Only set protectFromVpn if explicitlySelected is also true.
When a secure VPN is up, setting protectFromVpn=1 and explicitlySelected=0 causes the probe routing lookups used by _have_ipv4 and _have_ipv6 to skip the VPN rule, instead selecting the default network. This means that the address families for which we query DNS records are determined by the address families of the the default network, not those of the VPN. If explicitlySelected==true, setting protectFromVpn=true (if the app can protect its sockets) results in querying the address families from the specified network, which is correct. Test: as follows - built - flashed - booted - runtest -x netd_integration_test.cpp passes - testing per bug discussion Bug: 37131664 Bug: 37347238 Merged-In: Idf7b1240ba90e08aa27fe1ee7ef6bf48c30c5342 Merged-In: Icfa67ef3ae337abe635fbe0be7ef7aaac7310f39 Change-Id: I7cf322a047494fd70c3c4d8862d53d6a6dac66de (cherry picked from commit 6d4669fa)
Loading
Please register or sign in to comment