Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d286198c authored by Luke Huang's avatar Luke Huang
Browse files

Remove explicitlySelected bit for vpn fallthrough rule 

Previously, netd use explicitlySelected bit to ensure that
the VPN fallthrough rule does not match if a non-zero NetId was
explicitly specified. This is inconsistent with the normal case
of an application that is subject to the VPN, because in that case,
the fallthrough rule does match.
This commit removes the explicitlySelected bit and relax the guarantee.
This ensure that the behaviour of an app that selects the VPN network
is the same as the behaviour of an app that specifies no network but
is subject to the VPN.
VPN traffic will fallthrough default network if no route is hit in VPN
route table.

Assume vpn netId is 102, default network interface is wlan0 with no
permisiion. Below is the result of route rule before/after this commit.
Before:
21000:	from all fwmark 0x10066/0x1ffff lookup wlan0

After:
21000:	from all fwmark 0x66/0xffff lookup wlan0

Bug: 119216095
Test: built, flashed, booted
      system/netd/tests/runtests.sh

Change-Id: I03411644dc82cabcaf1f3274a17f36ec4e173c2e
parent b3a2bf09
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment