AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prebuilt binaries for third-party submodules (#252)

Browse source 
* Add prebuilt submodule
* Remove Android native library
* Add links for Android prebuilt library
* Update OpenSSL to prebuilt binaries
* Setup links for prebuilt OpenSSL
* Set correct OpenSSL header dir
* Update prebuilt submodule
* Use static OpenSSL for linux build
* Use prebuilt binary from 3rd-prebuilt for Win installer
* Use prebuilt binary from 3rd-prebuilt for Linux installer
* Use prebuilt binary from 3rd-prebuilt for MacOS installer
* Use Android prebuilt openvpn libs
* Cleanup some unneeded code
* Add new maven repo for gradle-versions-plugin
* Use jitpack version of jsocks
* Fix some unnecessary header copy
* Fix issue with package name of original WG libs
* Change submodule path to https (3rd-prebuilt)
* Fix windows installer
* MacOS deploy fixes
* NetworkChange detection for OpenVPN protocol (#256)
* NetworkChange detection for OpenVPN protocol
* Update android native libs
* Always on VPN mode for OpenVPN, Cloak+OpenVPN
* Set foregroundService type
* Android 14 require to set foregroundServiceType
* Remove unused code and cleanup submodules
* Cleanup gradle build script
* Fix start button status
* Pull OpenSSL prebuilt for MacOS, iOS
* Update links for OpenSSL MacOS, iOS prebuilt
* Update OpenSSL binaries path
* Refactor some OpenSSL includes
* Update MacOS OpenVPN binary with statically linked dependency
* Use prebilt for LibSSH
* Android resources cleanup
* Set static runtime linux
* Use shared LibSSH for Android
* Update SS Android lib name
* Fix Linux install path and file permissions
* Feature/iOS GitHub actions (#265)
* Move Android cpp code to openvpn-pt-android repo
* Remove unused OpenVPN2 Android Libs
* Cleanup Gemfile

---------

Co-authored-by: Mazay B <pokamest@gmail.com>
This commit is contained in:
Mykola Baibuz 2023-08-04 20:35:43 +03:00 committed by GitHub
parent 9bd8c774ab
commit f58a16ca9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
327 changed files with 500 additions and 45808 deletions
Download patch file Download diff file Expand all files Collapse all files

3
client/android/AndroidManifest.xml
View file

@ -12,6 +12,7 @@
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE" />
<!-- Enable when VPN-per-app mode will be implemented -->
<!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->
@ -133,6 +134,7 @@
android:name=".VPNService"
android:process=":QtOnlyProcess"
android:permission="android.permission.BIND_VPN_SERVICE"
android:foregroundServiceType="connectedDevice"
android:exported="true">
<meta-data android:name="android.app.lib_name" android:value="-- %%INSERT_APP_LIB_NAME%% --"/>
@ -144,6 +146,7 @@
<service
android:name=".qt.VPNPermissionHelper"
android:permission="android.permission.BIND_VPN_SERVICE"
android:foregroundServiceType="connectedDevice"
android:exported="true">
<meta-data android:name="android.app.lib_name" android:value="-- %%INSERT_APP_LIB_NAME%% --"/>
</service>

42
client/android/build.gradle
View file

@ -19,6 +19,7 @@ buildscript {
google()
jcenter()
mavenCentral()
maven { url = uri("https://jitpack.io") }
}
dependencies {
@ -137,7 +138,7 @@ android {
resConfig "en"
minSdkVersion = 24
targetSdkVersion = 34
versionCode 25 // Change to a higher number
versionCode 26 // Change to a higher number
versionName "3.0.8" // Change to a higher number
javaCompileOptions.annotationProcessorOptions.arguments = [
@ -145,46 +146,7 @@ android {
]
}
buildTypes {
release {
// That would enable treeshaking and remove java code that is just called from qt
minifyEnabled false
externalNativeBuild {
cmake {
version cmakeMinVersion
arguments "-DANDROID_PACKAGE_NAME=${groupName}",
"-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
"-DANDROID_PLATFORM=${minSdkVer}"
}
}
}
debug {
//applicationIdSuffix ".debug"
//versionNameSuffix "-debug"
minifyEnabled false
externalNativeBuild {
cmake {
version cmakeMinVersion
arguments "-DANDROID_PACKAGE_NAME=${groupName}",
"-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
"-DANDROID_PLATFORM=${minSdkVer}"
}
}
}
}
// externalNativeBuild {
// cmake {
// path 'wireguard/CMakeLists.txt'
// }
// }
externalNativeBuild {
cmake {
version cmakeMinVersion
path "${projectDir}/cpp/CMakeLists.txt"
}
}
}

267
client/android/cpp/CMakeLists.txt
View file

@ -1,267 +0,0 @@
cmake_minimum_required(VERSION 3.4.1)
project(AmneziaVPN)
# Git version string
include(GetGitRevisionDescription.cmake)
git_describe(OPENVPN2_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn" "--tags" "--always" "--long")
git_describe(OPENVPN3_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn3" "--tags" "--always" "--long")
message("OpenVPN 2.x version ${OPENVPN2_GIT}")
message("OpenVPN 3.x version ${OPENVPN3_GIT}")
# Set mbedtls options
OPTION(ENABLE_PROGRAMS "" OFF)
OPTION(USE_SHARED_MBEDTLS_LIBRARY "" OFF)
OPTION(ENABLE_TESTING "" OFF)
# Own options
OPTION(OPENVPN2MBED "Use mbed TLS for OpenVPN2" OFF)
OPTION(OPENVPN3OSSL "Use OpenSSL for OpenVPN3" ON)
SET(OPENVPN2MBED OFF)
SET(OPENVPN3OSSL ON)
# STATIC or SHARED
SET(SSLLIBTYPE STATIC)
SET(OPENSSL_PATH "openssl")
set(CMAKE_CXX_STANDARD 17)
#add_subdirectory(lzo)
include(tools.cmake)
include(lzo.cmake)
include(lz4.cmake)
include(openssl/openssl.cmake)
include(cloak.cmake)
if(NOT ${OPENVPN3OSSL} OR ${OPENVPN2MBED})
add_subdirectory(mbedtls)
endif()
FIND_PACKAGE(SWIG 3.0 REQUIRED)
add_custom_command(OUTPUT "ovpncli_wrap.cxx"
COMMAND ${CMAKE_COMMAND} -E make_directory ovpn3
COMMAND ${SWIG_EXECUTABLE} -outdir ovpn3
-c++
-java -package net.openvpn.ovpn3
-outcurrentdir
-DOPENVPN_PLATFORM_ANDROID
-I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
-I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client/ovpncli.i)
link_directories(${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/)
message("${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/"})
set(ovpn3_SRCS
openvpn3/client/ovpncli.cpp
openvpn3/openvpn/openssl/xkey/xkey_provider.c
openvpn3/openvpn/openssl/xkey/xkey_helper.c
ovpncli_wrap.cxx)
add_library(ovpn3 SHARED ${ovpn3_SRCS})
target_include_directories(ovpn3 PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/lzo/include
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
${CMAKE_CURRENT_SOURCE_DIR}/asio/asio/include
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include
)
if (${OPENVPN3OSSL})
target_compile_definitions(ovpn3 PRIVATE
-DUSE_OPENSSL
)
target_link_libraries(ovpn3 crypto ssl lzo lz4 libck-ovpn-plugin)
else ()
target_compile_definitions(ovpn3 PRIVATE
-DUSE_MBEDTLS
)
target_link_libraries(ovpn3 mbedtls mbedx509 mbedcrypto lzo lz4)
endif ()
target_compile_definitions(ovpn3 PRIVATE
-DHAVE_CONFIG_H
-DHAVE_LZO
-DHAVE_LZ4
-DASIO_STANDALONE
-DUSE_ASIO
-DGIT_VERSION_STRING=\"${OPENVPN3_GIT}\"
-DOPENVPN_SHOW_SESSION_TOKEN
-DOPENSSL_API_COMPAT=0x10200000L
-DOPENVPN_ALLOW_INSECURE_CERTPROFILE
-DENABLE_EXTERNAL_PKI
)
#else ()
# message("Not budiling OpenVPN for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
#endif ()
add_library(ovpnutil SHARED ovpnutil/jniglue.c)
target_compile_definitions(ovpnutil PRIVATE -DTARGET_ARCH_ABI=\"${ANDROID_ABI}\"
-DOPENVPN2_GIT_REVISION=\"${OPENVPN2_GIT}\"
-DOPENVPN3_GIT_REVISION=\"${OPENVPN3_GIT}\"
)
target_link_libraries(ovpnutil log)
add_library(rsapss SHARED ovpnutil/rsapss.cpp)
target_link_libraries(rsapss log crypto ssl)
if (NOT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} MATCHES "build/intermediates/cmake/.*skeleton.*/")
add_library(osslspeedtest SHARED ovpnutil/sslspeed.c)
target_link_libraries(osslspeedtest log crypto ssl)
else ()
message("Not budiling SSLSpeedTest for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
endif ()
set(openvpn_srcs
src/compat/compat-basename.c
src/compat/compat-daemon.c
src/compat/compat-dirname.c
src/compat/compat-gettimeofday.c
src/openvpn/argv.c
src/openvpn/auth_token.c
src/openvpn/base64.c
src/openvpn/buffer.c
src/openvpn/clinat.c
src/openvpn/console.c
src/openvpn/console_builtin.c
src/openvpn/crypto.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto_mbedtls.c
src/openvpn/cryptoapi.c
src/openvpn/dhcp.c
src/openvpn/dns.c
src/openvpn/dns.h
src/openvpn/error.c
src/openvpn/event.c
src/openvpn/env_set.c
src/openvpn/fdmisc.c
src/openvpn/forward.c
src/openvpn/fragment.c
src/openvpn/gremlin.c
src/openvpn/helper.c
src/openvpn/httpdigest.c
src/openvpn/init.c
src/openvpn/interval.c
src/openvpn/list.c
src/openvpn/lladdr.c
src/openvpn/lzo.c
src/openvpn/manage.c
src/openvpn/mbuf.c
src/openvpn/misc.c
src/openvpn/mroute.c
src/openvpn/mss.c
src/openvpn/mstats.c
src/openvpn/mtcp.c
src/openvpn/mtu.c
src/openvpn/mudp.c
src/openvpn/multi.c
src/openvpn/ntlm.c
src/openvpn/occ.c
src/openvpn/openvpn.c
src/openvpn/options.c
src/openvpn/options_util.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/perf.c
src/openvpn/ping.c
src/openvpn/pkcs11.c
src/openvpn/pkcs11_openssl.c
src/openvpn/platform.c
src/openvpn/plugin.c
src/openvpn/pool.c
src/openvpn/proto.c
src/openvpn/proxy.c
src/openvpn/ps.c
src/openvpn/push.c
src/openvpn/reliable.c
src/openvpn/route.c
src/openvpn/run_command.c
src/openvpn/schedule.c
src/openvpn/session_id.c
src/openvpn/shaper.c
src/openvpn/sig.c
src/openvpn/socket.c
src/openvpn/socks.c
src/openvpn/ssl.c
src/openvpn/ssl_openssl.c
src/openvpn/ssl_mbedtls.c
src/openvpn/ssl_ncp.c
src/openvpn/ssl_pkt.c
src/openvpn/ssl_pkt.h
src/openvpn/ssl_util.c
src/openvpn/ssl_verify.c
src/openvpn/ssl_verify_openssl.c
src/openvpn/ssl_verify_mbedtls.c
src/openvpn/status.c
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/vlan.c
src/openvpn/xkey_helper.c
src/openvpn/xkey_provider.c
src/openvpn/comp-lz4.c
src/openvpn/comp.c
src/openvpn/compstub.c
)
PREPEND(openvpn_srcs_with_path "openvpn" ${openvpn_srcs})
add_library(openvpn SHARED ${openvpn_srcs_with_path})
target_include_directories(openvpn PRIVATE
openvpn-config
openvpn/src/compat
openvpn/include
mbedtls/include
lzo/include
openvpn
)
target_compile_definitions(openvpn PRIVATE
-DHAVE_CONFIG_H
-DCONFIGURE_GIT_REVISION=\"${OPENVPN2_GIT}\"
-DCONFIGURE_GIT_FLAGS=\"\"
-DTARGET_ABI=\"${ANDROID_ABI}\"
-DOPENSSL_API_COMPAT=0x11000000L
)
if (${OPENVPN2MBED})
target_compile_definitions(openvpn PRIVATE
-DENABLE_CRYPTO_MBEDTLS=1
)
target_link_libraries(openvpn mbedtls mbedx509 mbedcrypto lzo lz4)
else ()
target_compile_definitions(openvpn PRIVATE
-DENABLE_CRYPTO_OPENSSL=1
)
target_link_libraries(openvpn crypto ssl lzo lz4)
endif ()
add_executable(libovpnexec.so minivpn/minivpn.c)
target_compile_options(libovpnexec.so PRIVATE -fPIE)
target_link_libraries(libovpnexec.so PRIVATE openvpn -fPIE -pie)
add_executable(pie_openvpn.${ANDROID_ABI} minivpn/minivpn.c)
target_compile_options(pie_openvpn.${ANDROID_ABI} PRIVATE -fPIE)
target_link_libraries(pie_openvpn.${ANDROID_ABI} PRIVATE openvpn -fPIE -pie)
# Hack to copy OpenVPN binaries to assets directory
SET(OVPN_ASSET_DIR ${CMAKE_SOURCE_DIR}/../../../build/ovpnassets)
add_custom_target(makeassetdir ALL
COMMAND ${CMAKE_COMMAND} -E make_directory ${OVPN_ASSET_DIR})
add_custom_command(TARGET pie_openvpn.${ANDROID_ABI} POST_BUILD
COMMAND
${CMAKE_COMMAND} -E copy
$<TARGET_FILE:pie_openvpn.${ANDROID_ABI}>
${OVPN_ASSET_DIR}
)
# Hack that these targets are really executed
add_dependencies(ovpnutil pie_openvpn.${ANDROID_ABI})
add_dependencies(pie_openvpn.${ANDROID_ABI} makeassetdir)

169
client/android/cpp/GetGitRevisionDescription.cmake
View file

@ -1,169 +0,0 @@
# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
# - Returns a version string from Git
#
# These functions force a re-configure on each git commit so that you can
# trust the values of the variables in your build system.
#
# get_git_head_revision(<refspecvar> <hashvar> [<additional arguments to git describe> ...])
#
# Returns the refspec and sha hash of the current head revision
#
# git_describe(<var> [<additional arguments to git describe> ...])
#
# Returns the results of git describe on the source tree, and adjusting
# the output so that it tests false if an error occurs.
#
# git_get_exact_tag(<var> [<additional arguments to git describe> ...])
#
# Returns the results of git describe --exact-match on the source tree,
# and adjusting the output so that it tests false if there was no exact
# matching tag.
#
# git_local_changes(<var>)
#
# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes.
# Uses the return code of "git diff-index --quiet HEAD --".
# Does not regard untracked files.
#
# Requires CMake 2.6 or newer (uses the 'function' command)
#
# Original Author:
# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
# http://academic.cleardefinition.com
# Iowa State University HCI Graduate Program/VRAC
#
# Copyright Iowa State University 2009-2010.
# Distributed under the Boost Software License, Version 1.0.
# (See accompanying file LICENSE_1_0.txt or copy at
# http://www.boost.org/LICENSE_1_0.txt)
if(__get_git_revision_description)
return()
endif()
set(__get_git_revision_description YES)
# We must run the following at "include" time, not at function call time,
# to find the path to this module rather than the path to a calling list file
get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
function(get_git_head_revision _refspecvar _hashvar path)
set(GIT_PARENT_DIR "${path}")
set(GIT_DIR "${GIT_PARENT_DIR}/.git")
while(NOT EXISTS "${GIT_DIR}") # .git dir not found, search parent directories
set(GIT_PREVIOUS_PARENT "${GIT_PARENT_DIR}")
get_filename_component(GIT_PARENT_DIR ${GIT_PARENT_DIR} PATH)
if(GIT_PARENT_DIR STREQUAL GIT_PREVIOUS_PARENT)
# We have reached the root directory, we are not in git
set(${_refspecvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
set(${_hashvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
return()
endif()
set(GIT_DIR "${GIT_PARENT_DIR}/.git")
endwhile()
# check if this is a submodule
if(NOT IS_DIRECTORY ${GIT_DIR})
file(READ ${GIT_DIR} submodule)
string(REGEX REPLACE "gitdir: (.*)\n$" "\\1" GIT_DIR_RELATIVE ${submodule})
get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH)
get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE} ABSOLUTE)
endif()
set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data")
if(NOT EXISTS "${GIT_DATA}")
file(MAKE_DIRECTORY "${GIT_DATA}")
endif()
if(NOT EXISTS "${GIT_DIR}/HEAD")
return()
endif()
set(HEAD_FILE "${GIT_DATA}/HEAD")
configure_file("${GIT_DIR}/HEAD" "${HEAD_FILE}" COPYONLY)
configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in"
"${GIT_DATA}/grabRef.cmake"
@ONLY)
include("${GIT_DATA}/grabRef.cmake")
set(${_refspecvar} "${HEAD_REF}" PARENT_SCOPE)
set(${_hashvar} "${HEAD_HASH}" PARENT_SCOPE)
endfunction()
function(git_describe _var path)
if(NOT GIT_FOUND)
find_package(Git QUIET)
endif()
get_git_head_revision(refspec hash ${path})
if(NOT GIT_FOUND)
set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
return()
endif()
if(NOT hash)
set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
return()
endif()
# TODO sanitize
#if((${ARGN}" MATCHES "&&") OR
# (ARGN MATCHES "||") OR
# (ARGN MATCHES "\\;"))
# message("Please report the following error to the project!")
# message(FATAL_ERROR "Looks like someone's doing something nefarious with git_describe! Passed arguments ${ARGN}")
#endif()
#message(STATUS "Arguments to execute_process: ${ARGN}")
execute_process(COMMAND
"${GIT_EXECUTABLE}"
describe
${hash}
${ARGN}
WORKING_DIRECTORY
${path}
RESULT_VARIABLE
res
OUTPUT_VARIABLE
out
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
if(NOT res EQUAL 0)
set(out "${out}-${res}-NOTFOUND")
endif()
set(${_var} "${out}" PARENT_SCOPE)
endfunction()
function(git_get_exact_tag _var path)
git_describe(out ${path} --exact-match ${ARGN})
set(${_var} "${out}" PARENT_SCOPE)
endfunction()
function(git_local_changes _var path)
if(NOT GIT_FOUND)
find_package(Git QUIET)
endif()
get_git_head_revision(refspec hash path)
if(NOT GIT_FOUND)
set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
return()
endif()
if(NOT hash)
set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
return()
endif()
execute_process(COMMAND
"${GIT_EXECUTABLE}"
diff-index --quiet HEAD --
WORKING_DIRECTORY
${path}
RESULT_VARIABLE
res
OUTPUT_VARIABLE
out
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
if(res EQUAL 0)
set(${_var} "CLEAN" PARENT_SCOPE)
else()
set(${_var} "DIRTY" PARENT_SCOPE)
endif()
endfunction()

