Always set additional fwmark bits in output mark This change always selects the protectFromVpn explicitlySelected and permission bits in the output mark of any tunnel mode SAs. This ensures that IWLAN and other telephony traffic does not get funneled through VPNs. Bug: 116035464 Test: Binder, unit tests passing. Change-Id: I873e287e0919c05772a39119c88bd358552232a1

commit: d8b6a38997944e92eccbaa3071fe06f7034fd435 [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Tue Sep 18 17:16:10 2018 -0700
committer: Benedict Wong <benedictwong@google.com> Thu Nov 22 03:39:54 2018 +0000
tree: 778ec4c9d1b312d4ae55f9ac281b97982b1cc8d6
parent: 0fba37baac4d439d557b7b54dcc67e67ac9af155 [diff] [blame]
diff --git a/server/XfrmController.h b/server/XfrmController.h
index c8a9b7d..784c046 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h

@@ -348,7 +348,7 @@
     static int fillUserPolicyId(const XfrmSpInfo& record, XfrmDirection direction,
                                 xfrm_userpolicy_id* policy_id);
     static int fillNlAttrXfrmMark(const XfrmCommonInfo& record, nlattr_xfrm_mark* mark);
-    static int fillNlAttrXfrmOutputMark(const __u32 output_mark_value,
+    static int fillNlAttrXfrmOutputMark(const __u32 underlyingNetId,
                                         nlattr_xfrm_output_mark* output_mark);
 
     static netdutils::Status allocateSpi(const XfrmSaInfo& record, uint32_t minSpi, uint32_t maxSpi,
commit	d8b6a38997944e92eccbaa3071fe06f7034fd435	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Tue Sep 18 17:16:10 2018 -0700
committer	Benedict Wong <benedictwong@google.com>	Thu Nov 22 03:39:54 2018 +0000
tree	778ec4c9d1b312d4ae55f9ac281b97982b1cc8d6
parent	0fba37baac4d439d557b7b54dcc67e67ac9af155 [diff] [blame]