From 8e2d63db7556590201b75ec3cc0f728b48c8de40 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 4 May 2020 02:30:41 -0600 Subject: [PATCH] tunnel: add windows-style killswitch semantics for GoBackend Signed-off-by: Jason A. Donenfeld --- .../com/wireguard/android/backend/GoBackend.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java index c859323b..9fafc918 100644 --- a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java +++ b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java @@ -9,6 +9,7 @@ import android.content.Context; import android.content.Intent; import android.os.Build; import android.os.ParcelFileDescriptor; +import android.system.OsConstants; import android.util.Log; import com.wireguard.android.backend.BackendException.Reason; @@ -202,9 +203,19 @@ public final class GoBackend implements Backend { for (final InetAddress addr : config.getInterface().getDnsServers()) builder.addDnsServer(addr.getHostAddress()); + boolean sawDefaultRoute = false; for (final Peer peer : config.getPeers()) { - for (final InetNetwork addr : peer.getAllowedIps()) + for (final InetNetwork addr : peer.getAllowedIps()) { + if (addr.getMask() == 0) + sawDefaultRoute = true; builder.addRoute(addr.getAddress(), addr.getMask()); + } + } + + // "Kill-switch" semantics + if (!(sawDefaultRoute && config.getPeers().size() == 1)) { + builder.allowFamily(OsConstants.AF_INET); + builder.allowFamily(OsConstants.AF_INET6); } builder.setMtu(config.getInterface().getMtu().orElse(1280));