Does Redroid support Android's VPN APIs?

asafe199 commented 11 months ago

Describe the bug Hi, I'm using Http toolkit to intercept requests and I'm facing a issue. I reported to Http toolkit team because I'm not able to intercept, but I would like to check with you.

After I reported, I saw this comment and this is my docker compose.

version: "3"
services:
  redroid:
    image: redroid/redroid:11.0.0-latest
    stdin_open: true
    tty: true
    privileged: true
    ports:
      - "5555:5555"
    volumes:
      - ./data:/data
      - /dev/net/tun:/dev/tun
    command:
      # Enable GPU hardware acceleration.
      - androidboot.redroid_gpu_mode=auto
      # libndk related parameters
#      - ro.product.cpu.abilist0=x86_64,arm64-v8a,x86,armeabi-v7a,armeabi
#      - ro.product.cpu.abilist64=x86_64,arm64-v8a
#      - ro.product.cpu.abilist32=x86,armeabi-v7a,armeabi
#      - ro.dalvik.vm.isa.arm=x86
#      - ro.dalvik.vm.isa.arm64=x86_64
#      - ro.enable.native.bridge.exec=1
#      - ro.dalvik.vm.native.bridge=libndk_translation.so
#      - ro.ndk_translation.version=0.2.2
#    cap_add:
#      - NET_ADMIN
#      - NET_RAW
#    sysctls:
#      - net.ipv6.conf.all.disable_ipv6=0

volumes:
  data:

OS: Ubuntu 20.04.6 LTS - x64

make sure the required kernel modules present

grep binder /proc/filesystems nodev binder
grep ashmem /proc/misc 59 ashmem

collect debug logs curl -fsSL https://raw.githubusercontent.com/remote-android/redroid-doc/master/debug.sh | sudo bash -s -- [CONTAINER] omit CONTAINER if not exist any more.

