diff options
| -rw-r--r-- | core/java/android/net/IpSecConfig.java | 32 | ||||
| -rw-r--r-- | services/core/java/com/android/server/IpSecService.java | 8 | ||||
| -rw-r--r-- | tests/net/java/com/android/server/IpSecServiceParameterizedTest.java | 32 |
3 files changed, 65 insertions, 7 deletions
diff --git a/core/java/android/net/IpSecConfig.java b/core/java/android/net/IpSecConfig.java index 80b0af33735b..6a262e2c87ca 100644 --- a/core/java/android/net/IpSecConfig.java +++ b/core/java/android/net/IpSecConfig.java @@ -65,6 +65,10 @@ public final class IpSecConfig implements Parcelable { // An interval, in seconds between the NattKeepalive packets private int mNattKeepaliveInterval; + // XFRM mark and mask + private int mMarkValue; + private int mMarkMask; + /** Set the mode for this IPsec transform */ public void setMode(int mode) { mMode = mode; @@ -121,6 +125,14 @@ public final class IpSecConfig implements Parcelable { mNattKeepaliveInterval = interval; } + public void setMarkValue(int mark) { + mMarkValue = mark; + } + + public void setMarkMask(int mask) { + mMarkMask = mask; + } + // Transport or Tunnel public int getMode() { return mMode; @@ -170,6 +182,14 @@ public final class IpSecConfig implements Parcelable { return mNattKeepaliveInterval; } + public int getMarkValue() { + return mMarkValue; + } + + public int getMarkMask() { + return mMarkMask; + } + // Parcelable Methods @Override @@ -191,6 +211,8 @@ public final class IpSecConfig implements Parcelable { out.writeInt(mEncapSocketResourceId); out.writeInt(mEncapRemotePort); out.writeInt(mNattKeepaliveInterval); + out.writeInt(mMarkValue); + out.writeInt(mMarkMask); } @VisibleForTesting @@ -212,6 +234,8 @@ public final class IpSecConfig implements Parcelable { mEncapSocketResourceId = in.readInt(); mEncapRemotePort = in.readInt(); mNattKeepaliveInterval = in.readInt(); + mMarkValue = in.readInt(); + mMarkMask = in.readInt(); } @Override @@ -242,6 +266,10 @@ public final class IpSecConfig implements Parcelable { .append(mAuthentication) .append(", mAuthenticatedEncryption=") .append(mAuthenticatedEncryption) + .append(", mMarkValue=") + .append(mMarkValue) + .append(", mMarkMask=") + .append(mMarkMask) .append("}"); return strBuilder.toString(); @@ -275,6 +303,8 @@ public final class IpSecConfig implements Parcelable { && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption) && IpSecAlgorithm.equals( lhs.mAuthenticatedEncryption, rhs.mAuthenticatedEncryption) - && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication)); + && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication) + && lhs.mMarkValue == rhs.mMarkValue + && lhs.mMarkMask == rhs.mMarkMask); } } diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 46a35ec800ba..09d7d9bc6245 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -566,7 +566,9 @@ public class IpSecService extends IIpSecService.Stub { mResourceId, mConfig.getSourceAddress(), mConfig.getDestinationAddress(), - spi); + spi, + mConfig.getMarkValue(), + mConfig.getMarkMask()); } catch (ServiceSpecificException e) { // FIXME: get the error code and throw is at an IOException from Errno Exception } catch (RemoteException e) { @@ -634,7 +636,7 @@ public class IpSecService extends IIpSecService.Stub { mSrvConfig .getNetdInstance() .ipSecDeleteSecurityAssociation( - mResourceId, mSourceAddress, mDestinationAddress, mSpi); + mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0); } catch (ServiceSpecificException e) { // FIXME: get the error code and throw is at an IOException from Errno Exception } catch (RemoteException e) { @@ -1153,6 +1155,8 @@ public class IpSecService extends IIpSecService.Stub { c.getDestinationAddress(), (c.getNetwork() != null) ? c.getNetwork().netId : 0, spiRecord.getSpi(), + c.getMarkValue(), + c.getMarkMask(), (auth != null) ? auth.getName() : "", (auth != null) ? auth.getKey() : new byte[] {}, (auth != null) ? auth.getTruncationLengthBits() : 0, diff --git a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java index 4fbb228e6e53..cb0bdfc752d4 100644 --- a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java +++ b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java @@ -136,7 +136,12 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); + eq(spiResp.resourceId), + anyString(), + anyString(), + eq(TEST_SPI), + anyInt(), + anyInt()); // Verify quota and RefcountedResource objects cleaned up IpSecService.UserRecord userRecord = @@ -168,7 +173,12 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); + eq(spiResp.resourceId), + anyString(), + anyString(), + eq(TEST_SPI), + anyInt(), + anyInt()); // Verify quota and RefcountedResource objects cleaned up assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent); @@ -221,6 +231,8 @@ public class IpSecServiceParameterizedTest { anyString(), anyLong(), eq(TEST_SPI), + anyInt(), + anyInt(), eq(IpSecAlgorithm.AUTH_HMAC_SHA256), eq(AUTH_KEY), anyInt(), @@ -254,6 +266,8 @@ public class IpSecServiceParameterizedTest { anyString(), anyLong(), eq(TEST_SPI), + anyInt(), + anyInt(), eq(""), eq(new byte[] {}), eq(0), @@ -280,7 +294,12 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); + eq(createTransformResp.resourceId), + anyString(), + anyString(), + eq(TEST_SPI), + anyInt(), + anyInt()); // Verify quota and RefcountedResource objects cleaned up IpSecService.UserRecord userRecord = @@ -314,7 +333,12 @@ public class IpSecServiceParameterizedTest { verify(mMockNetd) .ipSecDeleteSecurityAssociation( - eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI)); + eq(createTransformResp.resourceId), + anyString(), + anyString(), + eq(TEST_SPI), + anyInt(), + anyInt()); // Verify quota and RefcountedResource objects cleaned up assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent); |