mirror
/
NetGuard
mirror of https://github.com/M66B/NetGuard.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Properly abort blocked connections

This commit is contained in:
M66B 2017-03-04 11:48:46 +01:00
parent 1335e60242
commit 90d743c7e3
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/src/main/jni/netguard/ip.c
View File

@ -319,11 +319,14 @@ void handle_ip(const struct arguments *args,
else if (protocol == IPPROTO_UDP)
handle_udp(args, pkt, length, payload, uid, redirect, epoll_fd);
else if (protocol == IPPROTO_TCP)
handle_tcp(args, pkt, length, payload, uid, redirect, epoll_fd);
handle_tcp(args, pkt, length, payload, uid, allowed, redirect, epoll_fd);
}
else {
if (protocol == IPPROTO_UDP)
block_udp(args, pkt, length, payload, uid);
if (protocol == IPPROTO_TCP)
handle_tcp(args, pkt, length, payload, uid, allowed, redirect, epoll_fd);
log_android(ANDROID_LOG_WARN, "Address v%d p%d %s/%u syn %d not allowed",
version, protocol, dest, dport, syn);
}

4
app/src/main/jni/netguard/netguard.h
View File

@ -407,7 +407,7 @@ void clear_tcp_data(struct tcp_session *cur);
jboolean handle_tcp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
int uid, int allowed, struct allowed *redirect,
const int epoll_fd);
void queue_tcp(const struct arguments *args,
@ -436,6 +436,8 @@ int write_fin_ack(const struct arguments *args, struct tcp_session *cur);
void write_rst(const struct arguments *args, struct tcp_session *cur);
void write_rst_ack(const struct arguments *args, struct tcp_session *cur);
ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
uint8_t *data, size_t datalen);

14
app/src/main/jni/netguard/tcp.c
View File

@ -621,7 +621,7 @@ void check_tcp_socket(const struct arguments *args,
jboolean handle_tcp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
int uid, int allowed, struct allowed *redirect,
const int epoll_fd) {
// Get headers
const uint8_t version = (*pkt) >> 4;
@ -793,6 +793,11 @@ jboolean handle_tcp(const struct arguments *args,
s->next = ng_session;
ng_session = s;
if (!allowed) {
log_android(ANDROID_LOG_WARN, "%s resetting blocked session", packet);
write_rst(args, &s->tcp);
}
}
else {
log_android(ANDROID_LOG_WARN, "%s unknown session", packet);
@ -1177,7 +1182,12 @@ int write_fin_ack(const struct arguments *args, struct tcp_session *cur) {
}
void write_rst(const struct arguments *args, struct tcp_session *cur) {
write_tcp(args, cur, NULL, 0, 0, 0, 0, 1);
int ack = 0;
if (cur->state == TCP_LISTEN) {
ack = 1;
cur->remote_seq++; // SYN
}
write_tcp(args, cur, NULL, 0, 0, ack, 0, 1);
if (cur->state != TCP_CLOSE)
cur->state = TCP_CLOSING;
}