Google Git
Sign in
android / platform / packages / modules / Connectivity / 1a0dd8ccde71c2252132d60e5b897fa2f569cc76
commit1a0dd8ccde71c2252132d60e5b897fa2f569cc76[log] [tgz]
authorMotomu Utsumi <motomuman@google.com>Wed Jul 31 18:59:17 2024 +0900
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Nov 06 23:38:40 2024 +0000
tree5bce7249736f25266861fe65087c169629544abb
parentde7b97573ac92be4cff6ca71a1837b2fe0dcbbab [diff]
Drop packets to VPN address ingressing via non-VPN interface

Cherry-pick of aosp/2795711 to backport VPN security fix to non-mainline
U devices.
Since isTetheringFeatureNotChickenedOut is not available on U branch,
this feature is enabled on T+ devices without kill switch.
Also, this CL removes test changes since CSTest utilities are not
available on u branches.

When there are addresses that are used by a single VPN interface,
ConnectivityService sets ingress discard rules to drop packets to this
address from the non-Vpn interfaces

Bug: 193031925
Test: TH
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d493a3aa7dcca3219b139616c9de3c6ee8181f86)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1027bc813ea6a5b97bc0f55401e01f5eec91e94a)
Merged-In: I5933d42f3fd257139fb803ede1391e10d9d1211b
Change-Id: I5933d42f3fd257139fb803ede1391e10d9d1211b
1 file changed
tree: 5bce7249736f25266861fe65087c169629544abb
  1. bpf_progs/
  2. common/
  3. Cronet/
  4. framework/
  5. framework-t/
  6. nearby/
  7. netd/
  8. service/
  9. service-t/
  10. tests/
  11. Tethering/
  12. tools/
  13. .gitignore
  14. OWNERS
  15. OWNERS_core_networking
  16. OWNERS_core_networking_xts
  17. PREUPLOAD.cfg
  18. TEST_MAPPING