android: Add flag to enable IPv6 transport addresses
This commit is contained in:
Tobias Brunner
parent
0bc826c2f2
commit
3581914387
|
|
@ -36,6 +36,7 @@ public class VpnProfile implements Cloneable
|
||||||
public static final int FLAGS_DISABLE_OCSP = 1 << 2;
|
public static final int FLAGS_DISABLE_OCSP = 1 << 2;
|
||||||
public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
|
public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
|
||||||
public static final int FLAGS_RSA_PSS = 1 << 4;
|
public static final int FLAGS_RSA_PSS = 1 << 4;
|
||||||
|
public static final int FLAGS_IPv6_TRANSPORT = 1 << 5;
|
||||||
|
|
||||||
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
|
private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
|
||||||
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
|
private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;
|
||||||
|
|
|
||||||
|
|
@ -288,7 +288,8 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
|
||||||
SimpleFetcher.enable();
|
SimpleFetcher.enable();
|
||||||
addNotification();
|
addNotification();
|
||||||
mBuilderAdapter.setProfile(mCurrentProfile);
|
mBuilderAdapter.setProfile(mCurrentProfile);
|
||||||
if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD)))
|
if (initializeCharon(mBuilderAdapter, mLogFile, mAppDir, mCurrentProfile.getVpnType().has(VpnTypeFeature.BYOD),
|
||||||
|
(mCurrentProfile.getFlags() & VpnProfile.FLAGS_IPv6_TRANSPORT) != 0))
|
||||||
{
|
{
|
||||||
Log.i(TAG, "charon started");
|
Log.i(TAG, "charon started");
|
||||||
|
|
||||||
|
|
@ -775,9 +776,10 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
|
||||||
* @param logfile absolute path to the logfile
|
* @param logfile absolute path to the logfile
|
||||||
* @param appdir absolute path to the data directory of the app
|
* @param appdir absolute path to the data directory of the app
|
||||||
* @param byod enable BYOD features
|
* @param byod enable BYOD features
|
||||||
|
* @param ipv6 enable IPv6 transport
|
||||||
* @return TRUE if initialization was successful
|
* @return TRUE if initialization was successful
|
||||||
*/
|
*/
|
||||||
public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod);
|
public native boolean initializeCharon(BuilderAdapter builder, String logfile, String appdir, boolean byod, boolean ipv6);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deinitialize charon, provided by libandroidbridge.so
|
* Deinitialize charon, provided by libandroidbridge.so
|
||||||
|
|
|
||||||
|
|
@ -744,7 +744,7 @@ static job_requeue_t initiate(private_android_service_t *this)
|
||||||
auth_cfg_t *auth;
|
auth_cfg_t *auth;
|
||||||
ike_cfg_create_t ike = {
|
ike_cfg_create_t ike = {
|
||||||
.version = IKEV2,
|
.version = IKEV2,
|
||||||
.local = "0.0.0.0",
|
.local = "",
|
||||||
.local_port = charon->socket->get_port(charon->socket, FALSE),
|
.local_port = charon->socket->get_port(charon->socket, FALSE),
|
||||||
.force_encap = TRUE,
|
.force_encap = TRUE,
|
||||||
.fragmentation = FRAGMENTATION_YES,
|
.fragmentation = FRAGMENTATION_YES,
|
||||||
|
|
|
||||||
|
|
@ -479,7 +479,7 @@ static bool charonservice_register(plugin_t *plugin, plugin_feature_t *feature,
|
||||||
/**
|
/**
|
||||||
* Set strongswan.conf options
|
* Set strongswan.conf options
|
||||||
*/
|
*/
|
||||||
static void set_options(char *logfile)
|
static void set_options(char *logfile, jboolean ipv6)
|
||||||
{
|
{
|
||||||
lib->settings->set_int(lib->settings,
|
lib->settings->set_int(lib->settings,
|
||||||
"charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
|
"charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
|
||||||
|
|
@ -516,10 +516,10 @@ static void set_options(char *logfile)
|
||||||
* information */
|
* information */
|
||||||
lib->settings->set_bool(lib->settings,
|
lib->settings->set_bool(lib->settings,
|
||||||
"charon.plugins.socket-default.set_source", FALSE);
|
"charon.plugins.socket-default.set_source", FALSE);
|
||||||
/* the Linux kernel does currently not support UDP encaspulation for IPv6
|
/* the Linux kernel only supports UDP encap for IPv6 since 5.8, so let's use
|
||||||
* so lets disable IPv6 for now to avoid issues with dual-stack gateways */
|
* IPv6 only if requested, to avoid issues with older dual-stack servers */
|
||||||
lib->settings->set_bool(lib->settings,
|
lib->settings->set_bool(lib->settings,
|
||||||
"charon.plugins.socket-default.use_ipv6", FALSE);
|
"charon.plugins.socket-default.use_ipv6", ipv6);
|
||||||
|
|
||||||
#ifdef USE_BYOD
|
#ifdef USE_BYOD
|
||||||
lib->settings->set_str(lib->settings,
|
lib->settings->set_str(lib->settings,
|
||||||
|
|
@ -634,7 +634,7 @@ static void __attribute__ ((constructor))register_logger()
|
||||||
* Initialize charon and the libraries via JNI
|
* Initialize charon and the libraries via JNI
|
||||||
*/
|
*/
|
||||||
JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
|
JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
|
||||||
jobject builder, jstring jlogfile, jstring jappdir, jboolean byod)
|
jobject builder, jstring jlogfile, jstring jappdir, jboolean byod, jboolean ipv6)
|
||||||
{
|
{
|
||||||
struct sigaction action;
|
struct sigaction action;
|
||||||
struct utsname utsname;
|
struct utsname utsname;
|
||||||
|
|
@ -656,7 +656,7 @@ JNI_METHOD(CharonVpnService, initializeCharon, jboolean,
|
||||||
/* set options before initializing other libraries that might read them */
|
/* set options before initializing other libraries that might read them */
|
||||||
logfile = androidjni_convert_jstring(env, jlogfile);
|
logfile = androidjni_convert_jstring(env, jlogfile);
|
||||||
|
|
||||||
set_options(logfile);
|
set_options(logfile, ipv6);
|
||||||
free(logfile);
|
free(logfile);
|
||||||
|
|
||||||
if (!libipsec_init())
|
if (!libipsec_init())
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue