src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2012 Giuliano Grassi
   4  * Copyright (C) 2012 Ralf Sager
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "android_ipsec.h"
  18 #include "../charonservice.h"
  19
  20 #include <utils/debug.h>
  21 #include <library.h>
  22 #include <hydra.h>
  23 #include <ipsec.h>
  24
  25 typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;
  26
  27 struct private_kernel_android_ipsec_t {
  28
  29         /**
  30          * Public kernel interface
  31          */
  32         kernel_android_ipsec_t public;
  33
  34         /**
  35          * Listener for lifetime expire events
  36          */
  37         ipsec_event_listener_t ipsec_listener;
  38 };
  39
  40 /**
  41  * Callback registrered with libipsec.
  42  */
  43 static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
  44 {
  45         hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
  46                                                                         spi, dst, hard);
  47 }
  48
  49 METHOD(kernel_ipsec_t, get_spi, status_t,
  50         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  51         u_int8_t protocol, u_int32_t *spi)
  52 {
  53         return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi);
  54 }
  55
  56 METHOD(kernel_ipsec_t, get_cpi, status_t,
  57         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  58         u_int16_t *cpi)
  59 {
  60         return NOT_SUPPORTED;
  61 }
  62
  63 METHOD(kernel_ipsec_t, add_sa, status_t,
  64         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  65         u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
  66         u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
  67         u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
  68         u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
  69         bool initiator, bool encap, bool esn, bool inbound, bool update,
  70         linked_list_t *src_ts, linked_list_t *dst_ts)
  71 {
  72         return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
  73                                                           tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
  74                                                           mode, ipcomp, cpi, initiator, encap, esn,
  75                                                           inbound, update);
  76 }
  77
  78 METHOD(kernel_ipsec_t, update_sa, status_t,
  79         private_kernel_android_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
  80         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
  81         bool encap, bool new_encap, mark_t mark)
  82 {
  83         return ipsec->sas->update_sa(ipsec->sas, spi, protocol, cpi, src, dst,
  84                                                                  new_src, new_dst, encap, new_encap, mark);
  85 }
  86
  87 METHOD(kernel_ipsec_t, query_sa, status_t,
  88         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  89         u_int32_t spi, u_int8_t protocol, mark_t mark,
  90         u_int64_t *bytes, u_int64_t *packets, time_t *time)
  91 {
  92         return ipsec->sas->query_sa(ipsec->sas, src, dst, spi, protocol, mark,
  93                                                                 bytes, packets, time);
  94 }
  95
  96 METHOD(kernel_ipsec_t, del_sa, status_t,
  97         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  98         u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  99 {
 100         return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
 101 }
 102
 103 METHOD(kernel_ipsec_t, flush_sas, status_t,
 104         private_kernel_android_ipsec_t *this)
 105 {
 106         return ipsec->sas->flush_sas(ipsec->sas);
 107 }
 108
 109 METHOD(kernel_ipsec_t, add_policy, status_t,
 110         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
 111         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
 112         policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
 113         policy_priority_t priority)
 114 {
 115         return ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
 116                                                                            dst_ts, direction, type, sa, mark,
 117                                                                            priority);
 118 }
 119
 120 METHOD(kernel_ipsec_t, query_policy, status_t,
 121         private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
 122         traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
 123         time_t *use_time)
 124 {
 125         return NOT_SUPPORTED;
 126 }
 127
 128 METHOD(kernel_ipsec_t, del_policy, status_t,
 129         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
 130         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
 131         policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
 132         mark_t mark, policy_priority_t priority)
 133 {
 134         return ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
 135                                                                            dst_ts,  direction, type, sa, mark,
 136                                                                            priority);
 137 }
 138
 139 METHOD(kernel_ipsec_t, flush_policies, status_t,
 140         private_kernel_android_ipsec_t *this)
 141 {
 142         ipsec->policies->flush_policies(ipsec->policies);
 143         return SUCCESS;
 144 }
 145
 146 METHOD(kernel_ipsec_t, bypass_socket, bool,
 147         private_kernel_android_ipsec_t *this, int fd, int family)
 148 {
 149         return charonservice->bypass_socket(charonservice, fd, family);
 150 }
 151
 152 METHOD(kernel_ipsec_t, enable_udp_decap, bool,
 153         private_kernel_android_ipsec_t *this, int fd, int family, u_int16_t port)
 154 {
 155         return NOT_SUPPORTED;
 156 }
 157
 158 METHOD(kernel_ipsec_t, destroy, void,
 159         private_kernel_android_ipsec_t *this)
 160 {
 161         ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
 162         free(this);
 163 }
 164
 165 /*
 166  * Described in header.
 167  */
 168 kernel_android_ipsec_t *kernel_android_ipsec_create()
 169 {
 170         private_kernel_android_ipsec_t *this;
 171
 172         INIT(this,
 173                 .public = {
 174                         .interface = {
 175                                 .get_spi = _get_spi,
 176                                 .get_cpi = _get_cpi,
 177                                 .add_sa  = _add_sa,
 178                                 .update_sa = _update_sa,
 179                                 .query_sa = _query_sa,
 180                                 .del_sa = _del_sa,
 181                                 .flush_sas = _flush_sas,
 182                                 .add_policy = _add_policy,
 183                                 .query_policy = _query_policy,
 184                                 .del_policy = _del_policy,
 185                                 .flush_policies = _flush_policies,
 186                                 .bypass_socket = _bypass_socket,
 187                                 .enable_udp_decap = _enable_udp_decap,
 188                                 .destroy = _destroy,
 189                         },
 190                 },
 191                 .ipsec_listener = {
 192                         .expire = expire,
 193                 },
 194         );
 195
 196         ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
 197
 198         return &this->public;
 199 }