Open DavyLandman opened 6 years ago
Hmm, probably. If you add an IPv6 entry, an IPv6 DNS server will be added to the system, and DNS66 will forward any requests for that DNS server. I'd hope that it would time out and retry with IPv4 and blacklist the IPv6 server, but maybe I'm missing a catch. If you get a logcat, I can say more.
I'll try to catch one in the coming days.
05-14 10:10:55.387 8065 7270 D AdVpnThread: doOne: Polling 9 file descriptors
05-14 10:10:56.211 8065 7270 D AdVpnThread: Read from device
05-14 10:10:56.212 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 76
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: handleDnsRequest: Discarding unknown packet type [IPv6 Hop-by-Hop Options Header (6 bytes)]
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Next Header: 58 (ICMPv6)
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Hdr Ext Len: 0 (8 [bytes])
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Options:
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: [Option Type: 0x05 (Router Alert)] [Option Data Len: 2 bytes] [Option Data: 0x0000]
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: [ICMPv6 Common Header (4 bytes)]
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Type: 1 (Destination Unreachable)
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Code: 0 (no route to destination)
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Checksum: 0x8f00
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: [ICMPv6 Destination Unreachable Header (4 bytes)]
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Unused: 1871314944
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: [Illegal Packet (22 bytes)]
05-14 10:10:56.214 8065 7270 I DnsPacketProxy: Hex stream: 00 01 04 00 00 00 ff 02 00 00 00 00 00 00 00 00 00 01 ff 00 00 00
05-14 10:10:56.214 8065 7270 D AdVpnThread: doOne: Polling 9 file descriptors
05-14 10:10:56.313 8065 7270 D AdVpnThread: Read from device
05-14 10:10:56.314 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 61
05-14 10:10:56.314 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.314 8065 7270 I DnsPacketProxy: handleDnsRequest: DNS Name uephlrtjstjobpa Allowed, sending to /9.9.9.9
05-14 10:10:56.317 8065 7270 D AdVpnThread: doOne: Polling 10 file descriptors
05-14 10:10:56.318 8065 7270 D AdVpnThread: Read from device
05-14 10:10:56.318 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 59
05-14 10:10:56.319 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.319 8065 7270 I DnsPacketProxy: handleDnsRequest: DNS Name mpcrfpwjpvlrb Allowed, sending to /9.9.9.9
05-14 10:10:56.320 8065 7270 D AdVpnThread: doOne: Polling 11 file descriptors
05-14 10:10:56.322 8065 7270 D AdVpnThread: Read from device
05-14 10:10:56.323 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 53
05-14 10:10:56.323 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.2 AKA 0 AKA /9.9.9.9
05-14 10:10:56.323 8065 7270 I DnsPacketProxy: handleDnsRequest: DNS Name ogxwegb Allowed, sending to /9.9.9.9
05-14 10:10:56.325 8065 7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:10:57.329 8065 7270 D VpnWatchDog: handleTimeout: Milliseconds elapsed between last receive and sent: 1526285456323
05-14 10:10:57.329 8065 7270 D VpnWatchDog: sendPacket: Sending packet, poll timeout is 4000
05-14 10:10:57.331 8065 7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:10:57.332 8065 7270 D AdVpnThread: Read from device
05-14 10:10:57.332 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 28
05-14 10:10:57.332 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 192.0.2.6 AKA 4 AKA /192.16.191.8
05-14 10:10:57.333 8065 7270 I DnsPacketProxy: handleDnsRequest: Sending UDP packet without payload: [UDP Header (8 bytes)]
05-14 10:10:57.333 8065 7270 I DnsPacketProxy: Source port: 40825 (unknown)
05-14 10:10:57.333 8065 7270 I DnsPacketProxy: Destination port: 53 (Domain Name Server)
05-14 10:10:57.333 8065 7270 I DnsPacketProxy: Length: 8 [bytes]
05-14 10:10:57.333 8065 7270 I DnsPacketProxy: Checksum: 0xdc27
05-14 10:10:57.334 8065 7270 D AdVpnThread: doOne: Polling 12 file descriptors
05-14 10:11:00.393 8065 7270 D AdVpnThread: Read from device
