From 0844c576440ecff4f33eca221bede4992f6396bb Mon Sep 17 00:00:00 2001 From: M66B Date: Thu, 28 Jan 2016 15:19:58 +0100 Subject: [PATCH] Native cleanup --- .../java/eu/faircode/netguard/Packet.java | 1 - .../eu/faircode/netguard/SinkholeService.java | 2 +- app/src/main/jni/netguard/netguard.c | 40 ++++++++++++++----- app/src/main/jni/netguard/netguard.h | 5 +-- 4 files changed, 34 insertions(+), 14 deletions(-) diff --git a/app/src/main/java/eu/faircode/netguard/Packet.java b/app/src/main/java/eu/faircode/netguard/Packet.java index 2db1283f..1cb755c0 100644 --- a/app/src/main/java/eu/faircode/netguard/Packet.java +++ b/app/src/main/java/eu/faircode/netguard/Packet.java @@ -28,7 +28,6 @@ public class Packet { public int sport; public String daddr; public int dport; - public boolean outbound; public String data; public int uid; public boolean allowed; diff --git a/app/src/main/java/eu/faircode/netguard/SinkholeService.java b/app/src/main/java/eu/faircode/netguard/SinkholeService.java index 0b7efa38..356e05d9 100644 --- a/app/src/main/java/eu/faircode/netguard/SinkholeService.java +++ b/app/src/main/java/eu/faircode/netguard/SinkholeService.java @@ -636,7 +636,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS private void log(Packet packet) { DatabaseHelper dh = new DatabaseHelper(SinkholeService.this); dh.insertLog(packet, (last_connected ? last_metered ? 2 : 1 : 0), last_interactive); - if (packet.uid > 0 && packet.outbound) + if (packet.uid > 0) dh.updateAccess(packet); dh.close(); } diff --git a/app/src/main/jni/netguard/netguard.c b/app/src/main/jni/netguard/netguard.c index 169431c5..87e02d39 100644 --- a/app/src/main/jni/netguard/netguard.c +++ b/app/src/main/jni/netguard/netguard.c @@ -454,7 +454,7 @@ void check_allowed(const struct arguments *args) { jobject objPacket = create_packet( args, u->version, IPPROTO_UDP, "", - source, ntohs(u->source), dest, ntohs(u->dest), 1, "", u->uid, 0); + source, ntohs(u->source), dest, ntohs(u->dest), "", u->uid, 0); if (!is_address_allowed(args, objPacket)) { u->stop = 1; log_android(ANDROID_LOG_WARN, "UDP terminate %d uid %d", u->socket, u->uid); @@ -477,7 +477,7 @@ void check_allowed(const struct arguments *args) { jobject objPacket = create_packet( args, t->version, IPPROTO_TCP, "", - source, ntohs(t->source), dest, ntohs(t->dest), 1, "", t->uid, 0); + source, ntohs(t->source), dest, ntohs(t->dest), "", t->uid, 0); if (!is_address_allowed(args, objPacket)) { t->state = TCP_TIME_WAIT; log_android(ANDROID_LOG_WARN, "TCP terminate socket %d uid %d", t->socket, t->uid); @@ -984,7 +984,7 @@ void handle_ip(const struct arguments *args, const uint8_t *pkt, const size_t le inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest)); // Get ports & flags - jboolean syn = 0; + int syn = 0; int32_t sport = -1; int32_t dport = -1; if (protocol == IPPROTO_TCP) { @@ -1074,7 +1074,7 @@ void handle_ip(const struct arguments *args, const uint8_t *pkt, const size_t le log_android(ANDROID_LOG_INFO, "UDP existing session allowed"); } else { jobject objPacket = create_packet( - args, version, protocol, flags, source, sport, dest, dport, 1, "", uid, 0); + args, version, protocol, flags, source, sport, dest, dport, "", uid, 0); allowed = is_address_allowed(args, objPacket); } @@ -1102,9 +1102,9 @@ int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint (version == 4 ? cur->saddr.ip4 == ip4->saddr && cur->daddr.ip4 == ip4->daddr : memcmp(&cur->saddr.ip6, &ip6->ip6_src, 16) == 0 && - memcmp(&cur->daddr.ip6, &ip6->ip6_dst, 16) == 