Track IPv6 connectivity on Android

Co-authored-by: Jonatan Rhoidn <jonatan.rhodin@mullvad.net>

Author: dlon

android/CHANGELOG.md

@@ -29,6 +29,9 @@ Line wrap the file at 100 chars.                                              Th
 ### Removed
 - Remove Google's resolvers from encrypted DNS proxy.
 
+### Fixed
+- Will no longer try to connect over IPv6 if IPv6 is not available.
+
 
 ## [android/2024.10-beta2] - 2024-12-20
 

android/lib/talpid/src/main/kotlin/net/mullvad/talpid/ConnectivityListener.kt

@@ -6,15 +6,20 @@ import android.net.Network
 import android.net.NetworkCapabilities
 import android.net.NetworkRequest
 import co.touchlab.kermit.Logger
+import java.net.DatagramSocket
+import java.net.Inet4Address
+import java.net.Inet6Address
 import java.net.InetAddress
 import kotlin.collections.ArrayList
 import kotlin.time.Duration.Companion.seconds
 import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.channels.Channel
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.SharingStarted
 import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.combine
 import kotlinx.coroutines.flow.distinctUntilChanged
 import kotlinx.coroutines.flow.filter
 import kotlinx.coroutines.flow.map
@@ -25,15 +30,21 @@ import kotlinx.coroutines.flow.receiveAsFlow
 import kotlinx.coroutines.flow.scan
 import kotlinx.coroutines.flow.stateIn
 import kotlinx.coroutines.launch
+import kotlinx.coroutines.plus
 import net.mullvad.mullvadvpn.lib.common.util.debounceFirst
+import net.mullvad.talpid.model.Connectivity
 import net.mullvad.talpid.model.NetworkState
+import net.mullvad.talpid.util.IPAvailabilityUtils
 import net.mullvad.talpid.util.NetworkEvent
 import net.mullvad.talpid.util.RawNetworkState
 import net.mullvad.talpid.util.defaultRawNetworkStateFlow
 import net.mullvad.talpid.util.networkEvents
 
-class ConnectivityListener(private val connectivityManager: ConnectivityManager) {
-    private lateinit var _isConnected: StateFlow<Boolean>
+class ConnectivityListener(
+    val connectivityManager: ConnectivityManager,
+    val protect: (socket: DatagramSocket) -> Boolean,
+) {
+    private lateinit var _isConnected: StateFlow<Connectivity>
     // Used by JNI
     val isConnected
         get() = _isConnected.value
@@ -64,12 +75,49 @@ class ConnectivityListener(private val connectivityManager: ConnectivityManager)
         }
 
         _isConnected =
-            hasInternetConnectivity()
-                .onEach { notifyConnectivityChange(it) }
+            combine(connectivityManager.defaultRawNetworkStateFlow(), hasInternetConnectivity()) {
+                    rawNetworkState,
+                    hasInternetCapability: Boolean ->
+                    if (hasInternetCapability) {
+                        if (rawNetworkState.isNotVpn()) {
+                                // If the default network is not a VPN we can check the addresses
+                                // directly
+                                Connectivity.Status(
+                                    ipv4 =
+                                        rawNetworkState?.linkProperties?.routes?.any {
+                                            it.destination.address is Inet4Address
+                                        } == true,
+                                    ipv6 =
+                                        rawNetworkState?.linkProperties?.routes?.any {
+                                            it.destination.address is Inet6Address
+                                        } == true,
+                                )
+                            } else {
+                                // If the default network is a VPN we need to use a socket to check
+                                // the underlying network
+                                Connectivity.Status(
+                                    IPAvailabilityUtils.isIPv4Available(protect = { protect(it) }),
+                                    IPAvailabilityUtils.isIPv6Available(protect = { protect(it) }),
+                                )
+                            }
+                            // If we have internet, but both IPv4 and IPv6 are not available, we
+                            // assume something is wrong and instead will return presume online.
+                            .takeUnless { !it.ipv4 && !it.ipv6 } ?: Connectivity.PresumeOnline
+                    } else {
+                        Connectivity.Status(false, false)
+                    }
+                }
+                .distinctUntilChanged()
+                .onEach {
+                    when (it) {
+                        Connectivity.PresumeOnline -> notifyConnectivityChange(true, true)
+                        is Connectivity.Status -> notifyConnectivityChange(it.ipv4, it.ipv6)
+                    }
+                }
                 .stateIn(
-                    scope,
+                    scope + Dispatchers.IO,
                     SharingStarted.Eagerly,
-                    true, // Assume we have internet until we know otherwise
+                    Connectivity.PresumeOnline, // Assume we have internet until we know otherwise
                 )
     }
 
@@ -142,14 +190,17 @@ class ConnectivityListener(private val connectivityManager: ConnectivityManager)
             }
             .toSet()
 
