mirror
/
NetGuard
mirror of https://github.com/M66B/NetGuard.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Filter on InetAddress

This commit is contained in:
M66B 2016-01-30 18:43:20 +01:00
parent c1306e6516
commit 14f6b0aed1
2 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/src/main/java/eu/faircode/netguard/Packet.java
View File

@ -24,9 +24,9 @@ public class Packet {
public int version; public int version;
public int protocol; public int protocol;
public String flags; public String flags;
public String saddr; public String saddr; // TODO byte[]
public int sport; public int sport;
public String daddr; public String daddr; // TODO byte[]
public int dport; public int dport;
public String data; public String data;
public int uid; public int uid;

32
app/src/main/java/eu/faircode/netguard/SinkholeService.java
View File

@ -98,7 +98,7 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
private Map<String, Boolean> mapHostsBlocked = new HashMap<>(); private Map<String, Boolean> mapHostsBlocked = new HashMap<>();
private Map<Integer, Boolean> mapUidAllowed = new HashMap<>(); private Map<Integer, Boolean> mapUidAllowed = new HashMap<>();
private Map<Integer, Map<String, Boolean>> mapUidIPFilters = new HashMap<>(); private Map<Integer, Map<Integer, Map<InetAddress, Boolean>>> mapUidIPFilters = new HashMap<>();
private volatile Looper mServiceLooper; private volatile Looper mServiceLooper;
private volatile ServiceHandler mServiceHandler; private volatile ServiceHandler mServiceHandler;
@ -877,14 +877,16 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
String daddr = cursor.getString(colDAddr); String daddr = cursor.getString(colDAddr);
int dport = cursor.isNull(colDPort) ? -1 : cursor.getInt(colDPort); int dport = cursor.isNull(colDPort) ? -1 : cursor.getInt(colDPort);
boolean block = (cursor.getInt(colBlock) > 0); boolean block = (cursor.getInt(colBlock) > 0);
if (!mapUidIPFilters.containsKey(uid)) if (!mapUidIPFilters.containsKey(uid))
mapUidIPFilters.put(uid, new HashMap<String, Boolean>()); mapUidIPFilters.put(uid, new HashMap());
if (!mapUidIPFilters.get(uid).containsKey(dport))
mapUidIPFilters.get(uid).put(dport, new HashMap<InetAddress, Boolean>());
try { try {
for (InetAddress iaddr : InetAddress.getAllByName(daddr)) { for (InetAddress iaddr : InetAddress.getAllByName(daddr)) {
String addr = iaddr.toString() + "/" + dport; mapUidIPFilters.get(uid).get(dport).put(iaddr, block);
addr = addr.substring(addr.indexOf('/') + 1); Log.i(TAG, "Set filter uid=" + uid + " " + iaddr + "/" + dport + "=" + block);
Log.i(TAG, "Set filter " + daddr + " " + addr + "=" + block);
mapUidIPFilters.get(uid).put(addr, block);
} }
} catch (UnknownHostException ex) { } catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex)); Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
@ -1040,14 +1042,18 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
packet.allowed = true; packet.allowed = true;
else { else {
boolean filtered = false; boolean filtered = false;
if (mapUidIPFilters.containsKey(packet.uid)) { if (mapUidIPFilters.containsKey(packet.uid))
String addr = packet.daddr + "/" + packet.dport; try {
if (mapUidIPFilters.get(packet.uid).containsKey(addr)) { InetAddress iaddr = InetAddress.getByName(packet.daddr);
filtered = true; Map<InetAddress, Boolean> map = mapUidIPFilters.get(packet.uid).get(packet.dport);
packet.allowed = !mapUidIPFilters.get(packet.uid).get(addr); if (map != null && map.containsKey(iaddr)) {
Log.i(TAG, "Filtering " + addr + " allowed=" + packet.allowed); filtered = true;
packet.allowed = !mapUidIPFilters.get(packet.uid).get(packet.dport).get(iaddr);
Log.i(TAG, "Filtering uid=" + packet.uid + " " + iaddr + "/" + packet.dport + " allowed=" + packet.allowed);
}
} catch (UnknownHostException ex) {
Log.w(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
} }
}
if (!filtered) if (!filtered)
packet.allowed = (mapUidAllowed.containsKey(packet.uid) && mapUidAllowed.get(packet.uid)); packet.allowed = (mapUidAllowed.containsKey(packet.uid) && mapUidAllowed.get(packet.uid));