42
client/android/cpp/GetGitRevisionDescription.cmake.in
View file

@ -1,42 +0,0 @@
# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
#
# Internal file for GetGitRevisionDescription.cmake
#
# Requires CMake 2.6 or newer (uses the 'function' command)
#
# Original Author:
# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
# http://academic.cleardefinition.com
# Iowa State University HCI Graduate Program/VRAC
#
# Copyright Iowa State University 2009-2010.
# Distributed under the Boost Software License, Version 1.0.
# (See accompanying file LICENSE_1_0.txt or copy at
# http://www.boost.org/LICENSE_1_0.txt)
set(HEAD_HASH)
file(READ "@HEAD_FILE@" HEAD_CONTENTS LIMIT 1024)
string(STRIP "${HEAD_CONTENTS}" HEAD_CONTENTS)
if(HEAD_CONTENTS MATCHES "ref")
# named branch
string(REPLACE "ref: " "" HEAD_REF "${HEAD_CONTENTS}")
if(EXISTS "@GIT_DIR@/${HEAD_REF}")
configure_file("@GIT_DIR@/${HEAD_REF}" "@GIT_DATA@/head-ref" COPYONLY)
else()
configure_file("@GIT_DIR@/packed-refs" "@GIT_DATA@/packed-refs" COPYONLY)
file(READ "@GIT_DATA@/packed-refs" PACKED_REFS)
if(${PACKED_REFS} MATCHES "([0-9a-z]*) ${HEAD_REF}")
set(HEAD_HASH "${CMAKE_MATCH_1}")
endif()
endif()
else()
# detached HEAD
configure_file("@GIT_DIR@/HEAD" "@GIT_DATA@/head-ref" COPYONLY)
endif()
if(NOT HEAD_HASH)
file(READ "@GIT_DATA@/head-ref" HEAD_HASH LIMIT 1024)
string(STRIP "${HEAD_HASH}" HEAD_HASH)
endif()

1
client/android/cpp/asio

@ -1 +0,0 @@
Subproject commit 4915cfd8a1653c157a1480162ae5601318553eb8

1
client/android/cpp/cloak

@ -1 +0,0 @@
Subproject commit 28890e1c69e0b02b052fe6e438f5c3642137ab7a

50
client/android/cpp/cloak.cmake
View file

@ -1,50 +0,0 @@
cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
set(TARGET ck_ovpn_plugin_go)
set(CLOAK_SRCS cloak/cmd/ck-ovpn-plugin/ck-ovpn-plugin.go)
set(CLOAK_LIB libck-ovpn-plugin.so)
list(APPEND CMAKE_PROGRAM_PATH "/usr/local/go/bin")
find_program(GO_EXEC go)
set(BUILD_CMD_ARGS build)
list(APPEND BUILD_CMD_ARGS -buildmode=c-shared -o ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB} ${CMAKE_GO_FLAGS} ./...)
set(PREPARE_ENV_ARGS env)
list(APPEND PREPARE_ENV_ARGS -w CGO_ENABLED=1 GOOS=android)
string(REGEX MATCH "[0-9]+$" ANDROID_API_LEVEL ${ANDROID_PLATFORM})
message(WARNING "build cloak plugin abi=${ANDROID_ABI}, ANDROID_API_LEVEL=${ANDROID_API_LEVEL}")
if ("${ANDROID_ABI}" STREQUAL "x86")
list(APPEND PREPARE_ENV_ARGS GOARCH=386)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/i686-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "x86_64")
list(APPEND PREPARE_ENV_ARGS GOARCH=amd64)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/x86_64-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "arm64-v8a")
list(APPEND PREPARE_ENV_ARGS GOARCH=arm64)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/aarch64-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "armeabi-v7a")
list(APPEND PREPARE_ENV_ARGS GOARCH=arm)
list(APPEND PREPARE_ENV_ARGS GOARM=7)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/armv7a-linux-androideabi${ANDROID_API_LEVEL}-clang)
endif ()
add_custom_command(
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
DEPENDS ${CLOAK_SRCS}
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cloak/cmd/ck-ovpn-plugin
COMMAND ${GO_EXEC} ${PREPARE_ENV_ARGS}
COMMAND ${GO_EXEC} ${BUILD_CMD_ARGS}
COMMENT "Building Go library")
add_custom_target(${TARGET} DEPENDS ${CLOAK_LIB} ${HEADER})
add_library(libck-ovpn-plugin STATIC IMPORTED GLOBAL)
add_dependencies(libck-ovpn-plugin ${TARGET})
set_target_properties(libck-ovpn-plugin
PROPERTIES
IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_BINARY_DIR})

1
client/android/cpp/lz4

@ -1 +0,0 @@
Subproject commit d44371841a2f1728a3f36839fd4b7e872d0927d3

7
client/android/cpp/lz4.cmake
View file

@ -1,7 +0,0 @@
set(lz4_srcs
lz4.c
)
PREPEND(lz4_src_with_path "lz4/lib/" ${lz4_srcs})
add_library(lz4 ${lz4_src_with_path})
target_include_directories(lz4 PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lz4/lib")

1
client/android/cpp/lzo

@ -1 +0,0 @@
Subproject commit 5754571c8968245f77cf180da872f8f52fe52a40

78
client/android/cpp/lzo.cmake
View file

@ -1,78 +0,0 @@
# Lzo's own cmake is rather throublesome
set(lzo_srcs
lzo1.c
lzo1_99.c
lzo1a.c
lzo1a_99.c
lzo1b_1.c
lzo1b_2.c
lzo1b_3.c
lzo1b_4.c
lzo1b_5.c
lzo1b_6.c
lzo1b_7.c
lzo1b_8.c
lzo1b_9.c
lzo1b_99.c
lzo1b_9x.c
lzo1b_cc.c
lzo1b_d1.c
lzo1b_d2.c
lzo1b_rr.c
lzo1b_xx.c
lzo1c_1.c
lzo1c_2.c
lzo1c_3.c
lzo1c_4.c
lzo1c_5.c
lzo1c_6.c
lzo1c_7.c
lzo1c_8.c
lzo1c_9.c
lzo1c_99.c
lzo1c_9x.c
lzo1c_cc.c
lzo1c_d1.c
lzo1c_d2.c
lzo1c_rr.c
lzo1c_xx.c
lzo1f_1.c
lzo1f_9x.c
lzo1f_d1.c
lzo1f_d2.c
lzo1x_1.c
lzo1x_1k.c
lzo1x_1l.c
lzo1x_1o.c
lzo1x_9x.c
lzo1x_d1.c
lzo1x_d2.c
lzo1x_d3.c
lzo1x_o.c
lzo1y_1.c
lzo1y_9x.c
lzo1y_d1.c
lzo1y_d2.c
lzo1y_d3.c
lzo1y_o.c
lzo1z_9x.c
lzo1z_d1.c
lzo1z_d2.c
lzo1z_d3.c
lzo2a_9x.c
lzo2a_d1.c
lzo2a_d2.c
lzo_crc.c
lzo_init.c
lzo_ptr.c
lzo_str.c
lzo_util.c
)
PREPEND(lzo_src_with_path "lzo/src" ${lzo_srcs})
add_library(lzo ${lzo_src_with_path})
target_include_directories(lzo PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lzo/include")
if (${ANDROID_ABI} STREQUAL "armeabi-v7a")
target_compile_options(lzo PRIVATE -O0)
endif()

1
client/android/cpp/mbedtls

@ -1 +0,0 @@
Subproject commit b1c8e41ae3b36a9a88e0cbee10ed38a577b54726

0
client/android/cpp/minivpn/minivpn.c
View file

1
client/android/cpp/openssl

@ -1 +0,0 @@
Subproject commit 5a6a7d0c955b168ccaecbd16d5a8ae4d20304ff4

1
client/android/cpp/openvpn

@ -1 +0,0 @@
Subproject commit b1ae59746c150da85aa93c8e0ac1e8a0e670d6ef

684
client/android/cpp/openvpn-config/config.h
View file

@ -1,684 +0,0 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* DISABLE PERSISTEN TUN */
#undef TUNSETPERSIST
/* Enable deferred authentication */
#define CONFIGURE_DEF_AUTH 1
/* Enable internal packet filter */
#undef CONFIGURE_PF //1
/* enable iproute2 support */
#undef CONFIG_FEATURE_IPROUTE
/* Use memory debugging function in OpenSSL */
/* #undef CRYPTO_MDEBUG */
#define HAVE_BASENAME
/* Use dmalloc memory debugging library */
/* #undef DMALLOC */
/* Dimension to use for empty array declaration */
#define EMPTY_ARRAY_SIZE 0
/* Enable client capability only */
#define ENABLE_CLIENT_ONLY 1
/* Enable debugging support */
#define ENABLE_DEBUG 1
/* Enable internal fragmentation support */
#define ENABLE_FRAGMENT 1
/* Enable HTTP proxy support */
#define ENABLE_HTTP_PROXY 1
/* Enable management server capability */
#define ENABLE_MANAGEMENT 1
/* Enable multi-homed UDP server capability */
#define ENABLE_MULTIHOME 0
/* Allow --askpass and --auth-user-pass passwords to be read from a file */
#define ENABLE_PASSWORD_SAVE 1
/* Enable TCP Server port sharing */
#define ENABLE_PORT_SHARE 1
/* Enable smaller executable size */
/* #undef ENABLE_SMALL */
/* Enable Socks proxy support */
#define ENABLE_SOCKS 1
/* Define to 1 if you have the `accept' function. */
#define HAVE_ACCEPT 1
/* Define to 1 if you have the <arpa/inet.h> header file. */
#define HAVE_ARPA_INET_H 1
/* Define to 1 if you have the `bind' function. */
#define HAVE_BIND 1
/* Define to 1 if you have the `chdir' function. */
#define HAVE_CHDIR 1
/* Define to 1 if you have the `chroot' function. */
#define HAVE_CHROOT 1
/* Define to 1 if you have the `chsize' function. */
/* #undef HAVE_CHSIZE */
/* struct cmsghdr needed for extended socket error support */
#define HAVE_CMSGHDR 1
/* Define to 1 if you have the `connect' function. */
#define HAVE_CONNECT 1
/* Define to 1 if your compiler supports GNU GCC-style variadic macros */
#define HAVE_CPP_VARARG_MACRO_GCC 1
/* Define to 1 if your compiler supports ISO C99 variadic macros */
#define HAVE_CPP_VARARG_MACRO_ISO 1
/* Define to 1 if you have the `ctime' function. */
#define HAVE_CTIME 1
/* Define to 1 if you have the <ctype.h> header file. */
#define HAVE_CTYPE_H 1
/* Define to 1 if you have the `daemon' function. */
#define HAVE_DAEMON 1
/* Define to 1 if you have the `dup' function. */
#define HAVE_DUP 1
/* Define to 1 if you have the `dup2' function. */
#define HAVE_DUP2 1
/* Define to 1 if you have the `ENGINE_cleanup' function. */
#define HAVE_ENGINE_CLEANUP 0
/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 0
/* Define to 1 if you have the `ENGINE_register_all_complete' function. */
#define HAVE_ENGINE_REGISTER_ALL_COMPLETE 0
/* epoll_create function is defined */
#define HAVE_EPOLL_CREATE 1
/* Define to 1 if you have the <errno.h> header file. */
#define HAVE_ERRNO_H 1
/* Define to 1 if you have the <err.h> header file. */
#define HAVE_ERR_H 1
/* Define to 1 if you have the `EVP_CIPHER_CTX_set_key_length' function. */
#define HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 1
/* Define to 1 if you have the `execve' function. */
#define HAVE_EXECVE 1
/* Define to 1 if you have the <fcntl.h> header file. */
#define HAVE_FCNTL_H 1
/* Define to 1 if you have the `flock' function. */
#define HAVE_FLOCK 1
/* Define to 1 if you have the `fork' function. */
#define HAVE_FORK 1
/* Define to 1 if you have the `ftruncate' function. */
#define HAVE_FTRUNCATE 1
/* Define to 1 if you have the `getgrnam' function. */
#define HAVE_GETGRNAM 1
/* Define to 1 if you have the `gethostbyname' function. */
#define HAVE_GETHOSTBYNAME 1
/* Define to 1 if you have the `getpass' function. */
/* #define HAVE_GETPASS 1 */
/* Define to 1 if you have the `getpeereid' function. */
/* #undef HAVE_GETPEEREID */
/* Define to 1 if you have the `getpeername' function. */
#define HAVE_GETPEERNAME 1
/* Define to 1 if you have the `getpid' function. */
#define HAVE_GETPID 1
/* Define to 1 if you have the `getpwnam' function. */
#define HAVE_GETPWNAM 1
/* Define to 1 if you have the `getsockname' function. */
#define HAVE_GETSOCKNAME 1
/* Define to 1 if you have the `getsockopt' function. */
#define HAVE_GETSOCKOPT 1
/* Define to 1 if you have the `gettimeofday' function. */
#define HAVE_GETTIMEOFDAY 1
/* Define to 1 if you have the <grp.h> header file. */
#define HAVE_GRP_H 1
/* Define to 1 if you have the `inet_ntoa' function. */
#define HAVE_INET_NTOA 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* struct in_pktinfo needed for IP_PKTINFO support */
#define HAVE_IN_PKTINFO 1
#define HAVE_IPI_SPEC_DST 1
/* struct iovec needed for IPv6 support */
#define HAVE_IOVEC 1
/* struct iphdr needed for IPv6 support */
#define HAVE_IPHDR 1
/* Define to 1 if you have the <linux/errqueue.h> header file. */
#define HAVE_LINUX_ERRQUEUE_H 1
/* Define to 1 if you have the <linux/if_tun.h> header file. */
#define HAVE_LINUX_IF_TUN_H 1
/* Define to 1 if you have the <linux/sockios.h> header file. */
#define HAVE_LINUX_SOCKIOS_H 1
/* Define to 1 if you have the <linux/types.h> header file. */
#define HAVE_LINUX_TYPES_H 1
/* Define to 1 if you have the `listen' function. */
#define HAVE_LISTEN 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the `memset' function. */
#define HAVE_MEMSET 1
/* Define to 1 if you have the `mlockall' function. */
/* #define HAVE_MLOCKALL 1*/
/* struct msghdr needed for extended socket error support */
#define HAVE_MSGHDR 1
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#define HAVE_NETINET_IF_ETHER_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#define HAVE_NETINET_IN_H 1
/* Define to 1 if you have the <netinet/in_systm.h> header file. */
#define HAVE_NETINET_IN_SYSTM_H 1
/* Define to 1 if you have the <netinet/ip.h> header file. */
#define HAVE_NETINET_IP_H 1
/* Define to 1 if you have the <netinet/tcp.h> header file. */
#define HAVE_NETINET_TCP_H 1
/* Define to 1 if you have the <net/if.h> header file. */
#define HAVE_NET_IF_H 1
/* Define to 1 if you have the <net/if_tun.h> header file. */
/* #undef HAVE_NET_IF_TUN_H */
/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
/* #undef HAVE_NET_TUN_IF_TUN_H */
/* Define to 1 if you have the `nice' function. */
#define HAVE_NICE 1
/* Define to 1 if you have the `openlog' function. */
#define HAVE_OPENLOG 1
/* Define to 1 if you have the <openssl/engine.h> header file. */
#define HAVE_OPENSSL_ENGINE_H 0
/* Define to 1 if you have the `poll' function. */
#define HAVE_POLL 1
/* Define if you have POSIX threads libraries and header files. */
/* #undef HAVE_PTHREAD */
/* Define to 1 if you have the `putenv' function. */
#define HAVE_PUTENV 1
/* Define to 1 if you have the <pwd.h> header file. */
#define HAVE_PWD_H 1
/* Define to 1 if you have the `readv' function. */
#define HAVE_READV 1
/* Define to 1 if you have the `recv' function. */
#define HAVE_RECV 1
/* Define to 1 if you have the `recvfrom' function. */
#define HAVE_RECVFROM 1
/* Define to 1 if you have the `recvmsg' function. */
#define HAVE_RECVMSG 1
/* Define to 1 if you have the <resolv.h> header file. */
#define HAVE_RESOLV_H 1
/* Indicates if res_init is available */
#define HAVE_RES_INIT 1
/* Define to 1 if you have the `select' function. */
#define HAVE_SELECT 1
/* Define to 1 if you have the `send' function. */
#define HAVE_SEND 1
/* Define to 1 if you have the `sendmsg' function. */
#define HAVE_SENDMSG 1
/* Define to 1 if you have the `sendto' function. */
#define HAVE_SENDTO 1
/* SELinux support */
/* #undef HAVE_SETCON */
/* Define to 1 if you have the `setgid' function. */
#define HAVE_SETGID 1
/* Define to 1 if you have the `setgroups' function. */
#define HAVE_SETGROUPS 1
/* Define to 1 if you have the `setsid' function. */
#define HAVE_SETSID 1
/* Define to 1 if you have the `setsockopt' function. */
#define HAVE_SETSOCKOPT 1
/* Define to 1 if you have the `setuid' function. */
#define HAVE_SETUID 1
/* Define to 1 if you have the <signal.h> header file. */
#define HAVE_SIGNAL_H 1
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
/* struct sock_extended_err needed for extended socket error support */
#define HAVE_SOCK_EXTENDED_ERR 1
/* Define to 1 if you have the `stat' function. */
#define HAVE_STAT 1
/* Define to 1 if you have the <stdarg.h> header file. */
#define HAVE_STDARG_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdio.h> header file. */
#define HAVE_STDIO_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strdup' function. */
#define HAVE_STRDUP 1
/* Define to 1 if you have the `strerror' function. */
#define HAVE_STRERROR 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <stropts.h> header file. */
#define HAVE_STROPTS_H 1
/* Define to 1 if you have the `syslog' function. */
#define HAVE_SYSLOG 1
/* Define to 1 if you have the <syslog.h> header file. */
#define HAVE_SYSLOG_H 1
/* Define to 1 if you have the `system' function. */
#define HAVE_SYSTEM 1
/* Define to 1 if you have the <sys/epoll.h> header file. */
#define HAVE_SYS_EPOLL_H 1
/* Define to 1 if you have the <sys/file.h> header file. */
#define HAVE_SYS_FILE_H 1
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#define HAVE_SYS_IOCTL_H 1
/* Define to 1 if you have the <sys/mman.h> header file. */
#define HAVE_SYS_MMAN_H 1
/* Define to 1 if you have the <poll.h> header file. */
#define HAVE_POLL_H 1
/* Define to 1 if you have the <sys/socket.h> header file. */
#define HAVE_SYS_SOCKET_H 1
/* Define to 1 if you have the <sys/sockio.h> header file. */
/* #undef HAVE_SYS_SOCKIO_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/time.h> header file. */
#define HAVE_SYS_TIME_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
#define HAVE_SYS_UIO_H 1
/* Define to 1 if you have the <sys/un.h> header file. */
#define HAVE_SYS_UN_H 1
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
#define HAVE_SYS_WAIT_H 1
/* Define to 1 if you have the `time' function. */
#define HAVE_TIME 1
/* struct tun_pi needed for IPv6 support */
#define HAVE_TUN_PI 1
/* Define to 1 if you have the `umask' function. */
#define HAVE_UMASK 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the `unlink' function. */
#define HAVE_UNLINK 1
/* Define to 1 if you have the `vfork' function. */
#define HAVE_VFORK 1
/* Define to 1 if you have the <vfork.h> header file. */
/* #undef HAVE_VFORK_H */
/* Define to 1 if you have the `vsnprintf' function. */
#define HAVE_VSNPRINTF 1
/* Define to 1 if `fork' works. */
#define HAVE_WORKING_FORK 1
/* Define to 1 if `vfork' works. */
#define HAVE_WORKING_VFORK 1
/* Define to 1 if you have the `writev' function. */
#define HAVE_WRITEV 1
/* Path to ifconfig tool */
#define IFCONFIG_PATH "/system/xbin/ifconfig"
/* Path to iproute tool */
#define IPROUTE_PATH "ip"
/* Use lzo/ directory prefix for LZO header files (for LZO 2.0) */
#define LZO_HEADER_DIR 1
/* LZO version number */
#define LZO_VERSION_NUM "2"
/* Name of package */
#define PACKAGE "openvpn"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "openvpn-users@lists.sourceforge.net"
/* Define to the full name of this package. */
#define PACKAGE_NAME "OpenVPN"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "OpenVPN 2.6-icsopenvpn"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "openvpn"
/* Define to the version of this package. */
#define PACKAGE_VERSION "2.6_master"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
/* #undef PTHREAD_CREATE_JOINABLE */
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
/* Path to route tool */
#define ROUTE_PATH "/system/xbin/route"
/* The size of `unsigned int', as computed by sizeof. */
#define SIZEOF_UNSIGNED_INT 4
/* The size of `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Enable strict options check between peers */
/* #undef STRICT_OPTIONS_CHECK */
/* The TAP-Win32 id defined in tap-win32/SOURCES */
#define TAP_ID "tap0901"
/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
#define TAP_WIN32_MIN_MAJOR 9
/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
#define TAP_WIN32_MIN_MINOR 1
/* A string representing our target */
#define TARGET_ALIAS TARGET_ABI
/* Are we running on Mac OS X? */
/* #undef TARGET_DARWIN */
/* Are we running on DragonFlyBSD? */
/* #undef TARGET_DRAGONFLY */
/* Are we running on FreeBSD? */
/* #undef TARGET_FREEBSD */
/* Are we running on Android Linux? */
/* TARGET_LINUX is not enable since the TARGET_XXX options mainly
control different tun/tap, ifconfig behaviour and Android VpnProvider
is very different from Linux */
#define TARGET_ANDROID
/* Are we running on Linux? */
/* #define TARGET_LINUX 1 */
/* Are we running NetBSD? */
/* #undef TARGET_NETBSD */
/* Are we running on OpenBSD? */
/* #undef TARGET_OPENBSD */
/* Are we running on Solaris? */
/* #undef TARGET_SOLARIS */
/* Are we running WIN32? */
/* #undef TARGET_WIN32 */
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#define TIME_WITH_SYS_TIME 1
/* Win32 builtin */
/* #undef UF */
/* Use OpenSSL crypto library */
#define USE_CRYPTO 1
/* Use libdl for dynamic library loading */
#define USE_LIBDL 1
/* Use LoadLibrary to load DLLs on Windows */
/* #undef USE_LOAD_LIBRARY */
/* Use LZO compression library */
#define ENABLE_LZO 1
#define ENABLE_SNAPPY 1
#define ENABLE_LZ4 1
#define NEED_COMPAT_LZ4 1
/* Enable PKCS11 capability */
/* #undef USE_PKCS11 */
/* Use pthread-based multithreading */
/* #undef USE_PTHREAD */
/* Use OpenSSL SSL library */
#define ENABLE_SSL 1
#define USE_SSL 1
#define ENABLE_CRYPTO 1
/* via android.mk */
/*#define ENABLE_CRYPTO_OPENSSL 1*/
/* #define ENABLE_CRYPTO_POLARSSL 1 */
/* Use valgrind memory debugging library */
/* #undef USE_VALGRIND */
/* Version number of package */
//#define VERSION "2.3.1"
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef gid_t */
/* Some systems don't define in_addr_t */
/* #undef in_addr_t */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef pid_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* type to use in place of socklen_t if not defined */
/* #undef socklen_t */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef uid_t */
/* 16-bit unsigned type */
/* #undef uint16_t */
/* 32-bit unsigned type */
/* #undef uint32_t */
/* 8-bit unsigned type */
/* #undef uint8_t */
/* Define as `fork' if `vfork' does not work. */
/* #undef vfork */
/* Define to empty if the keyword `volatile' does not work. Warning: valid
code using `volatile' can become incorrect without. Disable with care. */
/* #undef volatile */
// New version
#define HAVE_INET_NTOP 1
#define HAVE_INET_PTON 1
#define HAVE_LZO_LZOUTIL_H 1
#define HAVE_LZO_LZO1X_H 1
#define HAVE_SYS_TIME_H 1
#define HAVE_TIME_H 1
// #define HAVE_CONFIG_VERSION_H 1
#define PATH_SEPARATOR_STR "/"
#define HAVE_SA_FAMILY_T 1
// Workaround for bionc
#define IPPROTO_IP IPPROTO_IP
#define IPPROTO_TCP IPPROTO_TCP
int res_init();
#define HAVE_AEAD_CIPHER_MODES 1
#define HAVE_EVP_MD_CTX_RESET 1
#define HAVE_EVP_MD_CTX_FREE 1
#define HAVE_EVP_MD_CTX_NEW 1
#define HAVE_EVP_CIPHER_CTX_FREE 1
#define HAVE_EVP_CIPHER_CTX_NEW 1
#define HAVE_HMAC_CTX_RESET 1
#define HAVE_HMAC_CTX_FREE 1
#define HAVE_HMAC_CTX_NEW 1
#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
#define HAVE_X509_GET0_PUBKEY 1
#define HAVE_X509_STORE_GET0_OBJECTS 1
#define HAVE_X509_OBJECT_FREE 1
#define HAVE_X509_OBJECT_GET_TYPE 1
#define HAVE_EVP_PKEY_GET0_RSA 1
#define HAVE_EVP_PKEY_ID 1
#define HAVE_EVP_PKEY_GET0_DSA 1
#define HAVE_RSA_SET_FLAGS 1
#define HAVE_RSA_GET0_KEY 1
#define HAVE_RSA_SET0_KEY 1
#define HAVE_RSA_BITS 1
#define HAVE_DSA_BITS 1
#define HAVE_DSA_GET0_PQG 1
#define HAVE_RSA_METH_NEW 1
#define HAVE_RSA_METH_FREE 1
#define HAVE_RSA_METH_SET_PUB_ENC 1
#define HAVE_RSA_METH_SET_PUB_DEC 1
#define HAVE_RSA_METH_SET_PRIV_DEC 1
#define HAVE_RSA_METH_SET_PRIV_ENC 1
#define HAVE_RSA_METH_SET_INIT 1
#define HAVE_RSA_METH_SET_FINISH 1
#define HAVE_RSA_METH_SET0_APP_DATA 1
#define HAVE_EVP_PKEY_GET0_EC_KEY 1
#define HAVE_EC_GROUP_ORDER_BITS 1
#define HAVE_RSA_METH_GET0_APP_DATA 1
#define HAVE_RSA_METH_SET_SIGN 1
#define ENABLE_OFB_CFB_MODE 1
#define HAVE_X509_GET0_NOTBEFORE 1
#define HAVE_X509_GET0_NOTAFTER 1
#define HAVE_OPENSSL_VERSION 1
#define HAVE_EVP_CIPHER_CTX_RESET
#define _SOCKLEN_T_DECLARED 1

