Skip to content

Add WiFi hotspot port forwarding with bind address selection#7

Closed
steffen-heil-secforge wants to merge 1 commit into
mainfrom
wifi-hotspot-forwarding
Closed

Add WiFi hotspot port forwarding with bind address selection#7
steffen-heil-secforge wants to merge 1 commit into
mainfrom
wifi-hotspot-forwarding

Conversation

@steffen-heil-secforge

@steffen-heil-secforge steffen-heil-secforge commented Oct 29, 2025
edited
Loading

Copy link
Copy Markdown
Owner

Summary

Enables port forwards to bind to the WiFi hotspot interface, allowing devices connected to the Android device's hotspot to access forwarded services. This complements the existing localhost and all-interfaces bind options.

Features

WiFi Hotspot Binding

  • New bind address option for WiFi hotspot (access_point constant)
  • Automatic detection of hotspot interface IP via NetworkInterface API
  • Filters out cellular interfaces (rmnet*, v4-rmnet*, clat*, ccmni*) to correctly identify hotspot
  • Background monitoring that retries failed hotspot forwards when hotspot state changes

UI Enhancements

  • Bind address spinner in port forward editor with three options:
    • localhost (127.0.0.1)
    • All interfaces (0.0.0.0)
    • WiFi hotspot (auto-detected IP)
  • Visual security warnings for network-exposed binds (all interfaces and hotspot)
  • Toast notifications when hotspot is unavailable

Database Migration (v26 → v27)

  • Add `bindaddr` column to `portforwards` table
  • Default value: `localhost` for backward compatibility
  • Existing port forwards automatically bound to localhost

Thread Safety

  • Synchronized helper methods for bridge list access: `getBridgesCopy()`, `hasBridges()`, `getBridgeCount()`
  • Prevents concurrent modification exceptions during background monitoring
  • Fixed TOCTOU race in `onUnbind()` by using single snapshot

Implementation Details

Network Detection (NetworkUtils)

  • `getHotspotInterfaceIP()`: Detects current hotspot interface IP address
  • `hasAccessPointStateChanged()`: Sentinel-based state change detection
    • Tracks last known hotspot IP
    • Only updates sentinel on actual state changes
    • Read-only `getAccessPointIP()` prevents UI queries from polluting state

Background Monitoring (TerminalManager.ApStateMonitorTask)

  • Runs every 10 seconds to check for hotspot state changes
  • Automatically retries failed `access_point` forwards when:
    • Hotspot is activated
    • Hotspot is deactivated (stops retry attempts)
    • Hotspot IP changes (different network configuration)

Validation

  • Port forward validation prevents binding to `access_point` when hotspot is not active
  • User-friendly error messages guide selection of appropriate bind address

Database Schema

```sql
ALTER TABLE portforwards ADD COLUMN bindaddr TEXT DEFAULT 'localhost';
```

@steffen-heil-secforge steffen-heil-secforge force-pushed the wifi-hotspot-forwarding branch 3 times, most recently from fe2267f to 55615ed Compare November 5, 2025 16:32
@steffen-heil-secforge @claude
Add WiFi hotspot port forwarding with bind address selection
c0a76ef 
Enables port forwards to bind to WiFi hotspot interface, allowing devices
connected to the Android device's hotspot to access forwarded services.
This complements the existing localhost and all-interfaces bind options.

Features:
- New bind address option for WiFi hotspot (access_point constant)
- Automatic detection of hotspot interface IP via NetworkInterface API
- Background monitoring that retries failed hotspot forwards when hotspot
  state changes (activated, deactivated, IP changes)
- UI updates: bind address spinner in port forward editor with three
  options (localhost, all interfaces, WiFi hotspot)
- Visual security warnings for network-exposed binds (all interfaces and
  hotspot)
- Database schema migration from version 26 to version 27 adds bindaddr
  column to portforwards table
- Thread-safe bridge list access in TerminalManager with synchronized
  helper methods to prevent concurrent modification during background
  monitoring
- Sentinel-based state change detection that tracks last known hotspot IP
  without polluting state from UI queries
- Filtering logic that excludes cellular interfaces (rmnet*, v4-rmnet*,
  clat*, ccmni*) from hotspot detection

Implementation details:
- NetworkUtils provides getHotspotInterfaceIP() for IP detection and
  hasAccessPointStateChanged() for state monitoring
- TerminalManager.ApStateMonitorTask runs every 10 seconds to check for
  hotspot state changes and retry failed access_point forwards
- getBridgesCopy(), hasBridges(), getBridgeCount() helpers ensure
  thread-safe iteration over active connection bridges
- Port forward validation prevents binding to access_point when hotspot
  is not active
- Removed unused Message import

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@steffen-heil-secforge

steffen-heil-secforge commented Jun 17, 2026

Copy link
Copy Markdown
Owner Author

Superseded by #8 (ported to new Kotlin/Compose/Room architecture)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steffen-heil-secforge