Screenshots

11-29 18:17:33.833  2131  2131 I tech.httptoolkit.android.MainActivity: Connecting to VPN from URL: https://android.httptoolkit.tech/connect/?data=eyJhZGRyZXNzZXMiOlsiMTAuMC4yLjIiLCIxMC4wLjMuMiIsIjE5Mi4xNjguMS4xMiJdLCJwb3J0Ijo4MDAxLCJsb2NhbFR1bm5lbFBvcnQiOjgwMDEsImNlcnRGaW5nZXJwcmludCI6InpBTDIvRkt6aUZuM1RhcE8xZE43alZLYXU4dGdHcmlaYXpmN0NVcGphbEE9In0=
11-29 18:17:33.833  2131  2169 D tech.httptoolkit.android.ProxySetup: URL data is {"addresses":["10.0.2.2","10.0.3.2","192.168.1.12"],"port":8001,"localTunnelPort":8001,"certFingerprint":"zAL2/FKziFn3TapO1dN7jVKau8tgGriZazf7CUpjalA="}
11-29 18:17:33.841  2113  2113 D app_process: Time zone APEX ICU file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
11-29 18:17:33.841  2113  2113 D app_process: I18n APEX ICU file found: /apex/com.android.i18n/etc/icu/icudt66l.dat
11-29 18:17:33.843  2113  2113 W app_process: Unexpected CPU variant for X86 using defaults: x86_64
11-29 18:17:33.844  2113  2113 I app_process: The ClassLoaderContext is a special shared library.
11-29 18:17:33.849  2113  2113 W app_process: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
11-29 18:17:33.851  2113  2113 D AndroidRuntime: Calling main entry com.android.commands.input.Input
11-29 18:17:33.853  2113  2113 D AndroidRuntime: Shutting down VM
11-29 18:17:33.896    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.configstore@1.0::ISurfaceFlingerConfigs/default in either framework or device manifest.
11-29 18:17:34.090    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@4.0::IMapper/default in either framework or device manifest.
11-29 18:17:34.090  2131  2163 I Gralloc4: mapper 4.x is not supported
11-29 18:17:34.090    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@3.0::IMapper/default in either framework or device manifest.
11-29 18:17:34.091  2131  2163 W Gralloc3: mapper 3.x is not supported
11-29 18:17:34.091    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@4.0::IMapper/default in either framework or device manifest.
11-29 18:17:34.096    82  1746 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10116 pid=2131
11-29 18:17:34.096    82  1746 D PermissionCache: checking android.permission.ACCESS_SURFACE_FLINGER for uid=10116 => denied (136 us)
11-29 18:17:34.097   225   279 I ActivityTaskManager: Displayed tech.httptoolkit.android.v1/tech.httptoolkit.android.MainActivity: +396ms
11-29 18:17:34.225  2131  2169 V tech.httptoolkit.android (kotlinx.coroutines.SupervisorCoroutine): Validating proxy info ProxyInfo(addresses=[10.0.2.2, 10.0.3.2, 192.168.1.12], port=8001, localTunnelPort=8001, certFingerprint=zAL2/FKziFn3TapO1dN7jVKau8tgGriZazf7CUpjalA=)
11-29 18:17:34.226  2131  2169 V tech.httptoolkit.android (kotlinx.coroutines.SupervisorCoroutine): Proxy tests started
11-29 18:17:34.228  2131  2170 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 10.0.2.2:8001
11-29 18:17:34.228  2131  2171 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 10.0.3.2:8001
11-29 18:17:34.228  2131  2216 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Testing proxy 192.168.1.12:8001
11-29 18:17:36.232  2131  2171 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Error testing proxy address 10.0.3.2: java.net.SocketTimeoutException: failed to connect to /10.0.3.2 (port 8001) from /192.168.208.2 (port 35694) after 2000ms
11-29 18:17:36.232  2131  2170 I tech.httptoolkit.android (kotlinx.coroutines.UndispatchedCoroutine): Error testing proxy address 10.0.2.2: java.net.SocketTimeoutException: failed to connect to /10.0.2.2 (port 8001) from /192.168.208.2 (port 50042) after 2000ms
11-29 18:17:36.233  2131  2170 I tech.httptoolkit.android.MainActivity: Connect to VPN
11-29 18:17:36.234    68    68 D hwcomposer: VSYNC event status:1
11-29 18:17:36.235  2131  2170 I tech.httptoolkit.android.MainActivity: got intent
11-29 18:17:36.287  2131  2170 I tech.httptoolkit.android.ProxySetup: Proxy cert aliases: [system:4f74014f.0]
11-29 18:17:36.287   225   583 I ActivityTaskManager: START u0 {cmp=com.android.vpndialogs/.ConfirmDialog} from uid 10116
11-29 18:17:36.289   225   274 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 10066; state: DISABLED
11-29 18:17:36.289   225   281 D CompatibilityChangeReporter: Compat change id reported: 143937733; UID 10066; state: ENABLED
11-29 18:17:36.293  2131  2131 D tech.httptoolkit.android.MainActivity: onPause
11-29 18:17:36.293   113   113 D Zygote  : Forked child process 2265
11-29 18:17:36.294   225   281 I ActivityManager: Start proc 2265:com.android.vpndialogs/u0a66 for pre-top-activity {com.android.vpndialogs/com.android.vpndialogs.ConfirmDialog}
