

类概述|Class Overview
VpnService is a base class for applications to extend and build their own VPN solutions
In general, it creates a virtual network interface, configures addresses and routing rules, and returns a file descriptor to the application
Each read from the descriptor retrieves an outgoing packet which was routed to the interface. 
Each write to the descriptor injects an incoming packet just like it was received from the interface. 
The interface is running on Internet Protocol (IP), so packets are always started with IP headers. T
 The application then completes a VPN connection by processing and exchanging packets with the remote server over a tunnel.


Letting applications intercept packets raises huge security concerns.
  A VPN application can easily break the network. Besides, two of them may conflict with each other.
// 一个VPN应用程序可以很轻易的突破网络,但是两个VPN程序将会引起冲突。
  The system takes several actions to address these issues. Here are some key points:
// 这个系统将会添加一些动作到地址问题(...翻译不出来),这是几个关键点

  • User action is required to create a VPN connection.


  • There can be only one VPN connection running at the same time. The existing interface is deactivated when a new one is created.


  • A system-managed notification is shown during the lifetime of a VPN connection.


  • A system-managed dialog gives the information of the current VPN connection. It also provides a button to disconnect.


  • The network is restored automatically when the file descriptor is closed. It also covers the cases when a VPN application is crashed or killed by the system.


There are two primary methods in this class: prepare(Context) and establish()
//在这个类中有两个私有的方法:  prepare(Context) and establish()
 The former deals with user action and stops the VPN connection created by another application. 
 The latter creates a VPN interface using the parameters supplied to the VpnService.Builder.  
//后续创建的VPN接口用的参数支持 VpnService.Builder
 An application must call prepare(Context) to grant the right to use other methods in this class, and the right can be revoked at any e.Here are the general steps to create a VPN connection: 
Here are the general steps to create a VPN connection: //连接VPN的通常步骤:

  1. When the user press the button to connect, call prepare(Context) and launch the returned intent.

第一:当用户按下连接VPN的按钮,调用prepare(Context) 启动返回的Intent.

2.When the application becomes prepared, start the service. 

3.Create a tunnel to the remote server and negotiate the network parameters for the VPN connection. 

4. Supply those parameters to a VpnService.Builder and create a VPN interface by calling establish().  
    第四:为 VpnService.Builder提供参数,调用establish()创建VPN接口。

5.Process and exchange packets between the tunnel and the returned file descriptor. 

6.When onRevoke() is invoked, close the file descriptor and shut down the tunnel gracefully. 

Services extended this class need to be declared with appropriate permission and intent filter.

