[PATCH/RFC V2 00/26] JNI bindings for libopenconnect

Kevin Cernekee cernekee at gmail.com
Sun Aug 11 21:49:01 EDT 2013 

Here is the second iteration of my JNI/Android patch series.

This has grown into a relatively large set of changes so I put
together a quick proof of concept based on an existing Android OpenVPN
client, to prove to myself that the new interfaces are suitable for the
task at hand:

https://github.com/cernekee/ics-openvpn/commits/oc-v1
https://dl.dropboxusercontent.com/u/169702767/icsvpn/screenshot-log.png
https://dl.dropboxusercontent.com/u/169702767/icsvpn/screenshot-notif.png
https://dl.dropboxusercontent.com/u/169702767/icsvpn/icsopenvpn.apk


V1->V2 changes:

Split JNI wrappers into a separate shared library by default, but
still allow building a monolithic library for Android

Don't require JAVAC to be set if javac can be found via JAVA_HOME or
PATH

Rename org.infradead.openconnect.LibOpenConnect to
org.infradead.libopenconnect.LibOpenConnect, so the library code is
guaranteed to have its own package

Move the Java code under java/, and use ant to build it

Add connection initiation and mainloop support to C and Java libraries

Modify main.c to take advantage of the new library APIs

Get rid of forward declarations in jni.c by overriding
-Wmissing-declarations

Add or enhance Java library functions:

 - cancel() / isCanceled(), to make it easier for callers to shut down
   after user aborts

 - setLogLevel(), to avoid calling back into Java on every single
   packet (PRG_TRACE message)

 - parseURL() - convert to use helper macros

 - all: use JNI global references to clean up the PUSH_CTX/POP_CTX
   hacks

 - Removed a bunch of helper functions in favor of direct object field
   access from C


These patches are posted at: git://github.com/cernekee/openconnect jni-v2


Possible trouble spots:

I'm using explicit routes at the moment so I don't see problems on this
setup, but I think we need to be able to call VpnService.protect() on
the sockets used for SSL and DTLS connections.  This may require another
library->JNI->Java callback to handle cases like reconnect.

It would be nice to have a way to obtain byte counts from the library.
Maybe through a periodic mainloop callback that runs every second or
so?

Can somebody check to see if strsignal() works on Solaris?

The openconnect.pc.in changes are untested and should be scrutinized.

This patch series has gone through quite a bit of churn so there are
probably at least a few bugs remaining.

I still haven't looked for memory leaks in the JNI code.


Kevin Cernekee (26):
  library: Remove declaration for nonexistent
    openconnect_get_vpn_name()
  auth: Hack around const warnings
  Introduce new helper functions for cancel_fd checking
  library: Add new openconnect_setup_cancel_pipe() call
  Convert vpn_mainloop() into a library function
  main: Introduce xstrdup() function
  tun: Export setup_tun() functionality
  Move vpninfo default settings into library
  library: Check for failed allocations in openconnect_vpninfo_new()
  dtls: Export setup_dtls() function
  cstp: Export make_cstp_connection()
  library: Move the mainloop guts into libopenconnect
  library: Update openconnect.pc.in
  tun, cstp: Don't exit() on failure
  library: Free zlib state
  cstp: Clean up split include/exclude/DNS lists when freeing vpninfo
  library: Add get/set functions for servercert, ifname, reqmtu
  library: Export VPN IP information to callers
  main: Add openconnect_vpninfo_free() on a couple of exit paths
  buildsys: Allow overriding -W flags
  acinclude: Add AX_JNI_INCLUDE_DIR macro
  JNI: Initial commit of C wrapper functions
  JNI: Initial commit of Java library + example program
  android: Enable JNI in build
  android: Add libstoken to build
  library: Update changelog and bump minor version

 .gitignore                                         |    1 +
 Makefile.am                                        |   25 +-
 acinclude.m4                                       |  125 +++
 android/0001-Remove-call-to-mlockall.patch         |   33 +
 android/Makefile                                   |   72 +-
 auth.c                                             |    8 +-
 configure.ac                                       |   48 +-
 cstp.c                                             |  135 +--
 dtls.c                                             |   14 +-
 gnutls.c                                           |   36 +-
 http.c                                             |   18 +-
 java/.gitignore                                    |    2 +
 java/README                                        |   22 +
 java/build.xml                                     |   33 +
 java/src/com/example/LibTest.java                  |  201 +++++
 .../infradead/libopenconnect/LibOpenConnect.java   |  231 +++++
 jni.c                                              |  926 ++++++++++++++++++++
 libopenconnect.map.in                              |   16 +
 library.c                                          |   77 +-
 main.c                                             |  137 ++-
 mainloop.c                                         |   28 +-
 openconnect-internal.h                             |   66 +-
 openconnect.h                                      |   61 +-
 openconnect.pc.in                                  |    2 +-
 openssl.c                                          |   36 +-
 ssl.c                                              |    8 +-
 tun.c                                              |  185 ++--
 27 files changed, 2192 insertions(+), 354 deletions(-)
 create mode 100644 android/0001-Remove-call-to-mlockall.patch
 create mode 100644 java/.gitignore
 create mode 100644 java/README
 create mode 100644 java/build.xml
 create mode 100644 java/src/com/example/LibTest.java
 create mode 100644 java/src/org/infradead/libopenconnect/LibOpenConnect.java
 create mode 100644 jni.c

-- 
1.7.9.5

More information about the openconnect-devel mailing list