Merge "Use NetdClient to exempt racoon sockets from VPN" am: e973da9ba4 am: f1182befa0
am: 65cc4029f4
Change-Id: Ia463931ce5d8cbf1ae72ebfdfe24c174f270d646
diff --git a/Android.mk b/Android.mk
index 788b0f2..c318aff 100644
--- a/Android.mk
+++ b/Android.mk
@@ -55,11 +55,12 @@
$(LOCAL_PATH)/src/include-glibc \
$(LOCAL_PATH)/src/libipsec \
$(LOCAL_PATH)/src/racoon \
- $(LOCAL_PATH)/src/racoon/missing
+ $(LOCAL_PATH)/src/racoon/missing \
+ system/netd/include
LOCAL_STATIC_LIBRARIES := libipsec
-LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libkeystore-engine
+LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libkeystore-engine libnetd_client
LOCAL_CFLAGS := -DANDROID_CHANGES -DHAVE_CONFIG_H -D_BSD_SOURCE=1
diff --git a/src/racoon/grabmyaddr.c b/src/racoon/grabmyaddr.c
index 8155001..057084e 100644
--- a/src/racoon/grabmyaddr.c
+++ b/src/racoon/grabmyaddr.c
@@ -86,6 +86,10 @@
#endif
#endif
+#ifdef ANDROID_CHANGES
+#include "NetdClient.h"
+#endif
+
#ifndef HAVE_GETIFADDRS
static unsigned int if_maxindex __P((void));
#endif
@@ -411,6 +415,9 @@
"my interface: %s (%s)\n",
addr1, ifap->ifa_name);
q = find_myaddr(old, p);
+#ifdef ANDROID_CHANGES
+ protectFromVpn(q->sock);
+#endif
if (q)
p->sock = q->sock;
else
@@ -457,6 +464,10 @@
exit(1);
/*NOTREACHED*/
}
+#ifdef ANDROID_CHANGES
+ protectFromVpn(s);
+#endif
+
memset(&ifconf, 0, sizeof(ifconf));
ifconf.ifc_req = iflist;
ifconf.ifc_len = len;
@@ -527,6 +538,9 @@
"my interface: %s (%s)\n",
addr1, ifr->ifr_name);
q = find_myaddr(old, p);
+#ifdef ANDROID_CHANGES
+ protectFromVpn(q->sock);
+#endif
if (q)
p->sock = q->sock;
else
@@ -592,6 +606,9 @@
"socket(SOCK_DGRAM) failed:%s\n", strerror(errno));
return 0;
}
+#ifdef ANDROID_CHANGES
+ protectFromVpn(s);
+#endif
memset(&ifr6, 0, sizeof(ifr6));
strncpy(ifr6.ifr_name, ifname, strlen(ifname));
diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
index d0f6cbd..b9fc5ee 100644
--- a/src/racoon/isakmp.c
+++ b/src/racoon/isakmp.c
@@ -129,6 +129,10 @@
# define SOL_UDP IPPROTO_UDP
# endif /* __NetBSD__ / __FreeBSD__ */
+#ifdef ANDROID_CHANGES
+#include "NetdClient.h"
+#endif
+
static int nostate1 __P((struct ph1handle *, vchar_t *));
static int nostate2 __P((struct ph2handle *, vchar_t *));
@@ -1625,6 +1629,9 @@
"socket (%s)\n", strerror(errno));
goto err_and_next;
}
+#ifdef ANDROID_CHANGES
+ protectFromVpn(p->sock);
+#endif
if (fcntl(p->sock, F_SETFL, O_NONBLOCK) == -1)
plog(LLV_WARNING, LOCATION, NULL,
diff --git a/src/racoon/sockmisc.c b/src/racoon/sockmisc.c
index e683884..4dd7cf1 100644
--- a/src/racoon/sockmisc.c
+++ b/src/racoon/sockmisc.c
@@ -63,6 +63,10 @@
#include "debugrm.h"
#include "libpfkey.h"
+#ifdef ANDROID_CHANGES
+#include "NetdClient.h"
+#endif
+
#ifndef IP_IPSEC_POLICY
#define IP_IPSEC_POLICY 16 /* XXX: from linux/in.h */
#endif
@@ -260,6 +264,10 @@
struct sockaddr_storage local;
socklen_t len = sysdep_sa_len(remote);
int s = socket(remote->sa_family, SOCK_DGRAM, 0);
+#ifdef ANDROID_CHANGES
+ protectFromVpn(s);
+#endif
+
if (s == -1 || connect(s, remote, len) == -1 ||
getsockname(s, (struct sockaddr *)&local, &len) == -1) {
close(s);
@@ -340,6 +348,9 @@
"socket (%s)\n", strerror(errno));
goto err;
}
+#ifdef ANDROID_CHANGES
+ protectFromVpn(s);
+#endif
setsockopt_bypass(s, remote->sa_family);
@@ -707,6 +718,10 @@
"socket (%s)\n", strerror(errno));
return -1;
}
+#ifdef ANDROID_CHANGES
+ protectFromVpn(sendsock);
+#endif
+
if (setsockopt(sendsock, SOL_SOCKET,
#ifdef __linux__
SO_REUSEADDR,
