diff --git a/app/src/main/jni/netguard/dns.c b/app/src/main/jni/netguard/dns.c index ed210a45..c5ad47df 100644 --- a/app/src/main/jni/netguard/dns.c +++ b/app/src/main/jni/netguard/dns.c @@ -206,96 +206,3 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s "DNS response qr %d opcode %d qcount %d acount %d", dns->qr, dns->opcode, qcount, acount); } - -int get_dns_query(const struct arguments *args, const struct udp_session *u, - const uint8_t *data, const size_t datalen, - uint16_t *qtype, uint16_t *qclass, char *qname) { - if (datalen < sizeof(struct dns_header) + 1) { - log_android(ANDROID_LOG_WARN, "DNS query length %d", datalen); - return -1; - } - - // Check if standard DNS query - // TODO multiple qnames - const struct dns_header *dns = (struct dns_header *) data; - int qcount = ntohs(dns->q_count); - if (dns->qr == 0 && dns->opcode == 0 && qcount > 0) { - if (qcount > 1) - log_android(ANDROID_LOG_WARN, "DNS query qcount %d", qcount); - - // http://tools.ietf.org/html/rfc1035 - int off = get_qname(data, datalen, sizeof(struct dns_header), qname); - if (off > 0 && off + 4 == datalen) { - *qtype = ntohs(*((uint16_t *) (data + off))); - *qclass = ntohs(*((uint16_t *) (data + off + 2))); - return 0; - } else - log_android(ANDROID_LOG_WARN, "DNS query invalid off %d datalen %d", off, datalen); - } - - return -1; -} - -int check_domain(const struct arguments *args, const struct udp_session *u, - const uint8_t *data, const size_t datalen, - uint16_t qclass, uint16_t qtype, const char *name) { - - if (qclass == DNS_QCLASS_IN && - (qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA) && - is_domain_blocked(args, name)) { - - log_android(ANDROID_LOG_INFO, "DNS query type %d name %s blocked", qtype, name); - - // Build response - size_t rlen = datalen + sizeof(struct dns_rr) + (qtype == DNS_QTYPE_A ? 4 : 16); - uint8_t *response = malloc(rlen); - - // Copy header & query - memcpy(response, data, datalen); - - // Modify copied header - struct dns_header *rh = (struct dns_header *) response; - rh->qr = 1; - rh->aa = 0; - rh->tc = 0; - rh->rd = 0; - rh->ra = 0; - rh->z = 0; - rh->ad = 0; - rh->cd = 0; - rh->rcode = 0; - rh->ans_count = htons(1); - rh->auth_count = 0; - rh->add_count = 0; - - // Build answer - struct dns_rr *answer = (struct dns_rr *) (response + datalen); - answer->qname_ptr = htons(sizeof(struct dns_header) | 0xC000); - answer->qtype = htons(qtype); - answer->qclass = htons(qclass); - answer->ttl = htonl(DNS_TTL); - answer->rdlength = htons(qtype == DNS_QTYPE_A ? 4 : 16); - - // Add answer address - uint8_t *addr = response + datalen + sizeof(struct dns_rr); - if (qtype == DNS_QTYPE_A) - inet_pton(AF_INET, "127.0.0.1", addr); - else - inet_pton(AF_INET6, "::1", addr); - - // Send selected negative response - rlen = datalen; - rh->rcode = (uint16_t) args->rcode; - rh->ans_count = 0; - - // Send response - if (write_udp(args, u, response, rlen) < 0) - log_android(ANDROID_LOG_WARN, "UDP DNS write error %d: %s", errno, strerror(errno)); - - free(response); - - return 1; - } - - return 0; -} diff --git a/app/src/main/jni/netguard/netguard.h b/app/src/main/jni/netguard/netguard.h index f9561e5b..0b41c89f 100644 --- a/app/src/main/jni/netguard/netguard.h +++ b/app/src/main/jni/netguard/netguard.h @@ -416,14 +416,6 @@ jboolean handle_udp(const struct arguments *args, int uid, struct allowed *redirect, const int epoll_fd); -int get_dns_query(const struct arguments *args, const struct udp_session *u, - const uint8_t *data, const size_t datalen, - uint16_t *qtype, uint16_t *qclass, char *qname); - -int check_domain(const struct arguments *args, const struct udp_session *u, - const uint8_t *data, const size_t datalen, - uint16_t qclass, uint16_t qtype, const char *name); - int check_dhcp(const struct arguments *args, const struct udp_session *u, const uint8_t *data, const size_t datalen); diff --git a/app/src/main/jni/netguard/udp.c b/app/src/main/jni/netguard/udp.c index c10207e1..c16603d7 100644 --- a/app/src/main/jni/netguard/udp.c +++ b/app/src/main/jni/netguard/udp.c @@ -319,34 +319,6 @@ jboolean handle_udp(const struct arguments *args, cur = s; } - // Check for DNS - if (ntohs(udphdr->dest) == 53) { - char qname[DNS_QNAME_MAX + 1]; - uint16_t qtype; - uint16_t qclass; - if (get_dns_query(args, &cur->udp, data, datalen, &qtype, &qclass, qname) >= 0) { - log_android(ANDROID_LOG_DEBUG, - "DNS query qtype %d qclass %d name %s", - qtype, qclass, qname); - - if (0) - if (check_domain(args, &cur->udp, data, datalen, qclass, qtype, qname)) { - // Log qname - char name[DNS_QNAME_MAX + 40 + 1]; - sprintf(name, "qtype %d qname %s", qtype, qname); - jobject objPacket = create_packet( - args, version, IPPROTO_UDP, "", - source, ntohs(cur->udp.source), dest, ntohs(cur->udp.dest), - name, 0, 0); - log_packet(args, objPacket); - - // Session done - cur->udp.state = UDP_FINISHING; - return 0; - } - } - } - // Check for DHCP (tethering) if (ntohs(udphdr->source) == 68 || ntohs(udphdr->dest) == 67) { if (check_dhcp(args, &cur->udp, data, datalen) >= 0)