Related
Wifi Calling now working! This is a T-Mobile US only feature as your phone carrier must have the architecture on their end for this to work.
Wifi Calling still uses your minutes as if you were connected to a tower.
Wifi Calling turns off your cellular radio when it's connected. This saves power and will also show -113dB signal.
Wifi Calling also sends SMS and MMS over wifi.
[11/10/10 v1.0]
-fixed kineto_ko kernel module. its now included and loads on bootup, compiled from cyanogenmod-exp kernel
-should make it easier for everyone past and present to get wifi calling up and running.
-temporarily disabled bundled kineto app, it was causing problems so until I figure it out I'm not including it with the update.zip
Thanks to Rsotbiemrptson for getting the Libraries and everything into an update.zip.
Thanks to intersectRaven for the kernel mod's regarding kineto and applying the WiFi PM FAST patch.
Thanks to Myshkinbob for the research and creating PM FAST patch.
To Install
1)If you don't have the 5.08 or 5.12 radio installed you MUST install that first!
2)Download and flash the Wildmonks or intersectraven kernel(before flashing kineto!)from the links below
3)Download and flash kineto-n1-bundle attached below.
4)Download and install MS-HTCVISION-KNT20-02.apk
5)If you install any kernel, 720p hacks or mods it can break wifi calling.. any time you flash an update.zip re-flash the kineto bundle. There are important libraries linked in build.prop that must be in or there will be problems. You can attempt to make a custom build.prop or post in the forum for help.
5)Enjoy!
Known Issues
-Bluetooth - Calls are not being connected to a bluetooth at this time.
-Bootloops on enabling wifi - Update your radio! 5.12 or 5.08 is required.
-After flashing if you still experience call problems it will be necessary to change your setcpu screen off profile to 245min 384max.
-Volume is low
-Sporadic MMS sending problems(APN related)
intersectRaven Kernels
CM Based Kernel 20101108_1328 - http://www.mediafire.com/download.php?4obtdv52efkvece
NON-CM Based Kernel 20101108_1328 - http://www.mediafire.com/download.php?urv9wl2ek0fae9c
wildmonks Kernels
http://forum.xda-developers.com/showthread.php?t=693375
dekips said:
Credit to the G2 OTA Update thread and Stryf3 for the APK extraction. I've installed this but I keep getting "Please wait while connecting to T-Mobile". I figured I'd upload it here for fellow N1's while I played with it.
*Update with logcat:
I/Kineto::main( 312): Kineto: SendAlarmEvent Enter
E/KINETO ( 312): KLOG0A2- ERROR: IBS Msg Q Post: size is too large
E/KINETO ( 312): KLOG0A2- ERROR: Failed to post to Queue
I/Kineto::Receiver( 312): onReceive Exit
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
I/Kineto::Receiver( 312): onReceive Enter
I/Kineto::main( 312): Kineto: SendAlarmEvent Enter
E/KINETO ( 312): KLOG0A2- ERROR: IBS Msg Q Post: size is too large
E/KINETO ( 312): KLOG0A2- ERROR: Failed to post to Queue
I/Kineto::Receiver( 312): onReceive Exit
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
D/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
E/KINETO ( 312): KLOG0C3- xmk_QueryOSQueue SDL Queue empty : WAIT_FOREVER
E/KINETO ( 312): KLOG0A3- ibs_os_GetMsg: Timeout forever for UKCC qHnd 0x814310a4
D/KIPCapp ( 312): KIPC_SendMessage: len = 1, socket = 0
D/KIPCapp ( 312): Connecting... socket = 53, state = 0
D/KIPCapp ( 312): Address is 127.0.0.1, Port is 45211
E/KIPCapp ( 312): Connect failed 111
E/KINETO ( 312): KLOG103- ganswitch_init - error sending message!
I/Kineto::Receiver( 312): onReceive Enter
I/Kineto::main( 312): Kineto: SendAlarmEvent Enter
Click to expand...
Click to collapse
same here stuck on enabling.....please someone fix...keep us posted please
From the looks of things, there is an underlying app that the Wifi Calling app connects to. Any thoughts?
dekips said:
From the looks of things, there is an underlying app that the Wifi Calling app connects to. Any thoughts?
Click to expand...
Click to collapse
Kineto apk has a oss.html which calls out files used for IPSec VPN connections. I suspect some VPN magic at work.
daijizai said:
Kineto apk has a oss.html which calls out files used for IPSec VPN connections. I suspect some VPN magic at work.
Click to expand...
Click to collapse
It's possible there is a tunnel which it is trying to establish, I'd like to think that it would only do that when the wifi calling is enabled. I'm getting a crazy flow from logcat of it trying to connect even when wifi calling is off and wifi is off.
There is a local daemon or missing piece of software it can't connect to. Is this application in the radio or is it another apk?
Ive stripped it down and am in the process of reading, but it needs to be set to try to connect to something or somewhere, without the datafile that tells it where to connect to it just cycles a connect to localhost
the package just loops trying to connect to 127.0.0.1
Viralblack said:
Ive stripped it down and am in the process of reading, but it needs to be set to try to connect to something or somewhere, without the datafile that tells it where to connect to it just cycles a connect to localhost
the package just loops trying to connect to 127.0.0.1
Click to expand...
Click to collapse
I'm in the process of getting a full update.zip.. no luck tonight so I'm calling it and goin to bed
I want to guess that it *could* possibly be in a host file.... It seems like it is doing a port loopback, to the radio... I assume...
do we have an IRC to talk to the guy that pulled this out of his phone?
It could be in the hosts file. I hope we get this soon, because I have like zero service in my apartment and this will be amazing
iria said:
It could be in the hosts file. I hope we get this soon, because I have like zero service in my apartment and this will be amazing
Click to expand...
Click to collapse
can someone get a line in to the guy(s) that has the file?
same problem
im getting same as everyone else
Here's a quote that might clarify some things:
So here’s the update on yesterday’s reported OTA update to the G2, which brought Wi-Fi calling and mobile hotspot creation to a very small set of users. T-Mobile released this official statement to clarify its position:
“Wi-Fi Calling and tethering Wi-Fi sharing are not currently supported on the T-Mobile G2. T-Mobile knows these features are important to consumers and we’re working to deliver them to G2 users in the future. We have nothing further to announce at this time.”