11-29 18:17:36.295  2265  2265 I Zygote  : seccomp disabled by setenforce 0
11-29 18:17:36.313  2265  2265 W roid.vpndialog: Unexpected CPU variant for X86 using defaults: x86_64
11-29 18:17:36.314   108   127 I adbd    : jdwp connection from 2265
11-29 18:17:36.316   225   605 E SchedPolicy: Failed to find cgroup for tid 2265
11-29 18:17:36.316   225   605 W OomAdjuster: Fallback pre-set sched group to default: java.lang.RuntimeException: Unknown error
11-29 18:17:36.319  2265  2265 I roid.vpndialog: The ClassLoaderContext is a special shared library.
11-29 18:17:36.321  2265  2265 D NetworkSecurityConfig: No Network Security Config specified, using platform default
11-29 18:17:36.324   225   605 E AppOps  : noteOperation
11-29 18:17:36.324   225   605 E AppOps  : java.lang.SecurityException: Specified package tech.httptoolkit.android.v1 under uid 10066 but it is really 10116
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3945)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.appop.AppOpsService.noteOperationUnchecked(AppOpsService.java:3089)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.appop.AppOpsService.noteOperationImpl(AppOpsService.java:3077)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.appop.AppOpsService.noteOperation(AppOpsService.java:3060)
11-29 18:17:36.324   225   605 E AppOps  :  at android.app.AppOpsManager.noteOpNoThrow(AppOpsManager.java:7452)
11-29 18:17:36.324   225   605 E AppOps  :  at android.app.AppOpsManager.noteOpNoThrow(AppOpsManager.java:7398)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.connectivity.Vpn.doesPackageHaveAppop(Vpn.java:1087)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.connectivity.Vpn.isVpnServicePreConsented(Vpn.java:1092)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.connectivity.Vpn.isVpnPreConsented(Vpn.java:1074)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.connectivity.Vpn.prepare(Vpn.java:928)
11-29 18:17:36.324   225   605 E AppOps  :  at com.android.server.ConnectivityService.prepareVpn(ConnectivityService.java:4524)
11-29 18:17:36.324   225   605 E AppOps  :  at android.net.IConnectivityManager$Stub.onTransact(IConnectivityManager.java:1166)
11-29 18:17:36.324   225   605 E AppOps  :  at android.os.Binder.execTransactInternal(Binder.java:1154)
11-29 18:17:36.324   225   605 E AppOps  :  at android.os.Binder.execTransact(Binder.java:1123)
11-29 18:17:36.321  2265  2265 D NetworkSecurityConfig: No Network Security Config specified, using platform default
11-29 18:17:36.362    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.configstore@1.0::ISurfaceFlingerConfigs/default in either framework or device manifest.
11-29 18:17:36.591    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@4.0::IMapper/default in either framework or device manifest.
11-29 18:17:36.592  2265  2290 I Gralloc4: mapper 4.x is not supported
11-29 18:17:36.592    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@3.0::IMapper/default in either framework or device manifest.
11-29 18:17:36.592  2265  2290 W Gralloc3: mapper 3.x is not supported
11-29 18:17:36.592    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@4.0::IMapper/default in either framework or device manifest.
11-29 18:17:36.597    82  1746 W ServiceManager: Permission failure: android.permission.ACCESS_SURFACE_FLINGER from uid=10066 pid=2265
11-29 18:17:36.597    82  1746 D PermissionCache: checking android.permission.ACCESS_SURFACE_FLINGER for uid=10066 => denied (100 us)
11-29 18:17:36.597   225   279 I ActivityTaskManager: Displayed com.android.vpndialogs/.ConfirmDialog: +309ms
11-29 18:17:36.622    68    68 D hwcomposer: VSYNC event status:0
11-29 18:17:36.744   225  1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:36.746   225  1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:36.758    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:36.890    82    82 I chatty  : uid=1000(system) /system/bin/surfaceflinger identical 2 lines
11-29 18:17:36.958    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:37.285   225  1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:37.288   225  1094 E TaskPersister: File error accessing recents directory (directory doesn't exist?).
11-29 18:17:37.288   225  1094 I chatty  : uid=1000(system) LazyTaskWriterT identical 2 lines
11-29 18:17:37.288   225  1094 E SchedPolicy: Failed to find cgroup for tid 225
11-29 18:17:37.957    68    68 D hwcomposer: VSYNC event status:1
11-29 18:17:38.051   701   948 E TcpSocketTracker: Expect to get family 10 SOCK_DIAG_BY_FAMILY message but get 2
11-29 18:17:38.052   701   948 E TcpSocketTracker: Expect to get family 2 SOCK_DIAG_BY_FAMILY message but get 2
