search

julian-klode / dns66

DNS-based Host Blocker (and lightweight ad blocker) for Android
https://jak-linux.org/projects/dns66/
GNU General Public License v3.0
2.11k stars 200 forks source link

IPv6 DNS settings crash VPN proxy of not on a network that has a IPv6 ip #263

Open DavyLandman opened 6 years ago

DavyLandman commented 6 years ago

So, after adding a custom ipv6 dns entry, the proxy started crashing when I was not on a network with a ipv6 IP address.

I fixed it by disabling ipv6 altogether, but that's a pity for the networks that do have ipv6.

So I'm guessing some extra checks might be required around this logic?

julian-klode commented 6 years ago

Hmm, probably. If you add an IPv6 entry, an IPv6 DNS server will be added to the system, and DNS66 will forward any requests for that DNS server. I'd hope that it would time out and retry with IPv4 and blacklist the IPv6 server, but maybe I'm missing a catch. If you get a logcat, I can say more.

DavyLandman commented 6 years ago

I'll try to catch one in the coming days.

DavyLandman commented 6 years ago 
05-14 10:10:55.387  8065  7270 D AdVpnThread: doOne: Polling 9 file descriptors
05-14 10:10:56.211  8065  7270 D AdVpnThread: Read from device
05-14 10:10:56.212  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 76
05-14 10:10:56.214  8065  7270 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv6 Hop-by-Hop Options Header (6 bytes)]
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Next Header: 58 (ICMPv6)
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Hdr Ext Len: 0 (8 [bytes])
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Options: 
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:     [Option Type: 0x05 (Router Alert)] [Option Data Len: 2 bytes] [Option Data: 0x0000]
05-14 10:10:56.214  8065  7270 I DnsPacketProxy: [ICMPv6 Common Header (4 bytes)]
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Type: 1 (Destination Unreachable)
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Code: 0 (no route to destination)
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Checksum: 0x8f00
05-14 10:10:56.214  8065  7270 I DnsPacketProxy: [ICMPv6 Destination Unreachable Header (4 bytes)]
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Unused: 1871314944
05-14 10:10:56.214  8065  7270 I DnsPacketProxy: [Illegal Packet (22 bytes)]
05-14 10:10:56.214  8065  7270 I DnsPacketProxy:   Hex stream: 00 01 04 00 00 00 ff 02 00 00 00 00 00 00 00 00 00 01 ff 00 00 00
05-14 10:10:56.214  8065  7270 D AdVpnThread: doOne: Polling 9 file descriptors
05-14 10:10:56.313  8065  7270 D AdVpnThread: Read from device
05-14 10:10:56.314  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 61
05-14 10:10:56.314  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.314  8065  7270 I DnsPacketProxy: handleDnsRequest: DNS Name uephlrtjstjobpa Allowed, sending to /9.9.9.9
05-14 10:10:56.317  8065  7270 D AdVpnThread: doOne: Polling 10 file descriptors
05-14 10:10:56.318  8065  7270 D AdVpnThread: Read from device
05-14 10:10:56.318  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 59
05-14 10:10:56.319  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.319  8065  7270 I DnsPacketProxy: handleDnsRequest: DNS Name mpcrfpwjpvlrb Allowed, sending to /9.9.9.9
05-14 10:10:56.320  8065  7270 D AdVpnThread: doOne: Polling 11 file descriptors
05-14 10:10:56.322  8065  7270 D AdVpnThread: Read from device
05-14 10:10:56.323  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 53
05-14 10:10:56.323  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.323  8065  7270 I DnsPacketProxy: handleDnsRequest: DNS Name ogxwegb Allowed, sending to /9.9.9.9
05-14 10:10:56.325  8065  7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:10:57.329  8065  7270 D VpnWatchDog: handleTimeout: Milliseconds elapsed between last receive and sent: 1526285456323
05-14 10:10:57.329  8065  7270 D VpnWatchDog: sendPacket: Sending packet, poll timeout is 4000
05-14 10:10:57.331  8065  7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:10:57.332  8065  7270 D AdVpnThread: Read from device
05-14 10:10:57.332  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 28
05-14 10:10:57.332  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.6 AKA 4 AKA /192.16.191.8
