Possibility to select an interface the UDP Dumper will be bound to

[tss008]

Use case:

Using the UDP Dumper we'd like to have a look at traffic between an application and its server when the application is connected to Internet through a mobile network. The target device is also connected to a local network using Wi-Fi (no access to Internet through Wi-Fi though). The UDP collector is running on a local machine in the same local network. It's not so complex to change the code and let a user select an interface the UDP Dumper has to be bound to, e.g.

      public void startDumper() throws IOException {
         mSocket = new DatagramSocket();
+
+        if (mWifiNet != null)
+        {
+            mWifiNet.bindSocket(mSocket);
+        }

[emanuele-f]

Why would you bind the PCAPdroid udp sender to a specific interface?

[tss008]

Why would you bind the PCAPdroid udp sender to a specific interface?

Because in the scenario mentioned the local UDP collector (accessible through Wi-Fi) has no chance to get traffic from the udp sender, most probably it goes to the mobile network (the Android API Reference says: "DatagramSocket () Constructs a datagram socket and binds it to any available port on the local host machine. The socket will be bound to the wildcard address, an IP address chosen by the kernel.").

[emanuele-f]

This does not make much sense, for outbound UDP datagrams, standard route logic should apply, so if the receiver on the wifi is reachable by your device, then it should be able to receive the datagram.
Have you verified that this mWifiNet.bindSocket solves the issue for you? Can you share your full code?

[tss008]

Ok, let me clarify using the following detailed example:

1. The phone (Android 9, no root) is connected to LAN over Wi-Fi (IP:192.168.1.224, i/f wlan0), the Wi-Fi router (192.168.1.1) completely restricts access to Internet for it. The phone has also mobile data connection (LTE, IP: 10.147.215.220, i/f seth_lte0).
2. The UDP collector is running on a local server (192.168.1.34).

Without the proposed feature the UDP sender can't "reach" the UDP collector because traffic gets routed to seth_lte0. Here is the log from the phone:

P963F30P:/ $ ip route get 192.168.1.34
192.168.1.34 dev seth_lte0 table 1007 src 10.147.215.220 uid 2000
    cache

P963F30P:/ $ ip rule
0:      from all lookup local
10000:  from all fwmark 0xc0000/0xd0000 lookup 99
10500:  from all iif lo oif dummy0 uidrange 0-0 lookup 1002
10500:  from all iif lo oif seth_lte0 uidrange 0-0 lookup 1007
10500:  from all iif lo oif wlan0 uidrange 0-0 lookup 1029
13000:  from all fwmark 0x10063/0x1ffff iif lo lookup 97
13000:  from all fwmark 0x10072/0x1ffff iif lo lookup 1007
13000:  from all fwmark 0x10077/0x1ffff iif lo lookup 1029
14000:  from all iif lo oif dummy0 lookup 1002
14000:  from all iif lo oif seth_lte0 lookup 1007
14000:  from all iif lo oif wlan0 lookup 1029
15000:  from all fwmark 0x0/0x10000 lookup 99
16000:  from all fwmark 0x0/0x10000 lookup 98
17000:  from all fwmark 0x0/0x10000 lookup 97
19000:  from all fwmark 0x72/0x1ffff iif lo lookup 1007
19000:  from all fwmark 0x77/0x1ffff iif lo lookup 1029
22000:  from all fwmark 0x0/0xffff iif lo lookup 1007
32000:  from all unreachable

P963F30P:/ $ ip route show table main
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.224

P963F30P:/ $ ip route show table local
local 10.147.215.220 dev seth_lte0 proto kernel scope host src 10.147.215.220
broadcast 10.147.215.220 dev seth_lte0 proto kernel scope link src 10.147.215.220
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 proto kernel scope link src 192.168.1.224
local 192.168.1.224 dev wlan0 proto kernel scope host src 192.168.1.224
broadcast 192.168.1.255 dev wlan0 proto kernel scope link src 192.168.1.224

P963F30P:/ $ ip route show table all
default via 192.168.1.1 dev wlan0 table 1029 proto static
192.168.1.0/24 dev wlan0 table 1029 proto static scope link
default dev dummy0 table 1002 proto static scope link
default dev seth_lte0 table 1007 proto static scope link
10.147.215.220 dev seth_lte0 table 1007 proto static scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.224
local 10.147.215.220 dev seth_lte0 table local proto kernel scope host src 10.147.215.220
broadcast 10.147.215.220 dev seth_lte0 table local proto kernel scope link src 10.147.215.220
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.224
local 192.168.1.224 dev wlan0 table local proto kernel scope host src 192.168.1.224
broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.224
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev wlan0 table 1029 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 table 1029 proto static metric 1024 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev dummy0 table 1002 proto kernel metric 256 pref medium
default dev dummy0 table 1002 proto static metric 1024 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
fe80::/64 dev seth_lte0 table 1007 proto kernel metric 256 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium
local ::1 dev lo table local proto unspec metric 0 pref medium
local fe80::3b62:652d:5201:5c9d dev lo table local proto unspec metric 0 pref medium
local fe80::805d:15ff:fe94:3589 dev lo table local proto unspec metric 0 pref medium
local fe80::b61c:30ff:fe08:1ce1 dev lo table local proto unspec metric 0 pref medium
ff00::/8 dev dummy0 table local metric 256 pref medium
ff00::/8 dev seth_lte0 table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
unreachable default dev lo proto kernel metric 4294967295 error -101 pref medium

A similar Android issue is described here https://www.reddit.com/r/HomeNetworking/comments/r0sruo/android_ignores_routing_table_uses_phone_data/

When it comes to the changes I made to solve my issue, they are rather a hack than a proper implementation of the feature, but please have a look
udp-sender-bind-diff.txt

[emanuele-f]

Ok, this behavior is described in https://android-developers.googleblog.com/2016/07/connecting-your-app-to-wi-fi-device.html , so routes will not be inserted if it has no internet. A network selection combobox could be added to the UI to specify on which network to call bindSocket.
However, have you evaluated using the HTTP server dump mode instead? Maybe it will work without the need to bind the socket, as it's inbound. UDP mode is not ideal if you want a reliable capture, as it will likely drop packets at some point (see https://emanuele-f.github.io/PCAPdroid/dump_modes#24-udp-exporter). Even if you use an ethernet adapter, you may still experience drops, as UDP is not reliable.

[tss008]

No, I have not evaluated the HTTP server dump mode because I didn't notice it could be used for real-time monitoring as well. Thanks for pointing this option out. I'm sure it will work for the case described.