How does Android VpnService handle incoming packets before Socket is opened?

Question

I am trying to use the VpnService API to capture packets (on Android 4.4). I've been following an example at:

http://www.thegeekstuff.com/2014/06/android-vpn-service/

I establish the vpn connection using a builder, which is configured using the following code (which is borrowed from the ToyVPN sample, as I'm sure many of you will recognize):

        // Configure a builder while parsing the parameters.
    Builder builder = new Builder();
    builder.setMtu(1500);
    builder.addAddress("192.168.0.1", 24);
    builder.addRoute("0.0.0.0", 0);
    try {
        mInterface.close();
    } catch (Exception e) {
        // ignore
    }

    mInterface = builder.establish();

The general concept is that with VpnService, I am able to get outbound packets and log them. Then I open a Socket to the original destination and forward the packets. When the response comes, it will be via the Socket that was opened.

So my question is, what happens when an IP address sends me a packet before I've opened a Socket to that address? I'm guessing that either it bypasses the VPN and arrives as normal, or is dropped entirely (probably the former?). Any insight is appreciated.

Answer 1

When you addRoute("0.0.0.0",0); All packets will be routed to this Tun interface. Now its upto you whether you want to forward them to original destination or not.

So answer to your question is you still get packets from the application which is trying to connect to its server, and now its up to you whether you allow its are not.