue, int32_t markMask);
+                                             int32_t markValue, int32_t markMask,
+                                             int32_t interfaceId);
 
     binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
-                                             int32_t direction, int32_t markValue,
-                                             int32_t markMask);
+                                             int32_t direction, int32_t markValue, int32_t markMask,
+                                             int32_t interfaceId);
 
     binder::Status trafficCheckBpfStatsEnable(bool* ret) override;
 
     binder::Status ipSecAddTunnelInterface(const std::string& deviceName,
                                            const std::string& localAddress,
                                            const std::string& remoteAddress, int32_t iKey,
-                                           int32_t oKey);
+                                           int32_t oKey, int32_t interfaceId);
 
     binder::Status ipSecUpdateTunnelInterface(const std::string& deviceName,
                                               const std::string& localAddress,
                                               const std::string& remoteAddress, int32_t iKey,
-                                              int32_t oKey);
+                                              int32_t oKey, int32_t interfaceId);
 
     binder::Status ipSecRemoveTunnelInterface(const std::string& deviceName);
commit	a450e727f492f3153dc2db06468c0c94d5760361	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Mon May 07 10:29:02 2018 -0700
committer	Benedict Wong <benedictwong@google.com>	Thu Nov 22 02:32:49 2018 -0800
tree	8fdd4d5872a6a8bf2ce601ab02619ca8d977d4a2
parent	319f17e3f9a85312627083dff6fbbb43ca022304 [diff] [blame]