How to toss VPN and network on the closed system platform

Premise: If you want to understand what this article is about, you must first take a look at two of my incorrect conclusions:
1. What we callModernThe operating system is too complicated,The privileged model of the protection model may have been designed incorrectly from the very beginning.!
2. The emergence of Linux kernel has contributed to the rapid spread of macro kernel ideas. In factThe idea of microkernel is more correct(Microsoft's operating system is a microkernel, but it is integrated into many macro kernel frameworks )!
Let me explain the two points above. First, the protection mode is encouraged by Intel's x86 system.Privileged ModelThe disadvantages of using this model are now apparent. For example, the root permission of UNIX/Linux is the embodiment of this model. The granularity of this model is too coarse. Once the permission is obtained, excessive power makes it impossible to make access control rules more strategized. Intel's protection mode adopts a privileged model. The CPU is in a privileged mode at any time. If it is in a 0-ring environment, it is given the highest privilege, with no restriction, generally, the device driver code runs in the 0-ring mode, and the privileged mode will bring about centralization. Although Intel has designed four privileged rings, the general operating system only uses the 0-ring and 3-ring, all kernel codes of the operating system are not granted the privilege of the doctor. The operating system designer places all the global things of the system unrelated to the user program in the 0 privilege environment, it is separated from the user's application. In short, the so-called privileged Mode means either having privileges or having no privileges, or having nothing to do with system-level operations that are not related to user applications, or you can do anything! According to this model, the macro kernel is also reasonable. All system-level and application-independent code is unified into a structure called the operating system kernel. Network protocol stacks are of course irrelevant to specific applications, and are part of the operating system kernel, how can you expect an App to customize, modify, or replace what it wants?
It cannot be broken. What is better if the privileged-based protection mode is poor? I personally think that the authentication-based protection mode will be better, at least more secure. Imagine if a code with a special privilege has a problem or has been infiltrated. What will happen? How can someone take it? It is precisely because no one can take advantage of it that there will be so many network worms, such as how to use program vulnerabilities to obtain root. Why not use the authentication mechanism? Before the code is executed, it must first perform signature verification or other authentication mechanisms. In this way, even if a piece of code with the permission to execute a task is intruded into, it cannot pass authentication and thus cannot be executed, for program bugs, since each operation is based on authentication, the impact is also local and will not be as serious as the Linux Kernel panic, and the same is true for memory isolation between processes, why is the kernel space able to access the memory of any process? Why can't I access the memory of any process as long as there is a token ?! In this way, the operating system becomes an operating system, and there is no Kernel Concept any more. The so-called kernel is downgraded to a service provider, just like the staff in the accreditation hall. There is no privilege, but you believe that he or she can give you a license. Each service part of the correct operating system should be componentized. It should be a set of service components serving the App, and the batch should be linked through specific channels, whether it is between apps or system service components, the premise of communication is that the security authentication is passed and there is no privileged channel! This is the idea of the micro-kernel. There are two main themes behind it:System services and apps are equal; system service components are replaceable.
All authentication is based on authentication rather than preset privileges!
The network protocol stack is undoubtedly a system service component and has no special features. However, under the macro kernel, it is difficult to modify or replace it because you must gain the privilege. If you do not have the privilege or how to work hard to get the privilege, you can only start another job. This is the purpose of this Article.
Start: currently, more and more small portable terminals are available, which is no longer the meaning of PC + mobile phones. Then, of course, the development of applications on these terminals cannot be escaped. Common application development is still relatively easy. After all, if a platform wants to occupy a territory of the mobile Internet, open ecosystems are required. Vendors or zones must provide complete interfaces and documents. However, if you want to develop a service highly related to the underlying layer, I am afraid this is not enough. The following are some examples:
1. Android uses Linux as the underlying layer and Java as the application interface. To support C code, it provides NDK. However, how does C code interact with the network operation interface of the operating system? For example, if there is no root, how can I execute the iproute2 command to set some routing rules and the routing items with the src parameter;
2. How to develop a TAP-based virtual network card application on the Android system;
3. How does the iOS platform call underlying network operation commands;
...
