pegasocks
pegasocks copied to clipboard
chux0519
Making Android client
I want to make pegasocks Android client by using tun2socks, things I need are:
- RPC calling protect socket method in Android VPN Service from pegas like this and this, where is I need to implement these methods in pegasocks source?
- Tell Pegasocks to try to resolve remote domains from defined servers for example I want to have a running DoH client in 5353 port, and need to tell pegasocks to resolve remote domains by using
127.0.0.1:5353, maybe insert DNS option in the config? - And this issue
Another scenario is to make pegasocks as a library and expose API headers, so I can easily integrate it with JNI and call it from Java code, this does not need the RPC callback anymore
(Before I make an pegasocks Android client with using built-in feature but this only works in Android 5+)
cool, I see. Make it a library and called by JNI seems to have lots of things to do, I guess I will start from the easier parts.
- [x] make the socket to remote be "protected" so that the VPN service will not send it to tun device, am i correct?
- [X] make DNS server configurable https://github.com/chux0519/pegasocks/pull/25
- [X] make the ca root configurable https://github.com/chux0519/pegasocks/pull/26
for the "protect" setting, I guess it should be setted before bufferevent_socket_connect_hostname function in src/pgs_outbound.h, the underlying fd can be accessed by bufferevent_getfd(session->outbound->bev)
Currently I'm working on the ACL support, and the code changed a lot, once it merged I will start looking at these.
I have seen the ACL branch, really good feature👍
The story is, Android OS doesn't allow us to access or create a tuntap device directly by using something like IP command or even using codes in C language, Android provides Java libraries for creating Vpn since API 14, after establishing VPN service it returned file descriptor for transferring data, one thing need here to call protect method on sockets that used for connecting to proxy services
- make the socket to remote be "protected" so that the VPN service will not send it to tun device, am I correct?
Yes you are correct
In android when we need to run an external executable binary need call it from Java, Java starts a new process for that (i mean Runtime.exec()) from the main app process, so impossible to transfer file descriptors between processes easily until use libancillary
First-time shadowsocks-android doing these things, but I think I can change badvpn-tun2socks behavior and use it as JNI so there is no need to transfer fds or creating a new process in android
I guess I will start from the easier parts.
I think making pegasocks as a library and call it from Java by using JNI is a better method in total For example separate pegasocks into 2 parts, one is a library and one is executable is a good idea And for final, I can import pegasocks, doh client, tun2socks in one .so file and use it from android It is not an easy method, but I think it works better in android (for example killing other processes in android has deference behaviors in different android versions)
I forking projects and doing something to demonstrate what need
I make tun2socks as JNI library, take a look Remaining things is make call pegasocks also as JNI library...
Cool I will check it later
获取 Outlook for iOShttps://aka.ms/o0ukef
发件人: Mohammad Reza Mokhtarabadi @.> 发送时间: Wednesday, September 22, 2021 5:52:35 PM 收件人: chux0519/pegasocks @.> 抄送: Yongsheng Xu @.>; Comment @.> 主题: Re: [chux0519/pegasocks] Making Android client (#19)
I make tun2socks as JNI library, take a lookhttps://github.com/mokhtarabadi/universal-android-tun2socks/blob/c519c2b2b4ee41d700f72b36619427c9487137df/tun2socks/src/main/java/com/mokhtarabadi/tun2socks/NativeLib.java Remaining things is make call pegasocks also as JNI library...
― You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/chux0519/pegasocks/issues/19#issuecomment-924768733, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADM5S2RIWVOEEW47CCW54H3UDGROHANCNFSM5EJI3V7Q. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Almost done...
