src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2012 Giuliano Grassi
   4  * Copyright (C) 2012 Ralf Sager
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "android_ipsec.h"
  18 #include "../charonservice.h"
  19
  20 #include <debug.h>
  21 #include <library.h>
  22 #include <hydra.h>
  23 #include <ipsec.h>
  24
  25 typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;
  26
  27 struct private_kernel_android_ipsec_t {
  28
  29         /**
  30          * Public kernel interface
  31          */
  32         kernel_android_ipsec_t public;
  33
  34         /**
  35          * Listener for lifetime expire events
  36          */
  37         ipsec_event_listener_t ipsec_listener;
  38 };
  39
  40 /**
  41  * Callback registrered with libipsec.
  42  */
  43 void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
  44 {
  45         hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
  46                                                                         spi, hard);
  47 }
  48
  49 METHOD(kernel_ipsec_t, get_spi, status_t,
  50         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  51         u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  52 {
  53         return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, reqid, spi);
  54 }
  55
  56 METHOD(kernel_ipsec_t, get_cpi, status_t,
  57         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  58         u_int32_t reqid, u_int16_t *cpi)
  59 {
  60         return NOT_SUPPORTED;
  61 }
  62
  63 METHOD(kernel_ipsec_t, add_sa, status_t,
  64         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  65         u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
  66         u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
  67         u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
  68         u_int16_t cpi, bool encap, bool esn, bool inbound,
  69         traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
  70 {
  71         return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
  72                                                           tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
  73                                                           mode, ipcomp, cpi, encap, esn, inbound, src_ts,
  74                                                           dst_ts);
  75 }
  76
  77 METHOD(kernel_ipsec_t, update_sa, status_t,
  78         private_kernel_android_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
  79         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
  80         bool encap, bool new_encap, mark_t mark)
  81 {
  82         return NOT_SUPPORTED;
  83 }
  84
  85 METHOD(kernel_ipsec_t, query_sa, status_t,
  86         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  87         u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  88 {
  89         return NOT_SUPPORTED;
  90 }
  91
  92 METHOD(kernel_ipsec_t, del_sa, status_t,
  93         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  94         u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  95 {
  96         return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
  97 }
  98
  99 METHOD(kernel_ipsec_t, flush_sas, status_t,
 100         private_kernel_android_ipsec_t *this)
 101 {
 102         return ipsec->sas->flush_sas(ipsec->sas);
 103 }
 104
 105 METHOD(kernel_ipsec_t, add_policy, status_t,
 106         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
 107         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
 108         policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
 109         policy_priority_t priority)
 110 {
 111         return ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
 112                                                                            dst_ts, direction, type, sa, mark,
 113                                                                            priority);
 114 }
 115
 116 METHOD(kernel_ipsec_t, query_policy, status_t,
 117         private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
 118         traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
 119         u_int32_t *use_time)
 120 {
 121         return NOT_SUPPORTED;
 122 }
 123
 124 METHOD(kernel_ipsec_t, del_policy, status_t,
 125         private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
 126         traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
 127         mark_t mark, policy_priority_t priority)
 128 {
 129         return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
 130                                                                            direction, reqid, mark, priority);
 131 }
 132
 133 METHOD(kernel_ipsec_t, flush_policies, status_t,
 134         private_kernel_android_ipsec_t *this)
 135 {
 136         ipsec->policies->flush_policies(ipsec->policies);
 137         return SUCCESS;
 138 }
 139
 140 METHOD(kernel_ipsec_t, bypass_socket, bool,
 141         private_kernel_android_ipsec_t *this, int fd, int family)
 142 {
 143         return charonservice->bypass_socket(charonservice, fd, family);
 144 }
 145
 146 METHOD(kernel_ipsec_t, enable_udp_decap, bool,
 147         private_kernel_android_ipsec_t *this, int fd, int family, u_int16_t port)
 148 {
 149         return NOT_SUPPORTED;
 150 }
 151
 152 METHOD(kernel_ipsec_t, destroy, void,
 153         private_kernel_android_ipsec_t *this)
 154 {
 155         ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
 156         free(this);
 157 }
 158
 159 /*
 160  * Described in header.
 161  */
 162 kernel_android_ipsec_t *kernel_android_ipsec_create()
 163 {
 164         private_kernel_android_ipsec_t *this;
 165
 166         INIT(this,
 167                 .public = {
 168                         .interface = {
 169                                 .get_spi = _get_spi,
 170                                 .get_cpi = _get_cpi,
 171                                 .add_sa  = _add_sa,
 172                                 .update_sa = _update_sa,
 173                                 .query_sa = _query_sa,
 174                                 .del_sa = _del_sa,
 175                                 .flush_sas = _flush_sas,
 176                                 .add_policy = _add_policy,
 177                                 .query_policy = _query_policy,
 178                                 .del_policy = _del_policy,
 179                                 .flush_policies = _flush_policies,
 180                                 .bypass_socket = _bypass_socket,
 181                                 .enable_udp_decap = _enable_udp_decap,
 182                                 .destroy = _destroy,
 183                         },
 184                 },
 185                 .ipsec_listener = {
 186                         .expire = expire,
 187                 },
 188         );
 189
 190         ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
 191
 192         return &this->public;
 193 }