feat: support Android protect path #1016
Conversation
|
Could you please tell us which application uses such an approach to call |
|
I tested in my own application in Android arm64-v8a, and it worked. |
|
Hi there, I am definitely interested in this idea. However, we need to make some changes to this PR before it can be merged. Since it looks like you're still working on this PR, I've marked it as a draft. When all the work is done on your end, please undraft it to let us know it's ready for review. |
about: apernet@1ac9d49 Signed-off-by: HystericalDragon <[email protected]>
xchacha20-poly1305
force-pushed
the
dev-android-protect
branch
from
49cece0 to
03c8b5e
Compare
conn.File() not returns real file. Signed-off-by: HystericalDragon <[email protected]>
|
@haruue I finished my work and fix some bugs. Please review it. |
Android's VpnService.protect() itself is confusing, so we rename the "protect" feature with the name `fdControlUnixSocket` and make it a sub-option under `quic.sockopts`. A unit test is added to make sure the protect feature works. I also added two other common options to `quic.sockopts` that I copied from my other projects but did not fully test here.
Signed-off-by: HystericalDragon <[email protected]>
Signed-off-by: HystericalDragon <[email protected]>
xchacha20-poly1305
force-pushed
the
dev-android-protect
branch
from
7e48c0d to
9520d84
Compare
Why there is no decltype() in Golang? At least we got generics now. ref: 9520d84
it is just no reason to use named err retval here
|
Both |
|
This is still a problem because the socket for the resolver (of the server address) is still un"protect"ed. Android apps might need to resolve the server address and generate a config file with the resolved IP address as Using a Resolver with As of Android 8.0, native codes are no longer be able to get the system's DNS settings, the only way to use the system's configured DNS server to resolve addresses is to use libc's To fix this problem, we will need to introduce |
|
Above this is what I replied before you edited your message. Fortunately, SagerNet, the first Android GUI supported Hysteria, will automatically add DNS rule for server address (https://github.com/SagerNet/SagerNet/blob/70e684bae81d4bb4203e860ab88c4319e88f944d/app/src/main/java/io/nekohasekai/sagernet/fmt/ConfigBuilder.kt#L1274-L1282). |
| return fmt.Errorf("failed to send: %w", err) | ||
| } | ||
|
|
||
| dummy := []byte{1} |
There was a problem hiding this comment.
Hi, I am writing the document for the feature introduced by this PR. And I noticed this.
What's the purpose of the 1 here? Is it just a placeholder to make the dummy a 1-byte-length slice, or do you mean it should not accept any value other than 1?
I also checked the exists implementation of the unix socket server in the MatsuriDayo/libneko, and it seems like it responds with 1 if everything is OK, and 0 if any errors occurred. Should we return an error and close the UDPConn in case of 0?
There was a problem hiding this comment.
Furthermore, is there any documentation or protocol specification for the protocol used in this Unix socket? Has it been named? (I plan to refer to it as "fdControl protocol" in our document if not)
|
Hi @xchacha20-poly1305 mind sharing your thoughts on the above questions? We plan to include this in our next release and are currently writing docs for it |
|
Wow, this is an interesting question. I reviewed the history of this protocol, finding it was mentioned by shadowsocks at first. In shadowsocks' Android plugin documention, it's said:
Then I found the first client implement is in v2ray-plugin, calling And then I checked the implement of "protect server", knowning that it will send The question of naming it and wheather deal with the responds may ask @madeye, who invented this protocol, for more information. |
This PR will help to use the portect path, an Android VPN option.