summaryrefslogtreecommitdiff
path: root/openvpn/src/openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/src/openvpn')
-rw-r--r--openvpn/src/openvpn/socket.c19
-rw-r--r--openvpn/src/openvpn/socket.h17
2 files changed, 33 insertions, 3 deletions
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index 47329ddf..e3e93525 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -686,22 +686,32 @@ create_socket (struct link_socket *sock)
{
ASSERT (0);
}
+
/* set socket buffers based on --sndbuf and --rcvbuf options */
socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);
/* set socket to --mark packets with given value */
socket_set_mark (sock->sd, sock->mark);
+}
+
#ifdef TARGET_ANDROID
+static void protect_fd_nonlocal (int fd, struct sockaddr* addr)
+{
+ if (addr_local (addr)) {
+ msg(M_DEBUG, "Address is local, not protecting socket fd %d", fd);
+ return;
+ }
+
struct user_pass up;
strcpy(up.username ,__func__);
- management->connection.fdtosend = sock->sd;
- msg(M_DEBUG, "Protecting socket fd %d", sock->sd);
+ management->connection.fdtosend = fd;
+ msg(M_DEBUG, "Protecting socket fd %d", fd);
management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0);
+}
#endif
-}
/*
* Functions used for establishing a TCP stream connection.
@@ -926,7 +936,10 @@ openvpn_connect (socket_descriptor_t sd,
#ifdef CONNECT_NONBLOCK
set_nonblock (sd);
+
+ protect_fd_nonlocal(sd, remote);
status = connect (sd, remote, af_addr_size(remote->sa_family));
+
if (status)
status = openvpn_errno ();
if (
diff --git a/openvpn/src/openvpn/socket.h b/openvpn/src/openvpn/socket.h
index 1a6d7c32..5b7a26a9 100644
--- a/openvpn/src/openvpn/socket.h
+++ b/openvpn/src/openvpn/socket.h
@@ -595,6 +595,23 @@ addr_defined (const struct openvpn_sockaddr *addr)
default: return 0;
}
}
+
+static inline bool
+addr_local (const struct sockaddr *addr)
+{
+ if (!addr)
+ return false;
+ switch (addr->sa_family) {
+ case AF_INET:
+ return ((const struct sockaddr_in*)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
+ case AF_INET6:
+ return IN6_IS_ADDR_LOOPBACK(&((const struct sockaddr_in6*)addr)->sin6_addr);
+ default:
+ return false;
+ }
+}
+
+
static inline bool
addr_defined_ipi (const struct link_socket_actual *lsa)
{