diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-08-08 14:47:47 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-13 11:09:34 +0200 |
| commit | 30ba2ff7771e84a8ac7d08089945b1e6fa5cca38 (patch) | |
| tree | 2c9ebb61f66197cc8dc8fed2aa80d9e88404f45d /src/frontends/android/jni/libandroidbridge/backend/android_service.c | |
| parent | 62e6630b248b0f7e387dae8d16dd56db71262b35 (diff) | |
| download | strongswan-30ba2ff7771e84a8ac7d08089945b1e6fa5cca38.tar.bz2 strongswan-30ba2ff7771e84a8ac7d08089945b1e6fa5cca38.tar.xz | |
Add routes based on the installed IPsec policies to the TUN device builder
Diffstat (limited to 'src/frontends/android/jni/libandroidbridge/backend/android_service.c')
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/backend/android_service.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index d44bebc9a..40ca86ac5 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -71,6 +71,51 @@ struct private_android_service_t { }; /** + * Add a route to the TUN device builder + */ +static bool add_route(vpnservice_builder_t *builder, host_t *net, + u_int8_t prefix) +{ + /* if route is 0.0.0.0/0, split it into two routes 0.0.0.0/1 and + * 128.0.0.0/1 because otherwise it would conflict with the current default + * route */ + if (net->is_anyaddr(net) && prefix == 0) + { + bool success; + + success = add_route(builder, net, 1); + net = host_create_from_string("128.0.0.0", 0); + success = success && add_route(builder, net, 1); + net->destroy(net); + return success; + } + return builder->add_route(builder, net, prefix); +} + +/** + * Generate and set routes from installed IPsec policies + */ +static bool add_routes(vpnservice_builder_t *builder, child_sa_t *child_sa) +{ + traffic_selector_t *src_ts, *dst_ts; + enumerator_t *enumerator; + bool success = TRUE; + + enumerator = child_sa->create_policy_enumerator(child_sa); + while (success && enumerator->enumerate(enumerator, &src_ts, &dst_ts)) + { + host_t *net; + u_int8_t prefix; + + dst_ts->to_subnet(dst_ts, &net, &prefix); + success = add_route(builder, net, prefix); + net->destroy(net); + } + enumerator->destroy(enumerator); + return success; +} + +/** * Setup a new TUN device for the supplied SAs. * Additional information such as DNS servers are gathered in appropriate * listeners asynchronously. To be sure every required bit of information is @@ -94,6 +139,7 @@ static bool setup_tun_device(private_android_service_t *this, builder = charonservice->get_vpnservice_builder(charonservice); if (!builder->add_address(builder, vip) || + !add_routes(builder, child_sa) || !builder->set_mtu(builder, TUN_DEFAULT_MTU)) { return FALSE; |