+    private fun RawNetworkState?.isNotVpn(): Boolean =
+        this?.networkCapabilities?.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN) == true
+
     private fun RawNetworkState.toNetworkState(): NetworkState =
         NetworkState(
             network.networkHandle,
             linkProperties?.routes,
             linkProperties?.dnsServersWithoutFallback(),
         )
 
-    private external fun notifyConnectivityChange(isConnected: Boolean)
+    private external fun notifyConnectivityChange(isIPv4: Boolean, isIPv6: Boolean)
 
     private external fun notifyDefaultNetworkChange(networkState: NetworkState?)
 }

android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt

@@ -48,7 +48,8 @@ open class TalpidVpnService : LifecycleVpnService() {
     @CallSuper
     override fun onCreate() {
         super.onCreate()
-        connectivityListener = ConnectivityListener(getSystemService<ConnectivityManager>()!!)
+        connectivityListener =
+            ConnectivityListener(getSystemService<ConnectivityManager>()!!, ::protect)
         connectivityListener.register(lifecycleScope)
     }
 

android/lib/talpid/src/main/kotlin/net/mullvad/talpid/model/Connectivity.kt

@@ -0,0 +1,7 @@
+package net.mullvad.talpid.model
+
+sealed class Connectivity {
+    data class Status(val ipv4: Boolean, val ipv6: Boolean) : Connectivity()
+
+    data object PresumeOnline : Connectivity()
+}

android/lib/talpid/src/main/kotlin/net/mullvad/talpid/util/IPAvailabilityUtils.kt

@@ -0,0 +1,46 @@
+package net.mullvad.talpid.util
+
+import co.touchlab.kermit.Logger
+import java.net.DatagramSocket
+import java.net.InetAddress
+import java.net.InetSocketAddress
+import java.net.SocketException
+
+object IPAvailabilityUtils {
+    fun isIPv4Available(protect: (socket: DatagramSocket) -> Boolean): Boolean =
+        isIPAvailable(InetAddress.getByName(PUBLIC_IPV4_ADDRESS), protect)
+
+    fun isIPv6Available(protect: (socket: DatagramSocket) -> Boolean): Boolean =
+        isIPAvailable(InetAddress.getByName(PUBLIC_IPV6_ADDRESS), protect)
+
+    // Fake a connection to a public ip address using a UDP socket.
+    // We don't care about the result of the connection, only that it is possible to create.
+    // This is done this way since otherwise there is not way to check the availability of an ip
+    // version on the underlying network if the VPN is turned on.
+    // Since we are protecting the socket it will use the underlying network regardless
+    // if the VPN is turned on or not.
+    // If the ip version is not supported on the underlying network it will trigger a socket
+    // exception. Otherwise we assume it is available.
+    private inline fun <reified T : InetAddress> isIPAvailable(
+        ip: T,
+        protect: (socket: DatagramSocket) -> Boolean,
+    ): Boolean {
+        val socket = DatagramSocket()
+        if (!protect(socket)) {
+            Logger.e("Unable to protect the socket VPN is not set up correctly")
+            return false
+        }
+        return try {
+            socket.connect(InetSocketAddress(ip, 1))
+            true
+        } catch (_: SocketException) {
+            Logger.e("Socket could not be set up")
+            false
+        } finally {
+            socket.close()
+        }
+    }
+
+    private const val PUBLIC_IPV4_ADDRESS = "1.1.1.1"
+    private const val PUBLIC_IPV6_ADDRESS = "2606:4700:4700::1001"
+}

mullvad-jni/src/classes.rs

@@ -18,4 +18,6 @@ pub const CLASSES: &[&str] = &[
     "net/mullvad/talpid/ConnectivityListener",
     "net/mullvad/talpid/TalpidVpnService",
     "net/mullvad/mullvadvpn/lib/endpoint/ApiEndpointOverride",
+    "net/mullvad/talpid/model/Connectivity$Status",
+    "net/mullvad/talpid/model/Connectivity$PresumeOnline",
 ];

talpid-core/src/connectivity_listener.rs

@@ -98,36 +98,34 @@ impl ConnectivityListener {
 
     /// Return the current offline/connectivity state
     pub fn connectivity(&self) -> Connectivity {
-        self.get_is_connected()
-            .map(|connected| Connectivity::Status { connected })
-            .unwrap_or_else(|error| {
-                log::error!(
-                    "{}",
-                    error.display_chain_with_msg("Failed to check connectivity status")
-                );
-                Connectivity::PresumeOnline
-            })
+        self.get_is_connected().unwrap_or_else(|error| {
+            log::error!(
+                "{}",
+                error.display_chain_with_msg("Failed to check connectivity status")
+            );
+            Connectivity::PresumeOnline
+        })
     }
 
