net: expose a way to inject a function after fd created before connect/listen #21820
Comments
I believe you can do this by calling |
@ianlancetaylor I have considered your solution before, but after i read all codes related to connect/listen, i found what you said is quite complicated. Now i create a new file hook_android.go under $GOROOT/src/net with package net
func SetSocketFunc(f func(int, int, int) (int, error)) {
socketFunc = f
} So i can reuse all codes, and inject my function in a Can you provide similar solution? |
I think that solution is more or less a non-starter. It's only going to work where you know that no init code creates a socket and where you know exactly which sockets are created. More plausible would be code in golang.org/x/net that does what I already suggested. It only has to be written once. |
No, i don't need to distinguish this, all outgoing sockets need this "protect". And init code creates a socket is rare. Copy nearly all existing net code to golang.org/x/net with only one hook function different? I think it's more difficult to maintain. |
We don't need to copy all existing net code to golang.org/x/net. We only need the code needed to initialize a socket. I understand that the hook can fix your specific problem. I'm questioning whether it is a general solution. And the API of the net package is already too complex. |
It's a Android-specific issue, because in other situation, we can pre-configure iptables rules to apply fwmark for all new connections. Only Android non-root VPNService implementation make things complicated, so i suggest use "_android" suffix to limit this API to android only. |
Dup of #9661. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?go version go1.9 windows/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?What did you do?
I'm writing an Android VPN app using VPNService with golang, and want to use protect method to let socket created by golang executables bypass vpn.
I have done a bridge to pass socket fd from golang to java, but i found this can not work, because
protect
method using fwmark to work, and it requiresprotect
invoked before connect/listen.All socket fds bundles fd creation and connect/listen, so we need a method to use
protect
after fd create before connect/listen.Currently, i forked golang and add a setter in net/hook_unix.go which make
socketFunc
settable.Also i found another project
shadowsocks-android
use similar method shadowsocks@5eb4737What did you expect to see?
Provide a method to hook between fd creation and socket connect/listen
What did you see instead?
The text was updated successfully, but these errors were encountered: