diff options
Diffstat (limited to 'openvpn/src/openvpn')
-rw-r--r-- | openvpn/src/openvpn/socket.c | 19 | ||||
-rw-r--r-- | openvpn/src/openvpn/socket.h | 17 |
2 files changed, 33 insertions, 3 deletions
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c index 47329ddf..e3e93525 100644 --- a/openvpn/src/openvpn/socket.c +++ b/openvpn/src/openvpn/socket.c @@ -686,22 +686,32 @@ create_socket (struct link_socket *sock) { ASSERT (0); } + /* set socket buffers based on --sndbuf and --rcvbuf options */ socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); /* set socket to --mark packets with given value */ socket_set_mark (sock->sd, sock->mark); +} + #ifdef TARGET_ANDROID +static void protect_fd_nonlocal (int fd, struct sockaddr* addr) +{ + if (addr_local (addr)) { + msg(M_DEBUG, "Address is local, not protecting socket fd %d", fd); + return; + } + struct user_pass up; strcpy(up.username ,__func__); - management->connection.fdtosend = sock->sd; - msg(M_DEBUG, "Protecting socket fd %d", sock->sd); + management->connection.fdtosend = fd; + msg(M_DEBUG, "Protecting socket fd %d", fd); management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0); +} #endif -} /* * Functions used for establishing a TCP stream connection. @@ -926,7 +936,10 @@ openvpn_connect (socket_descriptor_t sd, #ifdef CONNECT_NONBLOCK set_nonblock (sd); + + protect_fd_nonlocal(sd, remote); status = connect (sd, remote, af_addr_size(remote->sa_family)); + if (status) status = openvpn_errno (); if ( diff --git a/openvpn/src/openvpn/socket.h b/openvpn/src/openvpn/socket.h index 1a6d7c32..5b7a26a9 100644 --- a/openvpn/src/openvpn/socket.h +++ b/openvpn/src/openvpn/socket.h @@ -595,6 +595,23 @@ addr_defined (const struct openvpn_sockaddr *addr) default: return 0; } } + +static inline bool +addr_local (const struct sockaddr *addr) +{ + if (!addr) + return false; + switch (addr->sa_family) { + case AF_INET: + return ((const struct sockaddr_in*)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK); + case AF_INET6: + return IN6_IS_ADDR_LOOPBACK(&((const struct sockaddr_in6*)addr)->sin6_addr); + default: + return false; + } +} + + static inline bool addr_defined_ipi (const struct link_socket_actual *lsa) { |