-    fn get_is_connected(&self) -> Result<bool, Error> {
+    fn get_is_connected(&self) -> Result<Connectivity, Error> {
         let env = JnixEnv::from(
             self.jvm
                 .attach_current_thread_as_daemon()
                 .map_err(Error::AttachJvmToThread)?,
         );
 
-        let is_connected =
-            env.call_method(self.android_listener.as_obj(), "isConnected", "()Z", &[]);
-
-        match is_connected {
-            Ok(JValue::Bool(JNI_TRUE)) => Ok(true),
-            Ok(JValue::Bool(_)) => Ok(false),
-            value => Err(Error::InvalidMethodResult(
-                "ConnectivityListener",
+        let is_connected = env
+            .call_method(
+                self.android_listener.as_obj(),
                 "isConnected",
-                format!("{:?}", value),
-            )),
-        }
+                "()Lnet/mullvad/talpid/model/Connectivity;",
+                &[],
+            )
+            .expect("Missing isConnected")
+            .l()
+            .expect("isConnected is not an object");
+
+        Ok(Connectivity::from_java(&env, is_connected))
     }
 
     /// Return the current DNS servers according to Android
@@ -160,20 +158,25 @@ impl ConnectivityListener {
 #[unsafe(no_mangle)]
 #[allow(non_snake_case)]
 pub extern "system" fn Java_net_mullvad_talpid_ConnectivityListener_notifyConnectivityChange(
-    _: JNIEnv<'_>,
-    _: JObject<'_>,
-    connected: jboolean,
+    _env: JNIEnv<'_>,
+    _obj: JObject<'_>,
+    is_ipv4: jboolean,
+    is_ipv6: jboolean,
 ) {
     let Some(tx) = &*CONNECTIVITY_TX.lock().unwrap() else {
         // No sender has been registered
         log::trace!("Received connectivity notification wíth no channel");
         return;
     };
 
-    let connected = JNI_TRUE == connected;
+    let is_ipv4 = JNI_TRUE == is_ipv4;
+    let is_ipv6 = JNI_TRUE == is_ipv6;
 
     if tx
-        .unbounded_send(Connectivity::Status { connected })
+        .unbounded_send(Connectivity::Status {
+            ipv4: is_ipv4,
+            ipv6: is_ipv6,
+        })
         .is_err()
     {
         log::warn!("Failed to send offline change event");

talpid-types/src/net/mod.rs

@@ -1,4 +1,5 @@
 use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network};
+use jnix::FromJava;
 use obfuscation::ObfuscatorConfig;
 use serde::{Deserialize, Serialize};
 #[cfg(windows)]
@@ -564,20 +565,15 @@ pub fn all_of_the_internet() -> Vec<ipnetwork::IpNetwork> {
 ///
 /// Information about the host's connectivity, such as the preesence of
 /// configured IPv4 and/or IPv6.
-#[derive(Debug, Clone, Copy, PartialEq)]
+#[derive(Debug, Clone, Copy, PartialEq, FromJava)]
+#[jnix(package = "net.mullvad.talpid.model")]
 pub enum Connectivity {
-    #[cfg(not(target_os = "android"))]
     Status {
         /// Whether IPv4 connectivity seems to be available on the host.
         ipv4: bool,
         /// Whether IPv6 connectivity seems to be available on the host.
         ipv6: bool,
     },
-    #[cfg(target_os = "android")]
-    Status {
-        /// Whether _any_ connectivity seems to be available on the host.
-        connected: bool,
-    },
     /// On/offline status could not be verified, but we have no particular
     /// reason to believe that the host is offline.
     PresumeOnline,
@@ -591,7 +587,6 @@ impl Connectivity {
 
     /// If no IP4 nor IPv6 routes exist, we have no way of reaching the internet
     /// so we consider ourselves offline.
-    #[cfg(not(target_os = "android"))]
     pub fn is_offline(&self) -> bool {
         matches!(
             self,
@@ -605,23 +600,7 @@ impl Connectivity {
     /// Whether IPv6 connectivity seems to be available on the host.
     ///
     /// If IPv6 status is unknown, `false` is returned.
-    #[cfg(not(target_os = "android"))]
     pub fn has_ipv6(&self) -> bool {
         matches!(self, Connectivity::Status { ipv6: true, .. })
     }
-
-    /// Whether IPv6 connectivity seems to be available on the host.
-    ///
-    /// If IPv6 status is unknown, `false` is returned.
-    #[cfg(target_os = "android")]
-    pub fn has_ipv6(&self) -> bool {
-        self.is_online()
-    }
-
-    /// If the host does not have configured IPv6 routes, we have no way of
-    /// reaching the internet so we consider ourselves offline.
-    #[cfg(target_os = "android")]
-    pub fn is_offline(&self) -> bool {
-        matches!(self, Connectivity::Status { connected: false })
-    }
 }