mirror of
https://github.com/M66B/NetGuard.git
synced 2025-01-04 06:23:04 +00:00
Resolved blocked domain names
This commit is contained in:
parent
2be06c43f3
commit
506a455f54
3 changed files with 76 additions and 40 deletions
|
@ -60,15 +60,16 @@ int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char
|
||||||
return (c ? off : ptr);
|
return (c ? off : ptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
void parse_dns_response(const struct arguments *args, const uint8_t *data, const size_t datalen) {
|
void parse_dns_response(const struct arguments *args, const struct udp_session *u,
|
||||||
if (datalen < sizeof(struct dns_header) + 1) {
|
const uint8_t *data, size_t *datalen) {
|
||||||
log_android(ANDROID_LOG_WARN, "DNS response length %d", datalen);
|
if (*datalen < sizeof(struct dns_header) + 1) {
|
||||||
|
log_android(ANDROID_LOG_WARN, "DNS response length %d", *datalen);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if standard DNS query
|
// Check if standard DNS query
|
||||||
// TODO multiple qnames
|
// TODO multiple qnames
|
||||||
const struct dns_header *dns = (struct dns_header *) data;
|
struct dns_header *dns = (struct dns_header *) data;
|
||||||
int qcount = ntohs(dns->q_count);
|
int qcount = ntohs(dns->q_count);
|
||||||
int acount = ntohs(dns->ans_count);
|
int acount = ntohs(dns->ans_count);
|
||||||
if (dns->qr == 1 && dns->opcode == 0 && qcount > 0 && acount > 0) {
|
if (dns->qr == 1 && dns->opcode == 0 && qcount > 0 && acount > 0) {
|
||||||
|
@ -77,42 +78,40 @@ void parse_dns_response(const struct arguments *args, const uint8_t *data, const
|
||||||
log_android(ANDROID_LOG_WARN, "DNS response qcount %d acount %d", qcount, acount);
|
log_android(ANDROID_LOG_WARN, "DNS response qcount %d acount %d", qcount, acount);
|
||||||
|
|
||||||
// http://tools.ietf.org/html/rfc1035
|
// http://tools.ietf.org/html/rfc1035
|
||||||
|
int32_t off = sizeof(struct dns_header);
|
||||||
|
|
||||||
|
uint16_t qtype;
|
||||||
|
uint16_t qclass;
|
||||||
char qname[DNS_QNAME_MAX + 1];
|
char qname[DNS_QNAME_MAX + 1];
|
||||||
|
|
||||||
char name[DNS_QNAME_MAX + 1];
|
// TODO multiple qnames?
|
||||||
int32_t off = sizeof(struct dns_header);
|
for (int q = 0; q < 1; q++) {
|
||||||
for (int q = 0; q < qcount; q++) {
|
off = get_qname(data, *datalen, (uint16_t) off, qname);
|
||||||
off = get_qname(data, datalen, (uint16_t) off, name);
|
if (off > 0 && off + 4 <= *datalen) {
|
||||||
if (off > 0 && off + 4 <= datalen) {
|
qtype = ntohs(*((uint16_t *) (data + off)));
|
||||||
uint16_t qtype = ntohs(*((uint16_t *) (data + off)));
|
qclass = ntohs(*((uint16_t *) (data + off + 2)));
|
||||||
uint16_t qclass = ntohs(*((uint16_t *) (data + off + 2)));
|
|
||||||
log_android(ANDROID_LOG_DEBUG,
|
log_android(ANDROID_LOG_DEBUG,
|
||||||
"DNS question %d qtype %d qclass %d qname %s",
|
"DNS question %d qtype %d qclass %d qname %s", q, qtype, qclass, qname);
|
||||||
q, qtype, qclass, name);
|
|
||||||
off += 4;
|
off += 4;
|
||||||
|
|
||||||
// TODO multiple qnames?
