redroid-doc
redroid-doc copied to clipboard
remote-android
Does Redroid support Android's VPN APIs?
Describe the bug Hi, I'm using Http toolkit to intercept requests and I'm facing a issue. I reported to Http toolkit team because I'm not able to intercept, but I would like to check with you.
After I reported, I saw this comment and this is my docker compose.
version: "3"
services:
redroid:
image: redroid/redroid:11.0.0-latest
stdin_open: true
tty: true
privileged: true
ports:
- "5555:5555"
volumes:
- ./data:/data
- /dev/net/tun:/dev/tun
command:
# Enable GPU hardware acceleration.
- androidboot.redroid_gpu_mode=auto
# libndk related parameters
# - ro.product.cpu.abilist0=x86_64,arm64-v8a,x86,armeabi-v7a,armeabi
# - ro.product.cpu.abilist64=x86_64,arm64-v8a
# - ro.product.cpu.abilist32=x86,armeabi-v7a,armeabi
# - ro.dalvik.vm.isa.arm=x86
# - ro.dalvik.vm.isa.arm64=x86_64
# - ro.enable.native.bridge.exec=1
# - ro.dalvik.vm.native.bridge=libndk_translation.so
# - ro.ndk_translation.version=0.2.2
# cap_add:
# - NET_ADMIN
# - NET_RAW
# sysctls:
# - net.ipv6.conf.all.disable_ipv6=0
volumes:
data:
OS: Ubuntu 20.04.6 LTS - x64
make sure the required kernel modules present
-
grep binder /proc/filesystemsnodev binder -
grep ashmem /proc/misc59 ashmem
collect debug logs
curl -fsSL https://raw.githubusercontent.com/remote-android/redroid-doc/master/debug.sh | sudo bash -s -- [CONTAINER]
omit CONTAINER if not exist any more.
Screenshots
11-29 18:17:33.833 2131 2131 I tech.httptoolkit.android.MainActivity: Connecting to VPN from URL: https://android.httptoolkit.tech/connect/?data=eyJhZGRyZXNzZXMiOlsiMTAuMC4yLjIiLCIxMC4wLjMuMiIsIjE5Mi4xNjguMS4xMiJdLCJwb3J0Ijo4MDAxLCJsb2NhbFR1bm5lbFBvcnQiOjgwMDEsImNlcnRGaW5nZXJwcmludCI6InpBTDIvRkt6aUZuM1RhcE8xZE43alZLYXU4dGdHcmlaYXpmN0NVcGphbEE9In0=
11-29 18:17:33.833 2131 2169 D tech.httptoolkit.android.ProxySetup: URL data is {"addresses":["10.0.2.2","10.0.3.2","192.168.1.12"],"port":8001,"localTunnelPort":8001,"certFingerprint":"zAL2/FKziFn3TapO1dN7jVKau8tgGriZazf7CUpjalA="}
11-29 18:17:33.841 2113 2113 D app_process: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
11-29 18:17:33.841 2113 2113 D app_process: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
11-29 18:17:33.843 2113 2113 W app_process: Unexpected CPU variant for X86 using defaults: x86_64
11-29 18:17:33.844 2113 2113 I app_process: The ClassLoaderContext is a special shared library.
11-29 18:17:33.849 2113 2113 W app_process: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
11-29 18:17:33.851 2113 2113 D AndroidRuntime: Calling main entry com.android.commands.input.Input
11-29 18:17:33.853 2113 2113 D AndroidRuntime: Shutting down VM
11-29 18:17:33.896 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::ISurfaceFlingerConfigs/default in either framework or device manifest.
11-29 18:17:34.090 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:34.090 2131 2163 I Gralloc4: mapper 4.x is not supported
11-29 18:17:34.090 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:34.091 2131 2163 W Gralloc3: mapper 3.x is not supported
11-29 18:17:34.091 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:34.096 82 1746 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10116 pid=2131
11-29 18:17:34.096 82 1746 D PermissionCache: checking android.permission.ACCESS_SURFACE_FLINGER for uid=10116 => denied (136 us)
11-29 18:17:34.097 225 279 I ActivityTaskManager: Displayed tech.httptoolkit.android.v1/tech.httptoolkit.android.MainActivity: +396ms
11-29 18:17:34.225 2131 2169 V tech.httptoolkit.android (kotlinx.coroutines.SupervisorCoroutine): Validating proxy info ProxyInfo(addresses=[10.0.2.2, 10.0.3.2, 192.168.1.12], port=8001, localTunnelPort=8001, certFingerprint=zAL2/FKziFn3TapO1dN7jVKau8tgGriZazf7CUpjalA=)
11-29 18:17:34.226 2131 2169 V tech.httptoolkit.android (kotlinx.coroutines.SupervisorCoroutine): Proxy tests started
11-29 18:17:34.228 2131 2170 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 10.0.2.2:8001
11-29 18:17:34.228 2131 2171 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 10.0.3.2:8001
11-29 18:17:34.228 2131 2216 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 192.168.1.12:8001
11-29 18:17:36.232 2131 2171 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Error testing proxy address 10.0.3.2: java.net.SocketTimeoutException: failed to connect to /10.0.3.2 (port 8001) from /192.168.208.2 (port 35694) after 2000ms
11-29 18:17:36.232 2131 2170 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Error testing proxy address 10.0.2.2: java.net.SocketTimeoutException: failed to connect to /10.0.2.2 (port 8001) from /192.168.208.2 (port 50042) after 2000ms
11-29 18:17:36.233 2131 2170 I tech.httptoolkit.android.MainActivity: Connect to VPN
11-29 18:17:36.234 68 68 D hwcomposer: VSYNC event status:1
11-29 18:17:36.235 2131 2170 I tech.httptoolkit.android.MainActivity: got intent
11-29 18:17:36.287 2131 2170 I tech.httptoolkit.android.ProxySetup: Proxy cert aliases: [system:4f74014f.0]
11-29 18:17:36.287 225 583 I ActivityTaskManager: START u0 {cmp=com.android.vpndialogs/.ConfirmDialog} from uid 10116
11-29 18:17:36.289 225 274 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 10066; state: DISABLED
11-29 18:17:36.289 225 281 D CompatibilityChangeReporter: Compat change id reported: 143937733; UID 10066; state: ENABLED
11-29 18:17:36.293 2131 2131 D tech.httptoolkit.android.MainActivity: onPause
11-29 18:17:36.293 113 113 D Zygote : Forked child process 2265
11-29 18:17:36.294 225 281 I ActivityManager: Start proc 2265:com.android.vpndialogs/u0a66 for pre-top-activity {com.android.vpndialogs/com.android.vpndialogs.ConfirmDialog}
11-29 18:17:36.295 2265 2265 I Zygote : seccomp disabled by setenforce 0
11-29 18:17:36.313 2265 2265 W roid.vpndialog: Unexpected CPU variant for X86 using defaults: x86_64
11-29 18:17:36.314 108 127 I adbd : jdwp connection from 2265
11-29 18:17:36.316 225 605 E SchedPolicy: Failed to find cgroup for tid 2265
11-29 18:17:36.316 225 605 W OomAdjuster: Fallback pre-set sched group to default: java.lang.RuntimeException: Unknown error
11-29 18:17:36.319 2265 2265 I roid.vpndialog: The ClassLoaderContext is a special shared library.
11-29 18:17:36.321 2265 2265 D NetworkSecurityConfig: No Network Security Config specified, using platform default
11-29 18:17:36.324 225 605 E AppOps : noteOperation
11-29 18:17:36.324 225 605 E AppOps : java.lang.SecurityException: Specified package tech.httptoolkit.android.v1 under uid 10066 but it is really 10116
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3945)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.appop.AppOpsService.noteOperationUnchecked(AppOpsService.java:3089)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.appop.AppOpsService.noteOperationImpl(AppOpsService.java:3077)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.appop.AppOpsService.noteOperation(AppOpsService.java:3060)
11-29 18:17:36.324 225 605 E AppOps : at android.app.AppOpsManager.noteOpNoThrow(AppOpsManager.java:7452)
11-29 18:17:36.324 225 605 E AppOps : at android.app.AppOpsManager.noteOpNoThrow(AppOpsManager.java:7398)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.connectivity.Vpn.doesPackageHaveAppop(Vpn.java:1087)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.connectivity.Vpn.isVpnServicePreConsented(Vpn.java:1092)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.connectivity.Vpn.isVpnPreConsented(Vpn.java:1074)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.connectivity.Vpn.prepare(Vpn.java:928)
11-29 18:17:36.324 225 605 E AppOps : at com.android.server.ConnectivityService.prepareVpn(ConnectivityService.java:4524)
11-29 18:17:36.324 225 605 E AppOps : at android.net.IConnectivityManager$Stub.onTransact(IConnectivityManager.java:1166)
11-29 18:17:36.324 225 605 E AppOps : at android.os.Binder.execTransactInternal(Binder.java:1154)
11-29 18:17:36.324 225 605 E AppOps : at android.os.Binder.execTransact(Binder.java:1123)
11-29 18:17:36.321 2265 2265 D NetworkSecurityConfig: No Network Security Config specified, using platform default
11-29 18:17:36.362 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::ISurfaceFlingerConfigs/default in either framework or device manifest.
