diff options
author | Arne Schwabe | 2014-03-21 14:18:34 +0100 |
---|---|---|
committer | Gert Doering | 2014-03-21 19:25:44 +0100 |
commit | 5118787158eb6fafa3bfef9cb87acb1c76264a90 (patch) | |
tree | 1ed30ae219c9a666d5dfdd3a0a420cc4b07e37e1 /src/openvpn/socket.c | |
parent | 25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b (diff) | |
download | openvpn-5118787158eb6fafa3bfef9cb87acb1c76264a90.zip openvpn-5118787158eb6fafa3bfef9cb87acb1c76264a90.tar.gz |
Fix connecting to localhost on Android
Do not protect the link socket when connecting to localhost. Also only
call the protect function on valid socket
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8375
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/socket.c')
-rw-r--r-- | src/openvpn/socket.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 100eedd..91c6af0 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -689,17 +689,24 @@ create_socket (struct link_socket *sock) /* set socket to --mark packets with given value */ socket_set_mark (sock->sd, sock->mark); +} #ifdef TARGET_ANDROID +static void protect_fd_nonlocal (int fd, const struct sockaddr* addr) +{ /* pass socket FD to management interface to pass on to VPNService API * as "protected socket" (exempt from being routed into tunnel) */ + if (addr_local (addr)) { + msg(M_DEBUG, "Address is local, not protecting socket fd %d", fd); + return; + } - management->connection.fdtosend = sock->sd; + msg(M_DEBUG, "Protecting socket fd %d", fd); + management->connection.fdtosend = fd; management_android_control (management, "PROTECTFD", __func__); -#endif - } +#endif /* * Functions used for establishing a TCP stream connection. @@ -935,6 +942,10 @@ openvpn_connect (socket_descriptor_t sd, { int status = 0; +#ifdef TARGET_ANDROID + protect_fd_nonlocal(sd, remote); +#endif + #ifdef CONNECT_NONBLOCK set_nonblock (sd); status = connect (sd, remote, af_addr_size(remote->sa_family)); @@ -1788,6 +1799,10 @@ link_socket_init_phase2 (struct link_socket *sock, phase2_socks_client (sock, sig_info); #endif } +#ifdef TARGET_ANDROID + if (sock->sd != -1) + protect_fd_nonlocal (sock->sd, &sock->info.lsa->actual.dest.addr.sa); +#endif if (sig_info && sig_info->signal_received) goto done; } |