Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble with UDP #9

Open
chim1005 opened this issue Apr 27, 2016 · 6 comments
Open

Trouble with UDP #9

chim1005 opened this issue Apr 27, 2016 · 6 comments

Comments

@chim1005
Copy link

chim1005 commented Apr 27, 2016
edited

Hi Mohamed,

Thanks so much for sharing your work. I am a newbie to both Android and Java, but learning as I read your code. So this could very well be my issue.

I built an apk image with Android Studio 2.1RC and ran on ASUS (4.1.1) tablet with USB debugging enabled and connected to my Ubuntu box where Android Studio is running.

I can see logcat output. I have added more Log.i() into both TCP/UDP input/output to track.

With LocalVPN started, UDP packets to DNS server (port 53) are captured, but no reply packet is seen.
With LocalVPN stop, Web browing works fine. So I think it is not DNS server connectivity issue.

I assume this should work. Thanks for any suggestion that you may have.

Here is a part of logcat output.

04-27 11:23:43.486 29098-29189/xyz.hexene.localvpn I/UDPOutput: UDP out:208.67.220.220:53:24941
04-27 11:23:43.486 29098-29189/xyz.hexene.localvpn I/UDPOutput: packet=Packet{ip4Header=IP4Header{version=4, IHL=5, typeOfService=0, totalLength=62, identificationAndFlagsAndFragmentOffset=-1001308160, TTL=64, protocol=17:UDP, headerChecksum=48955, sourceAddress=10.0.0.2, destinationAddress=208.67.220.220}, udpHeader=UDPHeader{sourcePort=24941, destinationPort=53, length=42, checksum=500}, payloadSize=34}
04-27 11:23:43.506 29098-29188/xyz.hexene.localvpn I/UDPInput: UDP in sleep 10
04-27 11:23:43.536 29098-29189/xyz.hexene.localvpn I/UDPOutput: UDP out write:208.67.220.220:53:24941
04-27 11:23:43.566 29098-29188/xyz.hexene.localvpn I/UDPInput: UDP in sleep 10

Thanks.
-chang
@imhotepisinvisible
Copy link

imhotepisinvisible commented Apr 27, 2016
edited

I believe this is a bug in the Android VPN: https://code.google.com/p/android/issues/detail?id=64819. UDP packets are not transmitted properly because the source IP address is not correctly rewritten. My pull request attempts to fix this: #4

@chim1005
Copy link
Author

I tried the patch suggested. DNS is working now and moves further. Thanks.

A few observations.

  1. Unknown packet type with ICMP (protocol 1)

04-28 09:54:38.647 22072-22212/xyz.hexene.localvpn W/VPNRunnable: Unknown packet type
04-28 09:54:38.647 22072-22212/xyz.hexene.localvpn W/VPNRunnable: IP4Header{version=4, IHL=5, typeOfService=192, totalLength=576, identificationAndFlagsAndFragmentOffset=-198770688, TTL=64, protocol=1:Other, headerChecksum=4325, sourceAddress=192.168.1.107, destinationAddress=216.58.216.162}

  1. Source and destination IP addresses are swapped in TCP/UDPOutput Why?
    ..
    outputChannel.configureBlocking(false);
    currentPacket.swapSourceAndDestination();

  2. Occasionally see TCP ECONNRESET error
    Could this be due to excessive logging?

04-28 09:54:38.017 22072-22211/xyz.hexene.localvpn E/TCPOutput: Network write error: 216.58.216.162:443:37013
java.net.SocketException: sendto failed: ECONNRESET (Connection reset by peer)
at libcore.io.IoBridge.maybeThrowAfterSendto(IoBridge.java:506)
at libcore.io.IoBridge.sendto(IoBridge.java:489)
at java.nio.SocketChannelImpl.writeImpl(SocketChannelImpl.java:369)
at java.nio.SocketChannelImpl.write(SocketChannelImpl.java:327)
at xyz.hexene.localvpn.TCPOutput.processACK(TCPOutput.java:244)
at xyz.hexene.localvpn.TCPOutput.run(TCPOutput.java:101)

@hexene
Copy link
Owner

hexene commented Apr 29, 2016

  1. Forwarding ICMP packets requires use of raw sockets which in turn requires root access. If root access was already available, the current implementation would be moot.
  2. The first packet for each connection from the device is cached and its modified header (with the source and destination addresses swapped, etc.) is used for form the complete IP packet for server responses to send back to the device.
  3. This is probably a timing issue, might need further investigation.

@chim1005
Copy link
Author

Hi Mohamed,

Thanks for sharing your thoughts.

So on Android app level without root access, only TCP and UDP packets can be forwarded.
This limitation should apply to all Apps. So any traffic initiated from Apps should be limited to either TCP or UDP and nothing else. In other words, these ICMP packets are not from Apps.

Do you see any possibility to restrict the packet capture to only those initiated by other Apps? Maybe through route setup or some sort of packet filter?

Thanks.
-chang

@hexene
Copy link
Owner

hexene commented May 12, 2016

Apologies for the delay.

With root access, yes, packet filters can be set up directly (using iptables, etc.). Please see adblockplusandroid for an example. In the absence of root, the approach used in LocalVPN is the only one I'm aware of. The packets generated by other apps will be forwarded to LocalVPN (through VpnService) from where it could be captured/filtered.

Hope this answers your question.

@AuxanoWeb
Copy link

hey @hexene ,
I set the dedicated IP address but what about the route address, have to keep "0.0.0.0" for any dedicated IP address?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hexene @chim1005 @imhotepisinvisible @AuxanoWeb