1 files changed, 16 insertions, 3 deletions

diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index 47329ddf..e3e93525 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -686,22 +686,32 @@ create_socket (struct link_socket *sock)
     {
       ASSERT (0);
     }
+
     /* set socket buffers based on --sndbuf and --rcvbuf options */
     socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
     
     /* set socket to --mark packets with given value */
     socket_set_mark (sock->sd, sock->mark);
     
+}
+
 #ifdef TARGET_ANDROID
+static void protect_fd_nonlocal (int fd, struct sockaddr* addr)
+{
+    if (addr_local (addr)) {
+        msg(M_DEBUG, "Address is local, not protecting socket fd %d", fd);
+        return;
+    }
+    
     struct user_pass up;
     strcpy(up.username ,__func__);
-    management->connection.fdtosend = sock->sd;
-    msg(M_DEBUG, "Protecting socket fd %d", sock->sd);
+    management->connection.fdtosend = fd;
+    msg(M_DEBUG, "Protecting socket fd %d", fd);
     management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0);
 
+}
 #endif
     
-}
 
 /*
  * Functions used for establishing a TCP stream connection.
@@ -926,7 +936,10 @@ openvpn_connect (socket_descriptor_t sd,
 
 #ifdef CONNECT_NONBLOCK
   set_nonblock (sd);
+
+  protect_fd_nonlocal(sd, remote);
   status = connect (sd, remote, af_addr_size(remote->sa_family));
+
   if (status)
     status = openvpn_errno ();
   if (