fix(filter): catch tunnels renamed to if<N> (issue #86)

Add a single TOML rule `prefix = "if", suffix = "digits"` to the shared matcher. Renames using the kernel's default anonymous-netdev naming (`ip link set tun0 name if33`) — the exact attack from issue #86 — now get hidden by every component (kmod, zygisk, lsposed, lsposed-native). The shape is intentionally narrow: `if` + 1+ ASCII digits only. `ifb<N>` (intermediate-functional-block traffic shaping) has a letter after `if` and is not matched.
2026-05-02 00:22:14 +00:00 · 2026-04-26 03:53:28 +03:00 · 2026-04-26 03:53:28 +03:00 · 54242b1140
commit 54242b1140
parent 15d806a885
8 changed files with 89 additions and 8 deletions
--- a/kmod/generated/iface_lists.h
+++ b/kmod/generated/iface_lists.h
@ -131,6 +131,9 @@ static inline bool vpnhide_iface_is_vpn(const char *name)
 	/* catch-all for renamed clients (myvpn0, vpn-client, xvpn1, ...) */
 	if (vpnhide_iface_contains_ci(name, "vpn"))
 		return true;
+	/* Anonymous netdev / renamed tunnel using the kernel's default naming pattern (e.g. `ip link set tun0 name if33` from issue #86). Does NOT match `ifb<N>` — those are kernel intermediate-functional-block traffic-shaping ifaces (different shape: `if` + letter, not + digit). */
+	if (vpnhide_iface_starts_with_then_digits_ci(name, "if"))
+		return true;
 	return false;
 }