[client] Implement dns routes for Android

[lixmal]

Describe your changes

This PR implements dns routes on android by

• Routing a 240.0.0.0/8 block on startup
• On DNS traffic, assigning IPs from this block and returning those as DNS response
• The client sends packets to these fake IPs, which are then DNATed to the real IPs
• On the interface we assign the real IPs as allowed IPs
• For return traffic we apply the same process in reverse
• Requires the wildcard feature to be enabled, otherwise we cannot replace the IPs in DNS responses

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)
• Extended the README / documentation, if necessary

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

[Copilot]

Pull Request Overview

This PR refactors route handlers to use a unified HandlerParams object, adds a fake-IP allocation system for Android DNS routing (with DNAT support), and renames/updates the server-router setup to use a new SetFirewall method.

• Introduce common.HandlerParams to consolidate handler constructor arguments
• Implement fakeip.Manager for allocating 240.0.0.0/8 fake IPs and integrate into DNS interceptor
• Rename EnableServerRouter to SetFirewall and wire up fake-IP and DNAT logic in the manager and interceptor

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
client/internal/routemanager/common/params.go	Add HandlerParams struct to package common
client/internal/routemanager/static/route.go	Refactor NewRoute to accept HandlerParams
client/internal/routemanager/notifier/notifier.go	Remove dynamic-route filter in SetInitialClientRoutes
client/internal/routemanager/mock.go	Rename EnableServerRouter to SetFirewall (panic stub)
client/internal/routemanager/manager.go	Rename EnableServerRouter→SetFirewall, introduce fakeIPManager
client/internal/routemanager/dnsinterceptor/handler.go	Extend interceptor with DNAT/fake-IP mapping logic
client/internal/routemanager/fakeip/fakeip.go	Implement fakeip.Manager for IPv4-only 240.0.0.0/8 allocations
client/internal/routemanager/client/client.go	Update HandlerFromRoute to use HandlerParams
client/internal/routemanager/client/client_test.go	Update test to construct handlers via HandlerParams
client/android/client.go	Remove skip of dynamic routes in Android Networks method

Comments suppressed due to low confidence (2)

client/internal/routemanager/notifier/notifier.go:34

• Removing the IsDynamic() filter here will allow dynamic routes into the initial client routes list, which may not be intended. Consider reapplying the filter to skip dynamic routes.

	for _, r := range clientRoutes {

[pappz]

It's not fully clear yet when and how we associate these addresses. We allocated a fake IP, but it seems like you never released it. How does this work in real life?

[lixmal]

Yes, you are right, we never release them. That's something that can be improved, it would also make fake ip management much more complex

[pappz]

Looks like we do not propagate any name for the network list

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
10 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.1% Duplication on New Code

See analysis details on SonarQube Cloud