It’s pretty much what they’ve said before on the subject, and it doesn’t tell us much. It could mean that the update we saw yesterday was just a test and won’t be rolled out to the rest of G2 owners. Or it might be a test sample to see how these features affect data traffic, in order to help T-Mo with pricing. Or maybe they really are rolling it out to everyone and just haven’t put the support feautres, etc. in place yet.
via PhoneScoop by way of TmoNews
Click to expand...
Click to collapse
Just installing the apk won't be enough. There are a few libraries that will be needed as well. The kineto libraries and module(s) will be needed as well. The path to the RIL will have to be redirected also. This is likely changed via the build prop. A full system dump from a WiFi calling equipped G2 would be needed.
I still have not been able to source the original G2 OTA update.zip nor have I any luck finding someone with an updated G2 to pull specifics on the Kineto app configuration. If anyone has any luck with any of the above please post.
dekips said:
I still have not been able to source the original G2 OTA update.zip nor have I any luck finding someone with an updated G2 to pull specifics on the Kineto app configuration. If anyone has any luck with any of the above please post.
Click to expand...
Click to collapse
A co-worker recently obtained a G2. I will see if he has gotten the update, and if so, if he will help us
bennettm89 said:
A co-worker recently obtained a G2. I will see if he has gotten the update, and if so, if he will help us
Click to expand...
Click to collapse
yeah he should have the same problem and once they go online meaning tmobile it will and should automatically configure itself like ota
Weird thing is that I installed this and it actually worked, or at least looked like it worked for a minute. I got a new icon on the taskbar when calling with it enabled, and the call went through fine.
I turned the wifi calling off and then back on and now it is acting like everyone else's now... stuck on enabling.
Not sure if it actually was working for that one call, but it sure seemed like it. Wish I would have thought to grab a screenshot.
I'm stoked. I really need this at home.
Same here. When I originally installed the app, I had WiFi turned on and was at home near my UMA router. Worked fine until I disabled the application and attempted to re-enable it. Now stuck on enabling like everyone else.
Hi all,
I have a t-mobile phone and tried to install android 2.2. there. I used mdeejay's and darkStone's builds, but wifi didn't work at any of them. I've found a person who uses T-mobile hd2 too and installed the same versions of rom and radio. It didn't helped. In windows mobile wifi works well.
Could you please advice how to hande it? Did anyone face the same problem?
Thank you in advance.
#did some debug via adb:
I suppose that the red line below tells about reason.. But I haven't dealt with WPA on android before.. Any help is appreciated.
D/WifiService( 1916): setWifiEnabled( mAirplaneModeOverwridden=)false
I/WifiHW ( 1916): wifi_load_driver enter
D/NetSharing_NSReceiver( 2298): onReceive : android.net.wifi.WIFI_STATE_CHANGED
D/NetSharing( 2298): wifi enabled change, state = false
I/WifiHW ( 1916): wifi_load_driver end right 3
I/WifiHW ( 1916): wifi_start_supplicant enter
I/WifiHW ( 1916): wifi_start_supplicant end right 2
D/WifiService( 1916): ACTION_BATTERY_CHANGED pluggedType: 2
I/wpa_supplicant( 2771): CTRL-EVENT-STATE-CHANGE id=-1 state=0 BSSID=00:00:00:00
:00:00
E/wpa_supplicant( 2771): Failed to disable WPA in the driver.
D/NetSharing_NSReceiver( 2298): onReceive : android.net.wifi.WIFI_STATE_CHANGED
D/NetSharing( 2298): wifi enabled change, state = true
D/PowerManagerService( 1916): New lightsensor value:40, lcdValue:90
D/lights ( 1916): set_light_buttons
D/lights ( 1916): set_light_keyboard
E/SettingsWifiLayer( 2298): Unable to scan for networks
D/SurfaceFlinger( 1916): Layer::setBuffers(this=0x6257a8), pid=2298, w=1, h=1
D/SurfaceFlinger( 1916): Layer::setBuffers(this=0x6257a8), pid=2298, w=1, h=1
D/SurfaceFlinger( 1916): Layer::requestBuffer(this=0x6257a8), index=0, pid=2298,
w=350, h=85 success
E/WifiHW ( 1916): Supplicant not running, cannot connect
E/SettingsWifiLayer( 2298): Unable to scan for networks
D/SurfaceFlinger( 1916): Layer::setBuffers(this=0x4ca268), pid=2298, w=1, h=1
D/SurfaceFlinger( 1916): Layer::setBuffers(this=0x4ca268), pid=2298, w=1, h=1
D/SurfaceFlinger( 1916): Layer::requestBuffer(this=0x4ca268), index=0, pid=2298
w=350, h=85 success
E/WifiHW ( 1916): Supplicant not running, cannot connect
V/WifiStateTracker( 1916): Supplicant died unexpectedly
D/WifiStateTracker( 1916): Reset connections and stopping DHCP
D/NetUtils( 1916): ifc_get_info addr=0 !
D/WifiStateTracker( 1916): Disabling interface
D/WifiService( 1916): setWifiEnabled( mAirplaneModeOverwridden=)false
D/WifiStateTracker( 1916): Reset connections and stopping DHCP
D/NetUtils( 1916): ifc_get_info addr=0 !
D/NetSharing_NSReceiver( 2298): onReceive : android.net.wifi.WIFI_STATE_CHANGED
D/NetSharing( 2298): wifi enabled change, state = true
D/WifiStateTracker( 1916): Disabling interface
I/WifiHW ( 1916): wifi_stop_supplicant enter
I/WifiHW ( 1916): wifi_stop_supplicant end right 1
I/WifiHW ( 1916): wifi_unload_driver enter
I/WifiHW ( 1916): wifi_unload_driver end right 2
D/NetSharing_NSReceiver( 2298): onReceive : android.net.wifi.WIFI_STATE_CHANGED
D/NetSharing( 2298): wifi enabled change, state = false
how to set up MAC address for android builds (except startup.txt)?
