Use NetdClient to exempt racoon sockets from VPN
So that if we create a networkRejectNonSecureVpn rule, racoon doesn't get its connection shut down. This means we can drop the special-cased firewall code for racoon from Android, and just use the same set of VPN ip rules as for third-party apps. Later on it might be possible to protect the socket without depending on libnetd_client, see bug 34524989 Test: manual - enable always-on VPN with a legacy Ipsec PSK VPN on 464xlat network Bug: 33159037 Change-Id: I89740d110cff8e67eb661b0b3d191eb49aa1e9d8
Loading
Please sign in to comment