Make the VPN rule only to originated, not forwarded, traffic.
Currently the VPN rule for the primary user will match every
forwarded packet on the system, because it specifies a UID range
that includes 0, and forwarded packets have UID 0.
Use "iif lo" to limit the rule match to locally-originated
traffic. This requires a kernel that sets the loopback ifindex.
when originating packets. Anything based on 3.10 is fine, but
devices using 3.4 will need a one-line change for IPv6.
Bug: 19500693
Change-Id: Iaab88bed62716dc1cea33b45c4e258f6b3bfc9d0
1 file changed
