diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-03-07 18:16:56 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-20 15:24:26 +0100 |
| commit | ee66565d43fcbcdd6b6ab9c5f434e91abff65248 (patch) | |
| tree | 2e938909ee6db8714060d464a1c2e0583dc6efc3 /src/frontends/android/jni/libandroidbridge | |
| parent | c994ec3b70b733dc25d244eadeaef4ed56ebcff9 (diff) | |
| download | strongswan-ee66565d43fcbcdd6b6ab9c5f434e91abff65248.tar.bz2 strongswan-ee66565d43fcbcdd6b6ab9c5f434e91abff65248.tar.xz | |
android: Also request a virtual IPv6 address and propose IPv6 TS
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
Diffstat (limited to 'src/frontends/android/jni/libandroidbridge')
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/backend/android_service.c | 24 | ||||
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/vpnservice_builder.c | 18 |
2 files changed, 23 insertions, 19 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index 76c139881..302f732a8 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -209,13 +209,20 @@ static bool add_route(vpnservice_builder_t *builder, host_t *net, { /* if route is 0.0.0.0/0, split it into two routes 0.0.0.0/1 and * 128.0.0.0/1 because otherwise it would conflict with the current default - * route */ + * route. likewise for IPv6 with ::/0. */ if (net->is_anyaddr(net) && prefix == 0) { bool success; success = add_route(builder, net, 1); - net = host_create_from_string("128.0.0.0", 0); + if (net->get_family(net) == AF_INET) + { + net = host_create_from_string("128.0.0.0", 0); + } + else + { + net = host_create_from_string("8000::", 0); + } success = success && add_route(builder, net, 1); net->destroy(net); return success; @@ -526,7 +533,8 @@ static job_requeue_t initiate(private_android_service_t *this) TRUE, FALSE, /* mobike, aggressive */ 0, 0, /* DPD delay, timeout */ FALSE, NULL, NULL); /* mediation */ - peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); + peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET)); + peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET6)); /* local auth config */ if (streq("ikev2-cert", this->type) || @@ -561,11 +569,13 @@ static job_requeue_t initiate(private_android_service_t *this) * libipsec, no PFS for now */ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP, "aes128-aes192-aes256-sha1-sha256-sha384-sha512")); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", - 0, "255.255.255.255", 65535); + ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, TRUE, ts); + ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, FALSE, ts); + ts = traffic_selector_create_from_cidr("::/0", 0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", - 0, "255.255.255.255", 65535); + ts = traffic_selector_create_from_cidr("::/0", 0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); peer_cfg->add_child_cfg(peer_cfg, child_cfg); diff --git a/src/frontends/android/jni/libandroidbridge/vpnservice_builder.c b/src/frontends/android/jni/libandroidbridge/vpnservice_builder.c index c95b335dc..5232bc482 100644 --- a/src/frontends/android/jni/libandroidbridge/vpnservice_builder.c +++ b/src/frontends/android/jni/libandroidbridge/vpnservice_builder.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2013 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager * Hochschule fuer Technik Rapperswil @@ -45,16 +45,14 @@ METHOD(vpnservice_builder_t, add_address, bool, JNIEnv *env; jmethodID method_id; jstring str; - char buf[INET_ADDRSTRLEN]; + char buf[INET6_ADDRSTRLEN]; + int prefix; androidjni_attach_thread(&env); DBG2(DBG_LIB, "builder: adding interface address %H", addr); - if (addr->get_family(addr) != AF_INET) - { - goto failed; - } + prefix = addr->get_family(addr) == AF_INET ? 32 : 128; if (snprintf(buf, sizeof(buf), "%H", addr) >= sizeof(buf)) { goto failed; @@ -71,7 +69,7 @@ METHOD(vpnservice_builder_t, add_address, bool, { goto failed; } - if (!(*env)->CallBooleanMethod(env, this->builder, method_id, str, 32)) + if (!(*env)->CallBooleanMethod(env, this->builder, method_id, str, prefix)) { goto failed; } @@ -121,16 +119,12 @@ METHOD(vpnservice_builder_t, add_route, bool, JNIEnv *env; jmethodID method_id; jstring str; - char buf[INET_ADDRSTRLEN]; + char buf[INET6_ADDRSTRLEN]; androidjni_attach_thread(&env); DBG2(DBG_LIB, "builder: adding route %+H/%d", net, prefix); - if (net->get_family(net) != AF_INET) - { - goto failed; - } if (snprintf(buf, sizeof(buf), "%+H", net) >= sizeof(buf)) { goto failed; |