875
client/android/cpp/openvpn-config/openvpn-plugin.h
View file

@ -1,875 +0,0 @@
/* include/openvpn-plugin.h. Generated from openvpn-plugin.h.in by configure. */
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_VERSION 3
#ifdef ENABLE_CRYPTO_MBEDTLS
#include <mbedtls/x509_crt.h>
#ifndef __OPENVPN_X509_CERT_T_DECLARED
#define __OPENVPN_X509_CERT_T_DECLARED
typedef mbedtls_x509_crt openvpn_x509_cert_t;
#endif
#else /* ifdef ENABLE_CRYPTO_MBEDTLS */
#include <openssl/x509.h>
#ifndef __OPENVPN_X509_CERT_T_DECLARED
#define __OPENVPN_X509_CERT_T_DECLARED
typedef X509 openvpn_x509_cert_t;
#endif
#endif
#include <stdarg.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Provide some basic version information to plug-ins at OpenVPN compile time
* This is will not be the complete version
*/
#define OPENVPN_VERSION_MAJOR 2
#define OPENVPN_VERSION_MINOR 5
#define OPENVPN_VERSION_PATCH "_git"
/*
* Plug-in types. These types correspond to the set of script callbacks
* supported by OpenVPN.
*
* This is the general call sequence to expect when running in server mode:
*
* Initial Server Startup:
*
* FUNC: openvpn_plugin_open_v1
* FUNC: openvpn_plugin_client_constructor_v1 (this is the top-level "generic"
* client template)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_UP
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ROUTE_UP
*
* New Client Connection:
*
* FUNC: openvpn_plugin_client_constructor_v1
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_IPCHANGE
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we don't proceed until authentication is verified via auth_control_file]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
*
* [Client session ensues]
*
* For each "TLS soft reset", according to reneg-sec option (or similar):
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we expect that authentication is verified via auth_control_file within
* the number of seconds defined by the "hand-window" option. Data channel traffic
* will continue to flow uninterrupted during this period.]
*
* [Client session continues]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT
* FUNC: openvpn_plugin_client_destructor_v1
*
* [ some time may pass ]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS (this coincides with a
* lazy free of initial
* learned addr object)
* Server Shutdown:
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_DOWN
* FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client)
* FUNC: openvpn_plugin_close_v1
*/
#define OPENVPN_PLUGIN_UP 0
#define OPENVPN_PLUGIN_DOWN 1
#define OPENVPN_PLUGIN_ROUTE_UP 2
#define OPENVPN_PLUGIN_IPCHANGE 3
#define OPENVPN_PLUGIN_TLS_VERIFY 4
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5
#define OPENVPN_PLUGIN_CLIENT_CONNECT 6
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9
#define OPENVPN_PLUGIN_TLS_FINAL 10
#define OPENVPN_PLUGIN_ENABLE_PF 11
#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14
#define OPENVPN_PLUGIN_CLIENT_CRRESPONSE 15
#define OPENVPN_PLUGIN_N 16
/*
* Build a mask out of a set of plug-in types.
*/
#define OPENVPN_PLUGIN_MASK(x) (1<<(x))
/*
* A pointer to a plugin-defined object which contains
* the object state.
*/
typedef void *openvpn_plugin_handle_t;
/*
* Return value for openvpn_plugin_func_v1 function
*/
#define OPENVPN_PLUGIN_FUNC_SUCCESS 0
#define OPENVPN_PLUGIN_FUNC_ERROR 1
#define OPENVPN_PLUGIN_FUNC_DEFERRED 2
/*
* For Windows (needs to be modified for MSVC)
*/
#if defined(_WIN32) && !defined(OPENVPN_PLUGIN_H)
#define OPENVPN_EXPORT __declspec(dllexport)
#else
#define OPENVPN_EXPORT
#endif
/*
* If OPENVPN_PLUGIN_H is defined, we know that we are being
* included in an OpenVPN compile, rather than a plugin compile.
*/
#ifdef OPENVPN_PLUGIN_H
/*
* We are compiling OpenVPN.
*/
#define OPENVPN_PLUGIN_DEF typedef
#define OPENVPN_PLUGIN_FUNC(name) (*name)
#else /* ifdef OPENVPN_PLUGIN_H */
/*
* We are compiling plugin.
*/
#define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT
#define OPENVPN_PLUGIN_FUNC(name) name
#endif
/*
* Used by openvpn_plugin_func to return structured
* data. The plugin should allocate all structure
* instances, name strings, and value strings with
* malloc, since OpenVPN will assume that it
* can free the list by calling free() over the same.
*/
struct openvpn_plugin_string_list
{
struct openvpn_plugin_string_list *next;
char *name;
char *value;
};
/* openvpn_plugin_{open,func}_v3() related structs */
/**
* Defines version of the v3 plugin argument structs
*
* Whenever one or more of these structs are modified, this constant
* must be updated. A changelog should be appended in this comment
* as well, to make it easier to see what information is available
* in the different versions.
*
* Version Comment
* 1 Initial plugin v3 structures providing the same API as
* the v2 plugin interface, X509 certificate information +
* a logging API for plug-ins.
*
* 2 Added ssl_api member in struct openvpn_plugin_args_open_in
* which identifies the SSL implementation OpenVPN is compiled
* against.
*
* 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor
* and ovpn_version_patch to provide the runtime version of
* OpenVPN to plug-ins.
*
* 4 Exported secure_memzero() as plugin_secure_memzero()
*
* 5 Exported openvpn_base64_encode() as plugin_base64_encode()
* Exported openvpn_base64_decode() as plugin_base64_decode()
*/
#define OPENVPN_PLUGINv3_STRUCTVER 5
/**
* Definitions needed for the plug-in callback functions.
*/
typedef enum
{
PLOG_ERR = (1 << 0),/* Error condition message */
PLOG_WARN = (1 << 1),/* General warning message */
PLOG_NOTE = (1 << 2),/* Informational message */
PLOG_DEBUG = (1 << 3),/* Debug message, displayed if verb >= 7 */
PLOG_ERRNO = (1 << 8),/* Add error description to message */
PLOG_NOMUTE = (1 << 9), /* Mute setting does not apply for message */
} openvpn_plugin_log_flags_t;
#ifdef __GNUC__
#if __USE_MINGW_ANSI_STDIO
#define _ovpn_chk_fmt(a, b) __attribute__ ((format(gnu_printf, (a), (b))))
#else
#define _ovpn_chk_fmt(a, b) __attribute__ ((format(__printf__, (a), (b))))
#endif
#else /* ifdef __GNUC__ */
#define _ovpn_chk_fmt(a, b)
#endif
typedef void (*plugin_log_t)(openvpn_plugin_log_flags_t flags,
const char *plugin_name,
const char *format, ...) _ovpn_chk_fmt (3, 4);
typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
const char *plugin_name,
const char *format,
va_list arglist) _ovpn_chk_fmt (3, 0);
/* #undef _ovpn_chk_fmt */
/**
* Export of secure_memzero() to be used inside plug-ins
*
* @param data Pointer to data to zeroise
* @param len Length of data, in bytes
*
*/
typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
/**
* Export of openvpn_base64_encode() to be used inside plug-ins
*
* @param data Pointer to data to BASE64 encode
* @param size Length of data, in bytes
* @param *str Pointer to the return buffer. This needed memory is
* allocated by openvpn_base64_encode() and needs to be free()d
* after use.
*
* @return int Returns the length of the buffer created, or -1 on error.
*
*/
typedef int (*plugin_base64_encode_t)(const void *data, int size, char **str);
/**
* Export of openvpn_base64_decode() to be used inside plug-ins
*
* @param str Pointer to the BASE64 encoded data
* @param data Pointer to the buffer where save the decoded data
* @param size Size of the destination buffer
*
* @return int Returns the length of the decoded data, or -1 on error or
* if the destination buffer is too small.
*
*/
typedef int (*plugin_base64_decode_t)(const char *str, void *data, int size);
/**
* Used by the openvpn_plugin_open_v3() function to pass callback
* function pointers to the plug-in.
*
* plugin_log
* plugin_vlog : Use these functions to add information to the OpenVPN log file.
* Messages will only be displayed if the plugin_name parameter
* is set. PLOG_DEBUG messages will only be displayed with plug-in
* debug log verbosity (at the time of writing that's verb >= 7).
*
* plugin_secure_memzero
* : Use this function to securely wipe sensitive information from
* memory. This function is declared in a way that the compiler
* will not remove these function calls during the compiler
* optimization phase.
*/
struct openvpn_plugin_callbacks
{
plugin_log_t plugin_log;
plugin_vlog_t plugin_vlog;
plugin_secure_memzero_t plugin_secure_memzero;
plugin_base64_encode_t plugin_base64_encode;
plugin_base64_decode_t plugin_base64_decode;
};
/**
* Used by the openvpn_plugin_open_v3() function to indicate to the
* plug-in what kind of SSL implementation OpenVPN uses. This is
* to avoid SEGV issues when OpenVPN is complied against mbed TLS
* and the plug-in against OpenSSL.
*/
typedef enum {
SSLAPI_NONE,
SSLAPI_OPENSSL,
SSLAPI_MBEDTLS
} ovpnSSLAPI;
/**
* Arguments used to transport variables to the plug-in.
* The struct openvpn_plugin_args_open_in is only used
* by the openvpn_plugin_open_v3() function.
*
* STRUCT MEMBERS
*
* type_mask : Set by OpenVPN to the logical OR of all script
* types which this version of OpenVPN supports.
*
* argv : a NULL-terminated array of options provided to the OpenVPN
* "plug-in" directive. argv[0] is the dynamic library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* callbacks : a pointer to the plug-in callback function struct.
*
*/
struct openvpn_plugin_args_open_in
{
const int type_mask;
const char **const argv;
const char **const envp;
struct openvpn_plugin_callbacks *callbacks;
const ovpnSSLAPI ssl_api;
const char *ovpn_version;
const unsigned int ovpn_version_major;
const unsigned int ovpn_version_minor;
const char *const ovpn_version_patch;
};
/**
* Arguments used to transport variables from the plug-in back
* to the OpenVPN process. The struct openvpn_plugin_args_open_return
* is only used by the openvpn_plugin_open_v3() function.
*
* STRUCT MEMBERS
*
* type_mask : The plug-in should set this value to the logical OR of all script
* types which the plug-in wants to intercept. For example, if the
* script wants to intercept the client-connect and client-disconnect
* script types:
*
* type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
*
* handle : Pointer to a global plug-in context, created by the plug-in. This pointer
* is passed on to the other plug-in calls.
*
* return_list : used to return data back to OpenVPN.
*
*/
struct openvpn_plugin_args_open_return
{
int type_mask;
openvpn_plugin_handle_t handle;
struct openvpn_plugin_string_list **return_list;
};
/**
* Arguments used to transport variables to and from the
* plug-in. The struct openvpn_plugin_args_func is only used
* by the openvpn_plugin_func_v3() function.
*
* STRUCT MEMBERS:
*
* type : one of the PLUGIN_x types.
*
* argv : a NULL-terminated array of "command line" options which
* would normally be passed to the script. argv[0] is the dynamic
* library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* handle : Pointer to a global plug-in context, created by the plug-in's openvpn_plugin_open_v3().
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* current_cert_depth : Certificate depth of the certificate being passed over
*
* *current_cert : X509 Certificate object received from the client
*
*/
struct openvpn_plugin_args_func_in
{
const int type;
const char **const argv;
const char **const envp;
openvpn_plugin_handle_t handle;
void *per_client_context;
int current_cert_depth;
openvpn_x509_cert_t *current_cert;
};
/**
* Arguments used to transport variables to and from the
* plug-in. The struct openvpn_plugin_args_func is only used
* by the openvpn_plugin_func_v3() function.
*
* STRUCT MEMBERS:
*
* return_list : used to return data back to OpenVPN for further processing/usage by
* the OpenVPN executable.
*
*/
struct openvpn_plugin_args_func_return
{
struct openvpn_plugin_string_list **return_list;
};
/*
* Multiple plugin modules can be cascaded, and modules can be
* used in tandem with scripts. The order of operation is that
* the module func() functions are called in the order that
* the modules were specified in the config file. If a script
* was specified as well, it will be called last. If the
* return code of the module/script controls an authentication
* function (such as tls-verify or auth-user-pass-verify), then
* every module and script must return success (0) in order for
* the connection to be authenticated.
*
* Notes:
*
* Plugins which use a privilege-separation model (by forking in
* their initialization function before the main OpenVPN process
* downgrades root privileges and/or executes a chroot) must
* daemonize after a fork if the "daemon" environmental variable is
* set. In addition, if the "daemon_log_redirect" variable is set,
* the plugin should preserve stdout/stderr across the daemon()
* syscall. See the daemonize() function in plugin/auth-pam/auth-pam.c
* for an example.
*/
/*
* Prototypes for functions which OpenVPN plug-ins must define.
*/
/*
* FUNCTION: openvpn_plugin_open_v2
*
* REQUIRED: YES
*
* Called on initial plug-in load. OpenVPN will preserve plug-in state
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
* will cause the plugin to be closed and reopened.
*
* ARGUMENTS
*
* *type_mask : Set by OpenVPN to the logical OR of all script
* types which this version of OpenVPN supports. The plug-in
* should set this value to the logical OR of all script types
* which the plug-in wants to intercept. For example, if the
* script wants to intercept the client-connect and
* client-disconnect script types:
*
* *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
*
* argv : a NULL-terminated array of options provided to the OpenVPN
* "plug-in" directive. argv[0] is the dynamic library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* An openvpn_plugin_handle_t value on success, NULL on failure
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)
(unsigned int *type_mask,
const char *argv[],
const char *envp[],
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_func_v2
*
* Called to perform the work of a given script type.
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* type : one of the PLUGIN_x types
*
* argv : a NULL-terminated array of "command line" options which
* would normally be passed to the script. argv[0] is the dynamic
* library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*
* In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
* OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous
* authentication where the plugin (or one of its agents) may indicate
* authentication success/failure some number of seconds after the return
* of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
* char to the file named by auth_control_file in the environmental variable
* list (envp).
*
* first char of auth_control_file:
* '0' -- indicates auth failure
* '1' -- indicates auth success
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2)
(openvpn_plugin_handle_t handle,
const int type,
const char *argv[],
const char *envp[],
void *per_client_context,
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_open_v3
*
* REQUIRED: YES
*
* Called on initial plug-in load. OpenVPN will preserve plug-in state
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
* will cause the plugin to be closed and reopened.
*
* ARGUMENTS
*
* version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in
* should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER
* value.
*
* arguments : Structure with all arguments available to the plug-in.
*
* retptr : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3)
(const int version,
struct openvpn_plugin_args_open_in const *arguments,
struct openvpn_plugin_args_open_return *retptr);
/*
* FUNCTION: openvpn_plugin_func_v3
*
* Called to perform the work of a given script type.
*
* REQUIRED: YES
*
* ARGUMENTS
*
* version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in
* should validate that this value is matching the OPENVPN_PLUGIN_VERSION value.
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*
* In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
* OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous
* authentication where the plugin (or one of its agents) may indicate
* authentication success/failure some number of seconds after the return
* of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
* char to the file named by auth_control_file in the environmental variable
* list (envp).
*
* first char of auth_control_file:
* '0' -- indicates auth failure
* '1' -- indicates auth success
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v3)
(const int version,
struct openvpn_plugin_args_func_in const *arguments,
struct openvpn_plugin_args_func_return *retptr);
/*
* FUNCTION: openvpn_plugin_close_v1
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called immediately prior to plug-in unload.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_abort_v1
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called when OpenVPN is in the process of aborting due to a fatal error.
* Will only be called on an open context returned by a prior successful
* openvpn_plugin_open callback.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_constructor_v1
*
* Called to allocate a per-client memory region, which
* is then passed to the openvpn_plugin_func_v2 function.
* This function is called every time the OpenVPN server
* constructs a client instance object, which normally
* occurs when a session-initiating packet is received
* by a new client, even before the client has authenticated.
*
* This function should allocate the private memory needed
* by the plugin to track individual OpenVPN clients, and
* return a void * to this memory region.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* RETURN VALUE
*
* void * pointer to plugin's private per-client memory region, or NULL
* if no memory region is required.
*/
OPENVPN_PLUGIN_DEF void *OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_constructor_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_destructor_v1
*
* This function is called on client instance object destruction.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
(openvpn_plugin_handle_t handle, void *per_client_context);
/*
* FUNCTION: openvpn_plugin_select_initialization_point_v1
*
* Several different points exist in OpenVPN's initialization sequence where
* the openvpn_plugin_open function can be called. While the default is
* OPENVPN_PLUGIN_INIT_PRE_DAEMON, this function can be used to select a
* different initialization point. For example, if your plugin needs to
* return configuration parameters to OpenVPN, use
* OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE.
*
* REQUIRED: NO
*
* RETURN VALUE:
*
* An OPENVPN_PLUGIN_INIT_x value.
*/
#define OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE 1
#define OPENVPN_PLUGIN_INIT_PRE_DAEMON 2 /* default */
#define OPENVPN_PLUGIN_INIT_POST_DAEMON 3
#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_select_initialization_point_v1)
(void);
/*
* FUNCTION: openvpn_plugin_min_version_required_v1
*
* This function is called by OpenVPN to query the minimum
* plugin interface version number required by the plugin.
*
* REQUIRED: NO
*
* RETURN VALUE
*
* The minimum OpenVPN plugin interface version number necessary to support
* this plugin.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_min_version_required_v1)
(void);
/*
* Deprecated functions which are still supported for backward compatibility.
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
(unsigned int *type_mask,
const char *argv[],
const char *envp[]);
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]);
#ifdef __cplusplus
}
#endif
#endif /* OPENVPN_PLUGIN_H_ */

