src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2012 Giuliano Grassi
   4  * Copyright (C) 2012 Ralf Sager
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "android_ipsec.h"
  18
  19 #include <debug.h>
  20 #include <library.h>
  21 #include <hydra.h>
  22 #include <ipsec.h>
  23
  24 typedef struct private_kernel_android_ipsec_t private_kernel_android_ipsec_t;
  25
  26 struct private_kernel_android_ipsec_t {
  27
  28         /**
  29          * Public kernel interface
  30          */
  31         kernel_android_ipsec_t public;
  32
  33         /**
  34          * Listener for lifetime expire events
  35          */
  36         ipsec_event_listener_t ipsec_listener;
  37 };
  38
  39 /**
  40  * Callback registrered with libipsec.
  41  */
  42 void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
  43 {
  44         hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
  45                                                                         spi, hard);
  46 }
  47
  48 METHOD(kernel_ipsec_t, get_spi, status_t,
  49         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  50         u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  51 {
  52         return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, reqid, spi);
  53 }
  54
  55 METHOD(kernel_ipsec_t, get_cpi, status_t,
  56         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  57         u_int32_t reqid, u_int16_t *cpi)
  58 {
  59         return NOT_SUPPORTED;
  60 }
  61
  62 METHOD(kernel_ipsec_t, add_sa, status_t,
  63         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  64         u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
  65         u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
  66         u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
  67         u_int16_t cpi, bool encap, bool esn, bool inbound,
  68         traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
  69 {
  70         return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
  71                                                           tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
  72                                                           mode, ipcomp, cpi, encap, esn, inbound, src_ts,
  73                                                           dst_ts);
  74 }
  75
  76 METHOD(kernel_ipsec_t, update_sa, status_t,
  77         private_kernel_android_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
  78         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
  79         bool encap, bool new_encap, mark_t mark)
  80 {
  81         return NOT_SUPPORTED;
  82 }
  83
  84 METHOD(kernel_ipsec_t, query_sa, status_t,
  85         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  86         u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  87 {
  88         return NOT_SUPPORTED;
  89 }
  90
  91 METHOD(kernel_ipsec_t, del_sa, status_t,
  92         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
  93         u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  94 {
  95         return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
  96 }
  97
  98 METHOD(kernel_ipsec_t, flush_sas, status_t,
  99         private_kernel_android_ipsec_t *this)
 100 {
 101         return ipsec->sas->flush_sas(ipsec->sas);
 102 }
 103
 104 METHOD(kernel_ipsec_t, add_policy, status_t,
 105         private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
 106         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
 107         policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
 108         policy_priority_t priority)
 109 {
 110         return ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
 111                                                                            dst_ts, direction, type, sa, mark,
 112                                                                            priority);
 113 }
 114
 115 METHOD(kernel_ipsec_t, query_policy, status_t,
 116         private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
 117         traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
 118         u_int32_t *use_time)
 119 {
 120         return NOT_SUPPORTED;
 121 }
 122
 123 METHOD(kernel_ipsec_t, del_policy, status_t,
 124         private_kernel_android_ipsec_t *this, traffic_selector_t *src_ts,
 125         traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
 126         mark_t mark, policy_priority_t priority)
 127 {
 128         return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
 129                                                                            direction, reqid, mark, priority);
 130 }
 131
 132 METHOD(kernel_ipsec_t, flush_policies, status_t,
 133         private_kernel_android_ipsec_t *this)
 134 {
 135         ipsec->policies->flush_policies(ipsec->policies);
 136         return SUCCESS;
 137 }
 138
 139 METHOD(kernel_ipsec_t, bypass_socket, bool,
 140         private_kernel_android_ipsec_t *this, int fd, int family)
 141 {
 142         return NOT_SUPPORTED;
 143 }
 144
 145 METHOD(kernel_ipsec_t, enable_udp_decap, bool,
 146         private_kernel_android_ipsec_t *this, int fd, int family, u_int16_t port)
 147 {
 148         return NOT_SUPPORTED;
 149 }
 150
 151 METHOD(kernel_ipsec_t, destroy, void,
 152         private_kernel_android_ipsec_t *this)
 153 {
 154         ipsec->events->unregister_listener(ipsec->events, &this->ipsec_listener);
 155         free(this);
 156 }
 157
 158 /*
 159  * Described in header.
 160  */
 161 kernel_android_ipsec_t *kernel_android_ipsec_create()
 162 {
 163         private_kernel_android_ipsec_t *this;
 164
 165         INIT(this,
 166                 .public = {
 167                         .interface = {
 168                                 .get_spi = _get_spi,
 169                                 .get_cpi = _get_cpi,
 170                                 .add_sa  = _add_sa,
 171                                 .update_sa = _update_sa,
 172                                 .query_sa = _query_sa,
 173                                 .del_sa = _del_sa,
 174                                 .flush_sas = _flush_sas,
 175                                 .add_policy = _add_policy,
 176                                 .query_policy = _query_policy,
 177                                 .del_policy = _del_policy,
 178                                 .flush_policies = _flush_policies,
 179                                 .bypass_socket = _bypass_socket,
 180                                 .enable_udp_decap = _enable_udp_decap,
 181                                 .destroy = _destroy,
 182                         },
 183                 },
 184                 .ipsec_listener = {
 185                         .expire = expire,
 186                 },
 187         );
 188
 189         ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
 190
 191         return &this->public;
 192 }