diff options
Diffstat (limited to 'tunnel/src/main')
18 files changed, 1701 insertions, 84 deletions
diff --git a/tunnel/src/main/AndroidManifest.xml b/tunnel/src/main/AndroidManifest.xml index dc0d6c7f..0d97f321 100644 --- a/tunnel/src/main/AndroidManifest.xml +++ b/tunnel/src/main/AndroidManifest.xml @@ -3,14 +3,13 @@ ~ SPDX-License-Identifier: Apache-2.0 --> -<manifest xmlns:android="http://schemas.android.com/apk/res/android" - package="com.wireguard.android.tunnel"> +<manifest xmlns:android="http://schemas.android.com/apk/res/android"> <application> <service android:name="com.wireguard.android.backend.GoBackend$VpnService" android:permission="android.permission.BIND_VPN_SERVICE" - android:exported="true"> + android:exported="false"> <intent-filter> <action android:name="android.net.VpnService" /> </intent-filter> diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Bgp.java b/tunnel/src/main/java/com/wireguard/android/backend/Bgp.java new file mode 100644 index 00000000..12668621 --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/android/backend/Bgp.java @@ -0,0 +1,281 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + */ + +package com.wireguard.android.backend; + +import android.net.TrafficStats; +import android.util.Log; + +import com.lumaserv.bgp.BGPListener; +import com.lumaserv.bgp.BGPServer; +import com.lumaserv.bgp.BGPSession; +import com.lumaserv.bgp.BGPSessionConfiguration; +import com.lumaserv.bgp.protocol.AFI; +import com.lumaserv.bgp.protocol.BGPPacket; +import com.lumaserv.bgp.protocol.IPPrefix; +import com.lumaserv.bgp.protocol.SAFI; +import com.lumaserv.bgp.protocol.attribute.ASPathAttribute; +import com.lumaserv.bgp.protocol.attribute.MPReachableNLRIAttribute; +import com.lumaserv.bgp.protocol.attribute.NextHopAttribute; +import com.lumaserv.bgp.protocol.attribute.OriginAttribute; +import com.lumaserv.bgp.protocol.attribute.PathAttribute; +import com.lumaserv.bgp.protocol.attribute.TunnelEncapsAttribute; +import com.lumaserv.bgp.protocol.message.BGPUpdate; + +import com.wireguard.config.InetEndpoint; +import com.wireguard.config.InetNetwork; +import com.wireguard.crypto.Key; +import com.wireguard.crypto.KeyFormatException; + +import io.grpc.ManagedChannel; + +import java.io.IOException; +import java.net.Inet4Address; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.SocketException; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.List; + +import javax.net.SocketFactory; + +public class Bgp implements BGPListener { + private static final String TAG = "WireGuard/Bgp"; + private static final String SESSION = "demosession"; + private static final int MY_ASN = (int)4200000201L; + private static final int REMOTE_ASN = (int)4200000010L; + private static final String REMOTE_ADDR = "10.49.32.1"; + private static final String REMOTE_ID = "10.49.160.1"; + private static final String LOCAL_ID = "10.49.33.218"; + private static final int PORT = 0; + private static final int STATS_TAG = 1; // FIXME + + private ManagedChannel channel; + private Tunnel tunnel; + private int tunnelHandle; + private BGPServer server; + + public Bgp(ManagedChannel channel, Tunnel tunnel, int tunnelHandle) { + this.channel = channel; + this.tunnel = tunnel; + this.tunnelHandle = tunnelHandle; + } + + @Override + public void onOpen(BGPSession session) { + // DO WHAT YOU WANT + Log.i(TAG, "onOpen"); + + // BGPUpdate update; + // { + // List<IPPrefix> prefixes = new ArrayList<>(1); + // prefixes.add(new IPPrefix(new byte[]{10, 49, 124, 105}, 32)); + // List<PathAttribute> attrs = new ArrayList<>(); + // attrs.add(new OriginAttribute(OriginAttribute.Origin.IGP)); + // attrs.add(new NextHopAttribute().setAddress(new byte[]{10, 49, 125, 105})); + // ASPathAttribute.Segment seg = new ASPathAttribute.Segment(); + // seg.setType(ASPathAttribute.Segment.Type.SEQUENCE); + // seg.getAsns().add(MY_ASN); + // ASPathAttribute asPath = new ASPathAttribute(session); + // asPath.getSegments().add(seg); + // attrs.add(asPath); + // update = new BGPUpdate().setAttributes(attrs).setPrefixes(prefixes); + // } + + // BGPUpdate update2; + // try { + // List<PathAttribute> attrs = new ArrayList<>(); + // attrs.add(new OriginAttribute(OriginAttribute.Origin.IGP)); + // ASPathAttribute.Segment seg = new ASPathAttribute.Segment(); + // seg.setType(ASPathAttribute.Segment.Type.SEQUENCE); + // seg.getAsns().add(MY_ASN); + // ASPathAttribute asPath = new ASPathAttribute(session); + // List<IPPrefix> prefixes = new ArrayList<>(1); + // prefixes.add(new IPPrefix(new byte[]{0x20, 0x1, 0x04, 0x70, (byte)0xdf, (byte)0xae, 0x63, 0, 0, 0, 0, 0, 0, 0, 0x01, 0x05}, 128)); + // MPReachableNLRIAttribute mpr = new MPReachableNLRIAttribute(); + // mpr.setAfi(AFI.IPV6).setSafi(SAFI.UNICAST).setNextHop(InetAddress.getByName("2001:470:dfae:6300::1:105")).setNlriPrefixes(prefixes); + // attrs.add(mpr); + // asPath.getSegments().add(seg); + // attrs.add(asPath); + // update2 = new BGPUpdate().setAttributes(attrs); + // } catch (UnknownHostException ex) { + // throw new RuntimeException(ex); + // } + + // try { + // session.sendUpdate(update); + // session.sendUpdate(update2); + // } catch (IOException ex) { + // throw new RuntimeException(ex); + // } + } + + @Override + public void onUpdate(BGPSession session, BGPUpdate update) { + // DO WHAT YOU WANT + Log.i(TAG, "onUpdate: " + update.getPrefixes() + ",-" + update.getWithdrawnPrefixes() + "," + update.getAttributes()); + MPReachableNLRIAttribute mpr = null; + TunnelEncapsAttribute te = null; + + for (PathAttribute attr: update.getAttributes()) { + if (attr instanceof TunnelEncapsAttribute) { + te = (TunnelEncapsAttribute)attr; + } else if (attr instanceof MPReachableNLRIAttribute) { + mpr = (MPReachableNLRIAttribute)attr; + } + } + + if (te == null) { + return; + } + + TunnelEncapsAttribute.WireGuard wg = null; + TunnelEncapsAttribute.Color col = null; + TunnelEncapsAttribute.EgressEndpoint ep = null; + TunnelEncapsAttribute.UDPDestinationPort port = null; + + for (TunnelEncapsAttribute.Tunnel t: te.getTunnels()) { + if (t.getType() != 51820) { + continue; + } + + for (TunnelEncapsAttribute.SubTlv st: t.getSubTlvs()) { + if (st instanceof TunnelEncapsAttribute.WireGuard) { + wg = (TunnelEncapsAttribute.WireGuard)st; + } else if (st instanceof TunnelEncapsAttribute.Color) { + col = (TunnelEncapsAttribute.Color)st; + } else if (st instanceof TunnelEncapsAttribute.EgressEndpoint) { + ep = (TunnelEncapsAttribute.EgressEndpoint)st; + } else if (st instanceof TunnelEncapsAttribute.UDPDestinationPort) { + port = (TunnelEncapsAttribute.UDPDestinationPort)st; + } + } + } + + if (wg == null) { + return; + } + + try { + Key publicKey = Key.fromBytes(wg.getPublicKey()); + InetEndpoint endpoint = null; + + if (ep != null && port != null) { + endpoint = InetEndpoint.fromAddress(ep.getAddress(), port.getPort()); + } + + tunnel.onEndpointChange(publicKey, endpoint); + + List<InetNetwork> addNetworks = new ArrayList<>(); + List<InetNetwork> removeNetworks = new ArrayList<>(); + + for (IPPrefix prefix: update.getPrefixes()) { + try { + addNetworks.add(new InetNetwork(InetAddress.getByAddress(prefix.getAddress()), prefix.getLength())); + } catch (UnknownHostException ignore) { + } + } + + for (IPPrefix prefix: update.getWithdrawnPrefixes()) { + try { + removeNetworks.add(new InetNetwork(InetAddress.getByAddress(prefix.getAddress()), prefix.getLength())); + } catch (UnknownHostException ignore) { + } + } + + if (mpr != null && (mpr.getAfi() == AFI.IPV6 || mpr.getAfi() == AFI.IPV4) && mpr.getSafi() == SAFI.UNICAST) { + for (IPPrefix prefix: mpr.getNlriPrefixes()) { + try { + addNetworks.add(new InetNetwork(InetAddress.getByAddress(prefix.getAddress()), prefix.getLength())); + } catch (UnknownHostException ignore) { + } + } + } + + tunnel.onAllowedIpsChange(publicKey, addNetworks, removeNetworks); + + } catch (KeyFormatException ex) { + Log.w(TAG, "Key.fromBytes " + ex); + } + } + + @Override + public void onClose(BGPSession session) { + // NOT YET IMPLEMENTED + Log.i(TAG, "onClose"); + } + + public boolean startServer() { + stopServer(); + try { + SocketFactory factory = new SocketFactory() { + private Socket taggedSocket(Socket sock) throws SocketException { + TrafficStats.tagSocket(sock); + return sock; + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + TrafficStats.setThreadStatsTag(STATS_TAG); + return taggedSocket(new Socket(host, port)); + } + + @Override + public Socket createSocket(InetAddress host, int port) throws IOException { + TrafficStats.setThreadStatsTag(STATS_TAG); + return taggedSocket(new Socket(host, port)); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + TrafficStats.setThreadStatsTag(STATS_TAG); + return