Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
[strongswan.git] / src / frontends / android / jni / libandroidbridge / kernel / android_ipsec.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "android_ipsec.h"
18 #include "../charonservice.h"
19
20 #include <debug.h>
21 #include <library.h>
22 #include <hydra.h>
23 #include <ipsec.h>
24
25 typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;
26
27 struct private_kernel_android_ipsec_t {
28
29 /**
30 * Public kernel interface
31 */
32 kernel_android_ipsec_t public;
33
34 /**
35 * Listener for lifetime expire events
36 */
37 ipsec_event_listener_t ipsec_listener;
38 };
39
40 /**
41 * Callback registrered with libipsec.
42 */
43 void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
44 {
45 hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
46 spi, hard);
47 }
48
49 METHOD(kernel_ipsec_t, get_spi, status_t,
50 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
51 u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
52 {
53 return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, reqid, spi);
54 }
55
56 METHOD(kernel_ipsec_t, get_cpi, status_t,
57 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
58 u_int32_t reqid, u_int16_t *cpi)
59 {
60 return NOT_SUPPORTED;
61 }
62
63 METHOD(kernel_ipsec_t, add_sa, status_t,
64 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
65 u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
66 u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
67 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
68 u_int16_t cpi, bool encap, bool esn, bool inbound,
69 traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
70 {
71 return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
72 tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
73 mode, ipcomp, cpi, encap, esn, inbound, src_ts,
74 dst_ts);
75 }
76
77 METHOD(kernel_ipsec_t, update_sa, status_t,
78 private_kernel_android_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
79 u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
80 bool encap, bool new_encap, mark_t mark)
81 {
82 return NOT_SUPPORTED;
83 }
84
85 METHOD(kernel_ipsec_t, query_sa, status_t,
86 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
87 u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
88 {
89 return NOT_SUPPORTED;
90 }
91
92 METHOD(kernel_ipsec_t, del_sa, status_t,
93 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
94 u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
95 {
96 return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
97 }
98
99 METHOD(kernel_ipsec_t, flush_sas, status_t,
100 private_kernel_android_ipsec_t *this)
101 {
102 return ipsec->sas->flush_sas(ipsec->sas);
103 }
104
105 METHOD(kernel_ipsec_t, add_policy, status_t,
106 private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
107 traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
108 policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
109 policy_priority_t priority)
110 {
111 return ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
112 dst_ts, direction, type, sa, mark,
113 priority);
114 }
115
116 METHOD(kernel_ipsec_t, query_policy, status_t,
117 private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
118 traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
119 u_int32_t *use_time)
120 {
121 return NOT_SUPPORTED;
122 }
123
124 METHOD(kernel_ipsec_t, del_policy, status_t,
125 private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
126 traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
127 mark_t mark, policy_priority_t priority)
128 {
129 return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
130 direction, reqid, mark, priority);
131 }
132
133 METHOD(kernel_ipsec_t, flush_policies, status_t,
134 private_kernel_android_ipsec_t *this)
135 {
136 ipsec->policies->flush_policies(ipsec->policies);
137 return SUCCESS;
138 }
139
140 METHOD(kernel_ipsec_t, bypass_socket, bool,
141 private_kernel_android_ipsec_t *this, int fd, int family)
142 {
143 return charonservice->bypass_socket(charonservice, fd, family);
144 }
145
146 METHOD(kernel_ipsec_t, enable_udp_decap, bool,
147 private_kernel_android_ipsec_t *this, int fd, int family, u_int16_t port)
148 {
149 return NOT_SUPPORTED;
150 }
151
152 METHOD(kernel_ipsec_t, destroy, void,
153 private_kernel_android_ipsec_t *this)
154 {
155 ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
156 free(this);
157 }
158
159 /*
160 * Described in header.
161 */
162 kernel_android_ipsec_t *kernel_android_ipsec_create()
163 {
164 private_kernel_android_ipsec_t *this;
165
166 INIT(this,
167 .public = {
168 .interface = {
169 .get_spi = _get_spi,
170 .get_cpi = _get_cpi,
171 .add_sa = _add_sa,
172 .update_sa = _update_sa,
173 .query_sa = _query_sa,
174 .del_sa = _del_sa,
175 .flush_sas = _flush_sas,
176 .add_policy = _add_policy,
177 .query_policy = _query_policy,
178 .del_policy = _del_policy,
179 .flush_policies = _flush_policies,
180 .bypass_socket = _bypass_socket,
181 .enable_udp_decap = _enable_udp_decap,
182 .destroy = _destroy,
183 },
184 },
185 .ipsec_listener = {
186 .expire = expire,
187 },
188 );
189
190 ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
191
192 return &this->public;
193 }