From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 8 Aug 2012 13:50:36 +0000 (+0200)
Subject: Don't set the source address on Android
X-Git-Tag: 5.0.1~210^2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a39a301a126e3361684ebe02c6c1223a3e38ccdb;p=thirdparty%2Fstrongswan.git

Don't set the source address on Android
---

diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c
index ce1e8497ba..3a5d0cb1e4 100644
--- a/src/frontends/android/jni/libandroidbridge/charonservice.c
+++ b/src/frontends/android/jni/libandroidbridge/charonservice.c
@@ -312,6 +312,15 @@ static void charonservice_init(JNIEnv *env, jobject service, jobject builder)
 					"charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
 	lib->settings->set_bool(lib->settings,
 					"charon.close_ike_on_child_failure", TRUE);
+	/* setting the source address breaks the VpnService.protect() function which
+	 * uses SO_BINDTODEVICE internally.  the addresses provided to the kernel as
+	 * auxiliary data have precedence over this option causing a routing loop if
+	 * the gateway is contained in the VPN routes.  alternatively, providing an
+	 * explicit device (in addition or instead of the source address) in the
+	 * auxiliary data would also work, but we currently don't have that
+	 * information */
+	lib->settings->set_bool(lib->settings,
+					"charon.plugins.socket-default.set_source", FALSE);
 }
 
 /**