updateing

dns:
  enable: true
  listen: 0.0.0.0:53
  default-nameserver:
    - 192.168.1.1
  enhanced-mode: fake-ip
  fake-ip-filter:
    - 'xncsi.xboxlive.com'
    - 'xncsi.xboxlive.cn'
    - '*.msftconnecttest.com'

updateing

# Generated by xtables-save v1.8.2 on Sun Apr  4 19:09:44 2021
*nat
:PREROUTING ACCEPT [2191:359909]
:INPUT ACCEPT [1063:168760]
:POSTROUTING ACCEPT [906:80396]
:OUTPUT ACCEPT [897:79912]
:clash - [0:0]
-A PREROUTING -p tcp -j clash
-A OUTPUT -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A clash -d 0.0.0.0/8 -j RETURN

updateing

#!/system/bin/sh
# Share LTE over WiFi STA, use when AP is not possible.
# You have to make sure the phone can connect to LTE and WiFi at the same time,
# e.g. keep portal detection failing.
RMNET_DEV=$(ip route|grep rmnet|cut -d " " -f 3)
WLAN_SUBNET=$(ip route|grep wlan|cut -d " " -f 1)
WLAN_DEV=$(ip route|grep wlan|cut -d " " -f 3)

iptables -F natctrl_FORWARD
echo 1 > /proc/sys/net/ipv4/ip_forward

updateing

This file describes how to set up connection sharing (specifically, LTE->WLAN and VPN(@LTE)->WLAN) on Android 8.1. The two cases differ a bit, though.

All commands need to be run on Android as root, and make sure your phone can connect to LTE and WLAN simultaneously. Making the WLAN failing captive portal check is a cheap way to do so.

Common Setup

This has to be done before any further steps:

iptables -F natctrl_FORWARD

updateing

Also see this thread for tests on a greater range of devices.

Test Command

for i in chacha20-poly1305 aes-128-gcm aes-192-gcm aes-256-gcm; do openssl speed -evp "$i"; done
for i in chacha20-poly1305 aes-128-gcm aes-192-gcm aes-256-gcm; do openssl speed -multi $(nproc) -evp "$i"; done

Test Results

updateing

#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>

#define	WLC_IOCTL_SMLEN 256	/* "small" length ioctl buffer required */
#define WLC_GET_VAR     262	/* get value of named variable */

updateing

diff --git a/init/reboot_utils.cpp b/init/reboot_utils.cpp
index de085cc9b..80edeb237 100644
--- a/init/reboot_utils.cpp
+++ b/init/reboot_utils.cpp
@@ -33,6 +33,75 @@
 namespace android {
 namespace init {
 
+extern "C" {
+    #include <errno.h>

updateing

#!/bin/sh
#
# Use PPP interface to set up a 6to4 tunnel
#
# Author: Hamster Tian <haotia@gmail.com>
# Date: 2016/01/26
#

PPP_IFACE=ppp0
LAN_IFACE=br0

updateing

#!/usr/bin/python
# coding=UTF-8
#
# Copyright 2016 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0

updateing

Policy Routing & polipo configuration

1. NEVER forget the DNS server - it's not reachable via default route on alternative exit! You need to setup a special entry for DNS server to leave from internal network.

2. DO NOT try to mess with connmark for this purpose. Even if you think you have a sufficient set of rules, things just don't work:

   iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
   iptables -t mangle -A PREROUTING -i veth-host -j CONNMARK --set-mark 1
   iptables -t mangle -A PREROUTING -j CONNMARK --save-mark