android: Add flag to enable IPv6 transport addresses
This commit is contained in:
parent
0bc826c2f2
commit
3581914387
|
@ -36,6 +36,7 @@ public class VpnProfile implements Cloneable
|
|||
public static final int FLAGS_DISABLE_OCSP = 1 << 2;
|
||||
public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
|
||||
public static final int FLAGS_RSA_PSS = 1 << 4;
|
||||
public static final int FLAGS_IPv6_TRANSPORT = 1 << 5;
|
||||
|
||||
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
|
||||
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
|
||||
|
|
|
@ -288,7 +288,8 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
|
|||
SimpleFetcher.enable();
|
||||
addNotification();
|
||||
mBuilderAdapter.setProfile(mCurrentProfile);
|
||||
if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD)))
|
||||
if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD),
|
||||
(mCurrentProfile.getFlags() & VpnProfile.FLAGS_IPv6_TRANSPORT) != 0))
|
||||
{
|
||||
Log.i(TAG, "charon started");
|
||||
|
||||
|
@ -775,9 +776,10 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
|
|||
* @param logfile absolute path to the logfile
|
||||
* @param appdir absolute path to the data directory of the app
|
||||
* @param byod enable BYOD features
|
||||
* @param ipv6 enable IPv6 transport
|
||||
* @return TRUE if initialization was successful
|
||||
*/
|
||||
public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod);
|
||||
public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod, boolean ipv6);
|
||||
|
||||
/**
|
||||
* Deinitialize charon, provided by libandroidbridge.so
|
||||
|
|
|
@ -744,7 +744,7 @@ static job_requeue_t initiate(private_android_service_t *this)
|
|||
auth_cfg_t *auth;
|
||||
ike_cfg_create_t ike = {
|
||||
.version = IKEV2,
|
||||
.local = "0.0.0.0",
|
||||
.local = "",
|
||||
.local_port = charon->socket->get_port(charon->socket, FALSE),
|
||||
.force_encap = TRUE,
|
||||
.fragmentation = FRAGMENTATION_YES,
|
||||
|
|
|
@ -479,7 +479,7 @@ static bool charonservice_register(plugin_t *plugin, plugin_feature_t *feature,
|
|||
/**
|
||||
* Set strongswan.conf options
|
||||
*/
|
||||
static void set_options(char *logfile)
|
||||
static void set_options(char *logfile, jboolean ipv6)
|
||||
{
|
||||
lib->settings->set_int(lib->settings,
|
||||
"charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
|
||||
|
@ -516,10 +516,10 @@ static void set_options(char *logfile)
|
|||
* information */
|
||||
lib->settings->set_bool(lib->settings,
|
||||
"charon.plugins.socket-default.set_source", FALSE);
|
||||
/* the Linux kernel does currently not support UDP encaspulation for IPv6
|
||||
* so lets disable IPv6 for now to avoid issues with dual-stack gateways */
|
||||
/* the Linux kernel only supports UDP encap for IPv6 since 5.8, so let's use
|
||||
* IPv6 only if requested, to avoid issues with older dual-stack servers */
|
||||
lib->settings->set_bool(lib->settings,
|
||||
"charon.plugins.socket-default.use_ipv6", FALSE);
|
||||
"charon.plugins.socket-default.use_ipv6", ipv6);
|
||||
|
||||
#ifdef USE_BYOD
|
||||
lib->settings->set_str(lib->settings,
|
||||
|
@ -634,7 +634,7 @@ static void __attribute__ ((constructor))register_logger()
|
|||
* Initialize charon and the libraries via JNI
|
||||
*/
|
||||
JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
|
||||
jobject builder, jstring jlogfile, jstring jappdir, jboolean byod)
|
||||
jobject builder, jstring jlogfile, jstring jappdir, jboolean byod, jboolean ipv6)
|
||||
{
|
||||
struct sigaction action;
|
||||
struct utsname utsname;
|
||||
|
@ -656,7 +656,7 @@ JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
|
|||
/* set options before initializing other libraries that might read them */
|
||||
logfile = androidjni_convert_jstring(env, jlogfile);
|
||||
|
||||
set_options(logfile);
|
||||
set_options(logfile, ipv6);
|
||||
free(logfile);
|
||||
|
||||
if (!libipsec_init())
|
||||
|
|
Loading…
Reference in New Issue