Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / af85543fb0a4ca1479ac478954535fbb43e12fec^! / . / server / XfrmController.h
commitaf85543fb0a4ca1479ac478954535fbb43e12fec[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Thu May 10 17:07:37 2018 -0700
committerBenedict Wong <benedictwong@google.com>Thu Nov 22 02:34:05 2018 -0800
tree392d9f2daac81587b62155b0d916fa75ec0f0c12
parenta450e727f492f3153dc2db06468c0c94d5760361 [diff] [blame]
Add fallback logic and enable XFRM-I support in netd

This patch adds fallback logic, checking for XFRM-I kernel support, and
switching to use XFRM-I if supported. Fallbacks to VTIs are provided for
backward compatibility with 4.4 kernels. Parameters for VTI versus
XFRM-I are selected based on the kernel support for XFRM interfaces.

This is part of a patch set to enable XFRM-I support, with automatic
fallbacks to VTI in XfrmController (3/3)

Bug: 77856928
Test: Binder tests updated, passing. CTS & unit tests also passing
Change-Id: Idf90adeec0d499fe4d566e4203f0eabb2b94fffa

diff --git a/server/XfrmController.h b/server/XfrmController.h
index 9208f54..bba84e2 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h

@@ -51,6 +51,7 @@
 // Suggest we avoid the smallest and largest ints
 class XfrmMessage;
 class TransportModeSecurityAssociation;
+class DumpWriter;
 
 class XfrmSocket {
 public:
@@ -135,6 +136,9 @@
 public:
     XfrmController();
 
+    // Initializer to override XFRM-I support for unit-testing purposes
+    explicit XfrmController(bool xfrmIntfSupport);
+
     static netdutils::Status Init();
 
     static netdutils::Status ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
@@ -195,6 +199,8 @@
 
     static netdutils::Status ipSecRemoveTunnelInterface(const std::string& deviceName);
 
+    void dump(DumpWriter& dw);
+
     // Some XFRM netlink attributes comprise a header, a struct, and some data
     // after the struct. We wrap all of those in one struct for easier
     // marshalling. The structs below must be ABI compatible with the kernel and
@@ -328,6 +334,8 @@
                   "is needed.");
 #endif
 
+    static bool isXfrmIntfSupported();
+
     // helper functions for filling in the XfrmCommonInfo (and XfrmSaInfo) structure
     static netdutils::Status fillXfrmCommonInfo(const std::string& sourceAddress,
                                                 const std::string& destinationAddress, int32_t spi,
@@ -394,8 +402,7 @@
     static netdutils::Status flushPolicyDb(const XfrmSocket& s);
 
     static netdutils::Status ipSecAddXfrmInterface(const std::string& deviceName,
-                                                   int32_t underlyingInterface, int32_t interfaceId,
-                                                   uint16_t flags);
+                                                   int32_t interfaceId, uint16_t flags);
     static netdutils::Status ipSecAddVirtualTunnelInterface(const std::string& deviceName,
                                                             const std::string& localAddress,
                                                             const std::string& remoteAddress,