diff --git a/app/src/main/jni/netguard/icmp.c b/app/src/main/jni/netguard/icmp.c index 759bf327..cc865064 100644 --- a/app/src/main/jni/netguard/icmp.c +++ b/app/src/main/jni/netguard/icmp.c @@ -351,7 +351,7 @@ ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur, cur->version == 4 ? &cur->daddr.ip4 : &cur->daddr.ip6, dest, sizeof(dest)); // Send raw ICMP message - log_android(ANDROID_LOG_DEBUG, + log_android(ANDROID_LOG_WARN, "ICMP sending to tun %d from %s to %s data %u type %d code %d id %x seq %d", args->tun, dest, source, datalen, icmp->icmp_type, icmp->icmp_code, icmp->icmp_id, icmp->icmp_seq); diff --git a/app/src/main/jni/netguard/tcp.c b/app/src/main/jni/netguard/tcp.c index 51af47d3..f07358d6 100644 --- a/app/src/main/jni/netguard/tcp.c +++ b/app/src/main/jni/netguard/tcp.c @@ -260,6 +260,32 @@ void check_tcp_socket(const struct arguments *args, session, serr, strerror(serr)); write_rst(args, &s->tcp); + + // Connection refused + if (err >= 0 && (serr == ECONNREFUSED || serr == EHOSTUNREACH)) { + struct icmp icmp; + memset(&icmp, 0, sizeof(struct icmp)); + icmp.icmp_type = ICMP_UNREACH; + if (serr == ECONNREFUSED) + icmp.icmp_code = ICMP_UNREACH_PORT; + else + icmp.icmp_code = ICMP_UNREACH_HOST; + icmp.icmp_cksum = 0; + icmp.icmp_cksum = ~calc_checksum(0, &icmp, 4); + + struct icmp_session sicmp; + memset(&sicmp, 0, sizeof(struct icmp_session)); + sicmp.version = s->tcp.version; + if (s->tcp.version == 4) { + sicmp.saddr.ip4 = (__be32) s->tcp.saddr.ip4; + sicmp.daddr.ip4 = (__be32) s->tcp.daddr.ip4; + } else { + memcpy(&sicmp.saddr.ip6, &s->tcp.saddr.ip6, 16); + memcpy(&sicmp.daddr.ip6, &s->tcp.daddr.ip6, 16); + } + + write_icmp(args, &sicmp, &icmp, 8); + } } else { // Assume socket okay