Dev

[itsalfredakku]

This pull request introduces support for socket protection callbacks, which is especially important for Android VPN clients to exclude sockets from VPN routing (using Android's VpnService.protect()). It also improves TCP connection reliability by enabling TCP keepalive and refines the packet loop for more responsive keepalive handling. Additionally, a flush method is added to the connection manager, and the FFI layer is updated to expose the new callback to JNI.

Android socket protection and FFI integration:

• Added a ProtectSocketCallback type and a new protect_socket field to the SoftEtherCallbacks struct, with associated default and clone implementations, allowing the FFI consumer to provide a callback for socket protection [1] [2] [3] [4].
• Implemented JNI-side support for the protect socket callback, including the jni_protect_socket function and registration in the JNI bridge, enabling Android to call back into Java to protect sockets [1] [2].

TCP connection reliability improvements:

• Added the socket2 crate and enabled TCP keepalive on VPN connections (both normal and protected), which is critical for preventing NAT timeouts, especially on mobile networks [1] [2] [3] [4].

Connection logic enhancements:

• Introduced a new connect_with_protect async method in VpnConnection (Unix only), which calls the protect socket callback before establishing TLS, ensuring the socket is protected before any sensitive traffic is sent.
• Updated the FFI client to use connect_with_protect and pass the callback from the FFI layer, both for initial and redirect connections [1] [2].

Packet loop and connection management:

• Refactored the packet loop to send the first keepalive immediately and use a manual timer for subsequent keepalives, improving responsiveness and reliability.
• Added a flush async method to ConnectionManager to flush all send-capable connections, which can be useful for ensuring all pending data is sent.