mirror of https://github.com/M66B/NetGuard.git
Cleanup
This commit is contained in:
M66B
parent
a65fc18659
commit
3471cb7604
|
|
@ -206,96 +206,3 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s
|
|||
"DNS response qr %d opcode %d qcount %d acount %d",
|
||||
dns->qr, dns->opcode, qcount, acount);
|
||||
}
|
||||
|
||||
int get_dns_query(const struct arguments *args, const struct udp_session *u,
|
||||
const uint8_t *data, const size_t datalen,
|
||||
uint16_t *qtype, uint16_t *qclass, char *qname) {
|
||||
if (datalen < sizeof(struct dns_header) + 1) {
|
||||
log_android(ANDROID_LOG_WARN, "DNS query length %d", datalen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Check if standard DNS query
|
||||
// TODO multiple qnames
|
||||
const struct dns_header *dns = (struct dns_header *) data;
|
||||
int qcount = ntohs(dns->q_count);
|
||||
if (dns->qr == 0 && dns->opcode == 0 && qcount > 0) {
|
||||
if (qcount > 1)
|
||||
log_android(ANDROID_LOG_WARN, "DNS query qcount %d", qcount);
|
||||
|
||||
// http://tools.ietf.org/html/rfc1035
|
||||
int off = get_qname(data, datalen, sizeof(struct dns_header), qname);
|
||||
if (off > 0 && off + 4 == datalen) {
|
||||
*qtype = ntohs(*((uint16_t *) (data + off)));
|
||||
*qclass = ntohs(*((uint16_t *) (data + off + 2)));
|
||||
return 0;
|
||||
} else
|
||||
log_android(ANDROID_LOG_WARN, "DNS query invalid off %d datalen %d", off, datalen);
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
int check_domain(const struct arguments *args, const struct udp_session *u,
|
||||
const uint8_t *data, const size_t datalen,
|
||||
uint16_t qclass, uint16_t qtype, const char *name) {
|
||||
|
||||
if (qclass == DNS_QCLASS_IN &&
|
||||
(qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA) &&
|
||||
is_domain_blocked(args, name)) {
|
||||
|
||||
log_android(ANDROID_LOG_INFO, "DNS query type %d name %s blocked", qtype, name);
|
||||
|
||||
// Build response
|
||||
size_t rlen = datalen + sizeof(struct dns_rr) + (qtype == DNS_QTYPE_A ? 4 : 16);
|
||||
uint8_t *response = malloc(rlen);
|
||||
|
||||
// Copy header & query
|
||||
memcpy(response, data, datalen);
|
||||
|
||||
// Modify copied header
|
||||
struct dns_header *rh = (struct dns_header *) response;
|
||||
rh->qr = 1;
|
||||
rh->aa = 0;
|
||||
rh->tc = 0;
|
||||
rh->rd = 0;
|
||||
rh->ra = 0;
|
||||
rh->z = 0;
|
||||
rh->ad = 0;
|
||||
rh->cd = 0;
|
||||
rh->rcode = 0;
|
||||
rh->ans_count = htons(1);
|
||||
rh->auth_count = 0;
|
||||
rh->add_count = 0;
|
||||
|
||||
// Build answer
|
||||
struct dns_rr *answer = (struct dns_rr *) (response + datalen);
|
||||
answer->qname_ptr = htons(sizeof(struct dns_header) | 0xC000);
|
||||
answer->qtype = htons(qtype);
|
||||
answer->qclass = htons(qclass);
|
||||
answer->ttl = htonl(DNS_TTL);
|
||||
answer->rdlength = htons(qtype == DNS_QTYPE_A ? 4 : 16);
|
||||
|
||||
// Add answer address
|
||||
uint8_t *addr = response + datalen + sizeof(struct dns_rr);
|
||||
if (qtype == DNS_QTYPE_A)
|
||||
inet_pton(AF_INET, "127.0.0.1", addr);
|
||||
else
|
||||
inet_pton(AF_INET6, "::1", addr);
|
||||
|
||||
// Send selected negative response
|
||||
rlen = datalen;
|
||||
rh->rcode = (uint16_t) args->rcode;
|
||||
rh->ans_count = 0;
|
||||
|
||||
// Send response
|
||||
if (write_udp(args, u, response, rlen) < 0)
|
||||
log_android(ANDROID_LOG_WARN, "UDP DNS write error %d: %s", errno, strerror(errno));
|
||||
|
||||
free(response);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -416,14 +416,6 @@ jboolean handle_udp(const struct arguments *args,
|
|||
int uid, struct allowed *redirect,
|
||||
const int epoll_fd);
|
||||
|
||||
int get_dns_query(const struct arguments *args, const struct udp_session *u,
|
||||
const uint8_t *data, const size_t datalen,
|
||||
uint16_t *qtype, uint16_t *qclass, char *qname);
|
||||
|
||||
int check_domain(const struct arguments *args, const struct udp_session *u,
|
||||
const uint8_t *data, const size_t datalen,
|
||||
uint16_t qclass, uint16_t qtype, const char *name);
|
||||
|
||||
int check_dhcp(const struct arguments *args, const struct udp_session *u,
|
||||
const uint8_t *data, const size_t datalen);
|
||||
|
||||
|
|
|
|||
|
|
@ -319,34 +319,6 @@ jboolean handle_udp(const struct arguments *args,
|
|||
cur = s;
|
||||
}
|
||||
|
||||
// Check for DNS
|
||||
if (ntohs(udphdr->dest) == 53) {
|
||||
char qname[DNS_QNAME_MAX + 1];
|
||||
uint16_t qtype;
|
||||
uint16_t qclass;
|
||||
if (get_dns_query(args, &cur->udp, data, datalen, &qtype, &qclass, qname) >= 0) {
|
||||
log_android(ANDROID_LOG_DEBUG,
|
||||
"DNS query qtype %d qclass %d name %s",
|
||||
qtype, qclass, qname);
|
||||
|
||||
if (0)
|
||||
if (check_domain(args, &cur->udp, data, datalen, qclass, qtype, qname)) {
|
||||
// Log qname
|
||||
char name[DNS_QNAME_MAX + 40 + 1];
|
||||
sprintf(name, "qtype %d qname %s", qtype, qname);
|
||||
jobject objPacket = create_packet(
|
||||
args, version, IPPROTO_UDP, "",
|
||||
source, ntohs(cur->udp.source), dest, ntohs(cur->udp.dest),
|
||||
name, 0, 0);
|
||||
log_packet(args, objPacket);
|
||||
|
||||
// Session done
|
||||
cur->udp.state = UDP_FINISHING;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check for DHCP (tethering)
|
||||
if (ntohs(udphdr->source) == 68 || ntohs(udphdr->dest) == 67) {
|
||||
if (check_dhcp(args, &cur->udp, data, datalen) >= 0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue