Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5026279c authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Add a throw route to the VPN endpoint. 

Without this, legacy VPN types that don't send all traffic
through a tun or ppp interface, but instead have the kernel
apply IPsec transforms directly to the original packets, will
try to send traffic to the VPN endpoint through the VPN, which
will not work.

Bug: 17462989
Change-Id: I3ebf0cec726dd12b2c57ba5d66775f8c02b25b70
parent 4b0f8e6f

services/core/java/com/android/server/connectivity/Vpn.java

+20 −1
Original line number Original line Diff line number Diff line
@@ -18,6 +18,7 @@ package com.android.server.connectivity; 




import static android.Manifest.permission.BIND_VPN_SERVICE;

import static android.Manifest.permission.BIND_VPN_SERVICE;

import static android.os.UserHandle.PER_USER_RANGE;

import static android.os.UserHandle.PER_USER_RANGE;

import static android.net.RouteInfo.RTN_THROW;

import static android.system.OsConstants.AF_INET;

import static android.system.OsConstants.AF_INET;

import static android.system.OsConstants.AF_INET6;

import static android.system.OsConstants.AF_INET6;
@@ -38,6 +39,7 @@ import android.content.pm.UserInfo; 
import android.net.ConnectivityManager;

import android.net.ConnectivityManager;

import android.net.IConnectivityManager;

import android.net.IConnectivityManager;

import android.net.INetworkManagementEventObserver;

import android.net.INetworkManagementEventObserver;

import android.net.IpPrefix;

import android.net.LinkAddress;

import android.net.LinkAddress;

import android.net.LinkProperties;

import android.net.LinkProperties;

import android.net.LocalSocket;

import android.net.LocalSocket;
@@ -1220,7 +1222,7 @@ public class Vpn { 




                // Now we are connected. Read and parse the new state.

                // Now we are connected. Read and parse the new state.

                String[] parameters = FileUtils.readTextFile(state, 0, null).split("\n", -1);

                String[] parameters = FileUtils.readTextFile(state, 0, null).split("\n", -1);

                if (parameters.length != 6) {

                if (parameters.length != 7) {

                    throw new IllegalStateException("Cannot parse the state");

                    throw new IllegalStateException("Cannot parse the state");

                }

                }
@@ -1249,6 +1251,23 @@ public class Vpn { 
                    }

                    }

                }

                }





                // Add a throw route for the VPN server endpoint, if one was specified.

                String endpoint = parameters[5];

                if (!endpoint.isEmpty()) {

                    try {

                        InetAddress addr = InetAddress.parseNumericAddress(endpoint);

                        if (addr instanceof Inet4Address) {

                            mConfig.routes.add(new RouteInfo(new IpPrefix(addr, 32), RTN_THROW));

                        } else if (addr instanceof Inet6Address) {

                            mConfig.routes.add(new RouteInfo(new IpPrefix(addr, 128), RTN_THROW));

                        } else {

                            Log.e(TAG, "Unknown IP address family for VPN endpoint: " + endpoint);

                        }

                    } catch (IllegalArgumentException e) {

                        Log.e(TAG, "Exception constructing throw route to " + endpoint + ": " + e);

                    }

                }



                // Here is the last step and it must be done synchronously.

                // Here is the last step and it must be done synchronously.

                synchronized (Vpn.this) {

                synchronized (Vpn.this) {

                    // Set the start time

                    // Set the start time