bndeff
Add an app selector for per-app proxy; Add Simplified Chinese translation
Change 1
Added an app selector for the per-app proxy, no need to manually enter the package name.
Features:
-
The application will not crash when upgrading from the old version, but the package name manually filled in by the user cannot be retained.
-
If you choose some apps, when you open the selector next time, the selected app will automatically appear at the top of the list, making it easy to uncheck.
-
When multiple applications have the same name, automatically add the package name as a suffix.
-
The change is compatible with Android 5.0 (tested in the Android emulator) and Android 11 (tested in my Xiaomi mi 10pro).
I haven't found the implementation part of accepting the data returned by the proxy server. i just find the "send" in SocksVPNService.start(). This function calls the system library,but it only calls send,without recv .Where do you realize receiving data. I am a rookie. i know this question is very naive, but if you can answer it, I will be very grateful to you。
Change 2
Add Simplified Chinese support to the interface
你好,我是个新手,对之前没接触过安卓和代理,这次被赶鸭子上架了,如果我的问题可能很蠢。请问这个项目是如何处理服务器发回来的数据的,我没有找到接收数据的处理函数,只找到了SocksVPNService.start()的发送部分。我想知道如果这个项目实现了这一部分,那么是在哪实现的。如果没有实现,我该如何实现呢
Dear developers, why app-selector is not implemented in an app available from the Google play store even after more than a year? It's very annoying to search package names so this would be very helpful. Thank you.
I haven't found the implementation part of accepting the data returned by the proxy server. i just find the "send" in SocksVPNService.start(). This function calls the system library,but it only calls send,without recv .Where do you realize receiving data. I am a rookie. i know this question is very naive, but if you can answer it, I will be very grateful to you。
@baichuan51141 The code that actually handles the VPN data is not in the Android part, it's in a separate executable. It's named libtun2socks.so but it's not a shared library, it's an executable. We just renamed it for packaging convenience.
Its startup command is spliced here. It will then be launched from the command line and remain running in the background. https://github.com/bndeff/socksdroid/blob/master/app/src/main/java/net/typeblog/socks/SocksVpnService.java#L220
String command = String.format(Locale.US,
"%s/libtun2socks.so --netif-ipaddr 26.26.26.2"
+ " --netif-netmask 255.255.255.0"
+ " --socks-server-addr %s:%d"
+ " --tunfd %d"
+ " --tunmtu 1500"
+ " --loglevel 3"
+ " --pid %s/tun2socks.pid"
+ " --sock %s/sock_path"
, getApplicationInfo().nativeLibraryDir, server, port, fd, getFilesDir(), getApplicationInfo().dataDir);
Then, the Android part sends the file descriptor of the VPN virtual network adapter (tun0) to tun2socks via System.sendfd(). This is the "send" code you mentioned. It doesn't actually send any VPN data, it just transfers control of the virtual NIC to the child process.
As for tun2socks, its source code is here:
https://github.com/bndeff/socksdroid/tree/master/app/src/main/jni/badvpn
You can build it with NDK (the NDK project file).
Then inside tun2socks, this is a regular Linux TUN device and SOCKS5 protocol programming (not specific to Android). You will see the complete data sending and receiving process here.
static err_t client_recv_func (void *arg, struct tcp_pcb *tpcb, struct pbuf *p, err_t err);
static void client_socks_handler (struct tcp_client *client, int event);
static void client_send_to_socks (struct tcp_client *client);
static void client_socks_send_handler_done (struct tcp_client *client, int data_len);
static void client_socks_recv_initiate (struct tcp_client *client);
static void client_socks_recv_handler_done (struct tcp_client *client, int data_len);
static int client_socks_recv_send_out (struct tcp_client *client);
static err_t client_sent_func (void *arg, struct tcp_pcb *tpcb, u16_t len);
static void udpgw_client_handler_received (void *unused, BAddr local_addr, BAddr remote_addr, const uint8_t *data, int data_len);
Arch has a nice man page describing what it does: https://man.archlinux.org/man/community/badvpn/badvpn-tun2socks.8.en
badvpn-tun2socks is a network utility used to "socksify" TCP connections at the network layer. It implements a TUN device which accepts all incoming TCP connections (regardless of destination IP), and forwards them through a SOCKS server. This allows you to forward all connections through SOCKS, without any need for application support. It can be used, for example, to forward connections through a remote SSH server.
Of all the code in tun2socks, only the "receive a fd of the TUN device from the parent process" code is Android specific. Because in other Linux distributions, tun2socks creates its own TUN device instead of receiving it from the parent process. You can't do this in Android due to lack of privileges. Instead, the Android VPN system service creates it and then provides its file descriptor to the app. The app then transfers (sends) it to tun2socks.
@SwimmingTiger Hello, thank you for your job. I want also use okhttp in app. How I can redirect my okhttp traffic during tun2socks ? okhttp designed in self package which is bypassed and disabled by android route. Does it possible? Thanks.
i cant open the github now so i suggest you by email that you can use the VPNservice class which is supported by Android8+. just google it.