Hi again,
I did some search and found that the core of the problem is in getting MAC address for wifi. (as dmsg says). Exactly the same problem was for Touch2, Tilt and other devices (http://forum.xda-developers.com/showthread.php?p=9211659) and it was resolved after they corrected wifi-nvram.txt. This file is responsible for setting up MAC address there, but I couldn't find it at builds for hd2.
if anybody knows what file is used to set up MAC address for wifi, I would be very appreciated.
Thanks!
I believe they just checked for their WiFi mac address from one of the following locations:
Settings->About phone->Status
Wireless & Networks -> WiFi Settings -> Menu Button -> Advanced
Then they edited the nvram.txt file @ /system/lib/hw/wifi/nvram.txt to include the proper MAC address.
Thanks for the answer!
Unfortunatelly wireless settings are not available until wifi is turned on.
I investigated the problem deeper and found that the reason could be in wifi hardware initialization. I did dmesg and saw the following:
wlan: wifi_set_power = 1
htcleo_wifi_power: 1
wlan: wifi_set_carddetect = 1
htcleo_wifi_set_carddetect: 1
mmc0: card_present 1
mmc0: Slot status change detected (0 -> 1)
wlan: Dongle Host Driver, version 4.218.204.2
mmc0: queuing CIS tuple 0x91 length 3
mmc0: new high speed SDIO card at address 0001
wlan: DHD: dongle ram size is set to 294912(orig 294912)
wlan: dhd_bus_rxctl: resumed on timeout
wlan: firmware version: ver
wlan: Return_dpc value is : 0
wlan: stop poll
wlan: dhd_bus_rxctl: resumed on timeout
wlan: dhd_preinit_ioctls: can't get MAC address , error=-110
wlan: dhdsdio_probe: failed
Since in windows mobile wifi does work I used the firmware files from WM: nvram.txt and rtecdc1.bin. As it turned out nvram in android is located in /proc/calibraion. But unfortunatelly it didn't help. So, I think that the problem is in bcm4329.ko driver. I'm not sure why other people with the same hd2 (t-mobile US) and the same ROM/RADIO/Android have no such issue. Perhaps my broadcomm hardware has a problem which is bypassed in windows, but not in Android.
I wonder if there is a way to get more detailed info than dmesg and logcat give (except building andoid sources of course ).
I don't know if it can help, but still, I'll say it anyway.
I think i had the same problem some times ago.
Wifi in android wouln't work, but was perfectly working in winmo.
it seems that if wifi is on in winmo when you boot on android, the wifi device seems to be blocked in some way.
Do you have wifi enabled in winmo? if yes, try to disable it, and boot on android to see if it works.
Hi kushulain,
Thanks for the advice! (I've almost started to build andriod by myself to find out the reason..) Unfortunatelly wifi was turned off when android was booting.
But this is another point to play around. I haven't tried to boot andriod with wifi turned on.
Thanks!
Just tried to boot andriod with wifi turned on. The device hangs at the beginning of the booting (even before screen with 'htc' appears). I think it is connected to my problem.
Did someone have similar problems?
Hey, I have the same problem, did you find any solution ?
Guys have you tried to change the radio part of the phone with a suitable one?
canavaro said:
Hey, I have the same problem, did you find any solution ?
Click to expand...
Click to collapse
hi, I didn't fix it actually due to lack of time. I tried to use wm hw init files in Android, but it didn't help. There is a score of my posts on this forum regarding this topic so you can find exactly what I tried. The funny thing is that WiFi works in wp7.
To stealth21
yes, that was the first thing I tried.
Hello guys
so i got openvpn and installed it and everything but somehow when i click the .ovpn file it doesn't work, it doesn't put a tick mark next to it, it says that it was granted superuser permission but nothing else happens.
so what could be the problem if anyone had this before and was able to fix it
any help would be greatly appreciated thank you in advance.
Can you post your .ovpn file? Be careful not to post anything that could compromise your privacy!
Please also post a screenshot of the 'OpenVPN Settings' App when clicking Menu -> Advanced.
Which Vpn are you using ?, when i tried using open vpn on mine it didnt work, The vpn provider told me to set it up through the vpn settings in the phone itself and that worked fine for me, could be worth a try
Thaw.Bytes said:
Which Vpn are you using ?, when i tried using open vpn on mine it didnt work, The vpn provider told me to set it up through the vpn settings in the phone itself and that worked fine for me, could be worth a try
Click to expand...
Click to collapse
He is using OpenVPN, not "part of the phone".
Ahhh sorry my mistake i misread his post
Sorry for the delay in replying, but here are 2 images of the settings but i don't think the .ovpn files has any issues i think its only the phone or openvpn itself.
Well, if you think your .ovpn file is fine and certificate(s) and key(s) are at correct locations then you should take a look at the log.
To do this use 'adb' with the 'logcat' command. As soon as 'logcat' is running try to tick your OpenVPN configuration and check the log for any errors.