0))) { + memcmp(&cur->daddr.ip6, &ip6->ip6_dst, 16) == 0))) cur = cur->next; - } + return (cur != NULL); } @@ -1193,13 +1193,16 @@ jboolean handle_udp(const struct arguments *args, log_android(ANDROID_LOG_INFO, "DNS type %d class %d name %s", qtype, qclass, qname); if (check_domain(args, cur, data, datalen, qclass, qtype, qname)) { + // Log qname char name[DNS_QNAME_MAX + 40 + 1]; sprintf(name, "qtype %d qname %s", qtype, qname); jobject objPacket = create_packet( args, version, IPPROTO_UDP, "", source, ntohs(cur->source), dest, ntohs(cur->dest), - 1, name, cur->uid, 0); + name, cur->uid, 0); log_packet(args, objPacket); + + // Session done cur->stop = 1; return 0; } @@ -1475,6 +1478,27 @@ int check_dhcp(const struct arguments *args, const struct udp_session *u, } } +int has_tcp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload) { + // Get headers + const uint8_t version = (*pkt) >> 4; + const struct iphdr *ip4 = (struct iphdr *) pkt; + const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt; + const struct tcphdr *tcphdr = (struct tcphdr *) payload; + + // Search session + struct tcp_session *cur = tcp_session; + while (cur != NULL && + !(cur->version == version && + cur->source == tcphdr->source && cur->dest == tcphdr->dest && + (version == 4 ? cur->saddr.ip4 == ip4->saddr && + cur->daddr.ip4 == ip4->daddr + : memcmp(&cur->saddr.ip6, &ip6->ip6_src, 16) == 0 && + memcmp(&cur->daddr.ip6, &ip6->ip6_dst, 16) == 0))) + cur = cur->next; + + return (cur != NULL); +} + jboolean handle_tcp(const struct arguments *args, const uint8_t *pkt, size_t length, const uint8_t *payload, @@ -2602,7 +2626,6 @@ jobject create_packet(const struct arguments *args, jint sport, const char *dest, jint dport, - jboolean outbound, const char *data, jint uid, jboolean allowed) { @@ -2629,7 +2652,6 @@ jobject create_packet(const struct arguments *args, (*env)->SetIntField(env, jpacket, jniGetFieldID(env, clsPacket, "sport", "I"), sport); (*env)->SetObjectField(env, jpacket, jniGetFieldID(env, clsPacket, "daddr", string), jdest); (*env)->SetIntField(env, jpacket, jniGetFieldID(env, clsPacket, "dport", "I"), dport); - (*env)->SetBooleanField(env, jpacket, jniGetFieldID(env, clsPacket, "outbound", "Z"), outbound); (*env)->SetObjectField(env, jpacket, jniGetFieldID(env, clsPacket, "data", string), jdata); (*env)->SetIntField(env, jpacket, jniGetFieldID(env, clsPacket, "uid", "I"), uid); (*env)->SetBooleanField(env, jpacket, jniGetFieldID(env, clsPacket, "allowed", "Z"), allowed); diff --git a/app/src/main/jni/netguard/netguard.h b/app/src/main/jni/netguard/netguard.h index 629855c2..a36eecba 100644 --- a/app/src/main/jni/netguard/netguard.h +++ b/app/src/main/jni/netguard/netguard.h @@ -241,6 +241,8 @@ int check_domain(const struct arguments *args, const struct udp_session *u, int check_dhcp(const struct arguments *args, const struct udp_session *u, const uint8_t *data, const size_t datalen); +int has_tcp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload); + jboolean handle_tcp(const struct arguments *args, const uint8_t *pkt, size_t length, const uint8_t *payload, @@ -311,7 +313,6 @@ jobject create_packet(const struct arguments *args, jint sport, const char *dest, jint dport, - jboolean outbound, const char *data, jint uid, jboolean allowed); @@ -322,8 +323,6 @@ void write_pcap_rec(const uint8_t *buffer, size_t len); void write_pcap(const void *ptr, size_t len); -void read_hosts(const char *name, struct arguments *args); - const char *strstate(const int state); char *hex(const u_int8_t *data, const size_t len);