From 1bb08e3b0cbfebfcfb7a9fd13f4f66fc59669a69 Mon Sep 17 00:00:00 2001
From: emanuele-f <black.silver@hotmail.it>
Date: Mon, 8 Feb 2021 00:51:15 +0100
Subject: [PATCH] Reduce probability of sending packets with private IPs

When starting/stopping the VPNService, some packets with internal IP
addresses 10.215.173.1 and 10.215.173.2 may be sent over the LAN.
Based on trial and error, this patch reduces such events. In
particular we can see:

- At startup, DNS queries with internal DNS server 10.215.173.2
- At shutdown, some packets with source IP 10.215.173.1

The shutdown issue is more frequent when stopping the VPN from the
android VPN settings. This also happens with other VPN apps.
---
 .../emanuelef/remote_capture/CaptureService.java    | 13 ++++++++++++-
 app/src/main/jni/vpnproxy-jni/vpnproxy.c            |  7 +++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
index 5874a092..47d8d7c3 100644
--- a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
@@ -205,6 +205,17 @@ public class CaptureService extends VpnService implements Runnable {
     private void stop() {
         stopPacketLoop();
 
+        while((mThread != null) && (mThread.isAlive())) {
+            try {
+                Log.d(TAG, "Joining native thread...");
+                mThread.join();
+            } catch (InterruptedException e) {
+                Log.e(TAG, "Joining native thread failed");
+            }
+        }
+
+        mThread = null;
+
         if(mParcelFileDescriptor != null) {
             try {
                 mParcelFileDescriptor.close();
@@ -258,7 +269,7 @@ public class CaptureService extends VpnService implements Runnable {
     @Override
     public void run() {
         if(mParcelFileDescriptor != null) {
-            int fd = mParcelFileDescriptor.detachFd();
+            int fd = mParcelFileDescriptor.getFd();
 
             if(fd > 0)
                 runPacketLoop(fd, this, Build.VERSION.SDK_INT);
diff --git a/app/src/main/jni/vpnproxy-jni/vpnproxy.c b/app/src/main/jni/vpnproxy-jni/vpnproxy.c
index ed621785..3b995c26 100644
--- a/app/src/main/jni/vpnproxy-jni/vpnproxy.c
+++ b/app/src/main/jni/vpnproxy-jni/vpnproxy.c
@@ -976,7 +976,11 @@ static int run_tun(JNIEnv *env, jclass vpn, int tapfd, jint sdk) {
                     goto housekeeping;
                 }
 
-                check_dns_req_dnat(&proxy, &pkt, conn);
+                if((check_dns_req_dnat(&proxy, &pkt, conn) == 0)
+                        && (pkt.tuple.dst_ip == proxy.vpn_dns)) {
+                    log_android(ANDROID_LOG_DEBUG, "ignoring packet directed to the virtual DNS server");
+                    goto housekeeping;
+                }
 
                 if(proxy.tls_decryption.enabled)
                     check_tls_mitm(tun, &proxy, &pkt, conn);
@@ -1065,7 +1069,6 @@ Java_com_emanuelef_remote_1capture_CaptureService_runPacketLoop(JNIEnv *env, jcl
                                                               jobject vpn, jint sdk) {
 
     run_tun(env, vpn, tapfd, sdk);
-    close(tapfd);
 }
 
 JNIEXPORT void JNICALL