---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:26 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2)
@SwimmingTiger Hello, thank you for your job. I want also use okhttp in app. How I can redirect my okhttp traffic during tun2socks ? okhttp designed in self package which is bypassed and disabled by android route. Does it possible? Thanks.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
i cant open the github now so i suggest you by email that you can use the VPNservice class which is supported by Android8+. just google it. … ---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:26 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2) @SwimmingTiger Hello, thank you for your job. I want also use okhttp in app. How I can redirect my okhttp traffic during tun2socks ? okhttp designed in self package which is bypassed and disabled by android route. Does it possible? Thanks. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
Now that service use to setup communication with tunc2socks. But I must disable self app traffic via builder.addDisallowedApplication(packageName). So the main question how to setup okhttp in self app to communicate with network via socks5 tunel during tune2socks ?
it has another function addAllowAp…. just like:
for (String appPackage: appPackages) { try { packageManager.getPackageInfo(appPackage, 0); builder.addAllowedApplication(appPackage); } catch (PackageManager.NameNotFoundException e) { // The app isn't installed. } }
---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:47 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2)
i cant open the github now so i suggest you by email that you can use the VPNservice class which is supported by Android8+. just google it. … ---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:26 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2) @SwimmingTiger Hello, thank you for your job. I want also use okhttp in app. How I can redirect my okhttp traffic during tun2socks ? okhttp designed in self package which is bypassed and disabled by android route. Does it possible? Thanks. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
Now that service use to setup communication with tunc2socks. But I must disable self app traffic via builder.addDisallowedApplication(packageName). So the main question how to setup okhttp in self app to communicate with network via socks5 tunel during tune2socks ?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
it has another function addAllowAp…. just like: for (String appPackage: appPackages) { try { packageManager.getPackageInfo(appPackage, 0); builder.addAllowedApplication(appPackage); } catch (PackageManager.NameNotFoundException e) { // The app isn't installed. } } … ---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:47 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2) i cant open the github now so i suggest you by email that you can use the VPNservice class which is supported by Android8+. just google it. … ---Original--- From: "Evgeny @.> Date: Wed, Mar 1, 2023 22:26 PM To: @.>; Cc: @.@.>; Subject: Re: [bndeff/socksdroid] Add an app selector for per-app proxy; AddSimplified Chinese translation (#2) @SwimmingTiger Hello, thank you for your job. I want also use okhttp in app. How I can redirect my okhttp traffic during tun2socks ? okhttp designed in self package which is bypassed and disabled by android route. Does it possible? Thanks. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.> Now that service use to setup communication with tunc2socks. But I must disable self app traffic via builder.addDisallowedApplication(packageName). So the main question how to setup okhttp in self app to communicate with network via socks5 tunel during tune2socks ? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.>
Yep I was tried it. but in that case any app doesn't have connection. So still no luck.
@evgenybozhko2 This fork shows how to get a VPN working without proxying the app itself.
https://github.com/SwimmingTiger/CSNetDroid/tree/csnet
libcsnet.so is a binary that provides local socks5 entry, it has uncertain network exit, so it cannot be excluded by routing rules. So the only option is to avoid proxying the app itself. But a side effect of not proxying the app itself is that DNS no longer works. I solved the problem by running a DNS over HTTPS relay.
I still need libpdnsd.so to send correct DNS responses to tun0. It's not clear to me why my DNS relay (libdnsproxy.so) can't send it directly (it does send it, but the app doesn't receive it). However with two DNS relays (client -> libpdnsd.so -> libdnsproxy.so -> libcsnet.so -> DoH server), I did solve the problem. Now the app doesn't need to proxy itself, doesn't need to do special routing handling, and DNS works fine.
Note 1: All of the above .so are executables.
Note 2: addDisallowedApplication and addAllowedApplication cannot set at the same time. After calling one, you cannot call the other.
@evgenybozhko2 This fork shows how to get a VPN working without proxying the app itself.
https://github.com/SwimmingTiger/CSNetDroid/tree/csnet
libcsnet.so is a binary that provides local socks5 entry, it has uncertain network exit, so it cannot be excluded by routing rules. So the only option is to avoid proxying the app itself. But a side effect of not proxying the app itself is that DNS no longer works. I solved the problem by running a DNS over HTTPS relay.
I still need libpdnsd.so to send correct DNS responses to
tun0. It's not clear to me why my DNS relay (libdnsproxy.so) can't send it directly (it does send it, but the app doesn't receive it). However with two DNS relays (client -> libpdnsd.so -> libdnsproxy.so -> libcsnet.so -> DoH server), I did solve the problem. Now the app doesn't need to proxy itself, doesn't need to do special routing handling, and DNS works fine.Note 1: All of the above
.soare executables.Note 2:
addDisallowedApplicationandaddAllowedApplicationcannot set at the same time. After calling one, you cannot call the other.
Cool, now for me works all apps proxy and self app my IP traffic. But is there any way to proxy self-traffic as well? Thanks.
@SwimmingTiger Thank you very much for this PR! Love it. Since you know the codebase pretty well by know, I've a rather tiny request: Can you add special handling of "$gateway" in the IP field? I connect the device SockDroid runs on (ShieldTV) to another Android's hotspot. As you may know (ref), it changes gateway IP every time and entering it is quite a PITA especially with a remote. Thanks a lot again.