taggedSocket(new Socket(address, port, localAddress, localPort)); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { + TrafficStats.setThreadStatsTag(STATS_TAG); + return taggedSocket(new Socket(host, port, localHost, localPort)); + } + }; + + BGPSessionConfiguration config = + new BGPSessionConfiguration(SESSION, + MY_ASN, + ip(LOCAL_ID), + REMOTE_ASN, + ip(REMOTE_ID), + null, // Remote address + factory, + this); + TrafficStats.setThreadStatsTag(STATS_TAG); + ServerSocket socket = new ServerSocket(PORT); + //TrafficStats.tagSocket(socket); + // Set + server = new BGPServer(socket); + server.getSessionConfigurations().add(config); + server.connect(config, REMOTE_ADDR); + return true; + } catch (IOException ex) { + return false; + } + } + + public void stopServer() { + if (server != null) { + server.shutdown(); + server = null; + } + } + + private static byte[] ip(String s) throws UnknownHostException { + InetAddress addr = InetAddress.getByName(s); + byte[] data = addr.getAddress(); + if (data.length != 4) + throw new UnknownHostException(s + ": Not an IPv4 address"); + return data; + } +} diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Dhcp.java b/tunnel/src/main/java/com/wireguard/android/backend/Dhcp.java new file mode 100644 index 00000000..59a3e69c --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/android/backend/Dhcp.java @@ -0,0 +1,31 @@ +/* + * Copyright © 2017-2023 WireGuard LLC. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +package com.wireguard.android.backend; + +import com.wireguard.config.InetNetwork; +import com.wireguard.util.NonNullForAll; + +import java.util.Set; + +/** + * Class representing DHCP info for a {@link Tunnel} instance. + */ +@NonNullForAll +public class Dhcp { + private Set<InetNetwork> addresses; + + Dhcp(Set<InetNetwork> addresses) { + this.addresses = addresses; + } + + public Set<InetNetwork> getAddresses() { + return addresses; + } + + public String toString() { + return "DHCP"; + } +} diff --git a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java index 3d0886cf..d32955ad 100644 --- a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java +++ b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java @@ -7,30 +7,90 @@ package com.wireguard.android.backend; import android.content.Context; import android.content.Intent; +import android.content.pm.PackageManager; +import android.net.ConnectivityManager; +import android.net.LinkProperties; +import android.net.LocalSocketAddress; +import android.net.Network; +import android.net.NetworkCapabilities; +import android.net.NetworkRequest; +import android.net.ProxyInfo; +import android.net.TrafficStats; +import android.net.Uri; import android.os.Build; import android.os.ParcelFileDescriptor; +import android.os.Process; import android.system.OsConstants; import android.util.Log; +import com.google.protobuf.ByteString; +import com.google.protobuf.InvalidProtocolBufferException; +import com.google.protobuf.Empty; + import com.wireguard.android.backend.BackendException.Reason; import com.wireguard.android.backend.Tunnel.State; +import com.wireguard.android.backend.gen.DhcpRequest; +import com.wireguard.android.backend.gen.DhcpResponse; +import com.wireguard.android.backend.gen.GetConnectionOwnerUidResponse; +import com.wireguard.android.backend.gen.IpcSetRequest; +import com.wireguard.android.backend.gen.IpcSetResponse; +import com.wireguard.android.backend.gen.Lease; +import com.wireguard.android.backend.gen.LibwgGrpc; +import com.wireguard.android.backend.gen.ReverseRequest; +import com.wireguard.android.backend.gen.ReverseResponse; +import com.wireguard.android.backend.gen.StartHttpProxyRequest; +import com.wireguard.android.backend.gen.StartHttpProxyResponse; +import com.wireguard.android.backend.gen.StopHttpProxyRequest; +import com.wireguard.android.backend.gen.StopHttpProxyResponse; +import com.wireguard.android.backend.gen.TunnelHandle; +import com.wireguard.android.backend.gen.VersionRequest; +import com.wireguard.android.backend.gen.VersionResponse; import com.wireguard.android.util.SharedLibraryLoader; import com.wireguard.config.Config; +import com.wireguard.config.HttpProxy; import com.wireguard.config.InetEndpoint; import com.wireguard.config.InetNetwork; import com.wireguard.config.Peer; import com.wireguard.crypto.Key; import com.wireguard.crypto.KeyFormatException; import com.wireguard.util.NonNullForAll; - +import com.wireguard.util.Resolver; + +import io.grpc.ManagedChannel; +import io.grpc.ManagedChannelBuilder; +import io.grpc.okhttp.OkHttpChannelBuilder; +import io.grpc.stub.StreamObserver; + +import java.time.LocalDateTime; +import java.time.ZoneOffset; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.HttpURLConnection; import java.net.InetAddress; +import java.net.Inet4Address; +import java.net.Inet6Address; +import java.net.InetSocketAddress; +import java.net.UnknownHostException; +import java.net.URL; +import java.nio.ByteOrder; import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Optional; import java.util.Set; +import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutionException; import java.util.concurrent.FutureTask; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import java.util.concurrent.atomic.AtomicReference; + +import javax.net.SocketFactory; import androidx.annotation.Nullable; import androidx.collection.ArraySet; @@ -43,12 +103,20 @@ import androidx.collection.ArraySet; public final class GoBackend implements Backend { private static final int DNS_RESOLUTION_RETRIES = 10; private static final String TAG = "WireGuard/GoBackend"; + private static final int STATS_TAG = 2; @Nullable private static AlwaysOnCallback alwaysOnCallback; private static GhettoCompletableFuture<VpnService> vpnService = new GhettoCompletableFuture<>(); private final Context context; @Nullable private Config currentConfig; @Nullable private Tunnel currentTunnel; private int currentTunnelHandle = -1; + private ManagedChannel channel; + private ConnectivityManager connectivityManager; + private ConnectivityManager.NetworkCallback myNetworkCallback = new MyNetworkCallback(); + private ConnectivityManager.NetworkCallback vpnNetworkCallback; + @Nullable private Network activeNetwork; + private boolean obtainDhcpLease = false; + @Nullable private Bgp bgp; /** * Public constructor for GoBackend. @@ -58,6 +126,15 @@ public final class GoBackend implements Backend { public GoBackend(final Context context) { SharedLibraryLoader.loadSharedLibrary(context, "wg-go"); this.context = context; + connectivityManager = context.getSystemService(ConnectivityManager.class); + File socketFile = new File(context.getCacheDir(), "libwg.sock"); + String socketName = socketFile.getAbsolutePath(); + Log.i(TAG, "wgStartGrpc: " + wgStartGrpc(socketName)); + ManagedChannelBuilder<?> channelBuilder = ManagedChannelBuilder.forAddress("localhost", 10000).usePlaintext(); + LocalSocketAddress address = new LocalSocketAddress(socketName, LocalSocketAddress.Namespace.FILESYSTEM); + SocketFactory socketFactory = new UnixDomainSocketFactory(address); + ((OkHttpChannelBuilder) channelBuilder).socketFactory(socketFactory); + channel = channelBuilder.build(); } /** @@ -76,12 +153,16 @@ public final class GoBackend implements Backend { private static native int wgGetSocketV6(int handle); + private static native void wgSetFd(int handle, int tunFd); + private static native void wgTurnOff(int handle); private static native int wgTurnOn(String ifName, int tunFd, String settings); private static native String wgVersion(); + private static native int wgStartGrpc(String sockName); + /** * Method to get the names of running tunnels. * @@ -125,10 +206,17 @@ public final class GoBackend implements Backend { Key key = null; long rx = 0; long tx = 0; + long handshakeSec = 0; + int handshakeNSec = 0; for (final String line : config.split("\\n")) { if (line.startsWith("public_key=")) { - if (key != null) - stats.add(key, rx, tx); + if (key != null) { + LocalDateTime handshake = null; + if (handshakeSec > 0) { + handshake = LocalDateTime.ofEpochSecond(handshakeSec, handshakeNSec, ZoneOffset.UTC); + } + stats.add(key, rx, tx, handshake); + } rx = 0; tx = 0; try { @@ -152,10 +240,31 @@ public final class GoBackend implements Backend { } catch (final NumberFormatException ignored) { tx = 0; } + } else if (line.startsWith("last_handshake_time_sec=")) { + if (key == null) + continue; + try { + handshakeSec = Long.parseLong(line.substring(24)); + } catch (final NumberFormatException ignored) { + handshakeSec = 0; + } + } else if (line.startsWith("last_handshake_time_nsec=")) { + if (key == null) + continue; + try { + handshakeNSec = Integer.parseInt(line.substring(25)); + } catch (final NumberFormatException ignored) { + handshakeNSec = 0; + } } } - if (key != null) - stats.add(key, rx, tx); + if (key != null) { + LocalDateTime handshake = null; + if (handshakeSec > 0) { + handshake = LocalDateTime.ofEpochSecond(handshakeSec, handshakeNSec, ZoneOffset.UTC); + } + stats.add(key, rx, tx, handshake); + } return stats; } @@ -166,7 +275,10 @@ public final class GoBackend implements Backend { */ @Override public String getVersion() { - return wgVersion(); + LibwgGrpc.LibwgBlockingStub stub = LibwgGrpc.newBlockingStub(channel); + VersionRequest request = VersionRequest.newBuilder().build(); + VersionResponse resp = stub.version(request); + return resp.getVersion(); } /** @@ -205,78 +317,251 @@ public final class GoBackend implements Backend { return getState(tunnel); } - private void setStateInternal(final Tunnel tunnel, @Nullable final Config config, final State state) - throws Exception { - Log.i(TAG, "Bringing tunnel " + tunnel.getName() + ' ' + state); + private static String downloadPacFile(Network network, Uri pacFileUrl) { + HttpURLConnection urlConnection = null; + StringBuffer buf = new StringBuffer(); + try { + URL url = new URL(pacFileUrl.toString()); + TrafficStats.setThreadStatsTag(STATS_TAG); + urlConnection = (HttpURLConnection) network.openConnection(url); + + InputStream in = urlConnection.getInputStream(); + InputStreamReader isw = new InputStreamReader(in); + + int data = isw.read(); + while (data != -1) { + char current = (char) data; + data = isw.read(); + buf.append(current); + } + } catch (Exception e) { + } finally { + if (urlConnection != null) { + urlConnection.disconnect(); + } + } - if (state == State.UP) { - if (config == null) - throw new BackendException(Reason.TUNNEL_MISSING_CONFIG); + return buf.toString(); + } - if (VpnService.prepare(context) != null) - throw new BackendException(Reason.VPN_NOT_AUTHORIZED); + private int startHttpProxy(String pacFile) { + LibwgGrpc.LibwgStub asyncStub = LibwgGrpc.newStub(channel); + LibwgGrpc.LibwgBlockingStub stub = LibwgGrpc.newBlockingStub(channel); + StartHttpProxyRequest.Builder reqBuilder = StartHttpProxyRequest.newBuilder(); + if (pacFile != null && pacFile != "") { + reqBuilder.setPacFileContent(pacFile); + } - final VpnService service; - if (!vpnService.isDone()) { - Log.d(TAG, "Requesting to start VpnService"); - context.startService(new Intent(context, VpnService.class)); + Thread streamer = new Thread(new Runnable() { + public void run() { + try { + Log.i(TAG, "Before streamReverse"); + streamReverse(asyncStub); + Log.i(TAG, "After streamReverse"); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } } + }); - try { - service = vpnService.get(2, TimeUnit.SECONDS); - } catch (final TimeoutException e) { - final Exception be = new BackendException(Reason.UNABLE_TO_START_VPN); - be.initCause(e); - throw be; + StartHttpProxyRequest req = reqBuilder.build(); + StartHttpProxyResponse resp = stub.startHttpProxy(req); + Log.i(TAG, "Start http proxy listen_port:" + resp.getListenPort() + ", error:" + resp.getError().getMessage()); + streamer.start(); + return resp.getListenPort(); + } + + private void stopHttpProxy() { + LibwgGrpc.LibwgBlockingStub stub = LibwgGrpc.newBlockingStub(channel); + StopHttpProxyRequest req = StopHttpProxyRequest.newBuilder().build(); + StopHttpProxyResponse resp = stub.stopHttpProxy(req); + Log.i(TAG, "Stop http proxy: " + resp.getError().getMessage()); + } + + private static InetSocketAddress toInetSocketAddress(com.wireguard.android.backend.gen.InetSocketAddress sockAddr) { + try { + return new InetSocketAddress(InetAddress.getByAddress(sockAddr.getAddress().getAddress().toByteArray()), sockAddr.getPort()); + } catch (UnknownHostException e) { + throw new RuntimeException(e); + } + } + + private void Dhcp(VpnService service) throws Exception{ + obtainDhcpLease = false; + + // Heuristics: Use first ULA address as client address + com.wireguard.android.backend.gen.InetAddress source = null; + + for (final InetNetwork net : currentConfig.getInterface().getAddresses()) { + InetAddress addr = net.getAddress(); + if (addr instanceof Inet6Address) { + if (Resolver.isULA((Inet6Address)addr)) { + source = com.wireguard.android.backend.gen.InetAddress.newBuilder().setAddress(ByteString.copyFrom(addr.getAddress())).build(); + } } - service.setOwner(this); + } - if (currentTunnelHandle != -1) { - Log.w(TAG, "Tunnel already up"); - return; + LibwgGrpc.LibwgBlockingStub stub = LibwgGrpc.newBlockingStub(channel); + DhcpRequest request = DhcpRequest.newBuilder().setSource(source).build(); + DhcpResponse resp = stub.dhcp(request); + Log.i(TAG, "Dhcp: " + resp.getError().getMessage()); + + Set<InetNetwork> addresses = new LinkedHashSet<>(); + if (resp.getLeasesList() != null) { + for (final Lease lease: resp.getLeasesList()) { + try { + InetAddress addr = InetAddress.getByAddress(lease.getAddress().getAddress().toByteArray()); + Log.i(TAG, "Lease: " + addr); + addresses.add(new InetNetwork(addr, 128)); + } catch (UnknownHostException ex) { + // Ignore + } } + } + Dhcp dhcp = new Dhcp(addresses); - dnsRetry: for (int i = 0; i < DNS_RESOLUTION_RETRIES; ++i) { - // Pre-resolve IPs so they're cached when building the userspace string - for (final Peer peer : config.getPeers()) { - final InetEndpoint ep = peer.getEndpoint().orElse(null); - if (ep == null) - continue; - if (ep.getResolved().orElse(null) == null) { - if (i < DNS_RESOLUTION_RETRIES - 1) { - Log.w(TAG, "DNS host \"" + ep.getHost() + "\" failed to resolve; trying again"); - Thread.sleep(1000); - continue dnsRetry; - } else - throw new BackendException(Reason.DNS_RESOLUTION_FAILURE, ep.getHost()); + // Replace the vpn tunnel + final VpnService.Builder builder = getBuilder(currentTunnel.getName(), currentConfig, service, dhcp.getAddresses()); + + Log.i(TAG, "Builder: " + builder); + + try (final ParcelFileDescriptor tun = builder.establish()) { + if (tun == null) + throw new BackendException(Reason.TUN_CREATION_ERROR); + Log.d(TAG, "Go backend " + wgVersion()); + // SetFd + wgSetFd(currentTunnelHandle, tun.detachFd()); + } + if (currentTunnelHandle < 0) + throw new BackendException(Reason.GO_ACTIVATION_ERROR_CODE, currentTunnelHandle); + + service.protect(wgGetSocketV4(currentTunnelHandle)); + service.protect(wgGetSocketV6(currentTunnelHandle)); + Log.i(TAG, "Dhcp done"); + + bgp = new Bgp(channel, currentTunnel, currentTunnelHandle); + bgp.startServer(); + + currentTunnel.onDhcpChange(dhcp); + } + + private int getConnectionOwnerUid(int protocol, InetSocketAddress local, InetSocketAddress remote) { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) + return connectivityManager.getConnectionOwnerUid(protocol, local, remote); + else + return Process.INVALID_UID; + } + + private void streamReverse(LibwgGrpc.LibwgStub asyncStub) throws InterruptedException { + Log.i(TAG, "In streamReverse"); + final CountDownLatch finishLatch = new CountDownLatch(1); + final AtomicReference<StreamObserver<ReverseRequest>> atomicRequestObserver = new AtomicReference<StreamObserver<ReverseRequest>>(); + // Throwable failed = null; + + StreamObserver<ReverseResponse> responseObserver = new StreamObserver<ReverseResponse>() { + @Override + public void onNext(ReverseResponse resp) { + try { + String pkg = ""; + int uid = getConnectionOwnerUid(resp.getUid().getProtocol(), toInetSocketAddress(resp.getUid().getLocal()), toInetSocketAddress(resp.getUid().getRemote())); + if (uid != Process.INVALID_UID) { + PackageManager pm = context.getPackageManager(); + pkg = pm.getNameForUid(uid); + String[] pkgs = pm.getPackagesForUid(uid); + Log.i(TAG, "reverse onNext uid:" + uid + " package:" + pkg); + if (pkgs != null) { + for (int i=0; i < pkgs.length; i++) { + Log.i(TAG, "getPackagesForUid() = " + pkgs[i]); + } + } + } else { + Log.i(TAG, "Connection not found"); + } + + ReverseRequest req = ReverseRequest.newBuilder() + .setUid(GetConnectionOwnerUidResponse.newBuilder() + .setUid(uid) + .setPackage(pkg != null ? pkg: "") + .build()) + .build(); + + io.grpc.Context.current().fork().run(new Runnable() { + public void run() { + atomicRequestObserver.get().onNext(req); + } + }); + } catch (RuntimeException ex) { + Log.i(TAG, "onNext " + ex); + throw ex; } } - break; - } - // Build config - final String goConfig = config.toWgUserspaceString(); + @Override + public void onError(Throwable t) { + // failed = t; + Log.i(TAG, "streamReverse error: " + t); + finishLatch.countDown(); + } - // Create the vpn tunnel with android API + @Override + public void onCompleted() { + Log.i(TAG, "streamReverse completed"); + finishLatch.countDown(); + } + }; + StreamObserver<ReverseRequest> requestObserver = asyncStub.reverse(responseObserver); + atomicRequestObserver.set(requestObserver); + + // Mark the end of requests + //requestObserver.onCompleted(); + + //requestObserver.onNext(ReverseRequest.getDefaultInstance()); + + Log.i(TAG, "Waiting streamReverse"); + // Receiving happens asynchronously + finishLatch.await(); + + // if (failed != null) { + // throw new RuntimeException(failed); + // } + Log.i(TAG, "Exit streamReverse"); + } + + private VpnService.Builder getBuilder(final String name, @Nullable final Config config, final VpnService service, @Nullable final Set<InetNetwork> leases) throws PackageManager.NameNotFoundException { + Log.i(TAG, "Builder 1"); final VpnService.Builder builder = service.getBuilder(); - builder.setSession(tunnel.getName()); + Log.i(TAG, "Builder 2"); + builder.setSession(name); + Log.i(TAG, "Builder 3"); for (final String excludedApplication : config.getInterface().getExcludedApplications()) builder.addDisallowedApplication(excludedApplication); + Log.i(TAG, "Builder 4"); for (final String includedApplication : config.getInterface().getIncludedApplications()) builder.addAllowedApplication(includedApplication); + Log.i(TAG, "Builder 5"); + if (leases != null) { + for (final InetNetwork lease: leases) { + builder.addAddress(lease.getAddress(), lease.getMask()); + } + } + + Log.i(TAG, "Builder 6"); for (final InetNetwork addr : config.getInterface().getAddresses()) builder.addAddress(addr.getAddress(), addr.getMask()); + Log.i(TAG, "Builder 7"); for (final InetAddress addr : config.getInterface().getDnsServers()) builder.addDnsServer(addr.getHostAddress()); + Log.i(TAG, "Builder 8"); for (final String dnsSearchDomain : config.getInterface().getDnsSearchDomains()) builder.addSearchDomain(dnsSearchDomain); + Log.i(TAG, "Builder 9"); boolean sawDefaultRoute = false; for (final Peer peer : config.getPeers()) { for (final InetNetwork addr : peer.getAllowedIps()) { @@ -286,20 +571,125 @@ public final class GoBackend implements Backend { } } + Log.i(TAG, "Builder 10"); // "Kill-switch" semantics if (!(sawDefaultRoute && config.getPeers().size() == 1)) { builder.allowFamily(OsConstants.AF_INET); builder.allowFamily(OsConstants.AF_INET6); } + Log.i(TAG, "Builder 11"); builder.setMtu(config.getInterface().getMtu().orElse(1280)); + Log.i(TAG, "Builder 12"); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) builder.setMetered(false); + Log.i(TAG, "Builder 13"); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) service.setUnderlyingNetworks(null); + Log.i(TAG, "Builder 14"); + Optional<HttpProxy> proxy = config.getInterface().getHttpProxy(); + Log.i(TAG, "Builder 14.1"); + if (proxy.isPresent()) { + Log.i(TAG, "Builder 14.2"); + ProxyInfo pi = proxy.get().getProxyInfo(); + Log.i(TAG, "Builder 14.3"); + Uri pacFileUrl = pi.getPacFileUrl(); + Log.i(TAG, "Builder 14.4"); + + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { + Log.i(TAG, "Builder 14.5"); + if (pacFileUrl != null && pacFileUrl != Uri.EMPTY) { + Log.i(TAG, "Builder 14.6"); + String pacFile = downloadPacFile(activeNetwork, pacFileUrl); + int listenPort = startHttpProxy(pacFile); + Log.i(TAG, "Builder 14.7"); + ProxyInfo localPi = ProxyInfo.buildDirectProxy("localhost", listenPort); + Log.i(TAG, "Builder 14.8"); + builder.setHttpProxy(localPi); + Log.i(TAG, "Builder 14.9"); + } else { + Log.i(TAG, "Builder 14.10"); + builder.setHttpProxy(pi); + Log.i(TAG, "Builder 14.11"); + } + Log.i(TAG, "Builder 14.12"); + } + Log.i(TAG, "Builder 14.13"); + } + Log.i(TAG, "Builder 14.14"); + + Log.i(TAG, "Builder 15"); builder.setBlocking(true); + return builder; + } + + private void setStateInternal(final Tunnel tunnel, @Nullable final Config config, final State state) + throws Exception { + Log.i(TAG, "Bringing tunnel " + tunnel.getName() + ' ' + state); + + if (state == State.UP) { + if (config == null) + throw new BackendException(Reason.TUNNEL_MISSING_CONFIG); + + if (VpnService.prepare(context) != null) + throw new BackendException(Reason.VPN_NOT_AUTHORIZED); + + final VpnService service; + if (!vpnService.isDone()) { + Log.d(TAG, "Requesting to start VpnService"); + context.startService(new Intent(context, VpnService.class)); + } + + try { + service = vpnService.get(2, TimeUnit.SECONDS); + } catch (final TimeoutException e) { + final Exception be = new BackendException(Reason.UNABLE_TO_START_VPN); + be.initCause(e); + throw be; + } + service.setOwner(this); + + if (currentTunnelHandle != -1) { + Log.w(TAG, "Tunnel already up"); + return; + } + + + activeNetwork = connectivityManager.getActiveNetwork(); + if (!connectivityManager.getNetworkCapabilities(activeNetwork).hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN)) { + Log.w(TAG, "VPN network is active, null activeNetwork"); + activeNetwork = null; + } + final Resolver resolver = new Resolver(activeNetwork, connectivityManager.getLinkProperties(activeNetwork)); + dnsRetry: for (int i = 0; i < DNS_RESOLUTION_RETRIES; ++i) { + // Pre-resolve IPs so they're cached when building the userspace string + for (final Peer peer : config.getPeers()) { + final InetEndpoint ep = peer.getEndpoint().orElse(null); + if (ep == null) + continue; + // FIXME + tunnel.onEndpointChange(peer.getPublicKey(), ep); + Log.i(TAG, "onEndpointChange " + peer.getPublicKey() + ", " + ep); + if (ep.getResolved(resolver, true).orElse(null) == null) { + if (i < DNS_RESOLUTION_RETRIES - 1) { + Log.w(TAG, "DNS host \"" + ep.getHost() + "\" failed to resolve; trying again"); + Thread.sleep(1000); + continue dnsRetry; + } else + throw new BackendException(Reason.DNS_RESOLUTION_FAILURE, ep.getHost()); + } + } + break; + } + + // Build config + final String goConfig = config.toWgUserspaceString(resolver); + + // Create the vpn tunnel with android API + final VpnService.Builder builder = getBuilder(tunnel.getName(), config, service, null); + try (final ParcelFileDescriptor tun = builder.establish()) { if (tun == null) throw new BackendException(Reason.TUN_CREATION_ERROR); @@ -314,6 +704,15 @@ public final class GoBackend implements Backend { service.protect(wgGetSocketV4(currentTunnelHandle)); service.protect(wgGetSocketV6(currentTunnelHandle)); + + obtainDhcpLease = true; + + NetworkRequest req = new NetworkRequest.Builder().addCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN).build(); + connectivityManager.requestNetwork(req, myNetworkCallback); + + NetworkRequest vpnReq = new NetworkRequest.Builder().addTransportType(NetworkCapabilities.TRANSPORT_VPN).removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN).build(); + vpnNetworkCallback = new VpnNetworkCallback(service); + connectivityManager.requestNetwork(vpnReq, vpnNetworkCallback); } else { if (currentTunnelHandle == -1) { Log.w(TAG, "Tunnel already down"); @@ -323,6 +722,16 @@ public final class GoBackend implements Backend { currentTunnel = null; currentTunnelHandle = -1; currentConfig = null; + if (bgp != null) { + bgp.stopServer(); + bgp = null; + } + stopHttpProxy(); + if (vpnNetworkCallback != null) + connectivityManager.unregisterNetworkCallback(vpnNetworkCallback); + vpnNetworkCallback = null; + connectivityManager.unregisterNetworkCallback(myNetworkCallback); + activeNetwork = null; wgTurnOff(handleToClose); } @@ -385,10 +794,21 @@ public final class GoBackend implements Backend { @Override public void onDestroy() { if (owner != null) { + if (owner.bgp != null) { + owner.bgp.stopServer(); + owner.bgp = null; + } + owner.stopHttpProxy(); final Tunnel tunnel = owner.currentTunnel; if (tunnel != null) { - if (owner.currentTunnelHandle != -1) + if (owner.currentTunnelHandle != -1) { + if (owner.vpnNetworkCallback != null) + owner.connectivityManager.unregisterNetworkCallback(owner.vpnNetworkCallback); + owner.vpnNetworkCallback = null; + owner.connectivityManager.unregisterNetworkCallback(owner.myNetworkCallback); + owner.activeNetwork = null; wgTurnOff(owner.currentTunnelHandle); + } owner.currentTunnel = null; owner.currentTunnelHandle = -1; owner.currentConfig = null; @@ -414,4 +834,48 @@ public final class GoBackend implements Backend { this.owner = owner; } } + + private class VpnNetworkCallback extends ConnectivityManager.NetworkCallback { + private VpnService service; + public VpnNetworkCallback(VpnService service) { + this.service = service; + } + @Override + public void onAvailable(Network network) { + Log.w(TAG, "VPN onAvailable: " + network); + if (obtainDhcpLease) { + Log.w(TAG, "Obtaindhcplease"); + try { + Log.w(TAG, "Before Dhcp"); + Dhcp(service); + Log.w(TAG, "After Dhcp"); + } catch (Exception ex) { + Log.e(TAG, "DHCP failed: " + ex); + } + } + } + } + + private class MyNetworkCallback extends ConnectivityManager.NetworkCallback { + @Override + public void onAvailable(Network network) { + activeNetwork = network; + Log.w(TAG, "onAvailable: " + activeNetwork); + } + + @Override + public void onLinkPropertiesChanged(Network network, LinkProperties linkProperties) { + Log.w(TAG, "onLinkPropertiesChanged: " + network + " is default:" + (network.equals(activeNetwork))); + if (network.equals(activeNetwork) && currentConfig != null && currentTunnelHandle > -1) { + final Resolver resolver = new Resolver(network, linkProperties); + final String goConfig = currentConfig.toWgUserspaceStringWithChangedEndpoints(resolver); + Log.w(TAG, "is default network, config:" + goConfig); + + LibwgGrpc.LibwgBlockingStub stub = LibwgGrpc.newBlockingStub(channel); + TunnelHandle tunnel = TunnelHandle.newBuilder().setHandle(currentTunnelHandle).build(); + IpcSetRequest request = IpcSetRequest.newBuilder().setTunnel(tunnel).setConfig(goConfig).build(); + IpcSetResponse resp = stub.ipcSet(request); + } + } + } } diff --git a/tunnel/src/main/java/com/wireguard/android/backend/LocalSocketAdapter.java b/tunnel/src/main/java/com/wireguard/android/backend/LocalSocketAdapter.java new file mode 100644 index 00000000..bf027ae1 --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/android/backend/LocalSocketAdapter.java @@ -0,0 +1,325 @@ +/* + */ +package com.wireguard.android.backend; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.SocketAddress; +import java.net.SocketException; +import java.net.SocketImplFactory; +import java.net.SocketOptions; +import java.nio.channels.SocketChannel; +import java.util.Vector; +import android.net.LocalSocket; +import android.net.LocalSocketAddress; +import android.util.Log; + +/** + * Adaptor allows using a LocalSocket as a Socket. + */ +final class LocalSocketAdapter extends Socket { + private final LocalSocketAddress address; + private final LocalSocket unix; + private final SocketAddress localAddress; + private InetSocketAddress inetSocketAddress; + private InputStream is; + private OutputStream os; + + LocalSocketAdapter(LocalSocketAddress address) { + this.address = address; + this.localAddress = new InetSocketAddress(0); + unix = new LocalSocket(); + } + + LocalSocketAdapter(LocalSocketAddress address, InetSocketAddress inetAddress) { + this(address); + this.inetSocketAddress = inetAddress; + } + + private void throwUnsupportedOperationException() { + Log.i("helloworld", "Unsupported: " + Log.getStackTraceString(new Exception())); + throw new UnsupportedOperationException(); + } + + @Override + public void bind (SocketAddress bindpoint) { + throwUnsupportedOperationException(); + } + + @Override + public void close() throws IOException { + unix.close(); + } + + @Override public void connect(SocketAddress endpoint) throws IOException { + this.inetSocketAddress = (InetSocketAddress) endpoint; + try { + unix.connect(address); + } catch (IOException e) { + Log.i("helloworld", "Error: " + e.toString()); + throw e; + } + } + + @Override + public void connect(SocketAddress endpoint, int timeout) throws IOException { + this.inetSocketAddress = (InetSocketAddress) endpoint; + unix.connect(address, timeout); + } + + @Override + public SocketChannel getChannel() { + throwUnsupportedOperationException(); + return null; + } + + @Override public InetAddress getInetAddress() { + return inetSocketAddress.getAddress(); + } + + @Override + public InputStream getInputStream() throws IOException { + is = unix.getInputStream(); + return is; + } + + @Override + public boolean getKeepAlive() { + throwUnsupportedOperationException(); + return false; + } + + @Override + public InetAddress getLocalAddress() { + throwUnsupportedOperationException(); + return null; + } + + @Override + public int getLocalPort() { + throwUnsupportedOperationException(); + return 0; + } + + @Override + public SocketAddress getLocalSocketAddress() { + //throwUnsupportedOperationException(); + return localAddress; + } + + @Override + public boolean getOOBInline() { + throwUnsupportedOperationException(); + return false; + } + + @Override + public OutputStream getOutputStream() throws IOException { + if (os != null) + return os; + + OutputStream unixOs = unix.getOutputStream(); + os = new OutputStream() { + @Override + public void close() throws IOException { + // LocalSocket's default implementation closes the socket, + // which leaves readers of thes InputStream hanging. + // Instead shutdown input (and output) to release readers. + LocalSocketAdapter.this.shutdownInput(); + LocalSocketAdapter.this.shutdownOutput(); + } + + @Override + public void write (byte[] b) throws IOException { + unixOs.write(b); + } + + @Override + public void write (byte[] b, int off, int len) throws IOException { + unixOs.write(b, off, len); + } + + @Override + public void write (int b) throws IOException { + unixOs.write(b); + } + }; + return os; + } + + @Override + public int getPort() { + return inetSocketAddress.getPort(); + } + + @Override + public int getReceiveBufferSize() throws SocketException { + try { + return unix.getReceiveBufferSize(); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public SocketAddress getRemoteSocketAddress() { + return inetSocketAddress; + } + + @Override + public boolean getReuseAddress() { + throwUnsupportedOperationException(); + return false; + } + + @Override + public int getSendBufferSize() throws SocketException { + try { + return unix.getSendBufferSize(); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public int getSoLinger() { + throwUnsupportedOperationException(); + return 0; + } + + @Override + public int getSoTimeout() throws SocketException { + try { + return unix.getSoTimeout(); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public boolean getTcpNoDelay() { + throwUnsupportedOperationException(); + return false; + } + + @Override + public int getTrafficClass() { + throwUnsupportedOperationException(); + return 0; + } + + @Override + public boolean isBound() { + return unix.isBound(); + } + + @Override + public boolean isClosed() { + return unix.isClosed(); + } + + @Override + public boolean isConnected() { + return unix.isConnected(); + } + + @Override + public boolean isInputShutdown() { + return unix.isInputShutdown(); + } + + @Override + public boolean isOutputShutdown() { + return unix.isOutputShutdown(); + } + + @Override + public void sendUrgentData (int data) { + throwUnsupportedOperationException(); + } + + @Override + public void setKeepAlive (boolean on) { + throwUnsupportedOperationException(); + } + + @Override + public void setOOBInline (boolean on) { + throwUnsupportedOperationException(); + } + + @Override + public void setPerformancePreferences (int connectionTime, + int latency, + int bandwidth) { + throwUnsupportedOperationException(); + } + + @Override + public void setReceiveBufferSize(int size) throws SocketException { + try { + unix.setReceiveBufferSize(size); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public void setReuseAddress (boolean on) { + throwUnsupportedOperationException(); + } + + @Override + public void setSendBufferSize(int size) throws SocketException { + try { + unix.setSendBufferSize(size); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public void setSoLinger (boolean on, + int linger) { + throwUnsupportedOperationException(); + } + + @Override + public void setSoTimeout(int timeout) throws SocketException { + try { + unix.setSoTimeout(timeout); + } catch (IOException e) { + throw new SocketException(e.getMessage()); + } + } + + @Override + public void setTcpNoDelay (boolean on) { + // Not relevant for local sockets. + } + + @Override + public void setTrafficClass (int tc) { + throwUnsupportedOperationException(); + } + + @Override + public void shutdownInput() throws IOException { + unix.shutdownInput(); + } + + @Override + public void shutdownOutput() throws IOException { + unix.shutdownOutput(); + } + + @Override + public String toString() { + return unix.toString(); + } +} diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java b/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java index 5d658019..322e766f 100644 --- a/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java +++ b/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java @@ -11,6 +11,7 @@ import android.util.Pair; import com.wireguard.crypto.Key; import com.wireguard.util.NonNullForAll; +import java.time.LocalDateTime; import java.util.HashMap; import java.util.Map; @@ -19,7 +20,19 @@ import java.util.Map; */ @NonNullForAll public class Statistics { - private final Map<Key, Pair<Long, Long>> peerBytes = new HashMap<>(); + private static class Stat { + long rx; + long tx; + LocalDateTime lastHandshake; + + Stat(long rx, long