feat(network): stable DNS routing and MTU optimizations for reliable internet

Author: HelloPrincePal

CHANGELOG.md

@@ -16,6 +16,12 @@ Format:
 
 ## v0.7.0 — 2026-03-28
 
+### 2026-03-28 18:35 — 🌐 DNS Routing and MTU Stability Fixes
+- What: Updated `scutil` script to use `SupplementalMatchDomains` for forced DNS resolution; lowered default `TUN.MTU` to 1400; added support for configuring MTU and filtered MacOS IPv6 broadcasts.
+- Why: Pinging worked but DNS failed because macOS was skipping our `utun` for lookups. Web traffic failed due to USB fragmentation limits on Android exceeding 1400 MTU.
+- Files: `internal/tun/utun_darwin.go`, `internal/tun/utun.go`, `internal/daemon/daemon.go`, `internal/daemon/relay.go`, `config/default.toml`
+- Breaking: no ✅
+
 ### 2026-03-28 16:45 — Instant Teardown and Panic Fix
 - What: Resolved a shutdown deadlock by force-closing USB handles when the daemon stops; added nil-pointer checks to the USB watcher to prevent exit panics.
 - Why: Ensure the daemon exits immediately and cleanly on `Ctrl+C` even while waiting for network packets.

VERSIONS.md

@@ -12,7 +12,7 @@ v1.0.0 = MVP complete and working on M1/M2/M3.
 
 ## v0.7.0 — 2026-03-28
 - Milestone: DNS Automation & Graceful Shutdown
-- What works: Automatic DNS configuration via `scutil` (macOS). The system now uses the phone's DNS gateway immediately. Added a `WaitGroup`-based shutdown to the `Daemon` to ensure all routes and tunnel interfaces are cleanly removed when stopping. 
+- What works: Automatic DNS configuration via `scutil` (macOS) with forced SupplementalMatchDomains. The system now uses the phone's DNS gateway immediately for all lookups. Added a `WaitGroup`-based shutdown to the `Daemon` to ensure all routes and tunnel interfaces are cleanly removed when stopping. `TUN.MTU` is automatically reduced to `1400` to support standard Android USB RNDIS fragmentation limits natively. Internet web traffic and DNS fully working.
 - Next: Move toward v1.0.0 after community testing.
 
 ## v0.6.0 — 2026-03-28

config/default.toml

@@ -38,7 +38,7 @@ read_buffer_size = 65536
 interface_name_prefix = "droidtether"
 
 # MTU for the utun interface
-mtu = 1500
+mtu = 1400
 
 
 [dhcp]

internal/daemon/daemon.go

@@ -1,6 +1,7 @@
 package daemon
 
 import (
+	"fmt"
 	"os"
 	"os/signal"
 	"sync"
@@ -78,10 +79,16 @@ func (d *Daemon) Run() error {
 
 		relay.OnDHCP = func(gateway, client string) {
 			log.Info().Str("component", "daemon").Str("gateway", gateway).Str("client", client).Msg("🔥 DHCPOFFER Intercepted! Auto-configuring network...")
-			if err := iface.Configure(client, gateway); err != nil {
+			
+			mtuStr := fmt.Sprintf("%d", d.cfg.TUN.MTU)
+			if d.cfg.TUN.MTU <= 0 {
+				mtuStr = "1400" // fallback
+			}
+
+			if err := iface.Configure(client, gateway, mtuStr); err != nil {
 				log.Warn().Str("component", "daemon").Err(err).Msg("Failed to auto-configure interface IP")
 			} else {
-				log.Info().Str("component", "daemon").Msg("✨ Network auto-configured! Ping should now work natively!")
+				log.Info().Str("component", "daemon").Str("mtu", mtuStr).Msg("✨ Network auto-configured! Ping should now work natively!")
 
 				// Inject default route if configured
 				if d.cfg.Route.SetDefaultRoute {
@@ -90,9 +97,9 @@ func (d *Daemon) Run() error {
 						log.Warn().Str("component", "daemon").Err(err).Msg("Failed to set default route")
 					}
 
-					// Set DNS to phone gateway
-					log.Info().Str("component", "daemon").Str("dns", gateway).Msg("Setting system DNS to phone gateway...")
-					if err := iface.SetDNS([]string{gateway, "8.8.8.8"}); err != nil {
+					// Set DNS to Google (Primary) and phone gateway (Secondary)
+					log.Info().Str("component", "daemon").Msg("Setting system DNS to 8.8.8.8 (Google)...")
+					if err := iface.SetDNS([]string{"8.8.8.8", gateway}); err != nil {
 						log.Warn().Str("component", "daemon").Err(err).Msg("Failed to set DNS")
 					}
 				}

internal/daemon/relay.go

@@ -33,6 +33,10 @@ type Relay struct {
 	// Dynamic state set after DHCP
 	mu       sync.Mutex
 	clientIP net.IP
+	
+	// Traffic stats
+	sentBytes uint64
+	recvBytes uint64
 }
 
 // NewRelay creates a new bidirectional relay.
@@ -91,6 +95,9 @@ func (r *Relay) Start() error {
 
 				// Drop non-IPv4 packets (e.g. IPv6 from macOS background traffic)
 				if rawIP[0]>>4 != 4 {
+					if rawIP[0]>>4 == 6 {
+						log.Trace().Str("component", "relay").Msg("Dropping IPv6 packet (unsupported)")
+					}
 					continue
 				}
 