This is what I get when the status bar asks me to enter the certificate password (did some manual formatting for better reading ):
Code:
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attach(): using management port at 27460
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attaching to OpenVPN daemon: failed to connect to /127.0.0.1 (port 27460): connect failed: ECONN REFUSED (Connection refused)
W/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn](12164): start(): choosing random port for management interface: 39157
[B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking external process: /system/xbin/su[/B]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'VPNTEST.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_openvpn_VPNTEST.ovpn-pid' --script-security 1 --management 127.0.0.1 39157 --management-query -passwords --verb 3
D/OpenVPNDaemonEnabler(12164): Received OpenVPN daemon state changed from Unknown to Startup
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 6 2012
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:39157
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
[B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 Need password(s) from management interface, waiting...[/B]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): started
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attach(): using management port at 39157
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): Successfully attached to OpenVPN monitor port
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: Client connected from 127.0.0.1:39157
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): Socket IO established
D/OpenVPNDaemonEnabler(12164): Received OpenVPN daemon state changed from Unknown to Enabled
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: CMD 'state'
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: CMD 'state on'
D/OpenVPNDaemonEnabler(12164): Received OpenVPN network state changed from Unknown to Connecting
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): onState("1335795731,CONNECTING,,,")
D/OpenVPN-Settings-getprop(12164): invoking external process: /system/bin/sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:12 2012 MANAGEMENT: CMD 'bytecount 0'
D/OpenVPN-Settings-getprop(12164): invoking command line: getprop net.dnschange
D/OpenVPN-Settings-getprop-stdout(12164): 66
I/OpenVPN-Settings-getprop-stdout(12164): terminated
I/OpenVPN-Settings-getprop-stderr(12164): terminated
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): =============> 0 == 66 resetting dns, leaving dns alone
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): SUCCESS: real-time state notification set to ON
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): SUCCESS: bytecount interval changed
D/OpenVPNDaemonEnabler(12164): Received OpenVPN network state changed from Connecting to Connecting
Note: OpenVPN is waiting here for the password. I did not enter it yet.
From what you said you do not even reach this 'checkpoint' so for now there is no need to debug any further.
This is what i get:
Code:
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-mgmt(30883
): attach(): using management port at 24475
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-mgmt(30883
): attaching to OpenVPN daemon: /127.0.0.1:24475 - Connection refused
W/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn](30883): st
art(): choosing random port for management interface: 41258
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon(308
83): invoking external process: /system/bin/su
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon(308
83): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config
'VPN-Server.ovpn' --writepid '/data/data/de.schaeuffelhut.android.
openvpn/files/com.d/_sdcard_openvpn_VPN-Server.ovpn-pid' --script-
security 1 --management 127.0.0.1 41258 --management-query-passwords --verb 3
E/su (31797): sudb - Opening database
E/su (31797): sudb - Database opened
E/su (31797): sudb - Database closed
D/su (31797): 10198 de.schaeuffelhut.android.openvpn executing 0 /system/bi
n/sh using shell /system/bin/sh : sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): Options error: Unrecognized option or missing parameter(s) in VPN-Server.ovpn:12: dhcp-renew (2.1.1)
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): Use --help for more information.
I/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): terminated
I/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
err(30883): terminated
D/OpenVPn Settings(30883): Closing log file /sdcard/openvpn/VPN-Ser
ver.log
I/WindowManager( 1650): CREATE SURFACE Surface(name=Toast, identity=1061, mNat
iveSurface=0) IN SESSION [email protected]: pid=30916 format=
-3 flags=0x0 / Window{40555140 Toast paused=false}
D/PowerManagerService( 1650): acquireWakeLock flags=0xa tag=KEEP_SCREEN_ON_FLAG
uid=1000 pid=1650 myUID=1000 myPID=1650 myTID=1845
D/OpenVPNDaemonEnabler(30883): Received OpenVPN daemon state changed from Unknow
n to Startup
D/OpenVPNDaemonEnabler(30883): Received OpenVPN daemon state changed from Unknow
n to Disabled
thank you
Seems to be a problem with root. From your log:
Code:
E/su (31797): sudb - Opening database
E/su (31797): sudb - Database opened
E/su (31797): sudb - Database closed
If I'm not mistake OpenVPN must be executed as superuser. From my log:
Code:
[B][COLOR="SeaGreen"]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking external process: /system/xbin/su
[/COLOR][/B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'VPNTEST.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_openvpn_VPNTEST.ovpn-pid' --script-security 1 --management 127.0.0.1 39157 --management-query -passwords --verb 3
Look at the green bold line: it is running su, only afterwards OpenVPN is invoked.
From your log (same location as in mine) I can see that there is a problem with root access.
To test this you can use 'adb' and the 'shell' command. Enter 'su' yourself to get root access. Then enter the command line from your log. I bet if 'su' succeeds, i.e. you get root access, then OpenVPN will start .
I'm sorry if this seems stupid but what exactly i should enter from my log
i got to the part where it says
su
#
but i just need to know what exactly should i enter afterwards
thank you so much
No, not stupid, I was just going way too fast. If one does not understand an explanation this is usually due to the explanation not being accurate, in short: my mistake
It took me some time but I think I found a better way to examine your problem.
First we need an alternative possibility to enter the password of the key file when starting OpenVPN manually from the adb console. OpenVPN is supposed to ask for the password on stdin if started with option '--askpass' without any file to lookup passwords. Though this dos not work on my phone, hence I have created a file name 'test.passwd' containing only one line with my OpenVPN key password. This file must be located in the same directory as the 'ovpn' file.
When your done with this you are ready to start OpenVPN 'manually' by doing this:
1) run 'adb shell'
2) type 'su'
3) type 'whoami' and make sure you are root (userid 0)
4) type
Code:
/system/xbin/openvpn --cd '/sdcard/openvpn' --config VPN-Server.ovpn --askpass test.passwd
Assuming you named the file holding your password 'test.passwd'
OpenVPN should now connect to your server and you should see something similar to this:
Code:
Tue May 1 10:55:03 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 6 2012
Tue May 1 10:55:03 2012 WARNING: file 'test.passwd' is group or others accessible
Tue May 1 10:55:03 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue May 1 10:55:03 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 1 10:55:03 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue May 1 10:55:03 2012 WARNING: file './[email protected]_one_cares.p12' is group or others accessible
Tue May 1 10:55:03 2012 LZO compression initialized
Tue May 1 10:55:03 2012 UDPv4 link local: [undef]
Tue May 1 10:55:03 2012 UDPv4 link remote: xxx.yyy.zzzz.wwww:1194
Tue May 1 10:55:04 2012 [openvpn.myvpn.server] Peer Connection Initiated with xxx.yyy.zzzz.wwww:1194
Tue May 1 10:55:06 2012 TUN/TAP device tun0 opened
Tue May 1 10:55:06 2012 /system/bin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Tue May 1 10:55:06 2012 Initialization Sequence Completed
At this point you should invoke another 'adb shell' and type 'busybox ifconfig'. If you see a tun0 device then the OpenVPN connection is established.