1
client/android/cpp/openvpn3

@ -1 +0,0 @@
Subproject commit dd6e82ba9fff32e4f4a3965750f3ec9106131a44

40
client/android/cpp/ovpnutil/jniglue.c
View file

@ -1,40 +0,0 @@
#include <jni.h>
#include <android/log.h>
#include <stdlib.h>
#include <unistd.h>
#include "jniglue.h"
jint JNI_OnLoad(JavaVM *vm, void *reserved) {
#ifndef NDEBUG
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Loading openvpn native library $id$ compiled on " __DATE__ " " __TIME__ );
#endif
return JNI_VERSION_1_2;
}
void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1)
{
__android_log_print(ANDROID_LOG_DEBUG,"openvpn","%s%s%s",prefix,prefix_sep,m1);
}
//! Hack to get the current installed ABI of the libraries. See also https://github.com/schwabe/ics-openvpn/issues/391
jstring Java_de_blinkt_openvpn_core_NativeUtils_getJNIAPI(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, TARGET_ARCH_ABI);
}
jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN2GitVersion(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, OPENVPN2_GIT_REVISION);
}
jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN3GitVersion(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, OPENVPN3_GIT_REVISION);
}

21
client/android/cpp/ovpnutil/jniglue.h
View file

@ -1,21 +0,0 @@
//
// jniglue.h
// xcopenvpn
//
// Created by Arne Schwabe on 29.03.12.
// Copyright (c) 2012 Universität Paderborn. All rights reserved.
//
#ifndef xcopenvpn_jniglue_h
#define xcopenvpn_jniglue_h
void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1);
#endif
#ifdef __cplusplus
extern "C" {
#endif
int jniThrowException(JNIEnv* env, const char* className, const char* msg);
#ifdef __cplusplus
}
#endif

146
client/android/cpp/ovpnutil/rsapss.cpp
View file

@ -1,146 +0,0 @@
/* Adapted from OpenSSL's rsa_pss.c from OpenSSL 3.0.1 */
/*
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "jni.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <array>
static const unsigned char zeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
static char opensslerr[1024];
extern "C" jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsapss(JNIEnv *env,
jclass,
jint hashtype,
jint MSBits,
jint rsa_size,
jbyteArray from) {
/*
unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen)
*/
jbyte *data = env->GetByteArrayElements(from, nullptr);
int datalen = env->GetArrayLength(from);
const auto *mHash = reinterpret_cast<const unsigned char *>(data);
const EVP_MD *Hash;
if (hashtype == 0) {
Hash = EVP_md5();
} else if (hashtype == 1) {
Hash = EVP_sha1();
} else if (hashtype == 2) {
Hash = EVP_sha224();
} else if (hashtype == 3) {
Hash = EVP_sha256();
} else if (hashtype == 4) {
Hash = EVP_sha384();
} else if (hashtype == 5) {
Hash = EVP_sha512();
}
const EVP_MD *mgf1Hash = Hash;
int ret = 0;
int maskedDBLen, emLen;
unsigned char *H, *salt = nullptr, *p;
EVP_MD_CTX *ctx = nullptr;
int hLen = EVP_MD_get_size(Hash);
int sLen = hLen; /* RSA_PSS_SALTLEN_DIGEST */
std::array<unsigned char, 2048> buf{};
unsigned char *EM = buf.data();
if (hLen < 0)
goto err;
emLen = rsa_size;
if (MSBits == 0) {
*EM++ = 0;
emLen--;
}
if (emLen < hLen + 2) {
goto err;
}
if (sLen == RSA_PSS_SALTLEN_MAX) {
sLen = emLen - hLen - 2;
} else if (sLen > emLen - hLen - 2) {
goto err;
}
if (sLen > 0) {
salt = (unsigned char *) OPENSSL_malloc(sLen);
if (salt == nullptr) {
goto err;
}
if (RAND_bytes_ex(nullptr, salt, sLen, 0) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
ctx = EVP_MD_CTX_new();
if (ctx == nullptr)
goto err;
if (!EVP_DigestInit_ex(ctx, Hash, nullptr)
|| !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
|| !EVP_DigestUpdate(ctx, mHash, hLen))
goto err;
if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
goto err;
if (!EVP_DigestFinal_ex(ctx, H, nullptr))
goto err;
/* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
goto err;
p = EM;
/*
* Initial PS XORs with all zeroes which is a NOP so just update pointer.
* Note from a test above this value is guaranteed to be non-negative.
*/
p += emLen - sLen - hLen - 2;
*p++ ^= 0x1;
if (sLen > 0) {
for (int i = 0; i < sLen; i++)
*p++ ^= salt[i];
}
if (MSBits)
EM[0] &= 0xFF >> (8 - MSBits);
/* H is already in place so just set final 0xbc */
EM[emLen - 1] = 0xbc;
ret = 1;
err:
EVP_MD_CTX_free(ctx);
OPENSSL_clear_free(salt, (size_t) sLen); /* salt != NULL implies sLen > 0 */
jbyteArray jb;
jb = env->NewByteArray(emLen);
env->SetByteArrayRegion(jb, 0, emLen, (jbyte *) EM);
return jb;
}

334
client/android/cpp/ovpnutil/sslspeed.c
View file

@ -1,334 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The ECDH and ECDSA speed test software is originally written by
* Sumit Gupta of Sun Microsystems Laboratories.
*
*/
// Modified by Arne Schwabe to give a simple openssl evp speed java api
#include <jni.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <sys/times.h>
#include <linux/if.h>
#include <android/log.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include "jniglue.h"
#include <android/log.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/async.h>
#include <openssl/provider.h>
/* This file just contains code thrown together until it works */
#undef SECONDS
#define SECONDS 3
#define PRIME_SECONDS 10
#define RSA_SECONDS 10
#define DSA_SECONDS 10
#define ECDSA_SECONDS 10
#define ECDH_SECONDS 10
typedef struct loopargs_st {
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
} loopargs_t;
#undef BUFSIZE
#define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63
#define MAX_BLOCK_SIZE 128
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
#define SIZE_NUM 7
static const int lengths[SIZE_NUM] = {
16, 64, 256, 1024, 1500, 8 * 1024, 16 * 1024
};
static int testnum;
# define COND(unused_cond) (run && count<0x7fffffff)
static volatile int run = 0;
#ifdef SIGALRM
# if defined(__STDC__) || defined(sgi) || defined(_AIX)
# define SIGRETTYPE void
# else
# define SIGRETTYPE int
# endif
#define START 0
#define STOP 1
#define TM_START 0
#define TM_STOP 1
static int usertime = 1;
double app_tminterval(int stop, int usertime)
{
double ret = 0;
struct tms rus;
clock_t now = times(&rus);
static clock_t tmstart;
if (usertime)
now = rus.tms_utime;
if (stop == TM_START)
tmstart = now;
else {
long int tck = sysconf(_SC_CLK_TCK);
ret = (now - tmstart) / (double)tck;
}
return (ret);
}
static double Time_F(int s)
{
double ret = app_tminterval(s, usertime);
if (s == STOP)
alarm(0);
return ret;
}
#endif
static long save_count = 0;
static int decrypt = 0;
static int EVP_Update_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count;
if (decrypt)
for (count = 0; COND(nb_iter); count++)
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
else
for (count = 0; COND(nb_iter); count++)
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (decrypt)
EVP_DecryptFinal_ex(ctx, buf, &outl);
else
EVP_EncryptFinal_ex(ctx, buf, &outl);
return count;
}
static const EVP_MD *evp_md = NULL;
static int EVP_Digest_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char md[EVP_MAX_MD_SIZE];
int count;
for (count = 0; COND(nb_iter); count++) {
if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
return -1;
}
return count;
}
static int run_benchmark(int async_jobs,
int (*loop_function)(void *), loopargs_t *loopargs)
{
int job_op_count = 0;
int total_op_count = 0;
int num_inprogress = 0;
int error = 0, i = 0, ret = 0;
OSSL_ASYNC_FD job_fd = 0;
size_t num_job_fds = 0;
run = 1;
if (async_jobs == 0) {
return loop_function((void *)&loopargs);
}
return 1234567;
}
static void* stop_run(void* arg)
{
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread started");
sleep(3);
run=0;
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread stopped");
return NULL;
}
jdoubleArray Java_de_blinkt_openvpn_core_NativeUtils_getOpenSSLSpeed(JNIEnv* env, jclass thiz, jstring algorithm, jint testnumber)
{
OSSL_PROVIDER *legacy;
OSSL_PROVIDER *deflt;
OSSL_LIB_CTX *lib_ctx = OSSL_LIB_CTX_new();
/* Load Multiple providers into the default (NULL) library context */
legacy = OSSL_PROVIDER_load(lib_ctx, "legacy");
if (legacy == NULL) {
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Legacy provider\n");
return NULL;
}
deflt = OSSL_PROVIDER_load(lib_ctx, "default");
if (deflt == NULL) {
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Default provider\n");
OSSL_PROVIDER_unload(legacy);
return NULL;
}
static const unsigned char key16[16] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
};
const EVP_CIPHER *evp_cipher = NULL;
const char* alg = (*env)->GetStringUTFChars( env, algorithm , NULL ) ;
evp_cipher = EVP_CIPHER_fetch(lib_ctx, alg, NULL);
if (evp_cipher == NULL)
evp_md = EVP_MD_fetch(lib_ctx, alg, NULL);
if (evp_cipher == NULL && evp_md == NULL) {
// BIO_printf(bio_err, "%s: %s is an unknown cipher or digest\n", prog, opt_arg());
//jniThrowException(env, "java/security/NoSuchAlgorithmException", "Algorithm not found");
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Algorithm not found");
return NULL;
}
loopargs_t *loopargs = NULL;
int loopargs_len = 1;
int async_jobs = 0;
loopargs = malloc(loopargs_len * sizeof(loopargs_t));
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
jdoubleArray ret = (*env)->NewDoubleArray(env, 3);
if (testnum < 0 || testnum >= SIZE_NUM)
goto error;
testnum = testnumber;
for (int i = 0; i < loopargs_len; i++) {
int misalign=0;
loopargs[i].buf_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
loopargs[i].buf2_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
/* Align the start of buffers on a 64 byte boundary */
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
}
int count;
double d;
if (evp_cipher) {
/*
* -O3 -fschedule-insns messes up an optimization here!
* names[D_EVP] somehow becomes NULL
*/
for (int k = 0; k < loopargs_len; k++) {
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (decrypt)
EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
else
EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
}
Time_F(START);
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
goto error;
count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);
d = Time_F(STOP);
for (int k = 0; k < loopargs_len; k++) {
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
}
if (evp_md) {
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
{
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "creating thread failed");
goto error;
}
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
d = Time_F(STOP);
}
// Save results in hacky way
double results[] = {(double) lengths[testnum], (double) count, d};
(*env)->SetDoubleArrayRegion(env, ret, 0, 3, results);
// print_result(D_EVP, testnum, count, d);
OSSL_LIB_CTX_free(lib_ctx);
free(loopargs);
return ret;
error:
for (int k = 0; k < loopargs_len; k++) {
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
free(loopargs);
OSSL_LIB_CTX_free(lib_ctx);
return NULL;
}

7
client/android/cpp/tools.cmake
View file

@ -1,7 +0,0 @@
FUNCTION(PREPEND var prefix)
SET(listVar "")
FOREACH(f ${ARGN})
LIST(APPEND listVar "${prefix}/${f}")
ENDFOREACH(f)
SET(${var} "${listVar}" PARENT_SCOPE)
ENDFUNCTION(PREPEND)

1
client/android/lib/openvpn Symbolic link
View file

@ -0,0 +1 @@
../../3rd-prebuilt/3rd-prebuilt/openvpn/android

1
client/android/lib/wireguard Symbolic link
View file

@ -0,0 +1 @@
../../../client/3rd-prebuilt/3rd-prebuilt/wireguard/android

BIN
client/android/lib/wireguard/arm64-v8a/libwg-go.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/arm64-v8a/libwg-quick.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/arm64-v8a/libwg.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/armeabi-v7a/libwg-go.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/armeabi-v7a/libwg-quick.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/armeabi-v7a/libwg.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86/libwg-go.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86/libwg-quick.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86/libwg.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86_64/libwg-go.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86_64/libwg-quick.so
View file

Binary file not shown.