@@ -114,6 +121,10 @@ func (r *Relay) Start() error {
 					errChan <- fmt.Errorf("relay: usb write error: %w", err)
 					return
 				}
+
+				r.mu.Lock()
+				r.sentBytes += uint64(len(pkt))
+				r.mu.Unlock()
 			}
 		}
 	}()
@@ -172,7 +183,12 @@ func (r *Relay) Start() error {
 								outBuf := make([]byte, 4+len(rawIP))
 								binary.BigEndian.PutUint32(outBuf[0:4], 2)
 								copy(outBuf[4:], rawIP)
-								_, _ = r.tun.Write(outBuf)
+								if _, err := r.tun.Write(outBuf); err != nil {
+									log.Error().Str("component", "relay").Err(err).Msg("Failed to write to utun interface")
+								}
+								r.mu.Lock()
+								r.recvBytes += uint64(len(msg))
+								r.mu.Unlock()
 							} else if ethType == 0x0806 { // ARP
 								r.handleARP(ethPkt)
 							}
@@ -206,6 +222,17 @@ func (r *Relay) Start() error {
 				return
 			case <-ticker.C:
 				_, _ = r.usbOut.Write(dummyPkt)
+				
+				// Log traffic stats every 5s
+				r.mu.Lock()
+				s, rv := r.sentBytes, r.recvBytes
+				r.mu.Unlock()
+				if s > 0 || rv > 0 {
+					log.Info().Str("component", "relay").
+						Str("sent", fmt.Sprintf("%.2f KB", float64(s)/1024)).
+						Str("received", fmt.Sprintf("%.2f KB", float64(rv)/1024)).
+						Msg("🚀 Traffic Monitor")
+				}
 			}
 		}
 	}()

internal/rndis/messages.go

@@ -149,18 +149,18 @@ func UnmarshalSetCmplt(data []byte) (uint32, uint32, error) { // returns Request
 
 // EncapsulatePacket wraps a raw Ethernet packet with an RNDIS header.
 func EncapsulatePacket(packet []byte) []byte {
-	headerLen := 44
+	headerLen := 48 // Use 48 bytes for 8-byte alignment (44 + 4 padding)
 	totalLen := headerLen + len(packet)
 
 	b := make([]byte, totalLen)
 	binary.LittleEndian.PutUint32(b[0:4], MsgPacket)
 	binary.LittleEndian.PutUint32(b[4:8], uint32(totalLen))
-	binary.LittleEndian.PutUint32(b[8:12], 36) // DataOffset (relative to byte 8)
+	binary.LittleEndian.PutUint32(b[8:12], 40) // DataOffset (relative to byte 8: 8 + 40 = 48)
 	binary.LittleEndian.PutUint32(b[12:16], uint32(len(packet)))
-	// Bytes 16-43 are reserved/optional fields (offset/length for OOB data, info, etc.)
+	// Bytes 16-47 are reserved/optional fields (offset/length for OOB data, info, etc.)
 	// We leave them zeroed.
 
-	copy(b[44:], packet)
+	copy(b[48:], packet)
 	return b
 }
 

internal/tun/utun.go

@@ -8,7 +8,7 @@ import (
 type Interface interface {
 	io.ReadWriteCloser
 	Name() string
-	Configure(localIP, remoteIP string) error
+	Configure(localIP, remoteIP, mtu string) error
 	SetDefaultRoute(gateway string) error
 	SetDNS(dnsServers []string) error
 }

internal/tun/utun_darwin.go

@@ -44,6 +44,7 @@ func (i *utunInterface) Close() error {
 		defer stdin.Close()
 		fmt.Fprintln(stdin, "open")
 		fmt.Fprintln(stdin, "remove State:/Network/Service/droidtether/DNS")
+		fmt.Fprintln(stdin, "remove State:/Network/Global/DNS")
 		fmt.Fprintln(stdin, "quit")
 	}()
 	_ = cmd.Run()
@@ -54,10 +55,10 @@ func (i *utunInterface) Name() string {
 	return i.name
 }
 
-// Configure sets the IP addresses for the utun interface using the 'ifconfig' command.
-func (i *utunInterface) Configure(localIP, remoteIP string) error {
-	// Formula: ifconfig <name> <local> <remote> up
-	cmd := exec.Command("ifconfig", i.name, localIP, remoteIP, "up")
+// Configure sets the IP addresses and MTU for the utun interface using the 'ifconfig' command.
+func (i *utunInterface) Configure(localIP, remoteIP, mtu string) error {
+	// Formula: ifconfig <name> <local> <remote> mtu <val> up
+	cmd := exec.Command("ifconfig", i.name, localIP, remoteIP, "mtu", mtu, "up")
 	if out, err := cmd.CombinedOutput(); err != nil {
 		return fmt.Errorf("ifconfig failed: %w (output: %s)", err, string(out))
 	}
@@ -104,7 +105,17 @@ func (i *utunInterface) SetDNS(dnsServers []string) error {
 			fmt.Fprintf(stdin, " %s", s)
 		}
 		fmt.Fprintln(stdin)
+		// SupplementalMatchDomains set to empty string tells macOS to use these servers for ALL lookups.
+		fmt.Fprintln(stdin, "d.add SupplementalMatchDomains * \"\"")
+		fmt.Fprintln(stdin, "d.add SupplementalMatchOrders * 10")
 		fmt.Fprintln(stdin, "set State:/Network/Service/droidtether/DNS")
+		fmt.Fprintln(stdin, "set State:/Network/Global/DNS")
+		
+		// Force Global IPv4 state to 'Online' via our utun interface
+		fmt.Fprintln(stdin, "d.init")
+		fmt.Fprintf(stdin, "d.add Router %s\n", dnsServers[len(dnsServers)-1]) // use phone gateway
+		fmt.Fprintf(stdin, "d.add Interface %s\n", i.name)
+		fmt.Fprintln(stdin, "set State:/Network/Global/IPv4")
 		fmt.Fprintln(stdin, "quit")
 	}()