Using LWIP to send raw IP packets

Question

I am trying to implement a VPN service on Android. I am provided raw IP packets (TUN interface which works on layer-3) and not sure how I am supposed to send the packets. I know I can parse the IP packets to pull out the transport layer data (TCP or UDP) and then send it, but I was hoping there was a way I can just simply send the whole IP packet.

Initially, I tried using a raw socket (https://man7.org/linux/man-pages/man7/raw.7.html) and send it that way but learned that this was not possible due to permission issues. To open a raw socket you need root permissions and Android applications cannot run as root.

I found a project called LWIP (https://www.nongnu.org/lwip/2_1_x/index.html) which says that it is a TCP/IP stack implementation library, but after reading the documentation, I can't figure out how to do this.

LWIP has their raw APIs (https://www.nongnu.org/lwip/2_1_x/raw_8h.html#a17edd059f34f45a770fe2fa458ecf4dd) which looks promising but I am not sure if this is what I need. Basically, I just need a way to send the raw IP packet and then get the response, and write it back to the TUN interface -- essentially a pass-through proxy.

Any help would be greatly appreciated. Thanks!

Answer 1

You're trying to reinvent the wheel. There are several appropriate encapsulation methods like GRE or IP-in-IP.

Sending a raw IP packet requires the use of an IP protocol number in any case, so your receiver can get the packets after registering that number.

For starters, it might be easier to use UDP encapsulation.