Android support for getting network addresses and interfaces (#1056)

* Replace unsupported network functions for android * Refactor default/android net addresses processing * Add default connection values, Refactor netenv * Fix compilation error * Combine network change default/android functions
2025-09-01 18:19:12 +00:00 · 2023-01-23 16:33:02 +01:00 · 2023-01-23 16:33:02 +01:00 · 6972059321
commit 6972059321
parent bd0314ee9e
5 changed files with 106 additions and 4 deletions
--- a/netenv/addresses.go
+++ b/netenv/addresses.go
@ -12,7 +12,7 @@ import (

 // GetAssignedAddresses returns the assigned IPv4 and IPv6 addresses of the host.
 func GetAssignedAddresses() (ipv4 []net.IP, ipv6 []net.IP, err error) {
-	addrs, err := net.InterfaceAddrs()
+	addrs, err := osGetInterfaceAddrs()
 	if err != nil {
 		return nil, nil, err
 	}
@ -74,7 +74,7 @@ func refreshMyNetworks() error {
 	myNetworksDontRefreshUntil = time.Now().Add(1 * time.Second)

 	// Refresh assigned networks.
-	interfaceNetworks, err := net.InterfaceAddrs()
+	interfaceNetworks, err := osGetInterfaceAddrs()
 	if err != nil {
 		// In some cases the system blocks on this call, which piles up to
 		// literally over thousand goroutines wanting to try this again.
--- a/netenv/network-change.go
+++ b/netenv/network-change.go
@ -5,7 +5,6 @@ import (
 	"context"
 	"crypto/sha1"
 	"io"
-	"net"
 	"time"

 	"github.com/safing/portbase/log"
@ -61,7 +60,7 @@ serviceLoop:
 		// check network for changes
 		// create hashsum of current network config
 		hasher := sha1.New() //nolint:gosec // not used for security
-		interfaces, err := net.Interfaces()
+		interfaces, err := osGetNetworkInterfaces()
 		if err != nil {
 			log.Warningf("netenv: failed to get interfaces: %s", err)
 			continue
--- a/netenv/os_android.go
+++ b/netenv/os_android.go
@ -0,0 +1,23 @@
+package netenv
+
+import (
+	"github.com/safing/portmaster-android/go/app_interface"
+	"net"
+)
+
+func osGetInterfaceAddrs() ([]net.Addr, error) {
+	list, err := app_interface.GetNetworkAddresses()
+	if err != nil {
+		return nil, err
+	}
+	var netList []net.Addr
+	for _, addr := range list {
+		netList = append(netList, addr.ToIPNet())
+	}
+
+	return netList, nil
+}
+
+func osGetNetworkInterfaces() ([]app_interface.NetworkInterface, error) {
+	return app_interface.GetNetworkInterfaces()
+}
--- a/netenv/os_default.go
+++ b/netenv/os_default.go
@ -0,0 +1,15 @@
+//go:build !android
+
+package netenv
+
+import (
+	"net"
+)
+
+func osGetInterfaceAddrs() ([]net.Addr, error) {
+	return net.InterfaceAddrs()
+}
+
+func osGetNetworkInterfaces() ([]net.Interface, error) {
+	return net.Interfaces()
+}
--- a/network/connection_android.go
+++ b/network/connection_android.go
@ -0,0 +1,65 @@
+package network
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/safing/portmaster/intel"
+	"github.com/safing/portmaster/network/netutils"
+	"github.com/safing/portmaster/network/packet"
+	"github.com/safing/portmaster/process"
+	"github.com/safing/spn/navigator"
+)
+
+// NewDefaultConnection creates a new connection with default values except local and remote IPs and protocols.
+func NewDefaultConnection(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, ipVersion packet.IPVersion, protocol packet.IPProtocol) *Connection {
+	connInfo := &Connection{
+		ID:           fmt.Sprintf("%s-%s-%d-%s-%d", protocol.String(), localIP, localPort, remoteIP, remotePort),
+		Type:         IPConnection,
+		External:     false,
+		IPVersion:    ipVersion,
+		Inbound:      false,
+		IPProtocol:   protocol,
+		LocalIP:      localIP,
+		LocalIPScope: netutils.Global,
+		LocalPort:    localPort,
+		Entity: &intel.Entity{
+			Protocol: uint8(protocol),
+			IP:       remoteIP,
+			Port:     remotePort,
+		},
+		Resolver:         nil,
+		Started:          time.Now().Unix(),
+		VerdictPermanent: false,
+		Tunneled:         true,
+		Encrypted:        false,
+		Internal:         false,
+		addedToMetrics:   true, // Metrics are not needed for now. This will mark the Connection to be ignored.
+		process:          process.GetUnidentifiedProcess(context.Background()),
+	}
+
+	// TODO: Quick fix for the SPN.
+	// Use inspection framework for proper encryption detection.
+	switch connInfo.Entity.DstPort() {
+	case
+		22,  // SSH
+		443, // HTTPS
+		465, // SMTP-SSL
+		853, // DoT
+		993, // IMAP-SSL
+		995: // POP3-SSL
+		connInfo.Encrypted = true
+	}
+
+	var layeredProfile = connInfo.process.Profile()
+	connInfo.TunnelOpts = &navigator.Options{
+		HubPolicies:                   layeredProfile.StackedExitHubPolicies(),
+		CheckHubExitPolicyWith:        connInfo.Entity,
+		RequireTrustedDestinationHubs: !connInfo.Encrypted,
+		RoutingProfile:                layeredProfile.SPNRoutingAlgorithm(),
+	}
+
+	return connInfo
+}