fix(android): protect xhttp TCP socket from VPN routing loop

When using xhttp (UoT) mode on Android, the underlying TcpStream was
not protected with VpnService.protect(fd). This caused the TCP connection
to be routed back into the TUN interface, creating an infinite routing
loop and failing the connection immediately.

Added Android-specific socket protection to the TcpStream in connect_xhttp.
This fixes xhttp/UoT mode on mobile networks.

ostp-client/src/transport/xhttp.rs

@@ -33,6 +33,13 @@ pub async fn connect_xhttp(
         .with_context(|| format!("failed to connect to {}", addr))?;
     tcp_stream.set_nodelay(true)?;
 
+    #[cfg(target_os = "android")]
+    {
+        use std::os::unix::io::AsRawFd;
+        let fd = tcp_stream.as_raw_fd();
+        crate::bridge::invoke_socket_protector(fd);
+    }
+
     if reality_enabled {
         let pbk_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(reality_pbk)
             .context("invalid reality_pbk base64")?;

ostp-gui/src-tauri/Cargo.lock

@@ -2641,7 +2641,7 @@ dependencies = [
 
 [[package]]
 name = "ostp-client"
-version = "0.2.69"
+version = "0.2.71"
 dependencies = [
  "anyhow",
  "base64 0.22.1",
@@ -2671,7 +2671,7 @@ dependencies = [
 
 [[package]]
 name = "ostp-core"
-version = "0.2.69"
+version = "0.2.71"
 dependencies = [
  "anyhow",
  "bytes",