These are all real problems. The reason why manufacturers do not open these mechanisms may be that they think they have taken the largest set during interface design, they focus too much on common application interfaces to prevent confusion caused by underlying operations and other insecure factors. This is understandable, but the above problems must be solved.
For me, I do not need to export a file system or memory management mechanism to me. The only interface I need is the network operation interface, since the interfaces of the existing platform are not open, we can try to bypass it and bypass it. This reminds me of some words: tinytcp, uIP, lwIP... these small or even micro TCP/IP protocol stacks are designed to be deployed on embedded systems. Specifically, for uIP, its WIKI page includes the following sentence:
UIP's native software interface is designed for small computer systemsWith no operating system.
Note that the blacklist can be deployed on an embedded platform without operating systems. This is especially important if an operation such as Android, if iOS doesn't let you touch the underlying operating system interface, what is the difference between it and no operating system for developers ?! Right, consider these closed or semi-open things as"With no operating system"Platform!
The next step is to try to port these protocol stacks to these annoying platforms.With no operating system"The platform is relatively easy, so it won't feed a system from nothing. If you choose a small protocol stack, it's nothing more than building a cross-compilation environment and endless debugging, panic, debug, panic, although hard, but after all pain and joy. However, these Android and iOS platforms are not suitable for every embedded protocol stack, so they are not as good as bare boards without systems... this involves the selection of embedded protocol stacks. Due to restrictions on the platform, all operations must be performed in the user State, that is, they cannot be related to the kernel or non-open interfaces. The entire protocol stack is fully implemented in user mode, and then communicates with platforms such as Android and iOS that only keep one interface, that is, data packets are imported into the user mode protocol stack, for Android, you can use the virtual Nic interface in TUN mode and encapsulate an Ethernet layer in user mode. for iOS, it seems that you can also use the TUN virtual Nic, but I still don't know how to use it. I only know that there may be TUN in iOS after I see OpenVPN In the App Store, of course, it can also use pcap without using TUN to capture packets.
The purpose of this article is to show you how to operate the network on a closed or semi-closed non-root non-Jailbreak, non-authority-based platform, the only thing you need to do is to try to import data to your user-state embedded protocol stack. My choice is lwIP, which is fully compiled into a part of a user-State service, however, if you only want to adapt the TUN to the TAP, the uIP is enough. All network operation requirements for those highly restrictive platforms are now integrated into one interface, that is, you only need to allow me to create and operate a TUN/TAP Nic or use one of the pcap interfaces to communicate with the user-mode protocol stack I have transplanted, all network strategized processing is performed on the user-state protocol stack. As described above, this user-state protocol stack is part of your program and has nothing to do with system-level network processing! In any case, Android and iOS can meet the above requirements. The key is that if we cannot replace a mechanism or the replacement workload is too large, we can write a fully self-controlled implementation, then we will introduce the data stream into our own implementation. The only difficulty here is the last sentence. In fact, the idea in this article is quite conventional. What if your PC cannot do one thing because it has not opened the corresponding API, for example, VPN encryption? It's easy. Connect a VPN box in front of the PC to complete encryption. Connect the NIC of the PC to the interface of the VPN box! However, a mobile phone is not like a PC. Its VPN box is an App installed on the mobile phone itself, and it does not have the line between the PC and the VPN box, replace it with TUN/TAP or pcap! Attach a picture:



The above is just a basic idea. The actual example is that you want to implement a slightly different IPSec protocol than the standard IPSec protocol on Android phones without root, for example, if the ESP protocol header is slightly changed and this tiny requirement is put on Linux, the module may be re-compiled. At most, the kernel will be re-compiled, but on Android, you have to watch the following is a Linux but it cannot make a difference. At this time, something called embedded IPsec is useful, and you can use your own IPSec implementation, it runs in the user State together with lwIP or uIP. This is the solution.
If you ask: What if the user-mode protocol stack has no permission for a function? I know that some people are especially fond of asking such questions. They are reluctant to take down your platform quickly, and a somewhat biased educational philosophy has fostered a lot of people who cannot break through. My answer to this question is: first, this question is incorrect; second, your protocol stack has not been written or transplanted; third, I have not encountered this problem, because I have already tried it!