From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 16 Jul 2014 12:01:12 +0000 (+0200)
Subject: android: Recreate the TUN device without DNS when reestablishing IKE_SAs
X-Git-Tag: 5.2.1dr1~115^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c66f5f844d0e19e5785e223e756d2fd6955e8f24;p=thirdparty%2Fstrongswan.git

android: Recreate the TUN device without DNS when reestablishing IKE_SAs

This enables DNS resolution while reestablishing if the VPN gateway pushed
DNS servers to the client that are only reachable via VPN.
---

diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
index 113056532e..73738c22ed 100644
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@ -349,6 +349,36 @@ static bool setup_tun_device(private_android_service_t *this,
 	return TRUE;
 }
 
+/**
+ * Setup a new TUN device based on the existing one, but without DNS server.
+ */
+static bool setup_tun_device_without_dns(private_android_service_t *this)
+{
+	vpnservice_builder_t *builder;
+	int tunfd;
+
+	DBG1(DBG_DMN, "setting up TUN device without DNS");
+
+	builder = charonservice->get_vpnservice_builder(charonservice);
+
+	tunfd = builder->establish_no_dns(builder);
+	if (tunfd == -1)
+	{
+		return FALSE;
+	}
+
+	this->lock->write_lock(this->lock);
+	if (this->tunfd > 0)
+	{	/* close previously opened TUN device, this should always be the case */
+		close(this->tunfd);
+	}
+	this->tunfd = tunfd;
+	this->lock->unlock(this->lock);
+
+	DBG1(DBG_DMN, "successfully created TUN device without DNS");
+	return TRUE;
+}
+
 /**
  * Close the current tun device
  */
@@ -479,6 +509,14 @@ METHOD(listener_t, ike_reestablish_pre, bool,
 		this->lock->write_lock(this->lock);
 		this->use_dns_proxy = TRUE;
 		this->lock->unlock(this->lock);
+		/* if DNS servers are installed that are only reachable through the VPN
+		 * the DNS proxy doesn't help, so uninstall DNS servers */
+		if (!setup_tun_device_without_dns(this))
+		{
+			DBG1(DBG_DMN, "failed to setup TUN device without DNS");
+			charonservice->update_status(charonservice,
+										 CHARONSERVICE_GENERIC_ERROR);
+		}
 	}
 	return TRUE;
 }