05-14 10:11:00.393 8065 7270 D VpnWatchDog: handlePacket: Received packet of length 85
05-14 10:11:00.394 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 2001:db8::3 AKA 1 AKA /2620:fe::fe
05-14 10:11:00.394 8065 7270 I DnsPacketProxy: handleDnsRequest: DNS Name clients3.google.com Allowed, sending to /2620:fe::fe
05-14 10:11:00.408 694 708 D NetlinkEvent: Unknown ifindex 86 in RTM_DELADDR
05-14 10:11:00.413 1137 1137 W android.fg: type=1400 audit(0.0:7571): avc: denied { sys_module } for capability=16 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability permissive=0
05-14 10:11:00.426 1137 1172 D Vpn : setting state=DISCONNECTED, reason=agentDisconnect
05-14 10:11:00.426 1137 1593 D ConnectivityService: NetworkAgentInfo [VPN () - 187] EVENT_NETWORK_INFO_CHANGED, going from CONNECTED to DISCONNECTED
05-14 10:11:00.426 1137 1593 D VPN : NetworkAgent: NetworkAgent channel lost
05-14 10:11:00.426 1137 1593 D ConnectivityService: NetworkAgentInfo [VPN () - 187] got DISCONNECTED, was satisfying 1
05-14 10:11:00.457 8065 7270 W AdVpnThread: Network exception in vpn thread, ignoring and reconnecting
05-14 10:11:00.457 8065 7270 W AdVpnThread: org.jak_linux.dns66.vpn.AdVpnThread$VpnNetworkException: Cannot send message:
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.forwardPacket(AdVpnThread.java:341)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.DnsPacketProxy.handleDnsRequest(DnsPacketProxy.java:190)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.readPacketFromDevice(AdVpnThread.java:319)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.doOne(AdVpnThread.java:284)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.runVpn(AdVpnThread.java:220)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.run(AdVpnThread.java:157)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at java.lang.Thread.run(Thread.java:764)
05-14 10:11:00.457 8065 7270 W AdVpnThread: Caused by: java.io.IOException: sendto failed: ENETUNREACH (Network is unreachable)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.IoBridge.maybeThrowAfterSendto(IoBridge.java:603)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.IoBridge.sendto(IoBridge.java:571)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at java.net.PlainDatagramSocketImpl.send(PlainDatagramSocketImpl.java:124)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at java.net.DatagramSocket.send(DatagramSocket.java:721)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at org.jak_linux.dns66.vpn.AdVpnThread.forwardPacket(AdVpnThread.java:330)
05-14 10:11:00.457 8065 7270 W AdVpnThread: ... 6 more
05-14 10:11:00.457 8065 7270 W AdVpnThread: Caused by: android.system.ErrnoException: sendto failed: ENETUNREACH (Network is unreachable)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.Linux.sendtoBytes(Native Method)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.Linux.sendto(Linux.java:227)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.BlockGuardOs.sendto(BlockGuardOs.java:304)
05-14 10:11:00.457 8065 7270 W AdVpnThread: at libcore.io.IoBridge.sendto(IoBridge.java:569)
05-14 10:11:00.457 8065 7270 W AdVpnThread: ... 9 more
05-14 10:11:00.457 8065 7270 I AdVpnThread: Retrying to connect in 10seconds...
05-14 10:11:00.459 1137 1593 I WifiService: getConnectionInfo uid=1000
I think this is part of the android framework detecting what kind of network connection it's on? It tries to do some dns resolves?
The device is a stock pixel 2.
I think this is causing it:
05-14 10:11:00.394 8065 7270 D DnsPacketProxy: handleDnsRequest: Incoming packet to 2001:db8::3 AKA 1 AKA /2620:fe::fe
05-14 10:11:00.394 8065 7270 I DnsPacketProxy: handleDnsRequest: DNS Name clients3.google.com Allowed, sending to /2620:fe::fe
There is no way to send something to a ipv6 dns resolver in case there is only a ipv4 network.
Oh, I should be fixing that eventually.
So, after adding a custom ipv6 dns entry, the proxy started crashing when I was not on a network with a ipv6 IP address.
I fixed it by disabling ipv6 altogether, but that's a pity for the networks that do have ipv6.
So I'm guessing some extra checks might be required around this logic?