I fork pegasocks and made some changes to make it a library but I'm failed because when I want to build pegasocks-android I see many undefined reference to errors
If you are free, can take a look? (I need a completely static ar file)
Also, I completely make tun2socks as android JNI library you can see sample here
And one question, when I run pegas as a library, how I can terminate it!? (can you implement a method to gracefully shutdown pegas or add new command to API for doing that)
Cool,I’ll check it later
And yeah, there’s no such API to stop it yet, definitely need one, will do this next
发件人: Mohammad Reza Mokhtarabadi @.> 发送时间: Tuesday, September 28, 2021 12:16:24 AM 收件人: chux0519/pegasocks @.> 抄送: Yongsheng Xu @.>; Comment @.> 主题: Re: [chux0519/pegasocks] Making Android client (#19)
Almost done... I fork pegasocks and made some changeshttps://github.com/mokhtarabadi/pegasocks/commit/2935dfe841e24ab6280e15cbfe42a9cda0da98bb to make it a library but I'm failed because when I want to build pegasocks-androidhttps://github.com/mokhtarabadi/pegasocks-android I see many undefined reference to errors
If you are free, can take a look?
Also, I completely make tun2socks as android JNI library you can see sample herehttps://github.com/mokhtarabadi/universal-android-tun2socks
And one question, when I run pegas as a library, how I can terminate it!? (can you implement a method to gracefully shutdown pegas or add new command to API for doing that)
― You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/chux0519/pegasocks/issues/19#issuecomment-928039472, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADM5S2XAADLLQP4M5TF43CDUECKFRANCNFSM5EJI3V7Q. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
@mokhtarabadi I've add the libpegas, check the master branch and see if this match your needs.
see: https://github.com/chux0519/pegasocks/blob/master/include/pegasocks/pegas.h for APIs, I haven't add docs for this yet, so briefly, it supports 4 methods
- start
- stop
- set server
- get server info
it's pretty straightforward except the last one.
char buf[4096];
int size = 0;
pgs_get_servers(buf, 4096 - 1, &size);
Above code will output json string of current server metrics, and write it in buf. Use jstring and wrap the function should work with JNI.
the output format is like
[
{
"index": 0,
"active": true,
"connect": 367, #ms
"g204": 737, #ms
"type": "trojan",
"address": "xxx.xxx.xxx.xxx",
"port": 443
}
]
and one more thing, the start function will block your current thread, so do not call it in your main thread to avoid UI blocking.
@chux0519, it looks great, I'll check it tomorrow
can you implement the below item too: pegasocks send the remote fd (socket which used to connect to proxy servers) to the defined TCP server and check the response, if it is 1 mean protect was successful in android otherwise need to close the connection and fd the protect TCP server can be defined in the config for example in the extra section:
{
"android":{
"protctor_server_address":"127.0.0.1",
"protector_server_port":8888
}
}
@chux0519, it looks great, I'll check it tomorrow
can you implement the below item too: pegasocks send the remote fd (socket which used to connect to proxy servers) to the defined TCP server and check the response, if it is 1 mean protect was successful in android otherwise need to close the connection and fd the protect TCP server can be defined in the config for example in the extra section:
{ "android":{ "protctor_server_address":"127.0.0.1", "protector_server_port":8888 } }
I prefer the way shadowsocks-libev did which you mentioned earlier: https://github.com/shadowsocks/shadowsocks-libev/blob/89b5f987d6a5329de9713704615581d363f0cfed/src/udprelay.c#L1228
it would be more direct and efficient
Because i used pegasocks as jni there is no need to use libancillary anymore, no difference, can use unix socket instead tcp, simply send fd as int
Because i used pegasocks as jni there is no need to use libancillary anymore, no difference, can use unix socket instead tcp, simply send fd as int
After a quick look at the code, I guess I understand a little bit. so the idea is send the fd to java/android side and use some API to protect it, it seems always need a rpc, right? In that case, I think I will support both UNIX SOCKET and TCP port.
Yes exactly Need an RPC to send socket file descriptor (before establishing connection) to android, and in Android need call VpnService.protect(int fd) that return true if protecting successful
So making a unix/tcp server in Android and wating for file descriptors...
Of course, current version of pegasocks works in Android greatly, but only support android 5 and above, to support old versions of android, need this RPC method
@mokhtarabadi I've implment the RPC call in TCP. Your protect server should read 4 bytes as integer(fd), and do protection,if success, echo the fd, otherwise write back 4 bytes with any value other than the input fd.
set the protect server via android.protect_address and android.protect_port