BIN
client/android/lib/wireguard/x86_64/libwg.so
View file

Binary file not shown.

10
client/android/res/drawable/ic_amnezia_round.xml
View file

File diff suppressed because one or more lines are too long

15
client/android/res/drawable/ic_launcher_foreground.xml
View file

@ -1,15 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="108dp"
android:height="108dp"
android:viewportWidth="108"
android:viewportHeight="108">
<group android:scaleX="1.2226415"
android:scaleY="1.2226415"
android:translateX="27.101887"
android:translateY="27.101887">
<path
android:pathData="M22,4.95C20.1775,4.95 18.7,6.4275 18.7,8.25C18.7,10.0725 20.1775,11.55 22,11.55C23.8225,11.55 25.3,10.0725 25.3,8.25C25.3,6.4275 23.8225,4.95 22,4.95ZM14.3,8.25C14.3,3.9974 17.7474,0.55 22,0.55C26.2526,0.55 29.7,3.9974 29.7,8.25C29.7,12.5026 26.2526,15.95 22,15.95C20.6739,15.95 19.4261,15.6148 18.3368,15.0245L15.0245,18.3368C15.2745,18.7981 15.4787,19.2879 15.6311,19.8H28.3689C29.3155,16.6194 32.2619,14.3 35.75,14.3C40.0026,14.3 43.45,17.7474 43.45,22C43.45,26.2526 40.0026,29.7 35.75,29.7C34.4239,29.7 33.1761,29.3648 32.0868,28.7745L28.7745,32.0868C29.3648,33.1761 29.7,34.4239 29.7,35.75C29.7,40.0026 26.2526,43.45 22,43.45C17.7474,43.45 14.3,40.0026 14.3,35.75C14.3,31.4974 17.7474,28.05 22,28.05C23.3261,28.05 24.5738,28.3852 25.6632,28.9755L28.9755,25.6632C28.7255,25.2019 28.5213,24.7121 28.3689,24.2H15.6311C14.6845,27.3806 11.7381,29.7 8.25,29.7C3.9974,29.7 0.55,26.2526 0.55,22C0.55,17.7474 3.9974,14.3 8.25,14.3C9.5761,14.3 10.8238,14.6352 11.9132,15.2255L15.2255,11.9132C14.6352,10.8238 14.3,9.5761 14.3,8.25ZM18.7,35.75C18.7,33.9275 20.1775,32.45 22,32.45C23.8225,32.45 25.3,33.9275 25.3,35.75C25.3,37.5725 23.8225,39.05 22,39.05C20.1775,39.05 18.7,37.5725 18.7,35.75ZM8.25,18.7C6.4275,18.7 4.95,20.1775 4.95,22C4.95,23.8225 6.4275,25.3 8.25,25.3C10.0725,25.3 11.55,23.8225 11.55,22C11.55,20.1775 10.0725,18.7 8.25,18.7ZM32.45,22C32.45,20.1775 33.9275,18.7 35.75,18.7C37.5725,18.7 39.05,20.1775 39.05,22C39.05,23.8225 37.5725,25.3 35.75,25.3C33.9275,25.3 32.45,23.8225 32.45,22Z"
android:fillColor="#ffffff"
android:fillType="evenOdd"/>
</group>
</vector>

10
client/android/res/drawable/ic_logo_on.xml
View file

@ -1,10 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="22dp"
android:height="22dp"
android:viewportWidth="22"
android:viewportHeight="22">
<path
android:pathData="M11,3.8535C10.2353,3.8535 9.6154,4.4734 9.6154,5.2381C9.6154,6.0028 10.2353,6.6227 11,6.6227C11.7647,6.6227 12.3846,6.0028 12.3846,5.2381C12.3846,4.4734 11.7647,3.8535 11,3.8535ZM7.7692,5.2381C7.7692,3.4538 9.2157,2.0073 11,2.0073C12.7843,2.0073 14.2308,3.4538 14.2308,5.2381C14.2308,7.0224 12.7843,8.4689 11,8.4689C10.4436,8.4689 9.92,8.3282 9.4629,8.0805L8.0732,9.4703C8.1781,9.6639 8.2638,9.8694 8.3277,10.0842H13.6722C14.0694,8.7497 15.3057,7.7766 16.7692,7.7766C18.5535,7.7766 20,9.223 20,11.0073C20,12.7916 18.5535,14.2381 16.7692,14.2381C16.2128,14.2381 15.6893,14.0975 15.2322,13.8498L13.8424,15.2395C13.9718,15.4783 14.072,15.7352 14.1382,16.0054H12.1501C11.9016,15.6354 11.4792,15.3919 11,15.3919C10.2353,15.3919 9.6153,16.0119 9.6153,16.7766C9.6153,17.1482 9.7617,17.4856 10,17.7343V19.8496C8.7051,19.4285 7.7692,18.2118 7.7692,16.7766C7.7692,14.9923 9.2156,13.5458 11,13.5458C11.5564,13.5458 12.0799,13.6864 12.537,13.9341L13.9268,12.5444C13.8219,12.3508 13.7362,12.1453 13.6722,11.9304H8.3277C7.9306,13.2649 6.6943,14.2381 5.2307,14.2381C3.4464,14.2381 1.9999,12.7916 1.9999,11.0073C1.9999,9.223 3.4464,7.7766 5.2307,7.7766C5.7871,7.7766 6.3106,7.9172 6.7677,8.1649L8.1575,6.7751C7.9099,6.318 7.7692,5.7945 7.7692,5.2381ZM5.2307,9.6227C4.466,9.6227 3.8461,10.2426 3.8461,11.0073C3.8461,11.772 4.466,12.392 5.2307,12.392C5.9954,12.392 6.6154,11.772 6.6154,11.0073C6.6154,10.2426 5.9954,9.6227 5.2307,9.6227ZM15.3846,11.0073C15.3846,10.2426 16.0045,9.6227 16.7692,9.6227C17.5339,9.6227 18.1538,10.2426 18.1538,11.0073C18.1538,11.772 17.5339,12.392 16.7692,12.392C16.0045,12.392 15.3846,11.772 15.3846,11.0073ZM13.664,21.0073L11,18.1662L12.332,16.7557L13.664,18.1762L16.6586,15.005L18,16.4256L13.664,21.0073Z"
android:fillColor="#000000"
android:fillType="evenOdd"/>
</vector>

10
client/android/res/drawable/ic_navigation_close.xml
View file

@ -1,10 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="24dp"
android:height="24dp"
android:viewportWidth="24.0"
android:viewportHeight="24.0"
android:tint="?attr/colorControlNormal">
<path
android:fillColor="#FFFFFFFF"
android:pathData="M19,6.41L17.59,5 12,10.59 6.41,5 5,6.41 10.59,12 5,17.59 6.41,19 12,13.41 17.59,19 19,17.59 13.41,12z" />
</vector>

11
client/android/res/drawable/ic_service_active.xml
View file

@ -1,11 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="24dp"
android:height="24dp"
android:viewportWidth="24"
android:viewportHeight="24">
<path
android:name="path"
android:fillColor="#fff"
android:pathData="M 21.25 2.28 L 17.55 18.55 L 9.26 15.89 L 16.58 7.16 L 6.83 15.37 L 0 12.8 L 21.25 2.28 ZM 9.45 17.56 L 12.09 18.41 L 9.46 22 L 9.45 17.56 Z" />
</vector>

11
client/android/res/drawable/ic_service_busy.xml
View file

@ -1,11 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="24dp"
android:height="24dp"
android:viewportWidth="24"
android:viewportHeight="24">
<path
android:name="path"
android:fillColor="#fff"
android:pathData="M17.68,9l-1.59,7L12.7,14.89l5-5.93M10,10.08l-3.57,3L5,12.55l5-2.47M21.25,2.28L0,12.8l6.83,2.57,9.76-8.21L9.26,15.89l8.29,2.67,3.7-16.27h0ZM 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z" />
</vector>

16
client/android/res/drawable/ic_service_connected.xml
View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<animated-vector xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:aapt="http://schemas.android.com/aapt"
android:drawable="@drawable/ic_service_busy">
<target android:name="path">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 17.68 9 L 16.09 16 L 12.7 14.89 L 17.7 8.96 M 10 10.08 L 6.43 13.08 L 5 12.55 L 10 10.08 M 21.25 2.28 L 0 12.8 L 6.83 15.37 L 16.59 7.16 L 9.26 15.89 L 17.55 18.56 L 21.25 2.29 L 21.25 2.29 Z M 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z"
android:valueTo="M 15.5 13.28 L 15.5 13.28 L 15.5 13.28 L 15.5 13.28 M 7.14 11.9 L 7.14 11.9 L 7.14 11.9 L 7.14 11.9 M 21.25 2.28 L 0 12.8 L 6.83 15.37 L 16.59 7.16 L 9.26 15.89 L 17.55 18.56 L 21.25 2.29 L 21.25 2.29 Z M 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
</animated-vector>

27
client/android/res/drawable/ic_service_connecting.xml
View file

@ -1,27 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<animated-vector xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:aapt="http://schemas.android.com/aapt"
android:drawable="@drawable/ic_service_idle">
<target android:name="strike_thru_path">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 19.73 22 L 21 20.73 L 3.27 3 L 2 4.27 Z"
android:valueTo="M 2 4.27 L 3.27 3 L 3.27 3 L 2 4.27 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
<target android:name="strike_thru_mask">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 0 0 L 24 0 L 24 24 L 0 24 L 0 0 Z M 4.54 1.73 L 3.27 3 L 21 20.73 L 22.27 19.46 Z"
android:valueTo="M 0 0 L 24 0 L 24 24 L 0 24 L 0 0 Z M 4.54 1.73 L 3.27 3 L 3.27 3 L 4.54 1.73 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
</animated-vector>

18
client/android/res/drawable/ic_service_idle.xml
View file

@ -1,18 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="24dp"
android:height="24dp"
android:viewportWidth="24"
android:viewportHeight="24">
<path
android:name="strike_thru_path"
android:pathData="M 19.73 22 L 21 20.73 L 3.27 3 L 2 4.27 Z"
android:fillColor="#fff"
android:strokeWidth="1" />
<clip-path
android:name="strike_thru_mask"
android:pathData="M 0 0 L 24 0 L 24 24 L 0 24 L 0 0 Z M 4.54 1.73 L 3.27 3 L 21 20.73 L 22.27 19.46 Z" />
<path
android:name="holey_icon"
android:pathData="M17.68,9l-1.59,7L12.7,14.89l5-5.93M10,10.08l-3.57,3L5,12.55l5-2.47M21.25,2.28L0,12.8l6.83,2.57,9.76-8.21L9.26,15.89l8.29,2.67,3.7-16.27h0ZM 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z"
android:fillColor="#fff" />
</vector>

27
client/android/res/drawable/ic_service_stopped.xml
View file

@ -1,27 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<animated-vector xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:aapt="http://schemas.android.com/aapt"
android:drawable="@drawable/ic_service_idle">
<target android:name="strike_thru_path">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 2 4.27 L 3.27 3 L 3.27 3 L 2 4.27 Z"
android:valueTo="M 19.73 22 L 21 20.73 L 3.27 3 L 2 4.27 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
<target android:name="strike_thru_mask">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 0 0 L 24 0 L 24 24 L 0 24 L 0 0 Z M 4.54 1.73 L 3.27 3 L 3.27 3 L 4.54 1.73 Z"
android:valueTo="M 0 0 L 24 0 L 24 24 L 0 24 L 0 0 Z M 4.54 1.73 L 3.27 3 L 21 20.73 L 22.27 19.46 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
</animated-vector>

16
client/android/res/drawable/ic_service_stopping.xml
View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<animated-vector xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:aapt="http://schemas.android.com/aapt"
android:drawable="@drawable/ic_service_busy">
<target android:name="path">
<aapt:attr name="android:animation">
<objectAnimator
android:propertyName="pathData"
android:duration="@android:integer/config_mediumAnimTime"
android:valueFrom="M 15.5 13.28 L 15.5 13.28 L 15.5 13.28 L 15.5 13.28 M 7.14 11.9 L 7.14 11.9 L 7.14 11.9 L 7.14 11.9 M 21.25 2.28 L 0 12.8 L 6.83 15.37 L 16.59 7.16 L 9.26 15.89 L 17.55 18.56 L 21.25 2.29 L 21.25 2.29 Z M 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z"
android:valueTo="M 17.68 9 L 16.09 16 L 12.7 14.89 L 17.7 8.96 M 10 10.08 L 6.43 13.08 L 5 12.55 L 10 10.08 M 21.25 2.28 L 0 12.8 L 6.83 15.37 L 16.59 7.16 L 9.26 15.89 L 17.55 18.56 L 21.25 2.29 L 21.25 2.29 Z M 9.45 17.56 L 9.46 22 L 12.09 18.41 L 9.45 17.56 L 9.45 17.56 Z"
android:valueType="pathType"
android:interpolator="@android:interpolator/fast_out_slow_in" />
</aapt:attr>
</target>
</animated-vector>

11
client/android/res/drawable/ic_social_share.xml
View file

@ -1,11 +0,0 @@
<vector xmlns:android="http://schemas.android.com/apk/res/android"
android:width="24dp"
android:height="24dp"
android:autoMirrored="true"
android:viewportWidth="24.0"
android:viewportHeight="24.0"
android:tint="?attr/colorControlNormal">
<path
android:fillColor="#FF000000"
android:pathData="M18,16.08c-0.76,0 -1.44,0.3 -1.96,0.77L8.91,12.7c0.05,-0.23 0.09,-0.46 0.09,-0.7s-0.04,-0.47 -0.09,-0.7l7.05,-4.11c0.54,0.5 1.25,0.81 2.04,0.81 1.66,0 3,-1.34 3,-3s-1.34,-3 -3,-3 -3,1.34 -3,3c0,0.24 0.04,0.47 0.09,0.7L8.04,9.81C7.5,9.31 6.79,9 6,9c-1.66,0 -3,1.34 -3,3s1.34,3 3,3c0.79,0 1.5,-0.31 2.04,-0.81l7.12,4.16c-0.05,0.21 -0.08,0.43 -0.08,0.65 0,1.61 1.31,2.92 2.92,2.92 1.61,0 2.92,-1.31 2.92,-2.92s-1.31,-2.92 -2.92,-2.92z" />
</vector>

4
client/android/res/drawable/splash_background.xml
View file

@ -1,4 +0,0 @@
<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
<item android:drawable="@android:color/black" />
<item android:drawable="@drawable/ic_launcher_foreground" android:gravity="center" android:width="200dp" android:height="200dp"/>
</layer-list>

11
client/android/res/drawable/splashscreen.xml
View file

@ -1,11 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
<item>
<shape android:shape="rectangle">
<solid android:color="#ffffff"/>
</shape>
</item>
<item>
<bitmap android:src="@drawable/logo" android:gravity="center"/>
</item>
</layer-list>

