Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/celzero/firestack
Userspace wireguard and network monitor
https://github.com/celzero/firestack
android firewall networkmonitor proxy vpn wireguard
Last synced: 3 days ago
JSON representation
Userspace wireguard and network monitor
- Host: GitHub
- URL: https://github.com/celzero/firestack
- Owner: celzero
- License: mpl-2.0
- Created: 2021-02-27T09:45:34.000Z (over 3 years ago)
- Default Branch: n2
- Last Pushed: 2024-05-19T13:20:44.000Z (6 months ago)
- Last Synced: 2024-05-19T14:21:51.639Z (6 months ago)
- Topics: android, firewall, networkmonitor, proxy, vpn, wireguard
- Language: Go
- Homepage: https://rethinkdns.com/app
- Size: 60.9 MB
- Stars: 66
- Watchers: 7
- Forks: 14
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# Firestack
A userspace TCP/UDP connection monitor, firewall, DNS resolver, and [WireGuard](https://github.com/wireguard/wireguard-go) client for Android.
Firestack is built specifically for [Rethink DNS + Firewall + VPN](https://github.com/celzero/rethink-app). [gVisor/netstack](https://github.com/google/gvisor/tree/go/pkg/tcpip) provides a SOCKS-like interface (similar to [badvpn's tun2socks](https://github.com/ambrop72/badvpn)) for TCP and UDP connections over a tun-device.
Firestack is a hard-fork of Google's [outline-go-tun2socks](https://github.com/Jigsaw-Code/outline-go-tun2socks) project.
## DNS
Firestack supports DNS over HTTPS, DNS over TLS, Oblivious DNS over HTTPS, DNSCrypt v3, and plain old DNS upstreams.
## WireGuard
Firestack runs WireGuard in userspace. When running *multiple* WireGuard tunnels at once, only TCP and UDP are forwarded to the tunnels; but otherwise
ICMP and DNS are as well. ARP / IGMP / SCTP / RTP and other IP protocols are *not* forwarded to WireGuard tunnels.## Releases
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/celzero/firestack/badge)](https://securityscorecards.dev/viewer/?uri=github.com/celzero/firestack)
Firestack is released as an Android Library (`aar`) and can be integrated into
your [Android builds via jitpack.io](https://jitpack.io/#celzero/firestack) ([ref](https://github.com/celzero/rethink-app/commit/a6e2abca7)).```kotlin
# add this to your project's build.gradle
allprojects {
repositories {
...
maven { url 'https://jitpack.io' }
}
}# add the dep to your app's build.gradle
dependencies {
implementation 'com.github.celzero:firestack:Tag@aar'
# with debug symbols
implementation 'com.github.celzero:firestack:Tag:debug@aar'
}
```## API
The APIs aren't stable and hence left undocumented, but you can look at
Rethink DNS + Firewall + VPN codebase: ([GoVpnAdapter](https://github.com/celzero/rethink-app/blob/982849564/app/src/main/java/com/celzero/bravedns/net/go/GoVpnAdapter.java#L164-L232),
[BraveVpnService](https://github.com/celzero/rethink-app/blob/982849564/app/src/main/java/com/celzero/bravedns/service/BraveVPNService.kt#L130-L137)) to see how to integrate with Firestack on Android.## Build
Firestack only supports Android. Instructions for other platforms are left as-is, but they may or may not work.
### Prerequisites
- macOS host (iOS, macOS)
- make
- Go >= 1.22
- A C compiler (e.g.: clang, gcc)Firestack APIs are available only on Android builds for now. iOS and Linux support planned but nothing concrete yet.
### Android
- [sdkmanager](https://developer.android.com/studio/command-line/sdkmanager)
1. Download the command line tools from [developer.android.com](https://developer.android.com/studio).
1. Unzip the pacakge as `~/Android/Sdk/cmdline-tools/latest/`. Make sure `sdkmanager` is located at `~/Android/Sdk/cmdline-tools/latest/bin/sdkmanager`
- Android NDK 23+
1. Install the NDK with `~/Android/Sdk/cmdline-tools/latest/bin/sdkmanager "platforms;android-30" "ndk;23.1.7779620"`
(platform from [outline-client](https://github.com/Jigsaw-Code/outline-client#building-the-android-app), exact NDK 23 version obtained from `sdkmanager --list`)
1. Set up the environment variables:
```
export ANDROID_NDK_HOME=~/Android/Sdk/ndk/23.1.7779620 ANDROID_HOME=~/Android/Sdk
```
- [gomobile](https://pkg.go.dev/golang.org/x/mobile/cmd/gobind) (installed as needed by `make`)### Apple (iOS and macOS)
- Xcode
- [gomobile](https://pkg.go.dev/golang.org/x/mobile/cmd/gobind) (installed as needed by `make`)### Linux and Windows
We build binaries for Linux and Windows from source without any custom integrations.
`xgo` and Docker are required to support cross-compilation.- [Docker](https://docs.docker.com/get-docker/) (for XGO)
- [xgo](https://github.com/crazy-max/xgo) (installed as needed by `make`)
- [ghcr.io/crazy-max/xgo Docker image](https://github.com/crazy-max/xgo/pkgs/container/xgo) (~6.8GB pulled by `xgo`).## Make
```
# creates build/intra/{tun2socks.aar,tun2socks-sources.jar}
make clean && make intra```
If needed, you can extract the jni files into `build/android/jni` with:
```bash
unzip build/android/tun2socks.aar 'jni/*' -d build/android
```