Geek Answers Handbook

Writing to VpnService output stream does not give a response

My application implements VpnService to intercept network traffic and provide individual responses. The goal is to process traffic at specific addresses and drop other requests.

Currently, I will be able to parse incoming requests and build and send responses. The problem, however, is that these responses do not arrive as an actual response to the original request; socket testing is simply disabled.

To make this distinction, I now parse the source IP packets from the VpnService input stream as follows:

VpnService.Builder b = new VpnService.Builder();
b.addAddress("10.2.3.4", 28);
b.addRoute("0.0.0.0", 0);
b.setMtu(1500);
...
ParcelFileDescriptor vpnInterface = b.establish();
final FileInputStream in = new FileInputStream(
        vpnInterface.getFileDescriptor());
final FileOutputStream out = new FileOutputStream(
        vpnInterface.getFileDescriptor());

// Allocate the buffer for a single packet.
ByteBuffer packet = ByteBuffer.allocate(32767);

// We keep forwarding packets till something goes wrong.
try {
    while (vpnInterface != null && vpnInterface.getFileDescriptor() != null
            && vpnInterface.getFileDescriptor().valid()) {
        packet.clear();
        SystemClock.sleep(10);
        // Read the outgoing packet from the input stream.
        final byte[] data = packet.array();
        int length = in.read(data);
        if (length > 0) {
            packet.limit(length);
        /*
         1. Parse the TCP/UDP header
         2. Create an own socket with the same src/dest port/ip
         3. Use protect() on this socket so it not routed over tun0
         4. Send the packet body (excluding the header)
         5. Obtain the response
         6. Add the TCP header to the response and forward it
         */
        final IpDatagram ip = IpDatagram.create(packet);
        ...
    }
}

IpDatagram - , create() IP-, IP, . . IPv4 TCP, , TCP.

IpDatagram IP- ( IP) ( TCP). TCP- (, SYN, ACK PSH) . :

Parsing incoming TCP / IP packet

IpDatagram , :

  • IP ;
  • ;
  • TCP ;
  • TCP HTTP/1.1.

IpDatagram VpnServer:

TcpDatagram tcp = new TcpDatagram(tcpHeader, tcpOptions, tcpBody);
IpDatagram ip = new Ip4Datagram(ipHeader, ipOptions, tcp);
out.write(ip.toBytes());

, , , , - .

TCP / IP response

TCP/IP :

4500003c7de04000400605f10a0203044faa5a3bb9240050858bc52b00000000a00239089a570000020405b40402080a00bfb8cb0000000001030306

TCP/IP :

450000bb30394000800613194faa5a3b0a0203040050b92400a00000858bc52b501820001fab0000485454502f312e3120323030204f4b0a446174653a205475652c203139204e6f7620323031332031323a32333a303320474d540a436f6e74656e742d547970653a20746578742f68746d6c0a436f6e74656e742d4c656e6774683a2031320a457870697265733a205475652c203139204e6f7620323031332031323a32333a303320474d540a0a48656c6c6f20776f726c6421

; IP- , , , .

? , ?

+4
1

TCP/IP TCP:

450000bb30394000800613194faa5a3b0a0203040050b92400a00000858bc52b50182000 1fab0000485454502f312e3120323030204f4b0a446174653a205475652c203139204e6f7620323031332031323a32333a303320474d540a436f6e74656e742d547970653a20746578742f68746d6c0a436f6e74656e742d4c656e6774683a2031320a457870697265733a205475652c203139204e6f7620323031332031323a32333a303320474d540a0a48656c6c6f20776f726c6421

, . , , - , , , , , . VpnService, .

: IP- ( ), TCP- . TCP TCP, :

TCP pseudo-header
(: tcpipguide.com)

:

TCP header checksum

+7

More articles:


All Articles