Fix tun_android.Read() method (#23)

Task/Issue URL: https://app.asana.com/0/488551667048375/1204810793215818/f ### Description In PR #22 we updated wireguard-go library to its latest version. Wireguard works properly, but we didn't make a proper AppTP integration. This PR fixes this ### Steps to test this PR - [x] from this branch, publish the library to maven local ie. `./gradlew clean assemble publishToMavenLocal` - [x] In the DDG android app apply the following path ```diff Subject: [PATCH] Maven local use --- Index: build.gradle IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== diff --git a/build.gradle b/build.gradle --- a/build.gradle (revision d11f7491d7ab4b27223fd352f83c26be403e79ed) +++ b/build.gradle (revision 3b1fe446b5d33e4d8a7f400137134ea0b5a797d7) @@ -40,6 +40,7 @@ repositories { google() mavenCentral() + mavenLocal() } configurations.all { resolutionStrategy.force 'org.objenesis:objenesis:2.6' Index: versions.properties IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>ISO-8859-1 =================================================================== diff --git a/versions.properties b/versions.properties --- a/versions.properties (revision d11f7491d7ab4b27223fd352f83c26be403e79ed) +++ b/versions.properties (revision 3b1fe446b5d33e4d8a7f400137134ea0b5a797d7) @@ -55,7 +55,7 @@ version.com.android.installreferrer..installreferrer=2.2 -version.com.duckduckgo.netguard..netguard-android=1.6.0 +version.com.duckduckgo.netguard..netguard-android=1.7.0-SNAPSHOT version.com.duckduckgo.synccrypto..sync-crypto-android=0.3.0 ``` - [x] build DDG app - [x] smoke testing with AppTP/NetP ON/OFF, OFF/ON, ON/ON and OFF/OFF (make sure trackers are blocked in all cases)
duckduckgo · Jun 13, 2023 · a95d985 · a95d985
1 parent 8f5d7c1
commit a95d985
Showing 1 changed file with 35 additions and 30 deletions.
diff --git a/src/wireguard/tun_android.go b/src/wireguard/tun_android.go
@@ -68,39 +68,44 @@ func (tunWrapper *NativeTunWrapper) Flush() error {
     return nil
 }
 
+// tunWrapper.nativeTun.Read() Reads one or more packets from the Device (without any additional headers).
+// On a successful read it returns the number of packets read, and sets
+// packet lengths within the sizes slice. len(sizes) must be >= len(bufs).
+// A nonzero offset can be used to instruct the Device on where to begin
+// reading into each element of the bufs slice.
 func (tunWrapper *NativeTunWrapper) Read(bufs [][]byte, sizes []int, offset int) (int, error) {
-    pktLen, err := tunWrapper.nativeTun.Read(bufs, sizes, offset)
-    var buf []byte
+    n, err := tunWrapper.nativeTun.Read(bufs, sizes, offset)
 
-    if len(bufs) > 0 {
-        buf = bufs[0]
+    tag := cstring("WireGuard/GoBackend/Read")
+
+    if n == 0 {
+        return n, err
     }
 
-    tag := cstring("WireGuard/GoBackend/Read")
-    switch buf[offset] >> 4 {
-        case ipv4.Version:
-            if len(buf) < ipv4.HeaderLen {
-                C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Skipping bad IPv4 pkt"))
-                return pktLen, err
-            }
-
-            // Check if TCP
-            protocol := buf[offset + 9]
-            if protocol != 0x06 {
-                // Skip checking with AppTP since for now we only check TCP connections
-                return pktLen, err
-            }
-
-            allow := int(C.is_pkt_allowed((*C.char)(unsafe.Pointer(&buf[offset])), C.int(pktLen+offset)))
-            if allow == 0 {
-                // Returning 0 blocks the connection since we will not forward this packet
-                C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Blocking connection"))
-                return 0, err
-            }
-
-        // TODO: IPv6
-        default:
-            C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Invalid IP"))
+    for i, buf := range bufs {
+        switch buf[offset] >> 4 {
+            case ipv4.Version:
+                if len(buf) < ipv4.HeaderLen {
+                    C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Skipping bad IPv4 pkt"))
+                    sizes[i] = 0
+                } else {
+                    // Check if TCP
+                    protocol := buf[offset + 9]
+                    if protocol == 0x06 {
+                        // Skip checking with AppTP since for now we only check TCP connections
+                        allow := int(C.is_pkt_allowed((*C.char)(unsafe.Pointer(&buf[offset])), C.int(sizes[i]+offset)))
+                        if allow == 0 {
+                            // Returning 0 blocks the connection since we will not forward this packet
+                            C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Blocking connection"))
+                            sizes[i] = 0
+                        }
+                    }
+                }
+
+            // TODO: IPv6
+            default:
+                C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("Invalid IP"))
+        }
     }
 
     // PCAP recording
@@ -109,7 +114,7 @@ func (tunWrapper *NativeTunWrapper) Read(bufs [][]byte, sizes []int, offset int)
 //         C.__android_log_write(C.ANDROID_LOG_DEBUG, tag, cstring("PCAP packet not written"))
 //     }
 
-    return pktLen, err
+    return n, err
 }
 
 func (tunWrapper *NativeTunWrapper) Events() <-chan tun.Event {