|
|
||||||
if (q == 0)
|
|
||||||
strcpy(qname, name);
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
log_android(ANDROID_LOG_WARN,
|
log_android(ANDROID_LOG_WARN,
|
||||||
"DNS response Q invalid off %d datalen %d",
|
"DNS response Q invalid off %d datalen %d", off, *datalen);
|
||||||
off, datalen);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char name[DNS_QNAME_MAX + 1];
|
||||||
for (int a = 0; a < acount; a++) {
|
for (int a = 0; a < acount; a++) {
|
||||||
off = get_qname(data, datalen, (uint16_t) off, name);
|
off = get_qname(data, *datalen, (uint16_t) off, name);
|
||||||
if (off > 0 && off + 10 <= datalen) {
|
if (off > 0 && off + 10 <= *datalen) {
|
||||||
uint16_t qtype = ntohs(*((uint16_t *) (data + off)));
|
uint16_t qtype = ntohs(*((uint16_t *) (data + off)));
|
||||||
uint16_t qclass = ntohs(*((uint16_t *) (data + off + 2)));
|
uint16_t qclass = ntohs(*((uint16_t *) (data + off + 2)));
|
||||||
uint32_t ttl = ntohl(*((uint32_t *) (data + off + 4)));
|
uint32_t ttl = ntohl(*((uint32_t *) (data + off + 4)));
|
||||||
uint16_t rdlength = ntohs(*((uint16_t *) (data + off + 8)));
|
uint16_t rdlength = ntohs(*((uint16_t *) (data + off + 8)));
|
||||||
off += 10;
|
off += 10;
|
||||||
|
|
||||||
if (off + rdlength <= datalen) {
|
if (off + rdlength <= *datalen) {
|
||||||
if (qclass == DNS_QCLASS_IN &&
|
if (qclass == DNS_QCLASS_IN &&
|
||||||
(qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA)) {
|
(qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA)) {
|
||||||
|
|
||||||
|
@ -138,17 +137,52 @@ void parse_dns_response(const struct arguments *args, const uint8_t *data, const
|
||||||
else {
|
else {
|
||||||
log_android(ANDROID_LOG_WARN,
|
log_android(ANDROID_LOG_WARN,
|
||||||
"DNS response A invalid off %d rdlength %d datalen %d",
|
"DNS response A invalid off %d rdlength %d datalen %d",
|
||||||
off, rdlength, datalen);
|
off, rdlength, *datalen);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
log_android(ANDROID_LOG_WARN,
|
log_android(ANDROID_LOG_WARN,
|
||||||
"DNS response A invalid off %d datalen %d",
|
"DNS response A invalid off %d datalen %d", off, *datalen);
|
||||||
off, datalen);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (qcount > 0 && is_domain_blocked(args, qname)) {
|
||||||
|
dns->qr = 1;
|
||||||
|
dns->aa = 0;
|
||||||
|
dns->tc = 0;
|
||||||
|
dns->rd = 0;
|
||||||
|
dns->ra = 0;
|
||||||
|
dns->z = 0;
|
||||||
|
dns->ad = 0;
|
||||||
|
dns->cd = 0;
|
||||||
|
dns->rcode = (uint16_t) args->rcode;
|
||||||
|
dns->ans_count = 0;
|
||||||
|
dns->auth_count = 0;
|
||||||
|
dns->add_count = 0;
|
||||||
|
*datalen = sizeof(struct dns_header);
|
||||||
|
|
||||||
|
char source[INET6_ADDRSTRLEN + 1];
|
||||||
|
char dest[INET6_ADDRSTRLEN + 1];
|
||||||
|
if (u->version == 4) {
|
||||||
|
inet_ntop(AF_INET, &u->saddr.ip4, source, sizeof(source));
|
||||||
|
inet_ntop(AF_INET, &u->daddr.ip4, dest, sizeof(dest));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
inet_ntop(AF_INET6, &u->saddr.ip6, source, sizeof(source));
|
||||||
|
