diff options
Diffstat (limited to 'server/TetherController.cpp')
| -rw-r--r-- | server/TetherController.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/server/TetherController.cpp b/server/TetherController.cpp index 7facb7bd..779426fd 100644 --- a/server/TetherController.cpp +++ b/server/TetherController.cpp @@ -155,10 +155,18 @@ TetherController::TetherController() { bool TetherController::setIpFwdEnabled() { bool success = true; - const char* value = mForwardingRequests.empty() ? "0" : "1"; + bool disable = mForwardingRequests.empty(); + const char* value = disable ? "0" : "1"; ALOGD("Setting IP forward enable = %s", value); success &= writeToFile(IPV4_FORWARDING_PROC_FILE, value); success &= writeToFile(IPV6_FORWARDING_PROC_FILE, value); + if (disable) { + // Turning off the forwarding sysconf in the kernel has the side effect + // of turning on ICMP redirect, which is a security hazard. + // Turn ICMP redirect back off immediately. + int rv = InterfaceController::disableIcmpRedirects(); + success &= (rv == 0); + } return success; } |