Reduce probability of sending packets with private IPs

When starting/stopping the VPNService, some packets with internal IP addresses 10.215.173.1 and 10.215.173.2 may be sent over the LAN. Based on trial and error, this patch reduces such events. In particular we can see: - At startup, DNS queries with internal DNS server 10.215.173.2 - At shutdown, some packets with source IP 10.215.173.1 The shutdown issue is more frequent when stopping the VPN from the android VPN settings. This also happens with other VPN apps.
2026-06-16 21:10:57 +08:00 · 2021-02-08 00:51:15 +01:00 · 2021-02-08 00:51:15 +01:00 · 1bb08e3b0c
commit 1bb08e3b0c
parent da531740f3
2 changed files with 17 additions and 3 deletions
--- a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
@ -205,6 +205,17 @@ public class CaptureService extends VpnService implements Runnable {
    private void stop() {
        stopPacketLoop();

+        while((mThread != null) && (mThread.isAlive())) {
+            try {
+                Log.d(TAG, "Joining native thread...");
+                mThread.join();
+            } catch (InterruptedException e) {
+                Log.e(TAG, "Joining native thread failed");
+            }
+        }
+
+        mThread = null;
+
        if(mParcelFileDescriptor != null) {
            try {
                mParcelFileDescriptor.close();
@ -258,7 +269,7 @@ public class CaptureService extends VpnService implements Runnable {
    @Override
    public void run() {
        if(mParcelFileDescriptor != null) {
-            int fd = mParcelFileDescriptor.detachFd();
+            int fd = mParcelFileDescriptor.getFd();

            if(fd > 0)
                runPacketLoop(fd, this, Build.VERSION.SDK_INT);
--- a/app/src/main/jni/vpnproxy-jni/vpnproxy.c
+++ b/app/src/main/jni/vpnproxy-jni/vpnproxy.c
@ -976,7 +976,11 @@ static int run_tun(JNIEnv *env, jclass vpn, int tapfd, jint sdk) {
                    goto housekeeping;
                }

-                check_dns_req_dnat(&proxy, &pkt, conn);
+                if((check_dns_req_dnat(&proxy, &pkt, conn) == 0)
+                        && (pkt.tuple.dst_ip == proxy.vpn_dns)) {
+                    log_android(ANDROID_LOG_DEBUG, "ignoring packet directed to the virtual DNS server");
+                    goto housekeeping;
+                }

                if(proxy.tls_decryption.enabled)
                    check_tls_mitm(tun, &proxy, &pkt, conn);
@ -1065,7 +1069,6 @@ Java_com_emanuelef_remote_1capture_CaptureService_runPacketLoop(JNIEnv *env, jcl
                                                              jobject vpn, jint sdk) {

    run_tun(env, vpn, tapfd, sdk);
-    close(tapfd);
 }

 JNIEXPORT void JNICALL