On my system this looks like this:
Code:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:171 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11713 (11.4 KiB) TX bytes:11713 (11.4 KiB)
[B]tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.101.6 P-t-P:192.168.101.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[/B]
wlan0 Link encap:Ethernet HWaddr 12:34:56:78:9A:BC
inet addr:xyz.vw.11.32 Bcast:xyz.vw.11.255 Mask:255.255.255.0
inet6 addr: f370::6sd6:f891:fz8e:9qqb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8185 errors:0 dropped:271 overruns:0 frame:0
TX packets:9578 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2058632 (1.9 MiB) TX bytes:1000224 (976.7 KiB)
If not check the output of the other shell, it will tell you about where to search for the problem (hopefully ).
Unfortunately this didn't work, i get this when i enter that command
Code:
Options error: Unrecognized option or missing parameter(s) in VPN-S
erver.ovpn:12: dhcp-renew (2.1.1)
Use --help for more information.
and when i do the 'whoami' command i get this
Code:
whoami: unknown uid 0
but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.
I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.
just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.
Thank you again.
xdaian948 said:
Unfortunately this didn't work, i get this when i enter that command
Code:
Options error: Unrecognized option or missing parameter(s) in VPN-S
erver.ovpn:12: dhcp-renew (2.1.1)
Use --help for more information.
Click to expand...
Click to collapse
As I said in my very first post: please provide the contents of your .ovpn file. Even if you believe it is correct it seems to contain options that do not work, as stated by the error message!
and when i do the 'whoami' command i get this
Code:
whoami: unknown uid 0
Click to expand...
Click to collapse
This is fine, you are root.
but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.
Click to expand...
Click to collapse
I did not say (and to tell the truth I don't believe) it is a problem with the password since, as I described in my last post, you do not even reach the point where OpenVPN could ask you for the password.
I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.
Click to expand...
Click to collapse
The method I proposed for debugging boils things down to the bare minimum and therefore reduces the chance of any other misconfiguration then the one of OpenVPN. You better don't use the 'graphical interface' until OpenVPN runs fine from the command line.
just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.
Click to expand...
Click to collapse
Don't know what this is but sounds cool , anyway it seems rooting is ok.
Thank you again.
Click to expand...
Click to collapse
You are welcome, but please consider that your .ovpn configuration file could have an error. The error reported in your log is due to a misconfiguration in your .ovpn file I believe. This is why OpenVPN exits.
Alright i'll send you the .ovpn files in a PM now
Thank you.
this is the rooting method i was talking about btw
Code:
http://forum.xda-developers.com/showthread.php?t=1321582
Ok, got your files by PM.
Besides the remote destination you would connect to and perhaps the names of the certificate and key file there is no security relevant information you could not post here I think.
Anyway: the files look like you are connecting to a VPN server that is not your server, i.e. you have no control of the OpenVPN server, correct? In this case I can't really help you, you should ask the VPN provider.
If the VPN server was your own server I would have suggested to radically comment options until you manage to establish a basic connection. Your log clearly shows that there seems to be problem with the option 'dhcp-renew' but as you are not running the VPN server I do not know if you can comment this or any other option, sorry .
My .ovpn file looks like this:
Code:
; OpenVPN client configuration for
; access to xyz enterprise
;
client
dev tun
proto udp
remote xxx.yyy.zzz.www 1194
nobind
comp-lzo
pkcs12 ./p12_ca_cert_private_cert_and_key_bundle.p12
verb 1
This configuration works perfect including routing and DNS resolution by the internal DNS servers of xyz enterprise.
You can try to eliminate (comment) options in your .ovpn file yourself hoping you get a result having no offending option left, but this might be tedious without knowledge of the server end . If you try this please note that your configuration uses 3 individual files, one for the CA cert, one for your cert and one for the key while my configuration uses only one file (certs and key bundled). You must keep your 'three file' configuration.
Well, i'll just ask the support of the VPN provider and see what they can do there might be a problem on their end, and i want to thank you so much for everything you have done
Hi,
Internation Pardus v15 image on rooted i9300, works very well except for this really odd USB connection error when connecting it to my Sony BT3900u car stereo, it was previously connecting without issue on the v15 Pardus build but for unknown reasons to myself now always presents an error.
Does anyone have any ideas as to what might be causing this issue? Any help would be greatly appreciated.
After getting this issue the first time, I ran through a full rebuild, wiped phone/cache/dalvick and error still persisted post rebuild.
Model:
GT-i9300
Android Version:
4.2.2
Baseband
I9300XXEMA5
Kernel version:
3.0.31-702147
Build Number:
Pardus HD Rom XV XXUDME7
Logcat:
E/MTPRx ( 8982): Read Error Came false
E/ ( 8982): read error [0] [Success]
E/MTPRx ( 8982): state from USB_STATE eventDISCONNECTED
E/MTPRx ( 8982): /data/data/com.samsung.android.MtpApplication/gadgetDisconnectAndConnect.txt: open failed: ENOENT (No such file or directory)
E/MTPRx ( 8982): stop observing and calling usbRemoved
E/MTPRx ( 8982): In usbRemoved Status bar enabled
E/MTPRx ( 8982): Sending Broadcast
E/MtpService( 8982): onDestroy.
E/MtpService( 8982): Unregister Mtp disable Receiver
E/MtpService( 8982): Receiver not registered: [email protected]
E/MtpService( 8982): unregistering mtpMediaReceiver in UnregisterAllIntent
E/MtpService( 8982): Receiver not registered: [email protected]
E/MTPJNIInterface( 8982): noti = 3
E/ ( 8982): ****** [mtp_usb_mtp_finalize] mtp_close_fd Calling
E/ ( 8982): [mtp_close_fd] fd = 50...
E/ ( 8982): [mtp_close_fd] USB endpoint [50] closed...