11-29 18:17:36.591 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:36.592 2265 2290 I Gralloc4: mapper 4.x is not supported
11-29 18:17:36.592 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:36.592 2265 2290 W Gralloc3: mapper 3.x is not supported
11-29 18:17:36.592 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:36.597 82 1746 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10066 pid=2265
11-29 18:17:36.597 82 1746 D PermissionCache: checking android.permission.ACCESS_SURFACE_FLINGER for uid=10066 => denied (100 us)
11-29 18:17:36.597 225 279 I ActivityTaskManager: Displayed com.android.vpndialogs/.ConfirmDialog: +309ms
11-29 18:17:36.622 68 68 D hwcomposer: VSYNC event status:0
11-29 18:17:36.744 225 1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:36.746 225 1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:36.758 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:36.890 82 82 I chatty : uid=1000(system) /system/bin/surfaceflinger identical 2 lines
11-29 18:17:36.958 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:37.285 225 1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:37.288 225 1094 E TaskPersister: File error accessing recents directory (directory doesn't exist?).
11-29 18:17:37.288 225 1094 I chatty : uid=1000(system) LazyTaskWriterT identical 2 lines
11-29 18:17:37.288 225 1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:37.957 68 68 D hwcomposer: VSYNC event status:1
11-29 18:17:38.051 701 948 E TcpSocketTracker: Expect to get family 10 SOCK_DIAG_BY_FAMILY message but get 2
11-29 18:17:38.052 701 948 E TcpSocketTracker: Expect to get family 2 SOCK_DIAG_BY_FAMILY message but get 2
11-29 18:17:38.091 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.224 82 82 I chatty : uid=1000(system) /system/bin/surfaceflinger identical 2 lines
11-29 18:17:38.290 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.356 68 68 D hwcomposer: VSYNC event status:0
11-29 18:17:38.357 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.470 2078 2103 I tatementservic: Waiting for a blocking GC ProfileSaver
11-29 18:17:38.475 2078 2103 I tatementservic: Waiting for a blocking GC ProfileSaver
11-29 18:17:39.026 225 1729 I Vpn : Switched from [Legacy VPN] to tech.httptoolkit.android.v1
11-29 18:17:39.027 225 1729 D Vpn : setting state=IDLE, reason=prepare
11-29 18:17:39.029 82 107 D PermissionCache: checking android.permission.READ_FRAME_BUFFER for uid=1000 => granted (206 us)
11-29 18:17:39.041 21 21 I hwservicemanager: getTransport: Cannot find entry [email protected]::IMapper/default in either framework or device manifest.
11-29 18:17:39.090 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.157 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.159 2131 2131 I tech.httptoolkit.android.MainActivity: onActivityResult: start-vpn - result: ok
11-29 18:17:39.159 2131 2131 I tech.httptoolkit.android.MainActivity: Installing cert...
11-29 18:17:39.161 2265 2290 D OpenGLRenderer: endAllActiveAnimators on 0x79525e1c3c60 (RippleDrawable) with handle 0x79517e204d50
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.ProxySetup: Proxy cert aliases: [system:4f74014f.0]
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: Certificate already trusted, continuing
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: onActivityResult: install-cert - result: ok
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: Cert installed, checking notification perms...
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: onActivityResult: enable-notifications - result: ok
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: Notifications OK, starting VPN...
11-29 18:17:39.209 2131 2131 I tech.httptoolkit.android.MainActivity: Starting VPN
11-29 18:17:39.215 2131 2131 D tech.httptoolkit.android.MainActivity: onResume
11-29 18:17:39.216 2131 2131 I tech.httptoolkit.android.ProxyVpnService: onStartCommand called
11-29 18:17:39.216 2131 2131 I tech.httptoolkit.android.ProxyVpnService: tech.httptoolkit.android.START_VPN_ACTION
11-29 18:17:39.220 225 1729 D VpnJni : Address added on tun0: 169.254.61.43/32
11-29 18:17:39.220 225 271 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: false
11-29 18:17:39.220 225 271 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: true
11-29 18:17:39.221 225 1729 D Vpn : setting state=CONNECTING, reason=establish
11-29 18:17:39.221 225 1729 D ConnectivityService: registerNetworkAgent NetworkAgentInfo{ ni{[type: VPN[], state: CONNECTING/CONNECTING, reason: (unspecified), extra: (none), failover: false, available: false, roaming: false]} network{101} nethandle{437197393933} lp{{InterfaceName: tun0 LinkAddresses: [ 169.254.61.43/32 ] DnsAddresses: [ ] Domains: MTU: 1500 Routes: [ 0.0.0.0/0 -> 0.0.0.0 tun0 mtu 0,::/0 unreachable mtu 0,169.254.61.43/32 -> 0.0.0.0 tun0 mtu 0 ] HttpProxy: [192.168.1.12] 8001}} nc{[ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_ROAMING&FOREGROUND&NOT_SUSPENDED Uids: <{0-10115, 10117-99999}> OwnerUid: 10116 RequestorUid: -1 RequestorPackageName: null]} Score{101} everValidated{false} lastValidated{false} created{false} lingering{false} explicitlySelected{false} acceptUnvalidated{false} everCaptivePortalDetected{false} lastCaptivePortalDetected{false} partialConnectivity{false} acceptPartialConnectivity{false} clat{mBaseIface: null, mIface: null, mState: IDLE} }
11-29 18:17:39.221 225 1729 D Vpn : setting state=CONNECTED, reason=agentConnect
11-29 18:17:39.221 225 1729 I Vpn : Established by tech.httptoolkit.android.v1 on tun0
11-29 18:17:39.221 2131 2131 I tech.httptoolkit.android.HttpToolkitApplication: Saving proxy config
11-29 18:17:39.224 82 82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.229 225 410 D ConnectivityService: [101 VPN] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTING
11-29 18:17:39.229 225 410 D ConnectivityService: NetReassign [no changes]
11-29 18:17:39.229 135 646 E Netd : Failed to dump IPv4 sockets for UID: No such file or directory
11-29 18:17:39.229 135 646 E Netd : Failed to close sockets while adding UidRanges{ 0-10115 10117-99999 } to network 101: No such file or directory
11-29 18:17:39.229 135 646 E Netd : getIfIndex: cannot find interface tun0
11-29 18:17:39.230 225 410 E PermissionMonitor: Exception when updating permissions:
11-29 18:17:39.230 225 410 E PermissionMonitor: android.os.ServiceSpecificException: [Invalid argument] : Interface rule must specify interface (code 22)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Parcel.createExceptionOrNull(Parcel.java:2387)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Parcel.createException(Parcel.java:2357)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Parcel.readException(Parcel.java:2340)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Parcel.readException(Parcel.java:2282)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.net.INetd$Stub$Proxy.firewallAddUidInterfaceRules(INetd.java:3615)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.connectivity.PermissionMonitor.updateVpnUids(PermissionMonitor.java:579)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.connectivity.PermissionMonitor.onVpnUidRangesAdded(PermissionMonitor.java:494)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.ConnectivityService.updateUids(ConnectivityService.java:6511)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.ConnectivityService.handleRegisterNetworkAgent(ConnectivityService.java:5983)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.ConnectivityService.access$4900(ConnectivityService.java:258)
11-29 18:17:39.230 225 410 E PermissionMonitor: at com.android.server.ConnectivityService$InternalHandler.handleMessage(ConnectivityService.java:4124)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Handler.dispatchMessage(Handler.java:106)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.Looper.loop(Looper.java:223)
11-29 18:17:39.230 225 410 E PermissionMonitor: at android.os.HandlerThread.run(HandlerThread.java:67)
11-29 18:17:39.230 225 410 D ConnectivityService: [101 ETHERNET|VPN] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTED
11-29 18:17:39.230 225 410 W DnsManager: updatePrivateDns(101, PrivateDnsConfig{true:/[]})
11-29 18:17:39.230 225 410 D ConnectivityService: Setting DNS servers for network 101 to []
11-29 18:17:39.230 225 410 D DnsManager: sendDnsConfigurationForNetwork(101, [], [], 1800, 25, 8, 64, 0, 0, , [])
11-29 18:17:39.230 225 410 D ConnectivityService: Adding iface tun0 to network 101
11-29 18:17:39.231 135 646 W IptablesRestoreController: iptables-restore process 965 terminated status=512
11-29 18:17:39.231 135 646 E IptablesRestoreController: iptables error:
11-29 18:17:39.231 135 646 E IptablesRestoreController: ------- COMMAND -------
11-29 18:17:39.231 135 646 E IptablesRestoreController: *mangle
11-29 18:17:39.231 135 646 E IptablesRestoreController: -A routectrl_mangle_INPUT -i tun0 -j MARK --set-mark 0x30065/0xffefffff
11-29 18:17:39.231 135 646 E IptablesRestoreController: COMMIT
11-29 18:17:39.231 135 646 E IptablesRestoreController:
11-29 18:17:39.231 135 646 E IptablesRestoreController: ------- ERROR -------
11-29 18:17:39.231 135 646 E IptablesRestoreController: iptables-restore v1.8.4 (legacy): unknown option "--set-mark"
11-29 18:17:39.231 135 646 E IptablesRestoreController: Error occurred at line: 18
11-29 18:17:39.231 135 646 E IptablesRestoreController: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
11-29 18:17:39.231 135 646 E IptablesRestoreController: ----------------------
11-29 18:17:39.231 135 646 W IptablesRestoreController: iptables-restore process 967 terminated status=512
11-29 18:17:39.231 135 646 E IptablesRestoreController: iptables error:
11-29 18:17:39.231 135 646 E IptablesRestoreController: ------- COMMAND -------
11-29 18:17:39.231 135 646 E IptablesRestoreController: *mangle
11-29 18:17:39.231 135 646 E IptablesRestoreController: -A routectrl_mangle_INPUT -i tun0 -j MARK --set-mark 0x30065/0xffefffff
11-29 18:17:39.231 135 646 E IptablesRestoreController: COMMIT
11-29 18:17:39.231 135 646 E IptablesRestoreController:
11-29 18:17:39.231 135 646 E IptablesRestoreController: ------- ERROR -------
11-29 18:17:39.231 135 646 E IptablesRestoreController: ip6tables-restore v1.8.4 (legacy): unknown option "--set-mark"
11-29 18:17:39.231 135 646 E IptablesRestoreController: Error occurred at line: 18
11-29 18:17:39.231 135 646 E IptablesRestoreController: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
11-29 18:17:39.231 135 646 E IptablesRestoreController: ----------------------
According to #495 VPN should worked in redroid.
Note: should not take all traffics, otherwise adb connection will be failed.
According to #495
VPNshould worked in redroid. Note: should not take all traffics, otherwise adb connection will be failed.
Hello. I'm looking for a way to still be able to connect to adb when the VPN is connected. I checked all the routes inside the container and found out that all the routing is done by policy base. A view of the ip rule list command in the state where vpn is connected is shown below. I am looking for a way to mark packets that come from source port and to destination port 5555. But there is no mangle table and I cannot use the command -p tcp --sport 5555 -j MARK --set-mark 0x1 in the table filter. Do you know a way to mark these packets?
34161f261304:/ # ip rule list 0: from all lookup local 10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system 10500: from all iif lo oif eth0 uidrange 0-0 lookup eth0 11000: from all iif tun0 lookup local_network 12000: from all fwmark 0x0/0x20000 iif lo uidrange 1000-1000 lookup tun0 12000: from all fwmark 0x0/0x20000 iif lo uidrange 10064-10064 lookup tun0 12000: from all fwmark 0x0/0x20000 iif lo uidrange 10116-10116 lookup tun0 12000: from all fwmark 0xc0067/0xcffff lookup tun0 13000: from all fwmark 0x10063/0x1ffff iif lo lookup local_network 13000: from all fwmark 0x10064/0x1ffff iif lo lookup eth0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 1000-1000 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 10064-10064 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 10116-10116 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 0-0 lookup tun0 14000: from all iif lo oif eth0 lookup eth0 14000: from all iif lo oif tun0 uidrange 1000-1000 lookup tun0 14000: from all iif lo oif tun0 uidrange 10064-10064 lookup tun0 14000: from all iif lo oif tun0 uidrange 10116-10116 lookup tun0 15000: from all fwmark 0x0/0x10000 lookup legacy_system 16000: from all fwmark 0x0/0x10000 lookup legacy_network 17000: from all fwmark 0x0/0x10000 lookup local_network 19000: from all fwmark 0x64/0x1ffff iif lo lookup eth0 21000: from all fwmark 0x67/0xffff lookup eth0 22000: from all fwmark 0x0/0xffff iif lo lookup eth0 32000: from all unreachable
thank you
Should be aware that all networking stuffs (like ip route, ip rule) are managed by netd, and possible your manual changes will be flushed if netd restarted / reconfigured.
How about enforce adbd to bind eth0 with SO_BINDTODEVICE?