mirror
/
NetGuard
mirror of https://github.com/M66B/NetGuard.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Find connection by source port, destination address and port

This commit is contained in:
M66B 2017-03-12 08:24:08 +01:00
parent baf5154f6d
commit 69a91fec23
2 changed files with 48 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
app/src/main/jni/netguard/ip.c
View File

@ -290,7 +290,7 @@ void handle_ip(const struct arguments *args,
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6 || if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6 ||
(protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) || (protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) ||
(protocol == IPPROTO_TCP && syn)) (protocol == IPPROTO_TCP && syn))
uid = get_uid_retry(version, protocol, saddr, sport); uid = get_uid_retry(version, protocol, saddr, sport, daddr, dport);
log_android(ANDROID_LOG_DEBUG, log_android(ANDROID_LOG_DEBUG,
"Packet v%d %s/%u > %s/%u proto %d flags %s uid %d", "Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
@ -333,10 +333,12 @@ void handle_ip(const struct arguments *args,
} }
jint get_uid_retry(const int version, const int protocol, jint get_uid_retry(const int version, const int protocol,
const void *saddr, const uint16_t sport) { const void *saddr, const uint16_t sport,
char source[INET6_ADDRSTRLEN + 1]; const void *daddr, const uint16_t dport) {
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source)); char dest[INET6_ADDRSTRLEN + 1];
log_android(ANDROID_LOG_INFO, "get uid v%d p%d %s/%u", version, protocol, source, sport); inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
log_android(ANDROID_LOG_INFO, "get uid v%d p%d %u > %s/%u",
version, protocol, sport, dest, dport);
jint uid = -1; jint uid = -1;
int tries = 0; int tries = 0;
@ -344,41 +346,43 @@ jint get_uid_retry(const int version, const int protocol,
while (uid < 0 && tries++ < UID_MAXTRY) { while (uid < 0 && tries++ < UID_MAXTRY) {
// Check IPv6 table first // Check IPv6 table first
if (version == 4) { if (version == 4) {
int8_t saddr128[16]; int8_t daddr128[16];
memset(saddr128, 0, 10); memset(daddr128, 0, 10);
saddr128[10] = (uint8_t) 0xFF; daddr128[10] = (uint8_t) 0xFF;
saddr128[11] = (uint8_t) 0xFF; daddr128[11] = (uint8_t) 0xFF;
memcpy(saddr128 + 12, saddr, 4); memcpy(daddr128 + 12, daddr, 4);
uid = get_uid(6, protocol, saddr128, sport, tries == UID_MAXTRY); uid = get_uid(6, protocol, saddr, sport, daddr128, dport, tries == UID_MAXTRY);
} }
if (uid < 0) if (uid < 0)
uid = get_uid(version, protocol, saddr, sport, tries == UID_MAXTRY); uid = get_uid(version, protocol, saddr, sport, daddr, dport, tries == UID_MAXTRY);
// Retry delay // Retry delay
if (uid < 0 && tries < UID_MAXTRY) { if (uid < 0 && tries < UID_MAXTRY) {
log_android(ANDROID_LOG_WARN, "get uid v%d p%d %s/%u try %d", log_android(ANDROID_LOG_WARN, "get uid v%d p%d %u > %s/%u try %d",
version, protocol, source, sport, tries); version, protocol, sport, dest, dport, tries);
usleep(1000 * UID_DELAYTRY); usleep(1000 * UID_DELAYTRY);
} }
} }
if (uid < 0) if (uid < 0)
log_android(ANDROID_LOG_ERROR, "uid v%d p%d %s/%u not found", log_android(ANDROID_LOG_ERROR, "uid v%d p%d %u > %s/%u not found",
version, protocol, source, sport); version, protocol, sport, dest, dport);
return uid; return uid;
} }
jint get_uid(const int version, const int protocol, jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport, const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
int lasttry) { int lasttry) {
char line[250]; char line[250];
char hex[16 * 2 + 1]; char hex[16 * 2 + 1];
int fields; int fields;
uint8_t addr4[4]; uint8_t _daddr4[4];
uint8_t addr6[16]; uint8_t _daddr6[16];
int port; int _sport;
int _dport;
jint uid = -1; jint uid = -1;
#ifdef PROFILE_UID #ifdef PROFILE_UID
@ -403,9 +407,9 @@ jint get_uid(const int version, const int protocol,
return uid; return uid;
if (lasttry) { if (lasttry) {
char source[INET6_ADDRSTRLEN + 1]; char dest[INET6_ADDRSTRLEN + 1];
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source)); inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
log_android(ANDROID_LOG_WARN, "Searching %s/%u in %s", source, sport, fn); log_android(ANDROID_LOG_WARN, "Searching %u > %s/%u in %s", sport, dest, dport, fn);
} }
// Open proc file // Open proc file
@ -422,38 +426,40 @@ jint get_uid(const int version, const int protocol,
while (fgets(line, sizeof(line), fd) != NULL) { while (fgets(line, sizeof(line), fd) != NULL) {
if (i++) { if (i++) {
*hex = 0; *hex = 0;
port = -1; _sport = -1;
_dport = -1;
u = -1; u = -1;
if (version == 4) if (version == 4)
fields = sscanf( fields = sscanf(
line, line,
"%*d: %8s:%X %*X:%*X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld", "%*d: %*X:%X %8s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld",
hex, &port, &u); &_sport, hex, &_dport, &u);
else else
fields = sscanf( fields = sscanf(
line, line,
"%*d: %32s:%X %*X:%*X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld", "%*d: %*X:%X %32s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld",
hex, &port, &u); &_sport, hex, &_dport, &u);
if (fields == 3 && if (fields == 4 &&
(version == 4 ? strlen(hex) == 8 : strlen(hex) == 32) && port >= 0 && u >= 0) { _sport > 0 && _dport > 0 && u >= 0 &&
hex2bytes(hex, version == 4 ? addr4 : addr6); (version == 4 ? strlen(hex) == 8 : strlen(hex) == 32)) {
hex2bytes(hex, version == 4 ? _daddr4 : _daddr6);
if (version == 4) if (version == 4)
((uint32_t *) addr4)[0] = htonl(((uint32_t *) addr4)[0]); ((uint32_t *) _daddr4)[0] = htonl(((uint32_t *) _daddr4)[0]);
else else
for (int w = 0; w < 4; w++) for (int w = 0; w < 4; w++)
((uint32_t *) addr6)[w] = htonl(((uint32_t *) addr6)[w]); ((uint32_t *) _daddr6)[w] = htonl(((uint32_t *) _daddr6)[w]);
if (lasttry) { if (lasttry) {
char source[INET6_ADDRSTRLEN + 1]; char dest[INET6_ADDRSTRLEN + 1];
inet_ntop(version == 4 ? AF_INET : AF_INET6, inet_ntop(version == 4 ? AF_INET : AF_INET6,
version == 4 ? addr4 : addr6, version == 4 ? _daddr4 : _daddr6,
source, sizeof(source)); dest, sizeof(dest));
log_android(ANDROID_LOG_WARN, "%s/%u %d %s", source, port, u, line); log_android(ANDROID_LOG_WARN, "%u > %s/%u %d %s",
_sport, dest, _dport, u, line);
} }
if (port == sport && if (_sport == sport && _dport == dport &&
(lasttry || memcmp(version == 4 ? _daddr4 : _daddr6, daddr, version == 4 ? 4 : 16) == 0) {
memcmp(version == 4 ? addr4 : addr6, saddr, version == 4 ? 4 : 16) == 0)) {
uid = u; uid = u;
break; break;
} }

4
app/src/main/jni/netguard/netguard.h
View File

@ -453,10 +453,12 @@ uint8_t char2nible(const char c);
void hex2bytes(const char *hex, uint8_t *buffer); void hex2bytes(const char *hex, uint8_t *buffer);
jint get_uid_retry(const int version, const int protocol, jint get_uid_retry(const int version, const int protocol,
const void *saddr, const uint16_t sport); const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport);
jint get_uid(const int version, const int protocol, jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport, const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
int lasttry); int lasttry);
int protect_socket(const struct arguments *args, int socket); int protect_socket(const struct arguments *args, int socket);