11-29 18:17:38.091    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.224    82    82 I chatty  : uid=1000(system) /system/bin/surfaceflinger identical 2 lines
11-29 18:17:38.290    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.356    68    68 D hwcomposer: VSYNC event status:0
11-29 18:17:38.357    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:38.470  2078  2103 I tatementservic: Waiting for a blocking GC ProfileSaver
11-29 18:17:38.475  2078  2103 I tatementservic: Waiting for a blocking GC ProfileSaver
11-29 18:17:39.026   225  1729 I Vpn     : Switched from [Legacy VPN] to tech.httptoolkit.android.v1
11-29 18:17:39.027   225  1729 D Vpn     : setting state=IDLE, reason=prepare
11-29 18:17:39.029    82   107 D PermissionCache: checking android.permission.READ_FRAME_BUFFER for uid=1000 => granted (206 us)
11-29 18:17:39.041    21    21 I hwservicemanager: getTransport: Cannot find entry android.hardware.graphics.mapper@4.0::IMapper/default in either framework or device manifest.
11-29 18:17:39.090    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.157    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.159  2131  2131 I tech.httptoolkit.android.MainActivity: onActivityResult: start-vpn - result: ok
11-29 18:17:39.159  2131  2131 I tech.httptoolkit.android.MainActivity: Installing cert...
11-29 18:17:39.161  2265  2290 D OpenGLRenderer: endAllActiveAnimators on 0x79525e1c3c60 (RippleDrawable) with handle 0x79517e204d50
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.ProxySetup: Proxy cert aliases: [system:4f74014f.0]
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: Certificate already trusted, continuing
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: onActivityResult: install-cert - result: ok
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: Cert installed, checking notification perms...
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: onActivityResult: enable-notifications - result: ok
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: Notifications OK, starting VPN...
11-29 18:17:39.209  2131  2131 I tech.httptoolkit.android.MainActivity: Starting VPN
11-29 18:17:39.215  2131  2131 D tech.httptoolkit.android.MainActivity: onResume
11-29 18:17:39.216  2131  2131 I tech.httptoolkit.android.ProxyVpnService: onStartCommand called
11-29 18:17:39.216  2131  2131 I tech.httptoolkit.android.ProxyVpnService: tech.httptoolkit.android.START_VPN_ACTION
11-29 18:17:39.220   225  1729 D VpnJni  : Address added on tun0: 169.254.61.43/32
11-29 18:17:39.220   225   271 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: false
11-29 18:17:39.220   225   271 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: true
11-29 18:17:39.221   225  1729 D Vpn     : setting state=CONNECTING, reason=establish
11-29 18:17:39.221   225  1729 D ConnectivityService: registerNetworkAgent NetworkAgentInfo{ ni{[type: VPN[], state: CONNECTING/CONNECTING, reason: (unspecified), extra: (none), failover: false, available: false, roaming: false]}  network{101}  nethandle{437197393933}  lp{{InterfaceName: tun0 LinkAddresses: [ 169.254.61.43/32 ] DnsAddresses: [ ] Domains:  MTU: 1500 Routes: [ 0.0.0.0/0 -> 0.0.0.0 tun0 mtu 0,::/0 unreachable mtu 0,169.254.61.43/32 -> 0.0.0.0 tun0 mtu 0 ] HttpProxy: [192.168.1.12] 8001}}  nc{[ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_ROAMING&FOREGROUND&NOT_SUSPENDED Uids: <{0-10115, 10117-99999}> OwnerUid: 10116 RequestorUid: -1 RequestorPackageName: null]}  Score{101}  everValidated{false}  lastValidated{false}  created{false} lingering{false} explicitlySelected{false} acceptUnvalidated{false} everCaptivePortalDetected{false} lastCaptivePortalDetected{false} partialConnectivity{false} acceptPartialConnectivity{false} clat{mBaseIface: null, mIface: null, mState: IDLE} }
11-29 18:17:39.221   225  1729 D Vpn     : setting state=CONNECTED, reason=agentConnect
11-29 18:17:39.221   225  1729 I Vpn     : Established by tech.httptoolkit.android.v1 on tun0
11-29 18:17:39.221  2131  2131 I tech.httptoolkit.android.HttpToolkitApplication: Saving proxy config
11-29 18:17:39.224    82    82 E CompositionEngine: [Dim Layer for - Task=8#0] Invalid device requested composition type change: SOLID_COLOR (3) --> DEVICE (2)
11-29 18:17:39.229   225   410 D ConnectivityService: [101 VPN] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTING
11-29 18:17:39.229   225   410 D ConnectivityService: NetReassign [no changes]
11-29 18:17:39.229   135   646 E Netd    : Failed to dump IPv4 sockets for UID: No such file or directory
11-29 18:17:39.229   135   646 E Netd    : Failed to close sockets while adding UidRanges{ 0-10115 10117-99999 } to network 101: No such file or directory