inet_ntop(AF_INET6, &u->daddr.ip6, dest, sizeof(dest));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Log qname
|
||||||
|
char name[DNS_QNAME_MAX + 40 + 1];
|
||||||
|
sprintf(name, "qtype %d qname %s rcode %d", qtype, qname, dns->rcode);
|
||||||
|
jobject objPacket = create_packet(
|
||||||
|
args, u->version, IPPROTO_UDP, "",
|
||||||
|
source, ntohs(u->source), dest, ntohs(u->dest),
|
||||||
|
name, 0, 0);
|
||||||
|
log_packet(args, objPacket);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (acount > 0)
|
else if (acount > 0)
|
||||||
log_android(ANDROID_LOG_WARN,
|
log_android(ANDROID_LOG_WARN,
|
||||||
|
|
|
@ -350,7 +350,8 @@ void check_udp_socket(const struct arguments *args, const struct epoll_event *ev
|
||||||
|
|
||||||
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname);
|
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname);
|
||||||
|
|
||||||
void parse_dns_response(const struct arguments *args, const uint8_t *data, const size_t datalen);
|
void parse_dns_response(const struct arguments *args, const struct udp_session *u,
|
||||||
|
const uint8_t *data, size_t *datalen);
|
||||||
|
|
||||||
uint32_t get_send_window(const struct tcp_session *cur);
|
uint32_t get_send_window(const struct tcp_session *cur);
|
||||||
|
|
||||||
|
|
|
@ -136,7 +136,7 @@ void check_udp_socket(const struct arguments *args, const struct epoll_event *ev
|
||||||
|
|
||||||
// Process DNS response
|
// Process DNS response
|
||||||
if (ntohs(s->udp.dest) == 53)
|
if (ntohs(s->udp.dest) == 53)
|
||||||
parse_dns_response(args, buffer, (size_t) bytes);
|
parse_dns_response(args, &s->udp, buffer, (size_t *) &bytes);
|
||||||
|
|
||||||
// Forward to tun
|
// Forward to tun
|
||||||
if (write_udp(args, &s->udp, buffer, (size_t) bytes) < 0)
|
if (write_udp(args, &s->udp, buffer, (size_t) bytes) < 0)
|
||||||
|
@ -338,20 +338,21 @@ jboolean handle_udp(const struct arguments *args,
|
||||||
"DNS query qtype %d qclass %d name %s",
|
"DNS query qtype %d qclass %d name %s",
|
||||||
qtype, qclass, qname);
|
qtype, qclass, qname);
|
||||||
|
|
||||||
if (check_domain(args, &cur->udp, data, datalen, qclass, qtype, qname)) {
|
if (0)
|
||||||
// Log qname
|
if (check_domain(args, &cur->udp, data, datalen, qclass, qtype, qname)) {
|
||||||
char name[DNS_QNAME_MAX + 40 + 1];
|
// Log qname
|
||||||
sprintf(name, "qtype %d qname %s", qtype, qname);
|
char name[DNS_QNAME_MAX + 40 + 1];
|
||||||
jobject objPacket = create_packet(
|
sprintf(name, "qtype %d qname %s", qtype, qname);
|
||||||
args, version, IPPROTO_UDP, "",
|
jobject objPacket = create_packet(
|
||||||
source, ntohs(cur->udp.source), dest, ntohs(cur->udp.dest),
|
args, version, IPPROTO_UDP, "",
|
||||||
name, 0, 0);
|
source, ntohs(cur->udp.source), dest, ntohs(cur->udp.dest),
|
||||||
log_packet(args, objPacket);
|
name, 0, 0);
|
||||||
|
log_packet(args, objPacket);
|
||||||
|
|
||||||
// Session done
|
// Session done
|
||||||
cur->udp.state = UDP_FINISHING;
|
cur->udp.state = UDP_FINISHING;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue