Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 0a5f8977 authored by Luke Huang's avatar Luke Huang
Browse files

Remove explicitlySelected bit for vpn fallthrough rule 

Previously, netd use explicitlySelected bit to ensure that
the VPN fallthrough rule does not match if a non-zero NetId was
explicitly specified. This is inconsistent with the normal case
of an application that is subject to the VPN, because in that case,
the fallthrough rule does match.
This commit removes the explicitlySelected bit and relax the guarantee.
This ensure that the behaviour of an app that selects the VPN network
is the same as the behaviour of an app that specifies no network but
is subject to the VPN.
VPN traffic will fallthrough default network if no route is hit in VPN
route table.

Assume vpn netId is 102, default network interface is wlan0 with no
permisiion. Below is the result of route rule before/after this commit.
Before:
21000:	from all fwmark 0x10066/0x1ffff lookup wlan0

After:
21000:	from all fwmark 0x66/0xffff lookup wlan0

Bug: 119216095
Test: built, flashed, booted
      system/netd/tests/runtests.sh

Merged-In: I76a1ac1304fad16b31d4b80196fab56ecd63171e
(cherry picked from commit f0f00203)

Change-Id: If874020bf602a00619714fb8c43d5f7284e48374
parent eb38470a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment