Closed S0AndS0 closed 8 months ago
What about the hardware offload?
If it is an xOR sort of thing and hardware offload is already enabled, then I think toggling on TTL mangling should turn-off hardware offload and send a toast/notification to device owner, and vice versa for toggling on hardware offload on when TTL mangling is enabled.
Also I think any new mangling features should probably be opt-in, regardless of if it plays nice with hardware offload features.
I don't know if the hardware offload supports it but I doubt it. It would need to disable it.
Getting information from ChatGPT is not helpful and we don't allow posting AI generated answers on the discussion forum or issue tracker.
Problem
Certain service providers use Time To Live (TTL), and Hop Limit (HL), values to differentiate between packets originating from a host device vs client devices connected via tethering.
Currently client devices must set their TTL/HL values to
65
, one greater than that of the host (at the time of writing64
), so that after exiting through tethering route the value matches packets generated by the host. However, this workaround only works for Linux clients reliably, MicroSoft Windows clients maybe, and MacOS almost not at all... and smart devices almost certainly not.Proposed Solution
Mangle all outbound packets to have the same TTL, and HL, value(s) as the host host device;
Downsides:
PREROUTING
rules for input interfacesUpsides:
Alternatives
Define above
iptables
rules on device between host and clients such as what the following ASCII diagram attempts to show...... Though this should work, it kinda feels clunky and also prevents easy communication between phone/host and clients.
Possible Points of Interest
I have searched a bit about within the available source code, in hopes that an avenue to implement changes would be found without too much struggle, and here are some of the directories/files that seemed relevant;
GitHub Search -- GrapheneOS --
iptables
GrapheneOS/platform_development
--scripts/reverse_tether.sh
GitHub Search -- GrapheneOS --
tether
GrapheneOS/platform_packages_apps_Settings
--src/com/android/settings/network
GrapheneOS/platform_packages_apps_Settings
--src/com/android/settings/wifi/tether
GrapheneOS/platform_packages_apps_Settings
--src/com/android/settings/network/tether
GrapheneOS/platform_frameworks_base
--services/core/java/com/android/server/net/
GrapheneOS/platform_libcore
--src/main/java/java/lang/Runtime.java
--Runtime.exec
Musings
GrapheneOS/platform_packages_apps_Settings
--src/com/android/settings/network/tether/TetheringManagerModel.java
defines useful interface that may be hooked into for start/stop tethering events. Though if I remember correctly the SELinux configuration(s) may also need updated to allow this code to touchiptables
related binaries.GrapheneOS/platform_packages_apps_Settings
--src/com/android/settings/network/tether/TetherSettings.java
may need alterations to allow device owners to toggle TTL mangling on/off.iptables
, without needing to root, that ain't what I be after because that seems like way too much... for now ;-DQuestions
iptables
?Possibly Related Issues
GrapheneOS/os-issue-tracker
--30
-- add the option of VPN support for hotspot / tetheringGrapheneOS/os-issue-tracker
--993
-- Hotspot "TTL toggle button"?