tx, LocalDateTime lastHandshake) { + this.rx = rx; + this.tx = tx; + this.lastHandshake = lastHandshake; + } + } + + private final Map<Key, Stat> peerBytes = new HashMap<>(); private long lastTouched = SystemClock.elapsedRealtime(); Statistics() { @@ -34,8 +47,8 @@ public class Statistics { * @param tx The transmitted traffic for the {@link com.wireguard.config.Peer} referenced by * the provided {@link Key}. This value is in bytes. */ - void add(final Key key, final long rx, final long tx) { - peerBytes.put(key, Pair.create(rx, tx)); + void add(final Key key, final long rx, final long tx, final LocalDateTime lastHandshake) { + peerBytes.put(key, new Stat(rx, tx, lastHandshake)); lastTouched = SystemClock.elapsedRealtime(); } @@ -56,10 +69,10 @@ public class Statistics { * @return a long representing the number of bytes received by this peer. */ public long peerRx(final Key peer) { - final Pair<Long, Long> rxTx = peerBytes.get(peer); - if (rxTx == null) + final Stat stat = peerBytes.get(peer); + if (stat == null) return 0; - return rxTx.first; + return stat.rx; } /** @@ -70,10 +83,17 @@ public class Statistics { * @return a long representing the number of bytes transmitted by this peer. */ public long peerTx(final Key peer) { - final Pair<Long, Long> rxTx = peerBytes.get(peer); - if (rxTx == null) + final Stat stat = peerBytes.get(peer); + if (stat == null) return 0; - return rxTx.second; + return stat.tx; + } + + public LocalDateTime peerLastHandshake(final Key peer) { + final Stat stat = peerBytes.get(peer); + if (stat == null) + return null; + return stat.lastHandshake; } /** @@ -93,8 +113,8 @@ public class Statistics { */ public long totalRx() { long rx = 0; - for (final Pair<Long, Long> val : peerBytes.values()) { - rx += val.first; + for (final Stat val : peerBytes.values()) { + rx += val.rx; } return rx; } @@ -106,8 +126,8 @@ public class Statistics { */ public long totalTx() { long tx = 0; - for (final Pair<Long, Long> val : peerBytes.values()) { - tx += val.second; + for (final Stat val : peerBytes.values()) { + tx += val.tx; } return tx; } diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java b/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java index 9564bbd1..4c435ca7 100644 --- a/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java +++ b/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java @@ -5,8 +5,14 @@ package com.wireguard.android.backend; +import androidx.annotation.Nullable; + +import com.wireguard.config.InetEndpoint; +import com.wireguard.config.InetNetwork; +import com.wireguard.crypto.Key; import com.wireguard.util.NonNullForAll; +import java.util.List; import java.util.regex.Pattern; /** @@ -54,4 +60,15 @@ public interface Tunnel { return running ? UP : DOWN; } } + + /** + * React to a change of DHCP of the tunnel. Should only be directly called by Backend. + * + * @param newDhcp The new DHCP info of the tunnel. + */ + void onDhcpChange(Dhcp newDhcp); + + void onEndpointChange(Key publicKey, @Nullable InetEndpoint newEndpoint); + + void onAllowedIpsChange(Key publicKey, @Nullable List<InetNetwork> addNetworks, @Nullable List<InetNetwork> removeNetworks); } diff --git a/tunnel/src/main/java/com/wireguard/android/backend/UnixDomainSocketFactory.java b/tunnel/src/main/java/com/wireguard/android/backend/UnixDomainSocketFactory.java new file mode 100644 index 00000000..427a19f1 --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/android/backend/UnixDomainSocketFactory.java @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2018 Square, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.wireguard.android.backend; + +import java.io.File; +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import javax.net.SocketFactory; +import android.net.LocalSocketAddress; + +/** Impersonate TCP-style SocketFactory over UNIX domain sockets. */ +public final class UnixDomainSocketFactory extends SocketFactory { + private final LocalSocketAddress address; + + public UnixDomainSocketFactory(LocalSocketAddress address) { + this.address = address; + } + + @Override public Socket createSocket() throws IOException { + return new LocalSocketAdapter(address); + } + + @Override public Socket createSocket(String host, int port) throws IOException { + Socket result = createSocket(); + result.connect(new InetSocketAddress(host, port)); + return result; + } + + @Override public Socket createSocket( + String host, int port, InetAddress localHost, int localPort) throws IOException { + return createSocket(host, port); + } + + @Override public Socket createSocket(InetAddress host, int port) throws IOException { + Socket result = createSocket(); + result.connect(new InetSocketAddress(host, port)); + return result; + } + + @Override public Socket createSocket( + InetAddress host, int port, InetAddress localAddress, int localPort) throws IOException { + return createSocket(host, port); + } +} diff --git a/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java b/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java index 3121c996..d0dc6a46 100644 --- a/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java +++ b/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java @@ -93,7 +93,7 @@ public final class WgQuickBackend implements Backend { if (parts.length != 3) continue; try { - stats.add(Key.fromBase64(parts[0]), Long.parseLong(parts[1]), Long.parseLong(parts[2])); + stats.add(Key.fromBase64(parts[0]), Long.parseLong(parts[1]), Long.parseLong(parts[2]), null); } catch (final Exception ignored) { } } diff --git a/tunnel/src/main/java/com/wireguard/config/BadConfigException.java b/tunnel/src/main/java/com/wireguard/config/BadConfigException.java index 8766ce51..e5a94e89 100644 --- a/tunnel/src/main/java/com/wireguard/config/BadConfigException.java +++ b/tunnel/src/main/java/com/wireguard/config/BadConfigException.java @@ -8,6 +8,8 @@ package com.wireguard.config; import com.wireguard.crypto.KeyFormatException; import com.wireguard.util.NonNullForAll; +import java.net.MalformedURLException; + import androidx.annotation.Nullable; @NonNullForAll @@ -44,6 +46,12 @@ public class BadConfigException extends Exception { } public BadConfigException(final Section section, final Location location, + @Nullable final CharSequence text, + final MalformedURLException cause) { + this(section, location, Reason.INVALID_VALUE, text, cause); + } + + public BadConfigException(final Section section, final Location location, final ParseException cause) { this(section, location, Reason.INVALID_VALUE, cause.getText(), cause); } @@ -73,6 +81,7 @@ public class BadConfigException extends Exception { ENDPOINT("Endpoint"), EXCLUDED_APPLICATIONS("ExcludedApplications"), INCLUDED_APPLICATIONS("IncludedApplications"), + HTTP_PROXY("HttpProxy"), LISTEN_PORT("ListenPort"), MTU("MTU"), PERSISTENT_KEEPALIVE("PersistentKeepalive"), diff --git a/tunnel/src/main/java/com/wireguard/config/Config.java b/tunnel/src/main/java/com/wireguard/config/Config.java index 807ebec8..ea05e9c8 100644 --- a/tunnel/src/main/java/com/wireguard/config/Config.java +++ b/tunnel/src/main/java/com/wireguard/config/Config.java @@ -9,6 +9,7 @@ import com.wireguard.config.BadConfigException.Location; import com.wireguard.config.BadConfigException.Reason; import com.wireguard.config.BadConfigException.Section; import com.wireguard.util.NonNullForAll; +import com.wireguard.util.Resolver; import java.io.BufferedReader; import java.io.IOException; @@ -173,12 +174,19 @@ public final class Config { * * @return the {@code Config} represented as a series of "key=value" lines */ - public String toWgUserspaceString() { + public String toWgUserspaceString(Resolver resolver) { final StringBuilder sb = new StringBuilder(); sb.append(interfaze.toWgUserspaceString()); sb.append("replace_peers=true\n"); for (final Peer peer : peers) - sb.append(peer.toWgUserspaceString()); + sb.append(peer.toWgUserspaceString(resolver)); + return sb.toString(); + } + + public String toWgUserspaceStringWithChangedEndpoints(Resolver resolver) { + final StringBuilder sb = new StringBuilder(); + for (final Peer peer : peers) + sb.append(peer.toWgUserspaceStringWithChangedEndpoint(resolver)); return sb.toString(); } diff --git a/tunnel/src/main/java/com/wireguard/config/HttpProxy.java b/tunnel/src/main/java/com/wireguard/config/HttpProxy.java new file mode 100644 index 00000000..d45914f8 --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/config/HttpProxy.java @@ -0,0 +1,78 @@ +/* + * Copyright © 2022 WireGuard LLC. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +package com.wireguard.config; + +import com.wireguard.config.BadConfigException.Location; +import com.wireguard.config.BadConfigException.Section; +import com.wireguard.util.NonNullForAll; + +import java.net.MalformedURLException; +import java.net.URL; + +import android.net.ProxyInfo; +import android.net.Uri; + +@NonNullForAll +public final class HttpProxy { + public static final int DEFAULT_PROXY_PORT = 8080; + + private ProxyInfo pi; + + protected HttpProxy(ProxyInfo pi) { + this.pi = pi; + } + + public ProxyInfo getProxyInfo() { + return pi; + } + + public String getHost() { + return pi.getHost(); + } + + public Uri getPacFileUrl() { + return pi.getPacFileUrl(); + } + + public int getPort() { + return pi.getPort(); + } + + public static HttpProxy parse(final String httpProxy) throws BadConfigException { + try { + if (httpProxy.startsWith("pac:")) { + return new HttpProxy(ProxyInfo.buildPacProxy(Uri.parse(httpProxy.substring(4)))); + } else { + final String urlStr; + if (!httpProxy.contains("://")) { + urlStr = "http://" + httpProxy; + } else { + urlStr = httpProxy; + } + URL url = new URL(urlStr); + return new HttpProxy(ProxyInfo.buildDirectProxy(url.getHost(), url.getPort() <= 0 ? DEFAULT_PROXY_PORT : url.getPort())); + } + } catch (final MalformedURLException e) { + throw new BadConfigException(Section.INTERFACE, Location.HTTP_PROXY, httpProxy, e); + } + } + + @Override + public String toString() { + final StringBuilder sb = new StringBuilder(); + if (pi.getPacFileUrl() != null && pi.getPacFileUrl() != Uri.EMPTY) + sb.append("pac:").append(pi.getPacFileUrl()); + else { + sb.append("http://").append(pi.getHost()).append(':'); + if (pi.getPort() <= 0) + sb.append(DEFAULT_PROXY_PORT); + else + sb.append(pi.getPort()); + } + + return sb.toString(); + } +} diff --git a/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java b/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java index 66855f11..62ac0152 100644 --- a/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java +++ b/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java @@ -6,6 +6,7 @@ package com.wireguard.config; import com.wireguard.util.NonNullForAll; +import com.wireguard.util.Resolver; import java.net.Inet4Address; import java.net.InetAddress; @@ -64,6 +65,10 @@ public final class InetEndpoint { } } + public static InetEndpoint fromAddress(final InetAddress address, final int port) { + return new InetEndpoint(address.getHostAddress(), true, port); + } + @Override public boolean equals(final Object obj) { if (!(obj instanceof InetEndpoint)) @@ -80,6 +85,14 @@ public final class InetEndpoint { return port; } + public Optional<InetEndpoint> getResolved() { + if (isResolved) { + return Optional.of(this); + } else { + return Optional.ofNullable(resolved); + } + } + /** * Generate an {@code InetEndpoint} instance with the same port and the host resolved using DNS * to a numeric address. If the host is already numeric, the existing instance may be returned. @@ -87,24 +100,34 @@ public final class InetEndpoint { * * @return the resolved endpoint, or {@link Optional#empty()} */ - public Optional<InetEndpoint> getResolved() { - if (isResolved) + public Optional<InetEndpoint> getResolved(Resolver resolver) { + return getResolved(resolver, false, false); + } + + public Optional<InetEndpoint> getResolved(Resolver resolver, Boolean force) { + return getResolved(resolver, force, false); + } + + public Optional<InetEndpoint> getResolvedIfChanged(Resolver resolver) { + return getResolved(resolver, true, true); + } + + public Optional<InetEndpoint> getResolved(Resolver resolver, Boolean force, Boolean ifChanged) { + if (!force && isResolved) return Optional.of(this); synchronized (lock) { //TODO(zx2c4): Implement a real timeout mechanism using DNS TTL - if (Duration.between(lastResolution, Instant.now()).toMinutes() > 1) { + if (force || Duration.between(lastResolution, Instant.now()).toMinutes() > 1) { try { - // Prefer v4 endpoints over v6 to work around DNS64 and IPv6 NAT issues. - final InetAddress[] candidates = InetAddress.getAllByName(host); - InetAddress address = candidates[0]; - for (final InetAddress candidate : candidates) { - if (candidate instanceof Inet4Address) { - address = candidate; - break; - } - } - resolved = new InetEndpoint(address.getHostAddress(), true, port); + InetAddress address = resolver.resolve(host); + InetEndpoint resolvedNow = new InetEndpoint(address.getHostAddress(), true, port); lastResolution = Instant.now(); + + if (ifChanged && resolvedNow.equals(resolved)) { + return Optional.empty(); + } + + resolved = resolvedNow; } catch (final UnknownHostException e) { resolved = null; } diff --git a/tunnel/src/main/java/com/wireguard/config/InetNetwork.java b/tunnel/src/main/java/com/wireguard/config/InetNetwork.java index 8abf79aa..8c88556c 100644 --- a/tunnel/src/main/java/com/wireguard/config/InetNetwork.java +++ b/tunnel/src/main/java/com/wireguard/config/InetNetwork.java @@ -20,7 +20,7 @@ public final class InetNetwork { private final InetAddress address; private final int mask; - private InetNetwork(final InetAddress address, final int mask) { + public InetNetwork(final InetAddress address, final int mask) { this.address = address; this.mask = mask; } diff --git a/tunnel/src/main/java/com/wireguard/config/Interface.java b/tunnel/src/main/java/com/wireguard/config/Interface.java index 694f313a..a4fa2a19 100644 --- a/tunnel/src/main/java/com/wireguard/config/Interface.java +++ b/tunnel/src/main/java/com/wireguard/config/Interface.java @@ -46,6 +46,7 @@ public final class Interface { private final KeyPair keyPair; private final Optional<Integer> listenPort; private final Optional<Integer> mtu; + private final Optional<HttpProxy> httpProxy; private Interface(final Builder builder) { // Defensively copy to ensure immutability even if the Builder is reused. @@ -57,6 +58,7 @@ public final class Interface { keyPair = Objects.requireNonNull(builder.keyPair, "Interfaces must have a private key"); listenPort = builder.listenPort; mtu = builder.mtu; + httpProxy = builder.httpProxy; } /** @@ -92,6 +94,9 @@ public final class Interface { case "mtu": builder.parseMtu(attribute.getValue()); break; + case "httpproxy": + builder.parseHttpProxy(attribute.getValue()); + break; case "privatekey": builder.parsePrivateKey(attribute.getValue()); break; @@ -115,7 +120,8 @@ public final class Interface { && includedApplications.equals(other.includedApplications) && keyPair.equals(other.keyPair) && listenPort.equals(other.listenPort) - && mtu.equals(other.mtu); + && mtu.equals(other.mtu) + && httpProxy.equals(other.httpProxy); } /** @@ -195,6 +201,15 @@ public final class Interface { return mtu; } + /** + * Returns the HTTP proxy used for the WireGuard interface. + * + * @return the HTTP proxy, or {@code Optional.empty()} if none is configured + */ + public Optional<HttpProxy> getHttpProxy() { + return httpProxy; + } + @Override public int hashCode() { int hash = 1; @@ -205,6 +220,7 @@ public final class Interface { hash = 31 * hash + keyPair.hashCode(); hash = 31 * hash + listenPort.hashCode(); hash = 31 * hash + mtu.hashCode(); + hash = 31 * hash + httpProxy.hashCode(); return hash; } @@ -244,6 +260,7 @@ public final class Interface { sb.append("IncludedApplications = ").append(Attribute.join(includedApplications)).append('\n'); listenPort.ifPresent(lp -> sb.append("ListenPort = ").append(lp).append('\n')); mtu.ifPresent(m -> sb.append("MTU = ").append(m).append('\n')); + httpProxy.ifPresent(p -> sb.append("HttpProxy = ").append(p).append('\n')); sb.append("PrivateKey = ").append(keyPair.getPrivateKey().toBase64()).append('\n'); return sb.toString(); } @@ -279,6 +296,8 @@ public final class Interface { private Optional<Integer> listenPort = Optional.empty(); // Defaults to not present. private Optional<Integer> mtu = Optional.empty(); + // Defaults to not present. + private Optional<HttpProxy> httpProxy = Optional.empty(); public Builder addAddress(final InetNetwork address) { addresses.add(address); @@ -391,6 +410,10 @@ public final class Interface { } } + public Builder parseHttpProxy(final String httpProxy) throws BadConfigException { + return setHttpProxy(HttpProxy.parse(httpProxy)); + } + public Builder parsePrivateKey(final String privateKey) throws BadConfigException { try { return setKeyPair(new KeyPair(Key.fromBase64(privateKey))); @@ -419,5 +442,13 @@ public final class Interface { this.mtu = mtu == 0 ? Optional.empty() : Optional.of(mtu); return this; } + + public Builder setHttpProxy(final HttpProxy httpProxy) throws BadConfigException { + if (httpProxy == null) + throw new BadConfigException(Section.INTERFACE, Location.HTTP_PROXY, + Reason.INVALID_VALUE, String.valueOf(httpProxy)); + this.httpProxy = httpProxy == null ? Optional.empty() : Optional.of(httpProxy); + return this; + } } } diff --git a/tunnel/src/main/java/com/wireguard/config/Peer.java b/tunnel/src/main/java/com/wireguard/config/Peer.java index 9b87b397..3cf5dc15 100644 --- a/tunnel/src/main/java/com/wireguard/config/Peer.java +++ b/tunnel/src/main/java/com/wireguard/config/Peer.java @@ -11,6 +11,7 @@ import com.wireguard.config.BadConfigException.Section; import com.wireguard.crypto.Key; import com.wireguard.crypto.KeyFormatException; import com.wireguard.util.NonNullForAll; +import com.wireguard.util.Resolver; import java.util.Collection; import java.util.Collections; @@ -190,18 +191,26 @@ public final class Peer { * * @return the {@code Peer} represented as a series of "key=value" lines */ - public String toWgUserspaceString() { + public String toWgUserspaceString(Resolver resolver) { final StringBuilder sb = new StringBuilder(); // The order here is important: public_key signifies the beginning of a new peer. sb.append("public_key=").append(publicKey.toHex()).append('\n'); for (final InetNetwork allowedIp : allowedIps) sb.append("allowed_ip=").append(allowedIp).append('\n'); - endpoint.flatMap(InetEndpoint::getResolved).ifPresent(ep -> sb.append("endpoint=").append(ep).append('\n')); + endpoint.flatMap(ep -> ep.getResolved(resolver)).ifPresent(ep -> sb.append("endpoint=").append(ep).append('\n')); persistentKeepalive.ifPresent(pk -> sb.append("persistent_keepalive_interval=").append(pk).append('\n')); preSharedKey.ifPresent(psk -> sb.append("preshared_key=").append(psk.toHex()).append('\n')); return sb.toString(); } + public String toWgUserspaceStringWithChangedEndpoint(Resolver resolver) { + final StringBuilder sb = new StringBuilder(); + // The order here is important: public_key signifies the beginning of a new peer. + sb.append("public_key=").append(publicKey.toHex()).append('\n'); + endpoint.flatMap(ep -> ep.getResolved(resolver, true)).ifPresent(ep -> sb.append("endpoint=").append(ep).append('\n')); + return sb.toString(); + } + @SuppressWarnings("UnusedReturnValue") public static final class Builder { // See wg(8) diff --git a/tunnel/src/main/java/com/wireguard/util/Resolver.java b/tunnel/src/main/java/com/wireguard/util/Resolver.java new file mode 100644 index 00000000..654e01f5 --- /dev/null +++ b/tunnel/src/main/java/com/wireguard/util/Resolver.java @@ -0,0 +1,138 @@ +/* + * Copyright © 2023 WireGuard LLC. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +package com.wireguard.util; + +import java.io.IOException; +import java.net.DatagramSocket; +import java.net.Inet4Address; +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.SocketException; +import java.net.UnknownHostException; + +import android.net.IpPrefix; +import android.net.LinkProperties; +import android.net.Network; +import android.net.TrafficStats; +import android.util.Log; + +import androidx.annotation.Nullable; + +@NonNullForAll +public class Resolver { + private static final String TAG = "WireGuard/Resolver"; + private static final int STATS_TAG = 3; // FIXME + @Nullable private final Network network; + @Nullable private final LinkProperties linkProps; + @Nullable private IpPrefix nat64Prefix; + + public Resolver(Network network, LinkProperties linkProps) { + this.network = network; + this.linkProps = linkProps; + if (linkProps != null) { + this.nat64Prefix = linkProps.getNat64Prefix(); + } + } + + public static boolean isULA(Inet6Address addr) { + byte[] raw = addr.getAddress(); + return ((raw[0] & 0xfe) == 0xfc); + } + + boolean isWithinNAT64Prefix(Inet6Address address) { + if (nat64Prefix == null) + return false; + + int prefixLength = nat64Prefix.getPrefixLength(); + byte[] rawAddr = address.getAddress(); + byte[] rawPrefix = nat64Prefix.getRawAddress(); + + for (int i=0; i < prefixLength/8; i++) { + if (rawAddr[i] != rawPrefix[i]) + return false; + } + + return true; + } + + boolean isPreferredIPv6(Inet6Address local, Inet6Address remote) { + if (linkProps == null) { + // Prefer IPv4 if there are not link properties that can + // be tested. + return false; + } + + // * Prefer IPv4 if local or remote address is ULA + // * Prefer IPv4 if remote IPv6 is within NAT64 prefix. + // * Otherwise prefer IPv6 + boolean isLocalULA = isULA(local); + boolean isRemoteULA = isULA(remote); + + if (isLocalULA || isRemoteULA) { + return false; + } + + if (isWithinNAT64Prefix(remote)) { + return false; + } + + return true; + } + + public InetAddress resolve(String host) throws UnknownHostException { + TrafficStats.setThreadStatsTag(STATS_TAG); + final InetAddress[] candidates = network != null ? network.getAllByName(host) : InetAddress.getAllByName(host); + InetAddress address = candidates[0]; + for (final InetAddress candidate : candidates) { + DatagramSocket sock; + + try { + sock = new DatagramSocket(); + TrafficStats.tagDatagramSocket(sock); + if (network != null) { + network.bindSocket(sock); + } + } catch (SocketException e) { + // Return first candidate as fallback + Log.w(TAG, "DatagramSocket failed, fallback to: \"" + address); + return address; + } catch (IOException e) { + // Return first candidate as fallback + Log.w(TAG, "BindSocket failed, fallback to: \"" + address); + return address; + } + + sock.connect(candidate, 51820); + + if (sock.getLocalAddress().isAnyLocalAddress()) { + // Connect didn't find a local address. + Log.w(TAG, "No local address"); + continue; + } + + Log.w(TAG, "Local address: " + sock.getLocalAddress()); + + if (candidate instanceof Inet4Address) { + // Accept IPv4 as preferred address. + address = candidate; + break; + } + + Inet6Address local = (Inet6Address)sock.getLocalAddress(); + InetSocketAddress remoteSockAddr = (InetSocketAddress)sock.getRemoteSocketAddress(); + Inet6Address remote = (Inet6Address)remoteSockAddr.getAddress(); + sock.close(); + + if (isPreferredIPv6(local, remote)) { + address = candidate; + break; + } + } + Log.w(TAG, "Resolved \"" + host + "\" to: " + address); + return address; + } +} diff --git a/tunnel/src/main/proto/libwg.proto b/tunnel/src/main/proto/libwg.proto new file mode 100644 index 00000000..4fa4468b --- /dev/null +++ b/tunnel/src/main/proto/libwg.proto @@ -0,0 +1,125 @@ +syntax = "proto3"; + +import "google/protobuf/duration.proto"; + +option java_multiple_files = true; +option java_package = 'com.wireguard.android.backend.gen'; +option java_outer_classname = "LibwgProto"; +option java_generic_services = true; +option go_package = 'golang.zx2c4.com/wireguard/android/gen'; + +package api; + +service Libwg { + rpc StopGrpc(StopGrpcRequest) returns (StopGrpcResponse); + rpc Version(VersionRequest) returns (VersionResponse); + rpc StartHttpProxy(StartHttpProxyRequest) returns (StartHttpProxyResponse); + rpc StopHttpProxy(StopHttpProxyRequest) returns (StopHttpProxyResponse); + rpc Reverse(stream ReverseRequest) returns (stream ReverseResponse); + rpc IpcSet(IpcSetRequest) returns (IpcSetResponse); + rpc Dhcp(DhcpRequest) returns (DhcpResponse); +} + +message TunnelHandle { int32 handle = 1; } + +message Error { + enum Code { + NO_ERROR = 0; + UNSPECIFIED = 1; + INVALID_PROTOCOL_BUFFER = 2; + INVALID_RESPONSE = 3; + } + Code code = 1; + string message = 2; +} + +message InetAddress { + bytes address = 1; +} + +message InetSocketAddress { + InetAddress address = 1; + uint32 port = 2; +} + +message StopGrpcRequest { +} + +message StopGrpcResponse { +} + +message VersionRequest { +} + +message VersionResponse { + string version = 1; +} + +message StartHttpProxyRequest { + oneof pacFile { + string pacFileUrl = 1; + string pacFileContent = 2; + } +} + +message StartHttpProxyResponse { + uint32 listen_port = 1; + Error error = 2; +} + +message StopHttpProxyRequest { +} + +message StopHttpProxyResponse { + Error error = 1; +} + +message ReverseRequest { + oneof response { + GetConnectionOwnerUidResponse uid = 1; + } +} + +message ReverseResponse { + oneof request { + GetConnectionOwnerUidRequest uid = 1; + } +} + +message GetConnectionOwnerUidRequest { + // ConnectivityManager.getConnectionOwnerUid(int protocol, + // InetSocketAddress local, InetSocketAddress remote) + int32 protocol = 1; + InetSocketAddress local = 2; + InetSocketAddress remote = 3; +} + +message GetConnectionOwnerUidResponse { + int32 uid = 1; + string package = 2; // context.getPackageManager().getNameForUid() +} + +message IpcSetRequest { + TunnelHandle tunnel = 1; + string config = 2; +} + +message IpcSetResponse { + Error error = 1; +} + +message Lease { + InetAddress address = 1; + google.protobuf.Duration preferred_lifetime = 2; + google.protobuf.Duration valid_lifetime = 3; +} + +message DhcpRequest { + InetAddress relay = 1; + InetAddress source = 2; +} + +message DhcpResponse { + Error error = 1; + repeated Lease leases = 2; +} |