11-29 18:17:39.229   135   646 E Netd    : getIfIndex: cannot find interface tun0
11-29 18:17:39.230   225   410 E PermissionMonitor: Exception when updating permissions: 
11-29 18:17:39.230   225   410 E PermissionMonitor: android.os.ServiceSpecificException: [Invalid argument] : Interface rule must specify interface (code 22)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Parcel.createExceptionOrNull(Parcel.java:2387)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Parcel.createException(Parcel.java:2357)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Parcel.readException(Parcel.java:2340)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Parcel.readException(Parcel.java:2282)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.net.INetd$Stub$Proxy.firewallAddUidInterfaceRules(INetd.java:3615)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.connectivity.PermissionMonitor.updateVpnUids(PermissionMonitor.java:579)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.connectivity.PermissionMonitor.onVpnUidRangesAdded(PermissionMonitor.java:494)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.ConnectivityService.updateUids(ConnectivityService.java:6511)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.ConnectivityService.handleRegisterNetworkAgent(ConnectivityService.java:5983)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.ConnectivityService.access$4900(ConnectivityService.java:258)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at com.android.server.ConnectivityService$InternalHandler.handleMessage(ConnectivityService.java:4124)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Handler.dispatchMessage(Handler.java:106)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.Looper.loop(Looper.java:223)
11-29 18:17:39.230   225   410 E PermissionMonitor:     at android.os.HandlerThread.run(HandlerThread.java:67)
11-29 18:17:39.230   225   410 D ConnectivityService: [101 ETHERNET|VPN] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTED
11-29 18:17:39.230   225   410 W DnsManager: updatePrivateDns(101, PrivateDnsConfig{true:/[]})
11-29 18:17:39.230   225   410 D ConnectivityService: Setting DNS servers for network 101 to []
11-29 18:17:39.230   225   410 D DnsManager: sendDnsConfigurationForNetwork(101, [], [], 1800, 25, 8, 64, 0, 0, , [])
11-29 18:17:39.230   225   410 D ConnectivityService: Adding iface tun0 to network 101
11-29 18:17:39.231   135   646 W IptablesRestoreController: iptables-restore process 965 terminated status=512
11-29 18:17:39.231   135   646 E IptablesRestoreController: iptables error:
11-29 18:17:39.231   135   646 E IptablesRestoreController: ------- COMMAND -------
11-29 18:17:39.231   135   646 E IptablesRestoreController: *mangle
11-29 18:17:39.231   135   646 E IptablesRestoreController: -A routectrl_mangle_INPUT -i tun0 -j MARK --set-mark 0x30065/0xffefffff
11-29 18:17:39.231   135   646 E IptablesRestoreController: COMMIT
11-29 18:17:39.231   135   646 E IptablesRestoreController: 
11-29 18:17:39.231   135   646 E IptablesRestoreController: -------  ERROR -------
11-29 18:17:39.231   135   646 E IptablesRestoreController: iptables-restore v1.8.4 (legacy): unknown option "--set-mark"
11-29 18:17:39.231   135   646 E IptablesRestoreController: Error occurred at line: 18
11-29 18:17:39.231   135   646 E IptablesRestoreController: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
11-29 18:17:39.231   135   646 E IptablesRestoreController: ----------------------
11-29 18:17:39.231   135   646 W IptablesRestoreController: iptables-restore process 967 terminated status=512
11-29 18:17:39.231   135   646 E IptablesRestoreController: iptables error:
11-29 18:17:39.231   135   646 E IptablesRestoreController: ------- COMMAND -------
11-29 18:17:39.231   135   646 E IptablesRestoreController: *mangle
11-29 18:17:39.231   135   646 E IptablesRestoreController: -A routectrl_mangle_INPUT -i tun0 -j MARK --set-mark 0x30065/0xffefffff
11-29 18:17:39.231   135   646 E IptablesRestoreController: COMMIT
11-29 18:17:39.231   135   646 E IptablesRestoreController: 
11-29 18:17:39.231   135   646 E IptablesRestoreController: -------  ERROR -------
11-29 18:17:39.231   135   646 E IptablesRestoreController: ip6tables-restore v1.8.4 (legacy): unknown option "--set-mark"
11-29 18:17:39.231   135   646 E IptablesRestoreController: Error occurred at line: 18
11-29 18:17:39.231   135   646 E IptablesRestoreController: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
11-29 18:17:39.231   135   646 E IptablesRestoreController: ----------------------

