Use independent address families for SP selector and template

This patch allows Security Policy selectors and templates to have different address families, allowing for wildcard selectors, but specified templates. This is required for IPsec tunnel mode to work properly, as selectors match inner addresses (and thus must be dual IPv4/IPv6), while templates match outer addresses. Bug: 79384676 Test: CTS tests passing, ip xfrm monitor shows correct results Change-Id: I60214e17f50f91deb1ffdc71158131d237d1e642
author: Benedict Wong <benedictwong@google.com> 2018-05-09 21:42:42 -0700
committer: Benedict Wong <benedictwong@google.com> 2018-08-30 11:22:41 -0700
commit: a04ffa7f20ab0b962ac153075fd5fe34de15f92f (patch)
tree: 083fb1d84f31506325a1d42aac5471c304dcdb82 /server/NetdNativeService.h
parent: ad600cb86a32f490a6d2855fc32fb480edc0360b (diff)
download: platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.tar.gz
platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.tar.bz2
platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.zip
1 files changed, 6 insertions, 7 deletions
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index 2e7704320..b34e36331 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h
@@ -151,19 +151,18 @@ class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd
     binder::Status ipSecRemoveTransportModeTransform(
             const android::base::unique_fd& socket);
 
-    binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t direction,
-                                          const std::string& tmplSrcAddress,
+    binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
+                                          int32_t direction, const std::string& tmplSrcAddress,
                                           const std::string& tmplDstAddress, int32_t spi,
                                           int32_t markValue, int32_t markMask);
 
-    binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t direction,
-                                             const std::string& tmplSrcAddress,
+    binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
+                                             int32_t direction, const std::string& tmplSrcAddress,
                                              const std::string& tmplDstAddress, int32_t spi,
                                              int32_t markValue, int32_t markMask);
 
-    binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t direction,
-                                             const std::string& tmplSrcAddress,
-                                             const std::string& tmplDstAddress, int32_t markValue,
+    binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
+                                             int32_t direction, int32_t markValue,
                                              int32_t markMask);
 
     binder::Status trafficCheckBpfStatsEnable(bool* ret) override;
author	Benedict Wong <benedictwong@google.com>	2018-05-09 21:42:42 -0700
committer	Benedict Wong <benedictwong@google.com>	2018-08-30 11:22:41 -0700
commit	a04ffa7f20ab0b962ac153075fd5fe34de15f92f (patch)
tree	083fb1d84f31506325a1d42aac5471c304dcdb82 /server/NetdNativeService.h
parent	ad600cb86a32f490a6d2855fc32fb480edc0360b (diff)
download	platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.tar.gz platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.tar.bz2 platform_system_netd-a04ffa7f20ab0b962ac153075fd5fe34de15f92f.zip