5215
client/android/res/raw/china_ip_list.txt
View file

File diff suppressed because it is too large Load diff

210
client/android/res/values/arrays.xml
View file

@ -1,210 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string-array name="add_first_profile">
<item>@string/add_profile_methods_scan_qr_code</item>
<item>@string/action_import_file</item>
<item>@string/add_profile_methods_manual_settings</item>
</string-array>
<string-array name="enc_method_entry" translatable="false">
<item>RC4-MD5</item>
<item>AES-128-CFB</item>
<item>AES-192-CFB</item>
<item>AES-256-CFB</item>
<item>AES-128-CTR</item>
<item>AES-192-CTR</item>
<item>AES-256-CTR</item>
<item>BF-CFB</item>
<item>CAMELLIA-128-CFB</item>
<item>CAMELLIA-192-CFB</item>
<item>CAMELLIA-256-CFB</item>
<item>SALSA20</item>
<item>CHACHA20</item>
<item>CHACHA20-IETF</item>
<item>AES-128-GCM</item>
<item>AES-192-GCM</item>
<item>AES-256-GCM</item>
<item>CHACHA20-IETF-POLY1305</item>
<item>XCHACHA20-IETF-POLY1305</item>
</string-array>
<string-array name="enc_method_value" translatable="false">
<item>rc4-md5</item>
<item>aes-128-cfb</item>
<item>aes-192-cfb</item>
<item>aes-256-cfb</item>
<item>aes-128-ctr</item>
<item>aes-192-ctr</item>
<item>aes-256-ctr</item>
<item>bf-cfb</item>
<item>camellia-128-cfb</item>
<item>camellia-192-cfb</item>
<item>camellia-256-cfb</item>
<item>salsa20</item>
<item>chacha20</item>
<item>chacha20-ietf</item>
<item>aes-128-gcm</item>
<item>aes-192-gcm</item>
<item>aes-256-gcm</item>
<item>chacha20-ietf-poly1305</item>
<item>xchacha20-ietf-poly1305</item>
</string-array>
<string-array name="bypass_private_route" translatable="false">
<item>1.0.0.0/8</item>
<item>2.0.0.0/7</item>
<item>4.0.0.0/6</item>
<item>8.0.0.0/7</item>
<item>11.0.0.0/8</item>
<item>12.0.0.0/6</item>
<item>16.0.0.0/4</item>
<item>32.0.0.0/3</item>
<item>64.0.0.0/3</item>
<item>96.0.0.0/6</item>
<item>100.0.0.0/10</item>
<item>100.128.0.0/9</item>
<item>101.0.0.0/8</item>
<item>102.0.0.0/7</item>
<item>104.0.0.0/5</item>
<item>112.0.0.0/10</item>
<item>112.64.0.0/11</item>
<item>112.96.0.0/12</item>
<item>112.112.0.0/13</item>
<item>112.120.0.0/14</item>
<item>112.124.0.0/19</item>
<item>112.124.32.0/21</item>
<item>112.124.40.0/22</item>
<item>112.124.44.0/23</item>
<item>112.124.46.0/24</item>
<item>112.124.48.0/20</item>
<item>112.124.64.0/18</item>
<item>112.124.128.0/17</item>
<item>112.125.0.0/16</item>
<item>112.126.0.0/15</item>
<item>112.128.0.0/9</item>
<item>113.0.0.0/8</item>
<item>114.0.0.0/10</item>
<item>114.64.0.0/11</item>
<item>114.96.0.0/12</item>
<item>114.112.0.0/15</item>
<item>114.114.0.0/18</item>
<item>114.114.64.0/19</item>
<item>114.114.96.0/20</item>
<item>114.114.112.0/23</item>
<item>114.114.115.0/24</item>
<item>114.114.116.0/22</item>
<item>114.114.120.0/21</item>
<item>114.114.128.0/17</item>
<item>114.115.0.0/16</item>
<item>114.116.0.0/14</item>
<item>114.120.0.0/13</item>
<item>114.128.0.0/9</item>
<item>115.0.0.0/8</item>
<item>116.0.0.0/6</item>
<item>120.0.0.0/6</item>
<item>124.0.0.0/7</item>
<item>126.0.0.0/8</item>
<item>128.0.0.0/3</item>
<item>160.0.0.0/5</item>
<item>168.0.0.0/8</item>
<item>169.0.0.0/9</item>
<item>169.128.0.0/10</item>
<item>169.192.0.0/11</item>
<item>169.224.0.0/12</item>
<item>169.240.0.0/13</item>
<item>169.248.0.0/14</item>
<item>169.252.0.0/15</item>
<item>169.255.0.0/16</item>
<item>170.0.0.0/7</item>
<item>172.0.0.0/12</item>
<item>172.32.0.0/11</item>
<item>172.64.0.0/10</item>
<item>172.128.0.0/9</item>
<item>173.0.0.0/8</item>
<item>174.0.0.0/7</item>
<item>176.0.0.0/4</item>
<item>192.0.0.8/29</item>
<item>192.0.0.16/28</item>
<item>192.0.0.32/27</item>
<item>192.0.0.64/26</item>
<item>192.0.0.128/25</item>
<item>192.0.1.0/24</item>
<item>192.0.3.0/24</item>
<item>192.0.4.0/22</item>
<item>192.0.8.0/21</item>
<item>192.0.16.0/20</item>
<item>192.0.32.0/19</item>
<item>192.0.64.0/18</item>
<item>192.0.128.0/17</item>
<item>192.1.0.0/16</item>
<item>192.2.0.0/15</item>
<item>192.4.0.0/14</item>
<item>192.8.0.0/13</item>
<item>192.16.0.0/12</item>
<item>192.32.0.0/11</item>
<item>192.64.0.0/12</item>
<item>192.80.0.0/13</item>
<item>192.88.0.0/18</item>
<item>192.88.64.0/19</item>
<item>192.88.96.0/23</item>
<item>192.88.98.0/24</item>
<item>192.88.100.0/22</item>
<item>192.88.104.0/21</item>
<item>192.88.112.0/20</item>
<item>192.88.128.0/17</item>
<item>192.89.0.0/16</item>
<item>192.90.0.0/15</item>
<item>192.92.0.0/14</item>
<item>192.96.0.0/11</item>
<item>192.128.0.0/11</item>
<item>192.160.0.0/13</item>
<item>192.169.0.0/16</item>
<item>192.170.0.0/15</item>
<item>192.172.0.0/14</item>
<item>192.176.0.0/12</item>
<item>192.192.0.0/10</item>
<item>193.0.0.0/8</item>
<item>194.0.0.0/7</item>
<item>196.0.0.0/7</item>
<item>198.0.0.0/12</item>
<item>198.16.0.0/15</item>
<item>198.20.0.0/14</item>
<item>198.24.0.0/13</item>
<item>198.32.0.0/12</item>
<item>198.48.0.0/15</item>
<item>198.50.0.0/16</item>
<item>198.51.0.0/18</item>
<item>198.51.64.0/19</item>
<item>198.51.96.0/22</item>
<item>198.51.101.0/24</item>
<item>198.51.102.0/23</item>
<item>198.51.104.0/21</item>
<item>198.51.112.0/20</item>
<item>198.51.128.0/17</item>
<item>198.52.0.0/14</item>
<item>198.56.0.0/13</item>
<item>198.64.0.0/10</item>
<item>198.128.0.0/9</item>
<item>199.0.0.0/8</item>
<item>200.0.0.0/7</item>
<item>202.0.0.0/8</item>
<item>203.0.0.0/18</item>
<item>203.0.64.0/19</item>
<item>203.0.96.0/20</item>
<item>203.0.112.0/24</item>
<item>203.0.114.0/23</item>
<item>203.0.116.0/22</item>
<item>203.0.120.0/21</item>
<item>203.0.128.0/17</item>
<item>203.1.0.0/16</item>
<item>203.2.0.0/15</item>
<item>203.4.0.0/14</item>
<item>203.8.0.0/13</item>
<item>203.16.0.0/12</item>
<item>203.32.0.0/11</item>
<item>203.64.0.0/10</item>
<item>203.128.0.0/9</item>
<item>204.0.0.0/6</item>
<item>208.0.0.0/4</item>
</string-array>
</resources>

35
client/android/res/values/colors.xml
View file

@ -1,35 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<color name="background_selected">@color/material_primary_100</color>
<color name="background_stat">@color/material_primary_300</color>
<color name="ic_launcher_background">#7488A1</color>
<!-- ssplugin ============================================ -->
<color name="material_green_700">#388E3C</color>
<color name="material_green_a700">#00C853</color>
<color name="material_blue_grey_100">#CFD8DC</color>
<color name="material_blue_grey_300">#90A4AE</color>
<color name="material_blue_grey_500">#607D8B</color>
<color name="material_blue_grey_600">#546E7A</color>
<color name="material_blue_grey_700">#455A64</color>
<color name="material_primary_100">@color/material_blue_grey_100</color>
<color name="material_primary_300">@color/material_blue_grey_300</color>
<color name="material_primary_500">@color/material_blue_grey_500</color>
<color name="material_primary_600">@color/material_blue_grey_600</color>
<color name="material_primary_700">@color/material_blue_grey_700</color>
<color name="material_primary_800">@color/material_blue_grey_800</color>
<color name="material_primary_900">@color/material_blue_grey_900</color>
<color name="material_accent_200">@color/material_green_a700</color>
<color name="light_color_primary">@color/material_primary_500</color>
<color name="light_color_primary_dark">@color/material_primary_700</color>
<color name="light_color_primary_text">@color/material_primary_500</color>
<color name="dark_color_primary">@color/material_primary_800</color>
<color name="dark_color_primary_dark">@color/material_primary_900</color>
<color name="dark_color_primary_text">@color/material_primary_300</color>
<color name="color_primary">@color/light_color_primary</color>
<color name="color_primary_dark">@color/light_color_primary_dark</color>
<color name="color_primary_text">@color/light_color_primary_text</color>
</resources>

7
client/android/res/values/dimen.xml
View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<dimen name="qr_code_size">250dp</dimen>
<dimen name="profile_padding">8dp</dimen>
<dimen name="main_list_padding_bottom">88dp</dimen>
<dimen name="bottom_sheet_padding">8dp</dimen>
</resources>

6
client/android/res/values/splashscreentheme.xml
View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<resources>
<style name="splashScreenTheme">
<item name="android:windowBackground">@drawable/splashscreen</item>
</style>
</resources>

169
client/android/res/values/strings.xml
View file

@ -1,169 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">shadowsocks</string>
<string name="service_mode_vpn">VPN</string>
<string name="speed">%s/s</string>
<string name="quick_toggle">"Switch"</string>
<string name="remote_dns">"Remote DNS"</string>
<string name="stat_summary">"Upload: \t%3$s\t↑\t%1$s
Download: \t%4$s\t↓\t%2$s"</string>
<string name="connection_test_testing">"Testing…"</string>
<string name="connection_test_available">"Connection successful: HTTPS handshake delay %d milliseconds"</string>
<string name="connection_test_error">"Failed: %s"</string>
<string name="connection_test_fail">"No Internet Connection"</string>
<string name="connection_test_error_status_code">"Invalid status code (#%d) "</string>
<!-- proxy category -->
<string name="profile_name">"Profile name"</string>
<string name="proxy">"Server"</string>
<string name="remote_port">"Remote Port"</string>
<string name="sitekey">"Password"</string>
<string name="enc_method">"Encryption"</string>
<!-- feature category -->
<string name="ipv6">"IPv6 routing"</string>
<string name="ipv6_summary">"Forward IPv6 traffic to remote server"</string>
<string name="route_list">"Routing"</string>
<string name="route_entry_gfwlist">"GFW List"</string>
<string name="proxied_apps">"Proxied VPN"</string>
<string name="proxied_apps_summary">"Allow some apps to bypass VPN"</string>
<string name="on">"On"</string>
<string name="bypass_apps">"Bypass"</string>
<string name="bypass_apps_summary">"Bypass selected apps"</string>
<string name="auto_connect">"Auto connect"</string>
<string name="auto_connect_summary">"Allow Shadowsocks to start with the system"</string>
<string name="tcp_fastopen_summary">"Switching may require ROOT permissions"</string>
<string name="tcp_fastopen_summary_unsupported">"Unsupported kernel version: %s &lt; 3.7.1"</string>
<string name="udp_dns">"Using UDP DNS"</string>
<string name="udp_dns_summary">"Requires remote server to support UDP forwarding"</string>
<!-- notification category -->
<string name="forward_success">"Background service has started running. "</string>
<string name="invalid_server">"Invalid server name"</string>
<string name="service_failed">"Unable to connect to remote server"</string>
<string name="stop">"Stop"</string>
<string name="stopping">"stopping…"</string>
<string name="vpn_error">"Background service failed to start: %s"</string>
<string name="reboot_required">"VPN service failed to start. You may need to restart your device."</string>
<string name="profile_invalid_input">"No valid configuration file found."</string>
<!-- alert category -->
<string name="profile_empty">"Please select a profile"</string>
<string name="proxy_empty">"The proxy server address and password cannot be empty"</string>
<string name="connect">"Connect"</string>
<!-- menu category -->
<string name="profiles">"Profiles"</string>
<string name="settings">"Settings"</string>
<string name="faq">"FAQ"</string>
<string name="about">"About"</string>
<string name="about_title">"Shadowsocks %s"</string>
<string name="edit">"Edit"</string>
<string name="share">"Share"</string>
<string name="add_profile">"Add Profile"</string>
<string name="action_apply_all">"Apply settings to all profiles"</string>
<string name="action_export">"Export to clipboard"</string>
<string name="action_import">"Import from clipboard"</string>
<string name="action_export_msg">"Export to clipboard succeeded"</string>
<string name="action_export_err">"Export to clipboard failed"</string>
<string name="action_import_msg">"Import successful"</string>
<string name="action_import_err">"Import failed"</string>
<!-- profile -->
<string name="profile_config">"Profile Config"</string>
<string name="delete">"Delete"</string>
<string name="delete_confirm_prompt">"Are you sure you want to delete this profile?"</string>
<string name="share_qr_nfc">"QR code / NFC"</string>
<string name="add_profile_dialog">"Add this profile for Shadowsock?"</string>
<string name="add_profile_methods_scan_qr_code">"Scan QR code"</string>
<plurals name="removed">
<item quantity="other">"%d items deleted"</item>
</plurals>
<string name="undo">"Undo"</string>
<!-- tasker -->
<string name="toggle_service_state">"Start service"</string>
<string name="start_service_default">"Connect to the current server"</string>
<string name="start_service">"Connect to %s"</string>
<string name="stop_service">"Switch to %s"</string>
<string name="profile_default">"Use current profile"</string>
<!-- status -->
<string name="sent">"Send: "</string>
<string name="received">"Received"</string>
<!-- status -->
<string name="connecting">"connecting…"</string>
<string name="vpn_connected">"Connected, click Test Connection"</string>
<string name="not_connected">"Not connected"</string>
<!-- acl -->
<string name="custom_rules">"Custom rules"</string>
<string name="action_add_rule">"Add rule…"</string>
<string name="edit_rule">"Edit rules"</string>
<string name="route_entry_all">"Global"</string>
<string name="route_entry_bypass_lan">"Bypass LAN addresses"</string>
<string name="route_entry_bypass_chn">"Bypass mainland China addresses"</string>
<string name="route_entry_bypass_lan_chn">"Bypass LAN and Mainland China addresses"</string>
<string name="route_entry_chinalist">"Proxy only for mainland China addresses"</string>
<string name="acl_rule_templates_generic">"Subnet/Domain PCRE Regular Expression"</string>
<string name="acl_rule_templates_domain">"Domain names and their subdomains"</string>
<!-- plugin -->
<string name="plugin">"Plugin"</string>
<string name="plugin_configure">"Configure…"</string>
<string name="plugin_disabled">"Disabled"</string>
<string name="plugin_unknown">"Unknown plugin %s"</string>
<string name="plugin_untrusted">"Warning: This plugin does not appear to be from a known trusted source."</string>
<string name="profile_plugin">"Plugin: %s"</string>
<string name="add_profile_scanner_permission_required">"Scanning the QR code requires permission to use the camera."</string>
<!-- notification category -->
<string name="service_vpn">"VPN service"</string>
<string name="add_profile_methods_manual_settings">"Manual setting"</string>
<!-- misc -->
<string name="advanced">"Advanced options"</string>
<!-- misc -->
<string name="service_mode">"Service mode"</string>
<string name="service_mode_proxy">"Proxy only"</string>
<string name="service_mode_transproxy">"Transparent proxy"</string>
<string name="port_proxy">"SOCKS5 proxy port"</string>
<string name="port_local_dns">"local DNS port"</string>
<string name="port_transproxy">"Transparent proxy port"</string>
<string name="service_proxy">"Proxy mode"</string>
<string name="service_transproxy">"Transparent proxy mode"</string>
<string name="vpn_permission_denied">"Insufficient permission to create VPN service"</string>
<string name="auto_connect_summary_v24">"Allow Shadowsocks to start with the system, an always-on VPN is recommended"</string>
<string name="direct_boot_aware">"Allow toggle on lock screen"</string>
<string name="direct_boot_aware_summary">"The selected configuration information will be less secure"</string>
<string name="acl_rule_online_config">"Online Rules File URL"</string>
<string name="action_import_file">"Import from file…"</string>
<string name="night_mode">"Night Mode"</string>
<string name="night_mode_system">"System"</string>
<string name="night_mode_auto">"Auto"</string>
<string name="night_mode_on">"On"</string>
<string name="night_mode_off">"Off"</string>
<string name="send_email">"Send email"</string>
<string name="action_export_more">"Export…"</string>
<string name="action_export_file">"Export to file…"</string>
<string name="cleartext_http_warning">"HTTP clear text traffic is not secure"</string>
<string name="share_over_lan">"Share via LAN"</string>
<string name="connection_test_pending">"Check connection"</string>
<string name="file_manager_missing">"Please install a file manager such as MiXplorer"</string>
<string name="tcp_fastopen_failure">"Failed to switch"</string>
<string name="udp_fallback">"UDP configuration"</string>
<string name="action_replace_file">"Replace from file…"</string>
<string name="off">"Off"</string>
<string name="proxied_apps_mode">"model"</string>
<string name="proxy_cat">"Server settings"</string>
<string name="feature_cat">"Function settings"</string>
<string name="unsaved_changes_prompt">"Do you want to save the changes?"</string>
<string name="yes">"Yes"</string>
<string name="no">"No"</string>
<string name="apply">"Apply"</string>
</resources>

10
client/android/res/values/style.xml
View file

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<style name="AppTheme" parent="@android:style/Theme.DeviceDefault.Light.NoActionBar">
<item name="android:statusBarColor">@android:color/transparent</item>
</style>
<style name="AppTheme.Splash" parent="AppTheme">
<item name="android:windowBackground">@drawable/splash_background</item>
</style>
</resources>

4
client/android/res/values/vpnicon_background.xml
View file

@ -1,4 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<color name="vpnicon_background">#000000</color>
</resources>

2
client/android/settings.gradle
View file

@ -4,6 +4,7 @@ pluginManagement {
mavenCentral()
jcenter()
gradlePluginPortal()
maven { url 'https://jitpack.io' }
}
}
@ -13,6 +14,7 @@ dependencyResolutionManagement {
google()
mavenCentral()
jcenter()
maven { url 'https://jitpack.io' }
}
}

4
client/android/shadowsocks/build.gradle
View file

@ -59,11 +59,11 @@ dependencies {
implementation "com.google.code.gson:gson:2.8.5"
implementation "dnsjava:dnsjava:2.1.9"
implementation "org.connectbot.jsocks:jsocks:1.0.0"
implementation "com.github.kruton:jsocks:1.0.0"
implementation "com.afollestad.material-dialogs:core:2.6.0"
// api "com.takisoft.preferencex:preferencex:1.0.0"
implementation 'com.takisoft.preferencex:preferencex:1.1.0'
api 'org.connectbot.jsocks:jsocks:1.0.0'
api 'com.github.kruton:jsocks:1.0.0'
kapt "androidx.room:room-compiler:$roomVersion"
kapt "androidx.lifecycle:lifecycle-compiler:2.4.0"

2
client/android/shadowsocks/src/main/java/org/amnezia/vpn/shadowsocks/core/bg/Executable.kt
View file

@ -30,7 +30,7 @@ import java.io.IOException
object Executable {
const val REDSOCKS = "libredsocks.so"
const val SS_LOCAL = "libss-local.so"
const val SS_LOCAL = "libsslocal.so"
const val TUN2SOCKS = "libtun2socks.so"
private val EXECUTABLES = setOf(SS_LOCAL, REDSOCKS, TUN2SOCKS)

1
client/android/shadowsocks/src/main/jniLibs Symbolic link
View file

@ -0,0 +1 @@
../../../../../client/3rd-prebuilt/3rd-prebuilt/shadowsocks/android

BIN
client/android/shadowsocks/src/main/jniLibs/arm64-v8a/libredsocks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/arm64-v8a/libss-local.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/arm64-v8a/libtun2socks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/armeabi-v7a/libredsocks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/armeabi-v7a/libss-local.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/armeabi-v7a/libtun2socks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86/libredsocks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86/libss-local.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86/libtun2socks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86_64/libredsocks.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86_64/libss-local.so
View file

Binary file not shown.

BIN
client/android/shadowsocks/src/main/jniLibs/x86_64/libtun2socks.so
View file

Binary file not shown.

