Feature/exit node Android (#1916)

Support exit node on Android. With the protect socket function, we mark every connection that should be used out of VPN.
2026-04-18 08:16:39 +00:00 · 2024-05-07 12:28:30 +02:00
parent f309b120cd
commit c590518e0c
19 changed files with 275 additions and 49 deletions
--- a/util/net/dialer_android.go
+++ b/util/net/dialer_android.go
@@ -0,0 +1,25 @@
+package net
+
+import (
+	"syscall"
+
+	log "github.com/sirupsen/logrus"
+)
+
+func (d *Dialer) init() {
+	d.Dialer.Control = func(_, _ string, c syscall.RawConn) error {
+		err := c.Control(func(fd uintptr) {
+			androidProtectSocketLock.Lock()
+			f := androidProtectSocket
+			androidProtectSocketLock.Unlock()
+			if f == nil {
+				return
+			}
+			ok := f(int32(fd))
+			if !ok {
+				log.Errorf("failed to protect socket: %d", fd)
+			}
+		})
+		return err
+	}
+}
--- a/util/net/dialer_mobile.go
+++ b/util/net/dialer_mobile.go
@@ -1,5 +1,3 @@
-//go:build android || ios
-
 package net

 import (
--- a/util/net/dialer_generic.go
+++ b/util/net/dialer_generic.go
@@ -1,4 +1,4 @@
-//go:build !android && !ios
+//go:build !ios

 package net

@@ -36,7 +36,7 @@ func AddDialerCloseHook(hook DialerCloseHookFunc) {
 	dialerCloseHooks = append(dialerCloseHooks, hook)
 }

-// RemoveDialerHook removes all dialer hooks.
+// RemoveDialerHooks removes all dialer hooks.
 func RemoveDialerHooks() {
 	dialerDialHooksMutex.Lock()
 	defer dialerDialHooksMutex.Unlock()
--- a/util/net/dialer_nonlinux.go
+++ b/util/net/dialer_nonlinux.go
@@ -1,4 +1,4 @@
-//go:build !linux || android
+//go:build !linux

 package net

--- a/util/net/listener_android.go
+++ b/util/net/listener_android.go
@@ -0,0 +1,26 @@
+package net
+
+import (
+	"syscall"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// init configures the net.ListenerConfig Control function to set the fwmark on the socket
+func (l *ListenerConfig) init() {
+	l.ListenConfig.Control = func(_, _ string, c syscall.RawConn) error {
+		err := c.Control(func(fd uintptr) {
+			androidProtectSocketLock.Lock()
+			f := androidProtectSocket
+			androidProtectSocketLock.Unlock()
+			if f == nil {
+				return
+			}
+			ok := f(int32(fd))
+			if !ok {
+				log.Errorf("failed to protect listener socket: %d", fd)
+			}
+		})
+		return err
+	}
+}
--- a/util/net/listener_mobile.go
+++ b/util/net/listener_mobile.go
@@ -1,4 +1,4 @@
-//go:build android || ios
+//go:build ios

 package net

--- a/util/net/listener_generic.go
+++ b/util/net/listener_generic.go
@@ -1,4 +1,4 @@
-//go:build !android && !ios
+//go:build !ios

 package net

--- a/util/net/listener_nonlinux.go
+++ b/util/net/listener_nonlinux.go
@@ -1,4 +1,4 @@
-//go:build !linux || android
+//go:build !linux

 package net

--- a/util/net/protectsocket_android.go
+++ b/util/net/protectsocket_android.go
@@ -0,0 +1,14 @@
+package net
+
+import "sync"
+
+var (
+	androidProtectSocketLock sync.Mutex
+	androidProtectSocket     func(fd int32) bool
+)
+
+func SetAndroidProtectSocketFn(f func(fd int32) bool) {
+	androidProtectSocketLock.Lock()
+	androidProtectSocket = f
+	androidProtectSocketLock.Unlock()
+}