05-14 10:10:57.333  8065  7270 I DnsPacketProxy: handleDnsRequest: Sending UDP packet without payload: [UDP Header (8 bytes)]
05-14 10:10:57.333  8065  7270 I DnsPacketProxy:   Source port: 40825 (unknown)
05-14 10:10:57.333  8065  7270 I DnsPacketProxy:   Destination port: 53 (Domain Name Server)
05-14 10:10:57.333  8065  7270 I DnsPacketProxy:   Length: 8 [bytes]
05-14 10:10:57.333  8065  7270 I DnsPacketProxy:   Checksum: 0xdc27
05-14 10:10:57.334  8065  7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:11:00.393  8065  7270 D AdVpnThread: Read from device
05-14 10:11:00.393  8065  7270 D VpnWatchDog: handlePacket: Received packet of length 85
05-14 10:11:00.394  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 2001:db8::3 AKA 1 AKA /2620:fe::fe
05-14 10:11:00.394  8065  7270 I DnsPacketProxy: handleDnsRequest: DNS Name clients3.google.com Allowed, sending to /2620:fe::fe
05-14 10:11:00.408   694   708 D NetlinkEvent: Unknown ifindex 86 in RTM_DELADDR
05-14 10:11:00.413  1137  1137 W android.fg: type=1400 audit(0.0:7571): avc: denied { sys_module } for capability=16 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability permissive=0
05-14 10:11:00.426  1137  1172 D Vpn     : setting state=DISCONNECTED, reason=agentDisconnect
05-14 10:11:00.426  1137  1593 D ConnectivityService: NetworkAgentInfo [VPN () - 187] EVENT_NETWORK_INFO_CHANGED, going from CONNECTED to DISCONNECTED
05-14 10:11:00.426  1137  1593 D VPN     : NetworkAgent: NetworkAgent channel lost
05-14 10:11:00.426  1137  1593 D ConnectivityService: NetworkAgentInfo [VPN () - 187] got DISCONNECTED, was satisfying 1
05-14 10:11:00.457  8065  7270 W AdVpnThread: Network exception in vpn thread, ignoring and reconnecting
05-14 10:11:00.457  8065  7270 W AdVpnThread: org.jak_linux.dns66.vpn.AdVpnThread$VpnNetworkException: Cannot send message:
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.forwardPacket(AdVpnThread.java:341)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:190)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:319)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:284)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:220)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:157)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at java.lang.Thread.run(Thread.java:764)
05-14 10:11:00.457  8065  7270 W AdVpnThread: Caused by: java.io.IOException: sendto failed: ENETUNREACH (Network is unreachable)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.IoBridge.maybeThrowAfterSendto(IoBridge.java:603)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.IoBridge.sendto(IoBridge.java:571)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at java.net.PlainDatagramSocketImpl.send(PlainDatagramSocketImpl.java:124)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at java.net.DatagramSocket.send(DatagramSocket.java:721)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at org.jak_linux.dns66.vpn.AdVpnThread.forwardPacket(AdVpnThread.java:330)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   ... 6 more
05-14 10:11:00.457  8065  7270 W AdVpnThread: Caused by: android.system.ErrnoException: sendto failed: ENETUNREACH (Network is unreachable)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.Linux.sendtoBytes(Native Method)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.Linux.sendto(Linux.java:227)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.BlockGuardOs.sendto(BlockGuardOs.java:304)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   at libcore.io.IoBridge.sendto(IoBridge.java:569)
05-14 10:11:00.457  8065  7270 W AdVpnThread:   ... 9 more
05-14 10:11:00.457  8065  7270 I AdVpnThread: Retrying to connect in 10seconds...
05-14 10:11:00.459  1137  1593 I WifiService: getConnectionInfo uid=1000

I think this is part of the android framework detecting what kind of network connection it's on? It tries to do some dns resolves?

The device is a stock pixel 2.

I think this is causing it:

05-14 10:11:00.394  8065  7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 2001:db8::3 AKA 1 AKA /2620:fe::fe
05-14 10:11:00.394  8065  7270 I DnsPacketProxy: handleDnsRequest: DNS Name clients3.google.com Allowed, sending to /2620:fe::fe

There is no way to send something to a ipv6 dns resolver in case there is only a ipv4 network.

julian-klode commented 5 years ago

Oh, I should be fixing that eventually.