19
client/android/src/com/wireguard/android/backend/GoBackend.java Normal file
View file

@ -0,0 +1,19 @@
package com.wireguard.android.backend;
public final class GoBackend {
private static final String TAG = "WireGuard/GoBackend";
public static native String wgGetConfig(int handle);
public static native int wgGetSocketV4(int handle);
public static native int wgGetSocketV6(int handle);
public static native void wgTurnOff(int handle);
public static native int wgTurnOn(String ifName, int tunFd, String settings);
public static native String wgVersion();
}

195
client/android/src/org/amnezia/vpn/NetworkState.kt Normal file
View file

@ -0,0 +1,195 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.amnezia.vpn
import android.content.Context
import android.content.Intent
import android.os.*
import android.net.*
import android.system.ErrnoException
import android.net.NetworkCapabilities
import android.net.NetworkCapabilities.NET_CAPABILITY_CAPTIVE_PORTAL
import android.net.NetworkCapabilities.NET_CAPABILITY_DUN
import android.net.NetworkCapabilities.NET_CAPABILITY_FOREGROUND
import android.net.NetworkCapabilities.NET_CAPABILITY_FOTA
import android.net.NetworkCapabilities.NET_CAPABILITY_IA
import android.net.NetworkCapabilities.NET_CAPABILITY_IMS
import android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET
import android.net.NetworkCapabilities.NET_CAPABILITY_MCX
import android.net.NetworkCapabilities.NET_CAPABILITY_MMS
import android.net.NetworkCapabilities.NET_CAPABILITY_NOT_CONGESTED
import android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED
import android.net.NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING
import android.net.NetworkCapabilities.NET_CAPABILITY_NOT_SUSPENDED
import android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN
import android.net.NetworkCapabilities.NET_CAPABILITY_SUPL
import android.net.NetworkCapabilities.NET_CAPABILITY_TEMPORARILY_NOT_METERED
import android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED
import android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED
import android.net.NetworkCapabilities.NET_CAPABILITY_WIFI_P2P
import android.net.NetworkCapabilities.NET_CAPABILITY_XCAP
import android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH
import android.net.NetworkCapabilities.TRANSPORT_CELLULAR
import android.net.NetworkCapabilities.TRANSPORT_ETHERNET
import android.net.NetworkCapabilities.TRANSPORT_LOWPAN
import android.net.NetworkCapabilities.TRANSPORT_USB
import android.net.NetworkCapabilities.TRANSPORT_VPN
import android.net.NetworkCapabilities.TRANSPORT_WIFI
import android.net.NetworkCapabilities.TRANSPORT_WIFI_AWARE
import java.io.Closeable
import java.util.EnumSet
import java.io.File
import androidx.core.app.ActivityCompat
import androidx.core.content.ContextCompat
import java.io.FileDescriptor
import java.io.IOException
import java.lang.Exception
class NetworkState(var service: VPNService) {
private var mService: VPNService = service
var mCurrentContext: Context = service
private val tag = "NetworkState"
private var active = false
private var listeningForDefaultNetwork = false
private var metered = false
enum class Transport(val systemConstant: Int) {
BLUETOOTH(TRANSPORT_BLUETOOTH),
CELLULAR(TRANSPORT_CELLULAR),
ETHERNET(TRANSPORT_ETHERNET),
VPN(TRANSPORT_VPN),
WIFI(TRANSPORT_WIFI),
WIFI_AWARE(if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) TRANSPORT_WIFI_AWARE else UNSUPPORTED_TRANSPORT),
LOWPAN(if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O_MR1) TRANSPORT_LOWPAN else UNSUPPORTED_TRANSPORT),
USB(if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) TRANSPORT_USB else UNSUPPORTED_TRANSPORT)
}
companion object {
private const val UNSUPPORTED_TRANSPORT: Int = -1 // The TRANSPORT_* constants are non-negative.
private const val NOT_VPN = "NOT_VPN"
private val defaultNetworkRequest = NetworkRequest.Builder()
.addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET)
.addCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED)
.build()
}
private data class NetworkTransports(
val network: Network,
val transports: Set<Transport>
)
private fun getTransports(networkCapabilities: NetworkCapabilities): EnumSet<Transport> =
Transport.values().mapNotNullTo(EnumSet.noneOf(Transport::class.java)) {
if (networkCapabilities.hasTransport(it.systemConstant)) it else null
}
private var defaultNetworkCapabilities: Map<String, Boolean> = LinkedHashMap()
private var defaultNetwork: NetworkTransports? = null
val defaultNetworkTransports: Set<Transport>
get() = defaultNetwork?.transports ?: emptySet()
private val capabilitiesConstantMap = mutableMapOf(
"MMS" to NET_CAPABILITY_MMS,
"SUPL" to NET_CAPABILITY_SUPL,
"DUN" to NET_CAPABILITY_DUN,
"FOTA" to NET_CAPABILITY_FOTA,
"IMS" to NET_CAPABILITY_IMS,
"WIFI_P2P" to NET_CAPABILITY_WIFI_P2P,
"IA" to NET_CAPABILITY_IA,
"XCAP" to NET_CAPABILITY_XCAP,
"NOT_METERED" to NET_CAPABILITY_NOT_METERED,
"INTERNET" to NET_CAPABILITY_INTERNET,
NOT_VPN to NET_CAPABILITY_NOT_VPN,
"TRUSTED" to NET_CAPABILITY_TRUSTED,
"TEMP NOT METERED" to NET_CAPABILITY_TEMPORARILY_NOT_METERED,
"NOT SUSPENDED" to NET_CAPABILITY_MCX,
).apply {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
put("VALIDATED", NET_CAPABILITY_VALIDATED)
put("CAPTIVE PORTAL", NET_CAPABILITY_CAPTIVE_PORTAL)
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
put("NOT ROAMING", NET_CAPABILITY_NOT_ROAMING)
put("TRUSTED", NET_CAPABILITY_FOREGROUND)
put("NOT CONGESTED", NET_CAPABILITY_NOT_CONGESTED)
put("NOT SUSPENDED", NET_CAPABILITY_NOT_SUSPENDED)
}
} as Map<String, Int>
private val connectivity by lazy { mCurrentContext.getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager }
private var mLastNetworkCapabilities: String? = null
private val defaultNetworkCallback = object : ConnectivityManager.NetworkCallback() {
override fun onAvailable(network: Network) {
super.onAvailable(network)
Log.i(tag, "onAvailable $network")
}
override fun onCapabilitiesChanged(network: Network, networkCapabilities: NetworkCapabilities) {
val newCapabilities = capabilitiesConstantMap.mapValues {
networkCapabilities.hasCapability(it.value)
}
val newTransports = getTransports(networkCapabilities)
val capabilitiesChanged = defaultNetworkCapabilities != newCapabilities
if (defaultNetwork?.network != network ||
defaultNetwork?.transports != newTransports ||
capabilitiesChanged
) {
Log.i(
tag,
"default network: $network; transports: ${newTransports.joinToString(", ")}; " +
"capabilities: $newCapabilities"
)
defaultNetwork = NetworkTransports(network, newTransports)
}
if (capabilitiesChanged) {
mService.networkChange()
Log.i(tag, "onCapabilitiesChanged capabilitiesChanged $network $networkCapabilities")
defaultNetworkCapabilities = newCapabilities
}
super.onCapabilitiesChanged(network, networkCapabilities)
}
override fun onBlockedStatusChanged(network: Network, blocked: Boolean) {
super.onBlockedStatusChanged(network, blocked)
Log.i(tag, "onBlockedStatusChanged $network $blocked")
}
override fun onLost(network: Network) {
super.onLost(network)
Log.i(tag, "onLost")
}
}
fun bindNetworkListener() {
if (Build.VERSION.SDK_INT >= 28) {
// we want REQUEST here instead of LISTEN
connectivity.requestNetwork(defaultNetworkRequest, defaultNetworkCallback)
listeningForDefaultNetwork = true
}
}
fun unBindNetworkListener() {
if (Build.VERSION.SDK_INT >= 28) {
connectivity.unregisterNetworkCallback(defaultNetworkCallback)
listeningForDefaultNetwork = false
}
}
}

8
client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt
View file

@ -26,6 +26,8 @@ import net.openvpn.ovpn3.ClientAPI_OpenVPNClient
import net.openvpn.ovpn3.ClientAPI_ProvideCreds
import net.openvpn.ovpn3.ClientAPI_Status
import net.openvpn.ovpn3.ClientAPI_TransportStats
import java.lang.StringBuilder
class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runnable {
@ -58,6 +60,12 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
return stats_value(bytesOutIndex)
}
override fun reconnect(seconds :Int) {
Log.v(tag, "reconnect")
super.reconnect(seconds)
}
override fun run() {
val config: ClientAPI_Config = ClientAPI_Config()

60
client/android/src/org/amnezia/vpn/VPNService.kt
View file

@ -20,6 +20,7 @@ import androidx.core.content.FileProvider
import com.wireguard.android.util.SharedLibraryLoader
import com.wireguard.config.*
import com.wireguard.crypto.Key
import com.wireguard.android.backend.GoBackend
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.delay
import kotlinx.coroutines.launch
@ -48,6 +49,7 @@ import android.net.VpnService as BaseVpnService
class VPNService : BaseVpnService(), LocalDnsService.Interface {
override val data = BaseService.Data(this)
override val tag: String get() = "VPNService"
// override fun createNotification(profileName: String): ServiceNotification =
// ServiceNotification(this, profileName, "service-vpn")
@ -56,6 +58,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
private var worker: ProtectWorker? = null
private var active = false
private var metered = false
private var mNetworkState = NetworkState(this)
private var underlyingNetwork: Network? = null
set(value) {
field = value
@ -121,23 +124,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
})
}
@JvmStatic
private external fun wgGetConfig(handle: Int): String?
@JvmStatic
private external fun wgGetSocketV4(handle: Int): Int
@JvmStatic
private external fun wgGetSocketV6(handle: Int): Int
@JvmStatic
private external fun wgTurnOff(handle: Int)
@JvmStatic
private external fun wgTurnOn(ifName: String, tunFd: Int, settings: String): Int
@JvmStatic
private external fun wgVersion(): String?
}
private var mBinder: VPNServiceBinder = VPNServiceBinder(this)
@ -162,7 +148,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
SharedLibraryLoader.loadSharedLibrary(this, "wg-go")
SharedLibraryLoader.loadSharedLibrary(this, "ovpn3")
Log.i(tag, "Loaded libs")
Log.e(tag, "Wireguard Version ${wgVersion()}")
Log.e(tag, "Wireguard Version ${GoBackend.wgVersion()}")
mOpenVPNThreadv3 = OpenVPNThreadv3(this)
mAlreadyInitialised = true
}
@ -241,6 +227,10 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
mProtocol = mConfig!!.getString("protocol")
Log.e(tag, "mProtocol: $mProtocol")
if (mProtocol.equals("cloak", true) || (mProtocol.equals("openvpn", true))) {
startOpenVpn()
mNetworkState.bindNetworkListener()
}
if (mProtocol.equals("shadowsocks", true)) {
if (DataStore.serviceMode == modeVpn) {
if (prepare(this) != null) {
@ -266,7 +256,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
// At this moment, the VPN interface is already deactivated by the system.
override fun onRevoke() {
Log.v(tag, "Aman: onRevoke....................")
this.turnOff()
//this.turnOff()
super.onRevoke()
}
@ -379,7 +369,15 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
when (mProtocol) {
"cloak",
"openvpn" -> {
startOpenVpn()
startOpenVpn()
// Store the config in case the service gets
// asked boot vpn from the OS
val prefs = Prefs.get(this)
prefs.edit()
.putString("lastConf", mConfig.toString())
.apply()
mNetworkState.bindNetworkListener()
}
"wireguard" -> {
startWireGuard()
@ -428,6 +426,14 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
mbuilder.addRoute(ip, 32)
}
}
fun networkChange() {
Log.i(tag, "mProtocol $mProtocol")
if (isUp){
mbuilder = Builder()
mOpenVPNThreadv3?.reconnect(0)
}
}
fun setSessionName(name: String) {
Log.v(tag, "mbuilder.setSession($name)")
@ -452,11 +458,12 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
Log.v(tag, "Aman: turnOff....................")
when (mProtocol) {
"wireguard" -> {
wgTurnOff(currentTunnelHandle)
GoBackend.wgTurnOff(currentTunnelHandle)
}
"cloak",
"openvpn" -> {
ovpnTurnOff()
mNetworkState.unBindNetworkListener()
}
"shadowsocks" -> {
stopRunner(false)
@ -517,7 +524,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
if (!isUp) {
return null
}
val config = wgGetConfig(currentTunnelHandle) ?: return null
val config = GoBackend.wgGetConfig(currentTunnelHandle) ?: return null
val lines = config.split("\n")
for (line in lines) {
val parts = line.split("=")
@ -715,7 +722,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
if (currentTunnelHandle != -1) {
Log.e(tag, "Tunnel already up")
// Turn the tunnel down because this might be a switch
wgTurnOff(currentTunnelHandle)
GoBackend.wgTurnOff(currentTunnelHandle)
}
val wgConfig: String = wireguard_conf.toWgUserspaceString()
val builder = Builder()
@ -723,16 +730,15 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
builder.setSession("Amnezia")
builder.establish().use { tun ->
if (tun == null) return
Log.i(tag, "Go backend " + wgVersion())
currentTunnelHandle = wgTurnOn("Amnezia", tun.detachFd(), wgConfig)
currentTunnelHandle = GoBackend.wgTurnOn("Amnezia", tun.detachFd(), wgConfig)
}
if (currentTunnelHandle < 0) {
Log.e(tag, "Activation Error Code -> $currentTunnelHandle")
isUp = false
return
}
protect(wgGetSocketV4(currentTunnelHandle))
protect(wgGetSocketV6(currentTunnelHandle))
protect(GoBackend.wgGetSocketV4(currentTunnelHandle))
protect(GoBackend.wgGetSocketV6(currentTunnelHandle))
isUp = true
// Store the config in case the service gets

44
client/android/wireguard/CMakeLists.txt
View file

@ -1,44 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
cmake_minimum_required(VERSION 3.4.1)
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
message("PROJECT_SOURCE_DIR ${PROJECT_SOURCE_DIR}")
set( CMAKE_WG_TOOLS_DIR ../../../../desktop-client/client/3rd/wireguard-tools )
find_program(CCACHE_FOUND ccache)
if(CCACHE_FOUND)
set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
set_property(GLOBAL PROPERTY RULE_LAUNCH_LINK ccache)
endif(CCACHE_FOUND)
# Work around https://github.com/android-ndk/ndk/issues/602
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=gold")
add_executable(libwg-quick.so ${CMAKE_WG_TOOLS_DIR}/src/wg-quick/android.c ndk-compat/compat.c)
target_compile_options(libwg-quick.so PUBLIC -O3 -std=gnu11 -Wall -include ${CMAKE_CURRENT_SOURCE_DIR}/ndk-compat/compat.h -DWG_PACKAGE_NAME=\"${ANDROID_PACKAGE_NAME}\")
target_link_libraries(libwg-quick.so -ldl)
file(GLOB WG_SOURCES ${CMAKE_WG_TOOLS_DIR}/src/*.c ndk-compat/compat.c)
add_executable(libwg.so ${WG_SOURCES})
target_include_directories(libwg.so PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/${CMAKE_WG_TOOLS_DIR}/src/uapi/linux/" "${CMAKE_CURRENT_SOURCE_DIR}/${CMAKE_WG_TOOLS_DIR}/src/")
target_compile_options(libwg.so PUBLIC -O3 -std=gnu11 -D_GNU_SOURCE -include ${CMAKE_CURRENT_SOURCE_DIR}/ndk-compat/compat.h -DHAVE_VISIBILITY_HIDDEN -DRUNSTATEDIR=\"/data/data/${ANDROID_PACKAGE_NAME}/cache\")
add_custom_target(libwg-go.so WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/libwg-go" COMMENT "Building wireguard-go" VERBATIM COMMAND make
ANDROID_ARCH_NAME=${ANDROID_ARCH_NAME}
ANDROID_C_COMPILER=${ANDROID_C_COMPILER}
ANDROID_TOOLCHAIN_ROOT=${ANDROID_TOOLCHAIN_ROOT}
ANDROID_LLVM_TRIPLE=${ANDROID_LLVM_TRIPLE}
ANDROID_SYSROOT=${ANDROID_SYSROOT}
ANDROID_PACKAGE_NAME=${ANDROID_PACKAGE_NAME}
GRADLE_USER_HOME=${GRADLE_USER_HOME}
CFLAGS=${CMAKE_C_FLAGS}\ -Wno-unused-command-line-argument
LDFLAGS=${CMAKE_SHARED_LINKER_FLAGS}\ -fuse-ld=gold
DESTDIR=${CMAKE_LIBRARY_OUTPUT_DIRECTORY}
BUILDDIR=${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/../generated-src
)
# Hack to make it actually build as part of the default target
add_dependencies(libwg.so libwg-go.so)

52
client/android/wireguard/libwg-go/Makefile
View file

@ -1,52 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
BUILDDIR ?= $(CURDIR)/build
DESTDIR ?= $(CURDIR)/out
NDK_GO_ARCH_MAP_x86 := 386
NDK_GO_ARCH_MAP_x86_64 := amd64
NDK_GO_ARCH_MAP_arm := arm
NDK_GO_ARCH_MAP_arm64 := arm64
NDK_GO_ARCH_MAP_mips := mipsx
NDK_GO_ARCH_MAP_mips64 := mips64x
CLANG_FLAGS := --target=$(ANDROID_LLVM_TRIPLE) --gcc-toolchain=$(ANDROID_TOOLCHAIN_ROOT) --sysroot=$(ANDROID_SYSROOT)
export CGO_CFLAGS := $(CLANG_FLAGS) $(CFLAGS)
export CGO_LDFLAGS := $(CLANG_FLAGS) $(LDFLAGS) -Wl,-soname=libwg-go.so
export CC := $(ANDROID_C_COMPILER)
export GOARCH := $(NDK_GO_ARCH_MAP_$(ANDROID_ARCH_NAME))
export GOOS := android
export CGO_ENABLED := 1
GO_VERSION := 1.16
GO_PLATFORM := $(shell uname -s | tr '[:upper:]' '[:lower:]')-$(NDK_GO_ARCH_MAP_$(shell uname -m))
GO_TARBALL := go$(GO_VERSION).$(GO_PLATFORM).tar.gz
GO_HASH_darwin-amd64 := 6000a9522975d116bf76044967d7e69e04e982e9625330d9a539a8b45395f9a8
GO_HASH_darwin-arm64 := 4dac57c00168d30bbd02d95131d5de9ca88e04f2c5a29a404576f30ae9b54810
GO_HASH_linux-amd64 := 013a489ebb3e24ef3d915abe5b94c3286c070dfe0818d5bca8108f1d6e8440d2
default: $(DESTDIR)/libwg-go.so
$(GRADLE_USER_HOME)/caches/golang/$(GO_TARBALL):
mkdir -p "$(dir $@)"
flock "$@.lock" -c ' \
[ -f "$@" ] && exit 0; \
curl -o "$@.tmp" "https://dl.google.com/go/$(GO_TARBALL)" && \
echo "$(GO_HASH_$(GO_PLATFORM)) $@.tmp" | sha256sum -c && \
mv "$@.tmp" "$@"'
$(BUILDDIR)/go-$(GO_VERSION)/.prepared: $(GRADLE_USER_HOME)/caches/golang/$(GO_TARBALL)
mkdir -p "$(dir $@)"
flock "$@.lock" -c ' \
[ -f "$@" ] && exit 0; \
tar -C "$(dir $@)" --strip-components=1 -xzf "$^" && \
patch -p1 -f -N -r- -d "$(dir $@)" < goruntime-boottime-over-monotonic.diff && \
touch "$@"'
$(DESTDIR)/libwg-go.so: export PATH := $(BUILDDIR)/go-$(GO_VERSION)/bin/:$(PATH)
$(DESTDIR)/libwg-go.so: $(BUILDDIR)/go-$(GO_VERSION)/.prepared go.mod
go build -tags linux -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/$(ANDROID_PACKAGE_NAME)/cache/wireguard" -v -trimpath -o "$@" -buildmode c-shared
.DELETE_ON_ERROR:

