Fix connecting to localhost on Android

Do not protect the link socket when connecting to localhost. Also only
call the protect function on valid socket
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8375

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 100eedd6e107db56260c443ebbbad20e7f9df850..91c6af0c53105206e507a3f039de13cb91dfd802 100644 (file)
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -689,17 +689,24 @@ create_socket (struct link_socket *sock)
 
     /* set socket to --mark packets with given value */
     socket_set_mark (sock->sd, sock->mark);
+}
 
 #ifdef TARGET_ANDROID
+static void protect_fd_nonlocal (int fd, const struct sockaddr* addr)
+{
   /* pass socket FD to management interface to pass on to VPNService API
    * as "protected socket" (exempt from being routed into tunnel)
    */
+  if (addr_local (addr)) {
+    msg(M_DEBUG, "Address is local, not protecting socket fd %d", fd);
+    return;
+  }
 
-  management->connection.fdtosend = sock->sd;
+  msg(M_DEBUG, "Protecting socket fd %d", fd);
+  management->connection.fdtosend = fd;
   management_android_control (management, "PROTECTFD", __func__);
-#endif
-
 }
+#endif
 
 /*
  * Functions used for establishing a TCP stream connection.
@@ -935,6 +942,10 @@ openvpn_connect (socket_descriptor_t sd,
 {
   int status = 0;
 
+#ifdef TARGET_ANDROID
+  protect_fd_nonlocal(sd, remote);
+#endif
+
 #ifdef CONNECT_NONBLOCK
   set_nonblock (sd);
   status = connect (sd, remote, af_addr_size(remote->sa_family));
@@ -1788,6 +1799,10 @@ link_socket_init_phase2 (struct link_socket *sock,
          phase2_socks_client (sock, sig_info);
 #endif
        }
+#ifdef TARGET_ANDROID
+      if (sock->sd != -1)
+       protect_fd_nonlocal (sock->sd, &sock->info.lsa->actual.dest.addr.sa);
+#endif
       if (sig_info && sig_info->signal_received)
        goto done;
     }

diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index e0e0fff08752cbb324f4ae116819bbb28b305ca8..191668fbb648a3f357ec645aecc9e79b2f9481f4 100644 (file)
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -598,6 +598,23 @@ addr_defined (const struct openvpn_sockaddr *addr)
     default: return 0;
   }
 }
+
+static inline bool
+addr_local (const struct sockaddr *addr)
+{
+    if (!addr)
+       return false;
+    switch (addr->sa_family) {
+       case AF_INET:
+           return ((const struct sockaddr_in*)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
+       case AF_INET6:
+           return  IN6_IS_ADDR_LOOPBACK(&((const struct sockaddr_in6*)addr)->sin6_addr);
+       default:
+           return false;
+    }
+}
+
+
 static inline bool
 addr_defined_ipi (const struct link_socket_actual *lsa)
 {