E/ ( 8982): ****** [mtp_usb_mtp_finalize] Updating the gInitializeFlag Flag to FALSE
E/ ( 8982): ****** [mtp_usb_mtp_finalize] Calling mtp_stop_io
E/SEC PowerHAL( 2447): sysfs_write : Error opening /sys/class/input/input1/enabled: No such file or directory
E/SEC PowerHAL( 2447): sysfs_write : Error opening /sys/class/input/input8/enabled: No such file or directory
E/videowall-TranscodeReceiver(10572): broadcastMSG : android.intent.action.ACTION_POWER_DISCONNECTED
E/MTPRx (10600): In MtpReceiverandroid.hardware.usb.action.USB_STATE
E/MTPRx (10600): check value of boot_completed is1
E/MTPRx (10600): check booting is completed_sys.boot_completed
E/MTPRx (10600): Sd-Card path/storage/extSdCard
E/MTPRx (10600): Status for mount/Unmount :mounted
E/MTPRx (10600): SDcard is available
E/MTPRx (10600): The value of first_boot is 1
E/MTPRx (10600): [ 662] The value of first_boot is 1NORMAL SEQUENCE
E/MTPRx (10600): Received USB_STATE with sdCardLaunch = 0
E/MTPRx (10600): configured is false
I'm guessing this is the correct part of the log that pretains to the MTP/USB part. If not I have attached a full log.
Try typing this in a terminal window or adb shell on your phone:
Code:
touch /data/data/com.samsung.android.MtpApplication/gadgetDisconnectAndConnect.txt
Or, make a txt file called gadgetDisconnectAndConnect and place it in /data/data/com.samsung.android.MtpApplication folder.
xpmode said:
Try typing this in a terminal window or adb shell on your phone:
Code:
touch /data/data/com.samsung.android.MtpApplication/gadgetDisconnectAndConnect.txt
Or, make a txt file called gadgetDisconnectAndConnect and place it in /data/data/com.samsung.android.MtpApplication folder.
Click to expand...
Click to collapse
Hi, thanks for the reply.
I did that as quoted, nothing seems to have changed, What should I be looking for?
Thanks!
I have nexus4 and nexus7 (both are 4.3), I noticed all apps resolve dns connection as root (uid 0).
I want to know/ask, why on android, all apps resolve dns connection as root?
I block dns connection as root, then all apps can not resolve dns.
(iptables -I OUTPUT -p udp --dport 53 -m owner --uid-owner 0 -j DROP)
I also noticed, my nexus7 will resolve dns as root, if the connection blocked, then the apps will not resolve dns.
but my nexus4 will resolve dns as root first, if it blocked, then apps will resolve dns as apps-id.
why will that?
anyone have this problem?
both n4/n7 is running stock andorid 4.3 (donwload from google)
thanks.
I can confirm that something very strange is going on in Android 4.3, I'm runing the Slimrom mod and the same thing is true for me, all dns request are done as root. But to make things even stranger the dns props are set but not used, it seems like something is really broken within bioinc that makes it impossible to change dns servers on the fly.
Mine is running android stock rom for both, downloaded from google.
I still not understand, why will that.
Thanks.
Sent from my Nexus 4 using xda app-developers app
Browsing through the AOSP sources, I noticed that Android 4.3 incorporated a somewhat confusing series of commits under the heading of "dns cache per interface," which effectively causes all Bionic DNS requests to be proxied through netd. This commit is the most important element.
Here is the old implementation from Android 4.2.2:
Code:
static struct hostent *
gethostbyname_internal(const char *name, int af, res_state res)
{
const char *cp;
char *bp, *ep;
int size;
struct hostent *hp;
struct resolv_cache* cache;
[b]res_static rs = __res_get_static();[/b]
static const ns_dtab dtab[] = {
NS_FILES_CB(_gethtbyname, NULL)
{ NSSRC_DNS, _dns_gethtbyname, NULL }, /* force -DHESIOD */
{ 0, 0, 0 }
};
assert(name != NULL);
switch (af) {
case AF_INET:
size = INADDRSZ;
break;
case AF_INET6:
size = IN6ADDRSZ;
break;
default:
h_errno = NETDB_INTERNAL;
errno = EAFNOSUPPORT;
return NULL;
}
rs->host.h_addrtype = af;
rs->host.h_length = size;
[...]
h_errno = NETDB_INTERNAL;
if (nsdispatch(&hp, dtab, NSDB_HOSTS, "gethostbyname",
default_dns_files, name, strlen(name), af) != NS_SUCCESS) {
return NULL;
}
h_errno = NETDB_SUCCESS;
return hp;
Note the use of the libc resolver. The library is issuing the DNS requests directly.