zhouziyang commented 11 months ago

According to #495 VPN should worked in redroid. Note: should not take all traffics, otherwise adb connection will be failed.

ssaroyan commented 9 months ago

According to #495 VPN should worked in redroid. Note: should not take all traffics, otherwise adb connection will be failed.

Hello. I'm looking for a way to still be able to connect to adb when the VPN is connected. I checked all the routes inside the container and found out that all the routing is done by policy base. A view of the ip rule list command in the state where vpn is connected is shown below. I am looking for a way to mark packets that come from source port and to destination port 5555. But there is no mangle table and I cannot use the command -p tcp --sport 5555 -j MARK --set-mark 0x1 in the table filter. Do you know a way to mark these packets?

34161f261304:/ # ip rule list 0: from all lookup local 10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system 10500: from all iif lo oif eth0 uidrange 0-0 lookup eth0 11000: from all iif tun0 lookup local_network 12000: from all fwmark 0x0/0x20000 iif lo uidrange 1000-1000 lookup tun0 12000: from all fwmark 0x0/0x20000 iif lo uidrange 10064-10064 lookup tun0 12000: from all fwmark 0x0/0x20000 iif lo uidrange 10116-10116 lookup tun0 12000: from all fwmark 0xc0067/0xcffff lookup tun0 13000: from all fwmark 0x10063/0x1ffff iif lo lookup local_network 13000: from all fwmark 0x10064/0x1ffff iif lo lookup eth0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 1000-1000 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 10064-10064 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 10116-10116 lookup tun0 13000: from all fwmark 0x10067/0x1ffff iif lo uidrange 0-0 lookup tun0 14000: from all iif lo oif eth0 lookup eth0 14000: from all iif lo oif tun0 uidrange 1000-1000 lookup tun0 14000: from all iif lo oif tun0 uidrange 10064-10064 lookup tun0 14000: from all iif lo oif tun0 uidrange 10116-10116 lookup tun0 15000: from all fwmark 0x0/0x10000 lookup legacy_system 16000: from all fwmark 0x0/0x10000 lookup legacy_network 17000: from all fwmark 0x0/0x10000 lookup local_network 19000: from all fwmark 0x64/0x1ffff iif lo lookup eth0 21000: from all fwmark 0x67/0xffff lookup eth0 22000: from all fwmark 0x0/0xffff iif lo lookup eth0 32000: from all unreachable

thank you

zhouziyang commented 9 months ago

Should be aware that all networking stuffs (like ip route, ip rule) are managed by netd, and possible your manual changes will be flushed if netd restarted / reconfigured.

How about enforce adbd to bind eth0 with SO_BINDTODEVICE?

remote-android / redroid-doc

Does Redroid support Android's VPN APIs? #521