diff options
| author | David Göransson <david.goransson@mullvad.net> | 2024-05-06 14:58:43 +0200 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2024-05-08 14:55:32 +0200 |
| commit | e94535859f15ee855f499574037adff27b9e1cfa (patch) | |
| tree | 14261219083f04315c75d7bada9d13210fe4bae8 /android | |
| parent | 64393a6c5b09738c7e5c70bd4bc40d63169618a6 (diff) | |
| download | mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.tar.xz mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.zip | |
Set dummy DNS if none are valid
This is a fix for DNS leaks when no DNS server
has been configured due to an underlying OS bug.
Lockdown mode ("Block connections without VPN")
would also not help in this case.
More information on this issue:
https://issuetracker.google.com/issues/337961996
Diffstat (limited to 'android')
| -rw-r--r-- | android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt b/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt index 94b097fe13..76abde2a01 100644 --- a/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt +++ b/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt @@ -2,6 +2,7 @@ package net.mullvad.talpid import android.net.VpnService import android.os.ParcelFileDescriptor +import android.util.Log import java.net.Inet4Address import java.net.Inet6Address import java.net.InetAddress @@ -103,6 +104,18 @@ open class TalpidVpnService : VpnService() { } } + // Avoids creating a tunnel with no DNS servers or if all DNS servers was invalid, + // since apps then may leak DNS requests. + // https://issuetracker.google.com/issues/337961996 + if (invalidDnsServerAddresses.size == config.dnsServers.size) { + Log.w( + "mullvad", + "All DNS servers invalid or non set, using fallback DNS server to " + + "minimize leaks, dnsServers.isEmpty(): ${config.dnsServers.isEmpty()}" + ) + addDnsServer(FALLBACK_DUMMY_DNS_SERVER) + } + for (route in config.routes) { addRoute(route.address, route.prefixLength.toInt()) } @@ -148,4 +161,8 @@ open class TalpidVpnService : VpnService() { private external fun defaultTunConfig(): TunConfig private external fun waitForTunnelUp(tunFd: Int, isIpv6Enabled: Boolean) + + companion object { + private const val FALLBACK_DUMMY_DNS_SERVER = "192.0.2.1" + } } |