mirror/NetGuard
1
0
Fork 0
mirror of https://github.com/M66B/NetGuard.git synced 2025-02-22 06:10:56 +00:00
Code Issues Releases Wiki Activity

Changed address lookup

Browse source
This commit is contained in:
M66B 2018-02-19 08:26:16 +01:00
parent aa1956af6b
commit bb1f8d699e
1 changed files with 47 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
View file

@ -148,7 +148,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
private Map<String, Boolean> mapHostsBlocked = new HashMap<>(); private Map<String, Boolean> mapHostsBlocked = new HashMap<>();
private Map<Integer, Boolean> mapUidAllowed = new HashMap<>(); private Map<Integer, Boolean> mapUidAllowed = new HashMap<>();
private Map<Integer, Integer> mapUidKnown = new HashMap<>(); private Map<Integer, Integer> mapUidKnown = new HashMap<>();
private final Map<Long, Map<InetAddress, IPRule>> mapUidIPFilters = new HashMap<>(); private final Map<IPKey, Map<InetAddress, IPRule>> mapUidIPFilters = new HashMap<>();
private Map<Integer, Forward> mapForward = new HashMap<>(); private Map<Integer, Forward> mapForward = new HashMap<>();
private Map<Integer, Boolean> mapNotify = new HashMap<>(); private Map<Integer, Boolean> mapNotify = new HashMap<>();
private ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true); private ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true);
@ -1592,15 +1592,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
} }
} }
// long is 64 bits IPKey key = new IPKey(version, protocol, dport, uid);
// 0..15 uid
// 16..31 dport
// 32..39 protocol
// 40..43 version
if (!(protocol == 6 /* TCP */ || protocol == 17 /* UDP */))
dport = 0;
long key = (version << 40) | (protocol << 32) | (dport << 16) | uid;
synchronized (mapUidIPFilters) { synchronized (mapUidIPFilters) {
if (!mapUidIPFilters.containsKey(key)) if (!mapUidIPFilters.containsKey(key))
mapUidIPFilters.put(key, new HashMap()); mapUidIPFilters.put(key, new HashMap());
@ -1615,17 +1607,17 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
continue; continue;
//if (dname != null) //if (dname != null)
Log.i(TAG, "Set filter uid=" + uid + " " + daddr + " " + dresource + "/" + dport + "=" + block); Log.i(TAG, "Set filter " + key + " " + daddr + "/" + dresource + "=" + block);
boolean exists = mapUidIPFilters.get(key).containsKey(iname); boolean exists = mapUidIPFilters.get(key).containsKey(iname);
if (!exists || !mapUidIPFilters.get(key).get(iname).isBlocked()) { if (!exists || !mapUidIPFilters.get(key).get(iname).isBlocked()) {
IPRule rule = new IPRule(name + "/" + iname, block, time + ttl); IPRule rule = new IPRule(key, name + "/" + iname, block, time + ttl);
mapUidIPFilters.get(key).put(iname, rule); mapUidIPFilters.get(key).put(iname, rule);
if (exists) if (exists)
Log.w(TAG, "Address conflict uid=" + uid + " " + daddr + " " + dresource + "/" + dport); Log.w(TAG, "Address conflict " + key + " " + daddr + "/" + dresource);
} else if (exists) { } else if (exists) {
mapUidIPFilters.get(key).get(iname).updateExpires(time + ttl); mapUidIPFilters.get(key).get(iname).updateExpires(time + ttl);
Log.w(TAG, "Address updated uid=" + uid + " " + daddr + " " + dresource + "/" + dport); Log.w(TAG, "Address updated " + key + " " + daddr + "/" + dresource);
} }
} else } else
Log.w(TAG, "Address not numeric " + name); Log.w(TAG, "Address not numeric " + name);
@ -1852,10 +1844,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
Log.w(TAG, "Allowing self " + packet); Log.w(TAG, "Allowing self " + packet);
} else { } else {
boolean filtered = false; boolean filtered = false;
// Only TCP (6) and UDP (17) have port numbers IPKey key = new IPKey(packet.version, packet.protocol, packet.dport, packet.uid);
int dport = (packet.protocol == 6 || packet.protocol == 17 ? packet.dport : 0);
long key = (packet.version << 40) | (packet.protocol << 32) | (dport << 16) | packet.uid;
if (mapUidIPFilters.containsKey(key)) if (mapUidIPFilters.containsKey(key))
try { try {
InetAddress iaddr = InetAddress.getByName(packet.daddr); InetAddress iaddr = InetAddress.getByName(packet.daddr);
@ -3057,12 +3046,50 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
} }
} }
private class IPKey {
int version;
int protocol;
int dport;
int uid;
public IPKey(int version, int protocol, int dport, int uid) {
this.version = version;
this.protocol = protocol;
// Only TCP (6) and UDP (17) have port numbers
this.dport = (protocol == 6 || protocol == 17 ? dport : 0);
this.uid = uid;
}
@Override
public boolean equals(Object obj) {
if (!(obj instanceof IPKey))
return false;
IPKey other = (IPKey) obj;
return (this.version == other.version &&
this.protocol == other.protocol &&
this.dport == other.dport &&
this.uid == other.uid);
}
@Override
public int hashCode() {
return (version << 40) | (protocol << 32) | (dport << 16) | uid;
}
@Override
public String toString() {
return "v" + version + " p" + protocol + " port=" + dport + " uid=" + uid;
}
}
private class IPRule { private class IPRule {
private IPKey key;
private String name; private String name;
private boolean block; private boolean block;
private long expires; private long expires;
public IPRule(String name, boolean block, long expires) { public IPRule(IPKey key, String name, boolean block, long expires) {
this.key = key;
this.name = name; this.name = name;
this.block = block; this.block = block;
this.expires = expires; this.expires = expires;
@ -3088,7 +3115,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
@Override @Override
public String toString() { public String toString() {
return this.name; return this.key + " " + this.name;
} }
} }