vrr/vpnhide
2
0
Fork 0
mirror of https://github.com/okhsunrog/vpnhide.git synced 2026-04-28 14:44:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
vpnhide/data/interfaces.toml
okhsunrog 9d8a54cfaa chore(codegen): drop unused suffix forms digits_optional / any 
Both forms came in with the codegen split (#91) but no [[vpn]]
rule has ever used them — the only `suffix=` rules are `digits`
(`wlan` test vector + `if` from #93). The grammar surface paid
for itself in ~150 lines of dead C/Rust helpers + their tests.

Drop them from VALID_KINDS, the parser, the C/Rust/Kotlin
emitters, and the helper test cases. If a future rule needs
either form, reintroduce alongside the rule that needs it.

Re-ran the codegen; tests pass for all four targets.
2026-04-26 05:16:18 +03:00

259 lines
4.8 KiB
TOML
Raw Blame History

# Single source of truth for VPN-like network interface name patterns.
# A name matching any rule below is treated as a tunnel and hidden from
# target apps (kmod) / from the calling process (zygisk + lsposed).
#
# Read at codegen time by scripts/codegen-interfaces.py, which renders
# four matchers (kmod C, zygisk Rust, lsposed-native Rust, lsposed
# Kotlin). Sync between platforms is enforced by a CI lint step that
# re-runs the codegen and fails if the generated files drift.
#
# Match grammar (intentionally tiny so all four targets implement it
# identically without depending on a regex engine — kernel C has none):
#
# { exact = "lo" } name == "lo"
# { prefix = "rmnet" } name.starts_with("rmnet")
# { prefix = "wlan", suffix = "digits" } starts_with + rest is 1+ ASCII digits
# { contains = "vpn" } needle anywhere in name
#
# All matches are ASCII case-insensitive.
#
# [[test]] entries below feed into the generated unit tests in each
# language target — they verify that all four matchers agree on a fixed
# set of inputs. CI runs them on every PR.
[[vpn]]
match = { prefix = "tun" }
note = "OpenVPN, WireGuard userspace, Tailscale, generic tunneling"
[[vpn]]
match = { prefix = "tap" }
note = "OpenVPN bridged"
[[vpn]]
match = { prefix = "wg" }
note = "WireGuard kernel"
[[vpn]]
match = { prefix = "ppp" }
note = "PPTP / L2TP PPP tunnels"
[[vpn]]
match = { prefix = "ipsec" }
note = "Android built-in IPsec VPN"
[[vpn]]
match = { prefix = "xfrm" }
note = "kernel IPsec XFRM framework"
[[vpn]]
match = { prefix = "utun" }
note = "Apple-style, rare on Android"
[[vpn]]
match = { prefix = "l2tp" }
note = "L2TP"
[[vpn]]
match = { prefix = "gre" }
note = "GRE tunnels"
[[vpn]]
match = { contains = "vpn" }
note = "catch-all for renamed clients (myvpn0, vpn-client, xvpn1, ...)"
[[vpn]]
match = { prefix = "if", suffix = "digits" }
note = """Anonymous netdev / renamed tunnel using the kernel's default \
naming pattern (e.g. `ip link set tun0 name if33` from issue #86). \
Does NOT match `ifb<N>` — those are kernel intermediate-functional-block \
traffic-shaping ifaces (different shape: `if` + letter, not + digit)."""
# ── Test vectors ──────────────────────────────────────────────────────
# Array of {name, is_vpn} fixtures. Codegen renders these into per-
# language unit tests so all four matchers stay in lockstep.
[[test]]
name = "tun0"
is_vpn = true
[[test]]
name = "tun" # bare prefix, no digits — still matches
is_vpn = true
[[test]]
name = "tun1234"
is_vpn = true
[[test]]
name = "tap0"
is_vpn = true
[[test]]
name = "wg0"
is_vpn = true
[[test]]
name = "wg-client" # prefix wg, then any suffix
is_vpn = true
[[test]]
name = "ppp0"
is_vpn = true
[[test]]
name = "ipsec0"
is_vpn = true
[[test]]
name = "xfrm0"
is_vpn = true
[[test]]
name = "utun3"
is_vpn = true
[[test]]
name = "l2tp0"
is_vpn = true
[[test]]
name = "gre0"
is_vpn = true
# Case-insensitivity
[[test]]
name = "TUN0"
is_vpn = true
[[test]]
name = "Wg99"
is_vpn = true
[[test]]
name = "MyVPN"
is_vpn = true
[[test]]
name = "custom_VPN_42"
is_vpn = true
# Substring catch-all
[[test]]
name = "myvpn0"
is_vpn = true
[[test]]
name = "vpn"
is_vpn = true
[[test]]
name = "xvpn1"
is_vpn = true
# Real physical / system interfaces — must NOT match
[[test]]
name = "lo"
is_vpn = false
[[test]]
name = "wlan0"
is_vpn = false
[[test]]
name = "wlan"
is_vpn = false
[[test]]
name = "rmnet0"
is_vpn = false
[[test]]
name = "rmnet_data0"
is_vpn = false
[[test]]
name = "rmnet_ipa0"
is_vpn = false
[[test]]
name = "eth0"
is_vpn = false
[[test]]
name = "ccmni0"
is_vpn = false
[[test]]
name = "seth_lte8"
is_vpn = false
[[test]]
name = "dummy0"
is_vpn = false
[[test]]
name = "bnep0"
is_vpn = false
[[test]]
name = "rndis0"
is_vpn = false
# The renamed-tun trick from issue #86 — caught by the
# `if` + digits rule above.
[[test]]
name = "if33"
is_vpn = true
[[test]]
name = "if0"
is_vpn = true
[[test]]
name = "if99"
is_vpn = true
# `ifb<N>` is the kernel's intermediate-functional-block (traffic
# shaping). Different shape (`if` + letter) — must NOT match.
[[test]]
name = "ifb0"
is_vpn = false
[[test]]
name = "ifb1"
is_vpn = false
# `if` alone or with non-digit suffix — must NOT match.
[[test]]
name = "if"
is_vpn = false
[[test]]
name = "if_inet6"
is_vpn = false
# Edge cases
[[test]]
name = "" # empty
is_vpn = false
[[test]]
name = "tunl" # 'tun' prefix matches even with non-digit suffix
is_vpn = true
[[test]]
name = "atun0" # prefix only matches at start of name
is_vpn = false
[[test]]
name = "VPN" # full name is the substring
is_vpn = true
Reference in a new issue View git blame Copy permalink