mirror of
https://github.com/okhsunrog/vpnhide.git
synced 2026-05-20 09:03:10 +00:00
38f9b56f5b
Some checks are pending
CI / kmod (android13-5.15) (push) Waiting to run
CI / kmod (android14-5.15) (push) Waiting to run
CI / kmod (android14-6.1) (push) Waiting to run
CI / kmod (android15-6.6) (push) Waiting to run
CI / kmod (android16-6.12) (push) Waiting to run
CI / kmod (android12-5.10) (push) Waiting to run
CI / kmod (android13-5.10) (push) Waiting to run
CI / setup (push) Waiting to run
CI / lint (push) Blocked by required conditions
CI / zygisk (push) Blocked by required conditions
CI / lsposed (push) Blocked by required conditions
CI / portshide (push) Waiting to run
CI / release (push) Blocked by required conditions
Two follow-ups to #90 in one PR: 1. Two new match forms in data/interfaces.toml grammar: suffix = "digits_optional" prefix + 0+ ASCII digits suffix = "any" prefix + 1+ any chars Needed by the upcoming whitelist (PR-B) for patterns like `seth_lte\d*` and `v4-.+`. Not used by any current [[vpn]] rule, but the helper functions are exercised by direct unit tests in the generated test modules so a bug would surface before whitelist lands. 2. [[test]] vectors in data/interfaces.toml that the codegen renders into per-language unit tests: - zygisk + lsposed/native: #[cfg(test)] mod tests inside the generated iface_lists.rs (run via `cargo test`) - lsposed/app: a separate IfaceListsGeneratedTest under src/test/kotlin (run via `:app:testDebugUnitTest`) - kmod: a userspace test driver test_iface_lists.c — the generated header now has __KERNEL__-guarded includes so the same matcher compiles against libc, and a new lint step builds and runs it via gcc. 36 fixed vectors today; trivial to grow as new rules / corner cases come up. CI catches drift on the next push: any single matcher that disagrees with the toml fails its job. No production behavior change — generated matches_vpn / vpnhide_iface_is_vpn / IfaceLists.isVpnIface bodies are byte-identical to before; only the helper functions and test modules grew.
226 lines
4.3 KiB
TOML
226 lines
4.3 KiB
TOML
# Single source of truth for VPN-like network interface name patterns.
|
|
# A name matching any rule below is treated as a tunnel and hidden from
|
|
# target apps (kmod) / from the calling process (zygisk + lsposed).
|
|
#
|
|
# Read at codegen time by scripts/codegen-interfaces.py, which renders
|
|
# four matchers (kmod C, zygisk Rust, lsposed-native Rust, lsposed
|
|
# Kotlin). Sync between platforms is enforced by a CI lint step that
|
|
# re-runs the codegen and fails if the generated files drift.
|
|
#
|
|
# Match grammar (intentionally tiny so all four targets implement it
|
|
# identically without depending on a regex engine — kernel C has none):
|
|
#
|
|
# { exact = "lo" } name == "lo"
|
|
# { prefix = "rmnet" } name.starts_with("rmnet")
|
|
# { prefix = "wlan", suffix = "digits" } starts_with + rest is 1+ ASCII digits
|
|
# { prefix = "seth_lte", suffix = "digits_optional" } starts_with + rest is 0+ ASCII digits
|
|
# { prefix = "v4-", suffix = "any" } starts_with + rest is 1+ any chars
|
|
# { contains = "vpn" } needle anywhere in name
|
|
#
|
|
# All matches are ASCII case-insensitive.
|
|
#
|
|
# [[test]] entries below feed into the generated unit tests in each
|
|
# language target — they verify that all four matchers agree on a fixed
|
|
# set of inputs. CI runs them on every PR.
|
|
|
|
[[vpn]]
|
|
match = { prefix = "tun" }
|
|
note = "OpenVPN, WireGuard userspace, Tailscale, generic tunneling"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "tap" }
|
|
note = "OpenVPN bridged"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "wg" }
|
|
note = "WireGuard kernel"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "ppp" }
|
|
note = "PPTP / L2TP PPP tunnels"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "ipsec" }
|
|
note = "Android built-in IPsec VPN"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "xfrm" }
|
|
note = "kernel IPsec XFRM framework"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "utun" }
|
|
note = "Apple-style, rare on Android"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "l2tp" }
|
|
note = "L2TP"
|
|
|
|
[[vpn]]
|
|
match = { prefix = "gre" }
|
|
note = "GRE tunnels"
|
|
|
|
[[vpn]]
|
|
match = { contains = "vpn" }
|
|
note = "catch-all for renamed clients (myvpn0, vpn-client, xvpn1, ...)"
|
|
|
|
|
|
# ── Test vectors ──────────────────────────────────────────────────────
|
|
# Array of {name, is_vpn} fixtures. Codegen renders these into per-
|
|
# language unit tests so all four matchers stay in lockstep.
|
|
|
|
[[test]]
|
|
name = "tun0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "tun" # bare prefix, no digits — still matches
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "tun1234"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "tap0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "wg0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "wg-client" # prefix wg, then any suffix
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "ppp0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "ipsec0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "xfrm0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "utun3"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "l2tp0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "gre0"
|
|
is_vpn = true
|
|
|
|
# Case-insensitivity
|
|
|
|
[[test]]
|
|
name = "TUN0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "Wg99"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "MyVPN"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "custom_VPN_42"
|
|
is_vpn = true
|
|
|
|
# Substring catch-all
|
|
|
|
[[test]]
|
|
name = "myvpn0"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "vpn"
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "xvpn1"
|
|
is_vpn = true
|
|
|
|
# Real physical / system interfaces — must NOT match
|
|
|
|
[[test]]
|
|
name = "lo"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "wlan0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "wlan"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "rmnet0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "rmnet_data0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "rmnet_ipa0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "eth0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "ccmni0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "seth_lte8"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "dummy0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "bnep0"
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "rndis0"
|
|
is_vpn = false
|
|
|
|
# The renamed-tun trick from issue #86 — name-only matching cannot
|
|
# catch this; here just confirms the matcher does not over-match on a
|
|
# generic prefix.
|
|
|
|
[[test]]
|
|
name = "if33"
|
|
is_vpn = false
|
|
|
|
# Edge cases
|
|
|
|
[[test]]
|
|
name = "" # empty
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "tunl" # 'tun' prefix matches even with non-digit suffix
|
|
is_vpn = true
|
|
|
|
[[test]]
|
|
name = "atun0" # prefix only matches at start of name
|
|
is_vpn = false
|
|
|
|
[[test]]
|
|
name = "VPN" # full name is the substring
|
|
is_vpn = true
|
|
|