By contrast, here is the new Android 4.3 implementation:
Code:
// very similar in proxy-ness to android_getaddrinfo_proxy
static struct hostent *
gethostbyname_internal(const char *name, int af, res_state res, const char *iface)
{
[b]const char *cache_mode = getenv("ANDROID_DNS_MODE");[/b]
FILE* proxy = NULL;
struct hostent *result = NULL;
[b]if (cache_mode != NULL && strcmp(cache_mode, "local") == 0) {[/b]
res_setiface(res, iface);
return gethostbyname_internal_real(name, af, res);
}
proxy = android_open_proxy();
if (proxy == NULL) goto exit;
/* This is writing to system/netd/DnsProxyListener.cpp and changes
* here need to be matched there */
if (fprintf(proxy, "gethostbyname %s %s %d",
iface == NULL ? "^" : iface,
name == NULL ? "^" : name,
af) < 0) {
goto exit;
}
if (fputc(0, proxy) == EOF || fflush(proxy) != 0) {
goto exit;
}
result = android_read_hostent(proxy);
So by default, Android 4.3 will proxy the requests through netd (owned by UID 0). This can be verified by setting DBG to 1 in system/netd/DnsProxyListener.cpp, then watching logcat:
Code:
D/DnsProxyListener( 146): argv[0]=getaddrinfo
D/DnsProxyListener( 146): argv[1]=omg.yahoo.com
D/DnsProxyListener( 146): argv[2]=^
D/DnsProxyListener( 146): argv[3]=1024
D/DnsProxyListener( 146): argv[4]=0
D/DnsProxyListener( 146): argv[5]=1
D/DnsProxyListener( 146): argv[6]=0
D/DnsProxyListener( 146): argv[7]=^
D/DnsProxyListener( 146): GetAddrInfoHandler for omg.yahoo.com / [nullservice] / [nulliface] / 1489
D/DnsProxyListener( 146): GetAddrInfoHandler, now for omg.yahoo.com / (null) / (null)
D/DnsProxyListener( 146): argv[0]=getaddrinfo
D/DnsProxyListener( 146): argv[1]=l1.yimg.com
D/DnsProxyListener( 146): argv[2]=^
D/DnsProxyListener( 146): argv[3]=1024
D/DnsProxyListener( 146): argv[4]=0
D/DnsProxyListener( 146): argv[5]=1
D/DnsProxyListener( 146): argv[6]=0
D/DnsProxyListener( 146): argv[7]=^
D/DnsProxyListener( 146): GetAddrInfoHandler for l1.yimg.com / [nullservice] / [nulliface] / 1489
D/DnsProxyListener( 146): GetAddrInfoHandler, now for l1.yimg.com / (null) / (null)
As seen in the Android 4.3 code snippet, it is possible to temporarily revert to the old behavior by setting ANDROID_DNS_MODE to "local", causing Bionic to send the request through gethostbyname_internal_real(), the old implementation. On this system, the shell user is blocked from sending network traffic via netfilter, but the root user (which owns netd) has full network access:
Code:
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ ANDROID_DNS_MODE= telnet google.com 80
telnet: can't connect to remote host (74.125.227.135): Connection refused
1|[email protected]:/ $ ANDROID_DNS_MODE=local telnet google.com 80
telnet: bad address 'google.com'
1|[email protected]:/ $
In the former case (proxied request), the application was able to look up the hostname via netd, but could not send data traffic. In the latter case (direct request), the application was not able to look up the hostname at all.
It is possible to change the systemwide default by making a tweak to system/core/rootdir/init.rc and rebuilding your kernel image:
Code:
diff --git a/rootdir/init.rc b/rootdir/init.rc
index b6d7335..d0efc46 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -47,6 +47,7 @@ loglevel 3
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export ANDROID_STORAGE /storage
+ export ANDROID_DNS_MODE local
export ASEC_MOUNTPOINT /mnt/asec
export LOOP_MOUNTPOINT /mnt/obb
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
Maybe there is a better way to patch existing ROMs in place.
So, any easyway to deny some apps, to resolve dns?
How apps connect to netd to resolve dns? Unix socket? Or inet socket?
Ok, what I want to do is, some apps connect through tor network and prevent dns leaks.
Thanks.
Sent from my Nexus 4 using xda app-developers app
Ok, I found it in android_open_proxy().
It look like use unix socket "/dev/socket/dnsproxyd".
So I can not use iptables to deny some apps connect to dnsproxy? right?
Any idea to prevent some apps/uid (but not all), connect to dnsproxy?
Thank you.
Sent from my Nexus 4 using xda app-developers app
I tried export ANDROID_DNS_MODE=local
but it make no different on my nexus 4
(my nexus 4 use android stock room 4.3, download from google)
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
1|[email protected]:/ $ set |grep -i dns
1|[email protected]:/ $ export ANDROID_DNS_MODE=local
[email protected]:/ $ set |grep -i dns
ANDROID_DNS_MODE=local
_='ANDROID_DNS_MODE=local'
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
any idea why will that?
thank you.
johnw.xda said:
I tried export ANDROID_DNS_MODE=local
but it make no different on my nexus 4
(my nexus 4 use android stock room 4.3, download from google)
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
1|[email protected]:/ $ set |grep -i dns
1|[email protected]:/ $ export ANDROID_DNS_MODE=local
[email protected]:/ $ set |grep -i dns
ANDROID_DNS_MODE=local
_='ANDROID_DNS_MODE=local'
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
any idea why will that?
thank you.
Click to expand...
Click to collapse
Hmm, it looks like this change removed the logic that populates the nameserver list from the system properties. So with ANDROID_DNS_MODE=local, libc will search /system/etc/hosts but it won't actually be able to contact any nameservers:
Code:
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 localhost
;; res_setoptions("debug", "env")..
;; debug
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=1.85 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.852/1.852/1.852/0.000 ms
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 google.com;; res_setoptions("debug", "env")..
;; debug
;; res_nquerydomain(google.com, <Nil>, 1, 1)
;; res_query(google.com, 1, 1)
;; res_nmkquery(QUERY, google.com, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28372
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
;; res_nquerydomain(google.com, , 1, 1)
;; res_query(google.com., 1, 1)
;; res_nmkquery(QUERY, google.com., IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41613
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
ping: unknown host google.com
[email protected] / $
There's some code in _resolv_set_nameservers_for_iface() that might help, but I don't think this gets run from ordinary command-line utilities.
Any idea to prevent some apps/uid (but not all), connect to dnsproxy?
Click to expand...
Click to collapse
You could try applying filesystem ACLs or SELinux rules to /dev/socket/dnsproxyd
Compiling setfacl with Bionic is a hassle, but you could boot e.g. a Debian ARM image in QEMU and build a binary that is statically linked with glibc. You might also need to build a kernel with CONFIG_TMPFS_POSIX_ACL=y; this setting is currently disabled on the CM10.2 grouper builds.
Other possibilities include:
Modify Bionic to reinstate the old nameserver list behavior, and modify /init.rc as above
Modify netd; you could try calling setresuid() to send out each request under the UID of the client instead of UID 0
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Sorry, I forgot to mention before, maybe the reason is, my busybox/telnet is compiled on debian use glibc with -static flags, so telnet/busybox does not use android's libc, and does not use dnsproxy too.
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Thank you again.
Sent from my Nexus 4 using xda app-developers app
I'm using pppwidget to access the network and I think that is affected by this DNS issues. As specific way to get network, is not aware of all this new stuff and thus unable to resolv dns queries.
johnw.xda said:
Sorry, I forgot to mention before, maybe the reason is, my busybox/telnet is compiled on debian use glibc with -static flags, so telnet/busybox does not use android's libc, and does not use dnsproxy too.
