feat trusttunnel-client: add vpn_tunnel_create/destroy for Linux (#5)

* feat trusttunnel-client: add vpn_tunnel_create/destroy for Linux * changelog * Add missing CHANGELOG entries for version 1.1.3
2026-05-22 19:41:36 +00:00 · 2026-05-22 09:56:53 +04:00
parent 857da294c7
commit 84433a9cf5
6 changed files with 69 additions and 1 deletions
@@ -8,10 +8,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).

 ### Added

+- Linux C API wrappers vpn_linux_tunnel_create and vpn_linux_tunnel_destroy
+
 ### Changed

+- Opt-in Linux package build mode for exporting WIN_EXPORT symbols in C API builds without affecting default Linux builds
+
 ### Removed

+## [1.1.3] - 2026-05-08
+
+### Added
+
+- Added C++ ring buffer implementation for use in Flutter Client
+
+### Changed
+
+- Improved network change detection under Linux
+
+### Fixed
+
+- Fixed link-local IPv6 system DNS server detection under macOS
+
 ## [1.0.63] - 2026-05-04

 ### Added
@@ -8,6 +8,7 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 20)

 option(VPNLIBS_ENABLE_LIVE_TESTS "Register live tests in CTest" OFF)
+option(VPNLIBS_CAPI_LINUX_EXPORTS "Resolve WIN_EXPORT to default visibility in Linux C API package builds" OFF)

 find_package(quiche)
 if (NOT quiche_DIR)
@@ -33,6 +34,10 @@ if (IPV6_UNAVAILABLE)
    add_compile_definitions(IPV6_UNAVAILABLE)
 endif()

+if (CMAKE_SYSTEM_NAME STREQUAL Linux AND VPNLIBS_CAPI_LINUX_EXPORTS)
+    add_compile_definitions(VPNLIBS_CAPI_LINUX_EXPORTS=1)
+endif()
+
 add_subdirectory(core)
 add_subdirectory(trusttunnel)

@@ -156,7 +156,7 @@ static inline uint32_t gettid() {
 #define AG_EXPORT
 #endif

-#ifdef _WIN32
+#if defined(_WIN32) || defined(VPNLIBS_CAPI_LINUX_EXPORTS)
 #define WIN_EXPORT AG_EXPORT
 #else
 #define WIN_EXPORT
@@ -17,10 +17,12 @@ class VpnLibsConan(ConanFile):
    options = {
        "with_ghc": [True, False],
        "sanitize": [None, "ANY"],
+        "capi_linux_exports": [True, False],
    }
    default_options = {
        "with_ghc": False,
        "sanitize": None,  # None means none
+        "capi_linux_exports": False,
    }
    # A list of paths to patches. The paths must be relative to the conanfile directory.
    # They are applied in case of the version equals 777 and mostly intended to be used
@@ -74,6 +76,8 @@ class VpnLibsConan(ConanFile):
        deps = CMakeDeps(self)
        deps.generate()
        tc = CMakeToolchain(self)
+        if self.settings.os == "Linux" and self.options.capi_linux_exports:
+            tc.cache_variables["VPNLIBS_CAPI_LINUX_EXPORTS"] = True
        if self.options.sanitize:
            tc.cache_variables["CMAKE_C_FLAGS"] += f" -fno-omit-frame-pointer -fsanitize={self.options.sanitize}"
            tc.cache_variables["CMAKE_CXX_FLAGS"] += f" -fno-omit-frame-pointer -fsanitize={self.options.sanitize}"
@@ -97,6 +97,20 @@ WIN_EXPORT void vpn_win_tunnel_settings_destroy(VpnWinTunnelSettings *settings);
 */
 WIN_EXPORT const VpnOsTunnelSettings *vpn_os_tunnel_settings_defaults();

+#if defined(__linux__) && !defined(ANDROID)
+/**
+ * Create Linux tunnel.
+ * @param settings Tunnel settings. See `vpn_os_tunnel_settings_defaults()` for recommended defaults.
+ * @return Newly created tunnel or NULL.
+ */
+WIN_EXPORT void *vpn_linux_tunnel_create(VpnOsTunnelSettings *settings);
+
+/**
+ * Destroy Linux tunnel.
+ */
+WIN_EXPORT void vpn_linux_tunnel_destroy(void *linux_tunnel);
+#endif
+
 #ifdef _WIN32
 /**
 * Additional default settings for Win tunnel. For common settings, see `vpn_os_tunnel_settings_defaults()`.
@@ -361,3 +361,30 @@ void ag::VpnLinuxTunnel::teardown_routes(int16_t table_id) {
    sys_cmd_netns_ignore_errors(m_netns, AG_FMT("ip -6 rule del prio 30800 sport {} lookup main", PRIVILEGED_PORTS));
    sys_cmd_netns_ignore_errors(m_netns, AG_FMT("ip -6 rule del prio 30800 sport {} lookup main", VNC_PORTS));
 }
+
+void *ag::vpn_linux_tunnel_create(ag::VpnOsTunnelSettings *settings) {
+    if (settings == nullptr) {
+        return nullptr;
+    }
+
+    auto *tunnel = new ag::VpnLinuxTunnel{};
+    auto res = tunnel->init(settings, std::nullopt);
+    if (res.code != 0) {
+        dbglog(logger, "Error initializing tunnel: {}", res.text ? res.text : "(null)");
+        tunnel->deinit();
+        delete tunnel;
+        return nullptr;
+    }
+
+    return tunnel;
+}
+
+void ag::vpn_linux_tunnel_destroy(void *linux_tunnel) {
+    auto *tunnel = (ag::VpnLinuxTunnel *) linux_tunnel;
+    if (tunnel == nullptr) {
+        return;
+    }
+
+    tunnel->deinit();
+    delete tunnel;
+}