Hi James, 2012/2/8 James Ring <s...@jdns.org>: > On Wed, Feb 8, 2012 at 10:24 AM, Gert Doering <g...@greenie.muc.de> wrote: >> Exactly. The first three things are sort of "nearly done", the >> "receive file descriptor to use for tun/tap" would need to be >> implemented (tun.c, open_tun(), #ifdef ANDROID_MAGIC_VPN :-) ) > > I was thinking about this a little more. Presumably openvpn will be > forked and exec'd before the file descriptor is available. Presumably > openvpn could connect to a UNIX domain socket inside open_tun() if > ANDROID_MAGIC_VPN is specified. > > Does other code within openvpn care whether the fd is a UNIX socket or > a tun/tap device? I'm guessing there may be some ioctls it wants to > perform on the device. Other than that, openvpn would be reading and > writing IP packets with an encrypted payload and the Java wrapper > would be responsible for forwarding the bytes between the UNIX domain > socket and the actual tun device.
Unless Android's Linux is stripped down in this respect, you can pass file descriptors over UNIX domain sockets. (The first google hit is [0]. The interface isn't beautiful, but it works nicely.) This would allow you to take the java wrapper out of the loop as far as the raw data shuffling is concerned. Cheers Fabian 0: http://www.lst.de/~okir/blackhats/node121.html