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Thank you again.
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
johnw.xda said:
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Click to expand...
Click to collapse
I've been building my Android 4.3 ROMs from the CM10.2 sources.
You can try building from AOSP directly (instructions here). CM builds aren't difficult, but they did require a few extra steps.
I'm not aware of a way to build Bionic standalone. Trying the obvious stuff like running "ndk-build" in that directory, or using crosstool-ng, didn't work for me. Others can jump in if they know...
cernekee said:
Hmm, it looks like this change removed the logic that populates the nameserver list from the system properties. So with ANDROID_DNS_MODE=local, libc will search /system/etc/hosts but it won't actually be able to contact any nameservers:
Code:
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 localhost
;; res_setoptions("debug", "env")..
;; debug
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=1.85 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.852/1.852/1.852/0.000 ms
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 google.com;; res_setoptions("debug", "env")..
;; debug
;; res_nquerydomain(google.com, <Nil>, 1, 1)
;; res_query(google.com, 1, 1)
;; res_nmkquery(QUERY, google.com, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28372
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
;; res_nquerydomain(google.com, , 1, 1)
;; res_query(google.com., 1, 1)
;; res_nmkquery(QUERY, google.com., IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41613
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
ping: unknown host google.com
[email protected] / $
There's some code in _resolv_set_nameservers_for_iface() that might help, but I don't think this gets run from ordinary command-line utilities.
You could try applying filesystem ACLs or SELinux rules to /dev/socket/dnsproxyd
Compiling setfacl with Bionic is a hassle, but you could boot e.g. a Debian ARM image in QEMU and build a binary that is statically linked with glibc. You might also need to build a kernel with CONFIG_TMPFS_POSIX_ACL=y; this setting is currently disabled on the CM10.2 grouper builds.
Other possibilities include:
Modify Bionic to reinstate the old nameserver list behavior, and modify /init.rc as above
Modify netd; you could try calling setresuid() to send out each request under the UID of the client instead of UID 0
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Click to expand...
Click to collapse
Hi,
Thanks for this analysis.
It certainly does look like 4.3 is ignoring net.dns1 value as the nameserver.
I'm running my custom dns server inside Android and now I suddenly find that it's not being queried.
I may have a small step towards solving this problem.
iptables -t nat -I OUTPUT -p udp -d 192.168.1.1 --dport 53 -j DNAT --to-destination 192.168.1.5:53
iptables -t nat -I OUTPUT -p tcp -d 192.168.1.1 --dport 53 -j DNAT --to-destination 192.168.1.5:53
This works by intercepting the DNS requests meant for the remote nameserver and redirecting it to the local DNS server.
Hope this helps someone figure it out.
There may be a way to programmatically change the active interface DNS server?
Or a way to perhaps disable the DNS proxy completely (ANDROID_DNS_MODE=local doesn't work any more as mentioned)?
cernekee said:
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Click to expand...
Click to collapse
This is what I wound up doing: I copied the DnsProxyListener and Bionic resolver code into an experimental new program called "dnsproxy2", and then tweaked the logic a little bit. Sources are posted here and I'm attaching binaries to this message.
Currently it allows you to pass in a single DNS server address which will unconditionally override the OS-provided DNS servers, and when it proxies requests on behalf of an application it will change the thread's UID (Linux fsuid) to match the caller so that the traditional netfilter app/UID restrictions will be honored.
To see it in action, just do:
Code:
adb push libs/armeabi-v7a/dnsproxy2 /data/local/tmp
adb shell "su -c '/data/local/tmp/dnsproxy2 -v 8.8.8.8'"
The "-v" flag will show the DNS requests on the console.
This was tested with CM10.2. Note that Firefox appears to bypass the DNS proxy.
If this proves useful it may be worth writing a GUI installer/settings app. Another possible improvement would be to allow selectively overriding the DNS server based on the active connection.
cernekee said:
This is what I wound up doing: I copied the DnsProxyListener and Bionic resolver code into an experimental new program called "dnsproxy2", and then tweaked the logic a little bit. Sources are posted here and I'm attaching binaries to this message.
Currently it allows you to pass in a single DNS server address which will unconditionally override the OS-provided DNS servers, and when it proxies requests on behalf of an application it will change the thread's UID (Linux fsuid) to match the caller so that the traditional netfilter app/UID restrictions will be honored.
To see it in action, just do:
Code:
adb push libs/armeabi-v7a/dnsproxy2 /data/local/tmp
adb shell "su -c '/data/local/tmp/dnsproxy2 -v 8.8.8.8'"
The "-v" flag will show the DNS requests on the console.
This was tested with CM10.2. Note that Firefox appears to bypass the DNS proxy.
If this proves useful it may be worth writing a GUI installer/settings app. Another possible improvement would be to allow selectively overriding the DNS server based on the active connection.
Click to expand...
Click to collapse
Is this method still going strong? At this moment there is no app on the market that can change DNS (mobile data access).
hardKNOXbz said:
Is this method still going strong? At this moment there is no app on the market that can change DNS (mobile data access).
Click to expand...
Click to collapse
I'd suggest reading the last few pages of the CrossBreeder thread. I don't think dnsproxy2 is in the official release yet but a number of people have been experimenting with it and posting their results.
cernekee said:
I'd suggest reading the last few pages of the CrossBreeder thread. I don't think dnsproxy2 is in the official release yet but a number of people have been experimenting with it and posting their results.
Click to expand...
Click to collapse
Thank you, I'll do that.
I have created a bug for AOSP regarding broken ANDROID_DNS_MODE=local behavior:
https://code.google.com/p/android/issues/detail?id=75232
Plz try this to connect throo vpn.
This is not my work i just take it from cm11 and put it to stock rom and it work.
sshtunnel_support.zip
https://docs.google.com/file/d/0BzL6ekv_OuX2cE9uY3pfYzNmdWs/edit?usp=docslist_api