227
client/android/wireguard/libwg-go/api-android.go
View file

@ -1,227 +0,0 @@
/* SPDX-License-Identifier: Apache-2.0
*
* Copyright (C) 2017-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
package main
// #cgo LDFLAGS: -llog
// #include <android/log.h>
import "C"
import (
"fmt"
"math"
"net"
"os"
"os/signal"
"runtime"
"runtime/debug"
"strings"
"unsafe"
"golang.org/x/sys/unix"
"golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/device"
"golang.zx2c4.com/wireguard/ipc"
"golang.zx2c4.com/wireguard/tun"
)
type AndroidLogger struct {
level C.int
tag *C.char
}
func cstring(s string) *C.char {
b, err := unix.BytePtrFromString(s)
if err != nil {
b := [1]C.char{}
return &b[0]
}
return (*C.char)(unsafe.Pointer(b))
}
func (l AndroidLogger) Printf(format string, args ...interface{}) {
C.__android_log_write(l.level, l.tag, cstring(fmt.Sprintf(format, args...)))
}
type TunnelHandle struct {
device *device.Device
uapi net.Listener
}
var tunnelHandles map[int32]TunnelHandle
func init() {
tunnelHandles = make(map[int32]TunnelHandle)
signals := make(chan os.Signal)
signal.Notify(signals, unix.SIGUSR2)
go func() {
buf := make([]byte, os.Getpagesize())
for {
select {
case <-signals:
n := runtime.Stack(buf, true)
if n == len(buf) {
n--
}
buf[n] = 0
C.__android_log_write(C.ANDROID_LOG_ERROR, cstring("WireGuard/GoBackend/Stacktrace"), (*C.char)(unsafe.Pointer(&buf[0])))
}
}
}()
}
//export wgTurnOn
func wgTurnOn(interfaceName string, tunFd int32, settings string) int32 {
tag := cstring("WireGuard/GoBackend/" + interfaceName)
logger := &device.Logger{
Verbosef: AndroidLogger{level: C.ANDROID_LOG_DEBUG, tag: tag}.Printf,
Errorf: AndroidLogger{level: C.ANDROID_LOG_ERROR, tag: tag}.Printf,
}
tun, name, err := tun.CreateUnmonitoredTUNFromFD(int(tunFd))
if err != nil {
unix.Close(int(tunFd))
logger.Errorf("CreateUnmonitoredTUNFromFD: %v", err)
return -1
}
logger.Verbosef("Attaching to interface %v", name)
device := device.NewDevice(tun, conn.NewStdNetBind(), logger)
err = device.IpcSet(settings)
if err != nil {
unix.Close(int(tunFd))
logger.Errorf("IpcSet: %v", err)
return -1
}
device.DisableSomeRoamingForBrokenMobileSemantics()
var uapi net.Listener
uapiFile, err := ipc.UAPIOpen(name)
if err != nil {
logger.Errorf("UAPIOpen: %v", err)
} else {
uapi, err = ipc.UAPIListen(name, uapiFile)
if err != nil {
uapiFile.Close()
logger.Errorf("UAPIListen: %v", err)
} else {
go func() {
for {
conn, err := uapi.Accept()
if err != nil {
return
}
go device.IpcHandle(conn)
}
}()
}
}
err = device.Up()
if err != nil {
logger.Errorf("Unable to bring up device: %v", err)
uapiFile.Close()
device.Close()
return -1
}
logger.Verbosef("Device started")
var i int32
for i = 0; i < math.MaxInt32; i++ {
if _, exists := tunnelHandles[i]; !exists {
break
}
}
if i == math.MaxInt32 {
logger.Errorf("Unable to find empty handle")
uapiFile.Close()
device.Close()
return -1
}
tunnelHandles[i] = TunnelHandle{device: device, uapi: uapi}
return i
}
//export wgTurnOff
func wgTurnOff(tunnelHandle int32) {
handle, ok := tunnelHandles[tunnelHandle]
if !ok {
return
}
delete(tunnelHandles, tunnelHandle)
if handle.uapi != nil {
handle.uapi.Close()
}
handle.device.Close()
}
//export wgGetSocketV4
func wgGetSocketV4(tunnelHandle int32) int32 {
handle, ok := tunnelHandles[tunnelHandle]
if !ok {
return -1
}
bind, _ := handle.device.Bind().(conn.PeekLookAtSocketFd)
if bind == nil {
return -1
}
fd, err := bind.PeekLookAtSocketFd4()
if err != nil {
return -1
}
return int32(fd)
}
//export wgGetSocketV6
func wgGetSocketV6(tunnelHandle int32) int32 {
handle, ok := tunnelHandles[tunnelHandle]
if !ok {
return -1
}
bind, _ := handle.device.Bind().(conn.PeekLookAtSocketFd)
if bind == nil {
return -1
}
fd, err := bind.PeekLookAtSocketFd6()
if err != nil {
return -1
}
return int32(fd)
}
//export wgGetConfig
func wgGetConfig(tunnelHandle int32) *C.char {
handle, ok := tunnelHandles[tunnelHandle]
if !ok {
return nil
}
settings, err := handle.device.IpcGet()
if err != nil {
return nil
}
return C.CString(settings)
}
//export wgVersion
func wgVersion() *C.char {
info, ok := debug.ReadBuildInfo()
if !ok {
return C.CString("unknown")
}
for _, dep := range info.Deps {
if dep.Path == "golang.zx2c4.com/wireguard" {
parts := strings.Split(dep.Version, "-")
if len(parts) == 3 && len(parts[2]) == 12 {
return C.CString(parts[2][:7])
}
return C.CString(dep.Version)
}
}
return C.CString("unknown")
}
func main() {}

10
client/android/wireguard/libwg-go/go.mod
View file

@ -1,10 +0,0 @@
module golang.zx2c4.com/wireguard/android
go 1.16
require (
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 // indirect
golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d // indirect
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43
golang.zx2c4.com/wireguard v0.0.0-20210222142647-219296a1e787
)

21
client/android/wireguard/libwg-go/go.sum
View file

@ -1,21 +0,0 @@
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d h1:1aflnvSoWWLI2k/dMUAl5lvU1YO4Mb4hz0gh+1rjcxU=
golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210105210732-16f7687f5001/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43 h1:SgQ6LNaYJU0JIuEHv9+s6EbhSCwYeAf5Yvj6lpYlqAE=
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.zx2c4.com/wireguard v0.0.0-20210222142647-219296a1e787 h1:zrctiUlt4hD1sgxBYrG5CAjobVhpdxnUXy+qyWWLR1w=
golang.zx2c4.com/wireguard v0.0.0-20210222142647-219296a1e787/go.mod h1:LofpIKqPJNvHiwKXuzsBshJCTe7IgRAz3iizquljFDk=

161
client/android/wireguard/libwg-go/goruntime-boottime-over-monotonic.diff
View file

@ -1,161 +0,0 @@
From b83553d9f260ba20c6faaa52e6fe6f74309eb41a Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 22 Feb 2021 02:36:03 +0100
Subject: [PATCH] runtime: use CLOCK_BOOTTIME in nanotime on Linux
This makes timers account for having expired while a computer was
asleep, which is quite common on mobile devices. Note that BOOTTIME is
identical to MONOTONIC, except that it takes into account time spent
in suspend. In Linux 4.17, the kernel will actually make MONOTONIC act
like BOOTTIME anyway, so this switch will additionally unify the
timer behavior across kernels.
BOOTTIME was introduced into Linux 2.6.39-rc1 with 70a08cca1227d in
2011.
Fixes #24595
Change-Id: I7b2a6ca0c5bc5fce57ec0eeafe7b68270b429321
---
src/runtime/sys_linux_386.s | 4 ++--
src/runtime/sys_linux_amd64.s | 2 +-
src/runtime/sys_linux_arm.s | 4 ++--
src/runtime/sys_linux_arm64.s | 4 ++--
src/runtime/sys_linux_mips64x.s | 2 +-
src/runtime/sys_linux_mipsx.s | 2 +-
src/runtime/sys_linux_ppc64x.s | 2 +-
src/runtime/sys_linux_s390x.s | 2 +-
8 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/runtime/sys_linux_386.s b/src/runtime/sys_linux_386.s
index 1e3a834812..78b6021fc7 100644
--- a/src/runtime/sys_linux_386.s
+++ b/src/runtime/sys_linux_386.s
@@ -337,13 +337,13 @@ noswitch:
LEAL 8(SP), BX // &ts (struct timespec)
MOVL BX, 4(SP)
- MOVL $1, 0(SP) // CLOCK_MONOTONIC
+ MOVL $7, 0(SP) // CLOCK_BOOTTIME
CALL AX
JMP finish
fallback:
MOVL $SYS_clock_gettime, AX
- MOVL $1, BX // CLOCK_MONOTONIC
+ MOVL $7, BX // CLOCK_BOOTTIME
LEAL 8(SP), CX
INVOKE_SYSCALL
diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
index 37cb8dad03..e8b730bcaa 100644
--- a/src/runtime/sys_linux_amd64.s
+++ b/src/runtime/sys_linux_amd64.s
@@ -302,7 +302,7 @@ noswitch:
SUBQ $16, SP // Space for results
ANDQ $~15, SP // Align for C code
- MOVL $1, DI // CLOCK_MONOTONIC
+ MOVL $7, DI // CLOCK_BOOTTIME
LEAQ 0(SP), SI
MOVQ runtime·vdsoClockgettimeSym(SB), AX
CMPQ AX, $0
diff --git a/src/runtime/sys_linux_arm.s b/src/runtime/sys_linux_arm.s
index 475f52344c..bb567abcf4 100644
--- a/src/runtime/sys_linux_arm.s
+++ b/src/runtime/sys_linux_arm.s
@@ -11,7 +11,7 @@
#include "textflag.h"
#define CLOCK_REALTIME 0
-#define CLOCK_MONOTONIC 1
+#define CLOCK_BOOTTIME 7
// for EABI, as we don't support OABI
#define SYS_BASE 0x0
@@ -366,7 +366,7 @@ noswitch:
SUB $24, R13 // Space for results
BIC $0x7, R13 // Align for C code
- MOVW $CLOCK_MONOTONIC, R0
+ MOVW $CLOCK_BOOTTIME, R0
MOVW $8(R13), R1 // timespec
MOVW runtime·vdsoClockgettimeSym(SB), R2
CMP $0, R2
diff --git a/src/runtime/sys_linux_arm64.s b/src/runtime/sys_linux_arm64.s
index 198a5bacef..9715387f36 100644
--- a/src/runtime/sys_linux_arm64.s
+++ b/src/runtime/sys_linux_arm64.s
@@ -13,7 +13,7 @@
#define AT_FDCWD -100
#define CLOCK_REALTIME 0
-#define CLOCK_MONOTONIC 1
+#define CLOCK_BOOTTIME 7
#define SYS_exit 93
#define SYS_read 63
@@ -319,7 +319,7 @@ noswitch:
BIC $15, R1
MOVD R1, RSP
- MOVW $CLOCK_MONOTONIC, R0
+ MOVW $CLOCK_BOOTTIME, R0
MOVD runtime·vdsoClockgettimeSym(SB), R2
CBZ R2, fallback
diff --git a/src/runtime/sys_linux_mips64x.s b/src/runtime/sys_linux_mips64x.s
index c3e9f37694..e3879acd38 100644
--- a/src/runtime/sys_linux_mips64x.s
+++ b/src/runtime/sys_linux_mips64x.s
@@ -312,7 +312,7 @@ noswitch:
AND $~15, R1 // Align for C code
MOVV R1, R29
- MOVW $1, R4 // CLOCK_MONOTONIC
+ MOVW $7, R4 // CLOCK_BOOTTIME
MOVV $0(R29), R5
MOVV runtime·vdsoClockgettimeSym(SB), R25
diff --git a/src/runtime/sys_linux_mipsx.s b/src/runtime/sys_linux_mipsx.s
index fab2ab3892..f9af103594 100644
--- a/src/runtime/sys_linux_mipsx.s
+++ b/src/runtime/sys_linux_mipsx.s
@@ -238,7 +238,7 @@ TEXT runtime·walltime1(SB),NOSPLIT,$8-12
RET
TEXT runtime·nanotime1(SB),NOSPLIT,$8-8
- MOVW $1, R4 // CLOCK_MONOTONIC
+ MOVW $7, R4 // CLOCK_BOOTTIME
MOVW $4(R29), R5
MOVW $SYS_clock_gettime, R2
SYSCALL
diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
index fd69ee70a5..ff6bc8355b 100644
--- a/src/runtime/sys_linux_ppc64x.s
+++ b/src/runtime/sys_linux_ppc64x.s
@@ -249,7 +249,7 @@ fallback:
JMP finish
TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
- MOVD $1, R3 // CLOCK_MONOTONIC
+ MOVD $7, R3 // CLOCK_BOOTTIME
MOVD R1, R15 // R15 is unchanged by C code
MOVD g_m(g), R21 // R21 = m
diff --git a/src/runtime/sys_linux_s390x.s b/src/runtime/sys_linux_s390x.s
index c15a1d5364..f52c4d5098 100644
--- a/src/runtime/sys_linux_s390x.s
+++ b/src/runtime/sys_linux_s390x.s
@@ -207,7 +207,7 @@ TEXT runtime·walltime1(SB),NOSPLIT,$16
RET
TEXT runtime·nanotime1(SB),NOSPLIT,$16
- MOVW $1, R2 // CLOCK_MONOTONIC
+ MOVW $7, R2 // CLOCK_BOOTTIME
MOVD $tp-16(SP), R3
MOVW $SYS_clock_gettime, R1
SYSCALL
--
2.30.1

70
client/android/wireguard/libwg-go/jni.c
View file

@ -1,70 +0,0 @@
/* SPDX-License-Identifier: Apache-2.0
*
* Copyright © 2017-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights
* Reserved.
*/
#include <jni.h>
#include <stdlib.h>
#include <string.h>
struct go_string {
const char* str;
long n;
};
extern int wgTurnOn(struct go_string ifname, int tun_fd,
struct go_string settings);
extern void wgTurnOff(int handle);
extern int wgGetSocketV4(int handle);
extern int wgGetSocketV6(int handle);
extern char* wgGetConfig(int handle);
extern char* wgVersion();
JNIEXPORT jint JNICALL Java_org_amnezia_vpn_VPNService_wgTurnOn(
JNIEnv* env, jclass c, jstring ifname, jint tun_fd, jstring settings) {
const char* ifname_str = (*env)->GetStringUTFChars(env, ifname, 0);
size_t ifname_len = (*env)->GetStringUTFLength(env, ifname);
const char* settings_str = (*env)->GetStringUTFChars(env, settings, 0);
size_t settings_len = (*env)->GetStringUTFLength(env, settings);
int ret =
wgTurnOn((struct go_string){.str = ifname_str, .n = ifname_len}, tun_fd,
(struct go_string){.str = settings_str, .n = settings_len});
(*env)->ReleaseStringUTFChars(env, ifname, ifname_str);
(*env)->ReleaseStringUTFChars(env, settings, settings_str);
return ret;
}
JNIEXPORT void JNICALL Java_org_amnezia_vpn_VPNService_wgTurnOff(
JNIEnv* env, jclass c, jint handle) {
wgTurnOff(handle);
}
JNIEXPORT jint JNICALL Java_org_amnezia_vpn_VPNService_wgGetSocketV4(
JNIEnv* env, jclass c, jint handle) {
return wgGetSocketV4(handle);
}
JNIEXPORT jint JNICALL Java_org_amnezia_vpn_VPNService_wgGetSocketV6(
JNIEnv* env, jclass c, jint handle) {
return wgGetSocketV6(handle);
}
JNIEXPORT jstring JNICALL Java_org_amnezia_vpn_VPNService_wgGetConfig(
JNIEnv* env, jclass c, jint handle) {
jstring ret;
char* config = wgGetConfig(handle);
if (!config) return NULL;
ret = (*env)->NewStringUTF(env, config);
free(config);
return ret;
}
JNIEXPORT jstring JNICALL
Java_org_amnezia_vpn_VPNService_wgVersion(JNIEnv* env, jclass c) {
jstring ret;
char* version = wgVersion();
if (!version) return NULL;
ret = (*env)->NewStringUTF(env, version);
free(version);
return ret;
}

71
client/android/wireguard/ndk-compat/compat.c
View file

@ -1,71 +0,0 @@
/* SPDX-License-Identifier: BSD
*
* Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
*
*/
#define FILE_IS_EMPTY
#if defined(__ANDROID_API__) && __ANDROID_API__ < 18
# undef FILE_IS_EMPTY
# include <stdio.h>
# include <stdlib.h>
ssize_t getdelim(char** buf, size_t* bufsiz, int delimiter, FILE* fp) {
char *ptr, *eptr;
if (*buf == NULL || *bufsiz == 0) {
*bufsiz = BUFSIZ;
if ((*buf = malloc(*bufsiz)) == NULL) return -1;
}
for (ptr = *buf, eptr = *buf + *bufsiz;;) {
int c = fgetc(fp);
if (c == -1) {
if (feof(fp)) {
ssize_t diff = (ssize_t)(ptr - *buf);
if (diff != 0) {
*ptr = '\0';
return diff;
}
}
return -1;
}
*ptr++ = c;
if (c == delimiter) {
*ptr = '\0';
return ptr - *buf;
}
if (ptr + 2 >= eptr) {
char* nbuf;
size_t nbufsiz = *bufsiz * 2;
ssize_t d = ptr - *buf;
if ((nbuf = realloc(*buf, nbufsiz)) == NULL) return -1;
*buf = nbuf;
*bufsiz = nbufsiz;
eptr = nbuf + nbufsiz;
ptr = nbuf + d;
}
}
}
ssize_t getline(char** buf, size_t* bufsiz, FILE* fp) {
return getdelim(buf, bufsiz, '\n', fp);
}
#endif
#if defined(__ANDROID_API__) && __ANDROID_API__ < 24
# undef FILE_IS_EMPTY
# include <string.h>
char* strchrnul(const char* s, int c) {
char* x = strchr(s, c);
if (!x) return (char*)s + strlen(s);
return x;
}
#endif
#ifdef FILE_IS_EMPTY
# undef FILE_IS_EMPTY
static char ____x __attribute__((unused));
#endif

15
client/android/wireguard/ndk-compat/compat.h
View file

@ -1,15 +0,0 @@
/* SPDX-License-Identifier: BSD
*
* Copyright © 2017-2019 WireGuard LLC. All Rights Reserved.
*
*/
#if defined(__ANDROID_API__) && __ANDROID_API__ < 18
# include <stdio.h>
ssize_t getdelim(char** buf, size_t* bufsiz, int delimiter, FILE* fp);
ssize_t getline(char** buf, size_t* bufsiz, FILE* fp);
#endif
#if defined(__ANDROID_API__) && __ANDROID_API__ < 24
char* strchrnul(const char* s, int c);
#endif