mirror/NetGuard
1
0
Fork 0
mirror of https://github.com/M66B/NetGuard.git synced 2025-01-01 12:54:07 +00:00
Code Issues Releases Wiki Activity

Reformat

Browse source
This commit is contained in:
M66B 2017-03-03 15:46:53 +01:00
parent bd4e1ff0c0
commit d3fa43b9f4
8 changed files with 112 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/src/main/jni/netguard/dns.c
View file

@ -127,7 +127,8 @@ void parse_dns_response(const struct arguments *args, const uint8_t *data, const
"DNS answer %d qname %s qtype %d ttl %d data %s",
a, name, qtype, ttl, rd);
} else
}
else
log_android(ANDROID_LOG_DEBUG,
"DNS answer %d qname %s qclass %d qtype %d ttl %d length %d",
a, name, qclass, qtype, ttl, rdlength);

12
app/src/main/jni/netguard/icmp.c
View file

@ -100,7 +100,8 @@ void check_icmp_socket(const struct arguments *args, const struct epoll_event *e
log_android(ANDROID_LOG_WARN, "ICMP recv eof");
s->icmp.stop = 1;
} else {
}
else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->icmp.version == 4)
@ -162,7 +163,8 @@ jboolean handle_icmp(const struct arguments *args,
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
@ -199,7 +201,8 @@ jboolean handle_icmp(const struct arguments *args,
if (version == 4) {
s->icmp.saddr.ip4 = (__be32) ip4->saddr;
s->icmp.daddr.ip4 = (__be32) ip4->daddr;
} else {
}
else {
memcpy(&s->icmp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->icmp.daddr.ip6, &ip6->ip6_dst, 16);
}
@ -261,7 +264,8 @@ jboolean handle_icmp(const struct arguments *args,
server4.sin_family = AF_INET;
server4.sin_addr.s_addr = (__be32) ip4->daddr;
server4.sin_port = 0;
} else {
}
else {
server6.sin6_family = AF_INET6;
memcpy(&server6.sin6_addr, &ip6->ip6_dst, 16);
server6.sin6_port = 0;

9
app/src/main/jni/netguard/ip.c
View file

@ -46,7 +46,8 @@ int check_tun(const struct arguments *args,
args->tun, errno, strerror(errno));
report_exit(args, "fcntl tun %d F_GETFL error %d: %s",
args->tun, errno, strerror(errno));
} else
}
else
report_exit(args, "tun %d exception", args->tun);
return -1;
}
@ -227,7 +228,8 @@ void handle_ip(const struct arguments *args,
sport = ntohs(icmp->icmp_id);
dport = ntohs(icmp->icmp_id);
} else if (protocol == IPPROTO_UDP) {
}
else if (protocol == IPPROTO_UDP) {
if (length - (payload - pkt) < sizeof(struct udphdr)) {
log_android(ANDROID_LOG_WARN, "UDP packet too short");
return;
@ -450,7 +452,8 @@ jint get_uid(const int version, const int protocol,
if (memcmp(version == 4 ? addr4 : addr6, saddr, version == 4 ? 4 : 16) == 0)
break;
}
} else
}
else
log_android(ANDROID_LOG_ERROR, "Invalid field #%d: %s", fields, line);
}
}

3
app/src/main/jni/netguard/netguard.c
View file

@ -188,7 +188,8 @@ Java_eu_faircode_netguard_ServiceSinkhole_jni_1stop(
clear();
log_android(ANDROID_LOG_WARN, "Stopped thread %x", t);
} else
}
else
log_android(ANDROID_LOG_WARN, "Not running thread %x", t);
}

21
app/src/main/jni/netguard/session.c
View file

@ -185,7 +185,8 @@ void *handle_events(void *a) {
if (c->protocol == IPPROTO_TCP)
clear_tcp_data(&c->tcp);
free(c);
} else {
}
else {
sl = s;
s = s->next;
}
@ -210,7 +211,8 @@ void *handle_events(void *a) {
log_android(ANDROID_LOG_DEBUG,
"epoll interrupted tun %d thread %x", args->tun, thread_id);
continue;
} else {
}
else {
log_android(ANDROID_LOG_ERROR,
"epoll tun %d thread %x error %d: %s",
args->tun, thread_id, errno, strerror(errno));
@ -241,7 +243,8 @@ void *handle_events(void *a) {
log_android(ANDROID_LOG_WARN, "Read pipe");
break;
} else if (ev[i].data.ptr == NULL) {
}
else if (ev[i].data.ptr == NULL) {
// Check upstream
log_android(ANDROID_LOG_DEBUG, "epoll ready %d/%d in %d out %d err %d hup %d",
i, ready,
@ -254,7 +257,8 @@ void *handle_events(void *a) {
if (check_tun(args, &ev[i], epoll_fd, sessions, maxsessions) < 0)
error = 1;
} else {
}
else {
// Check downstream
log_android(ANDROID_LOG_DEBUG,
"epoll ready %d/%d in %d out %d err %d hup %d prot %d sock %d",
@ -274,7 +278,8 @@ void *handle_events(void *a) {
while (!(ev[i].events & EPOLLERR) && (ev[i].events & EPOLLIN) &&
is_readable(session->socket))
check_udp_socket(args, &ev[i]);
} else if (session->protocol == IPPROTO_TCP)
}
else if (session->protocol == IPPROTO_TCP)
check_tcp_socket(args, &ev[i], epoll_fd);
}
@ -338,7 +343,8 @@ void check_allowed(const struct arguments *args) {
}
}
} else if (s->protocol == IPPROTO_UDP) {
}
else if (s->protocol == IPPROTO_UDP) {
if (s->udp.state == UDP_ACTIVE) {
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
@ -372,7 +378,8 @@ void check_allowed(const struct arguments *args) {
continue;
}
} else if (s->protocol == IPPROTO_TCP) {
}
else if (s->protocol == IPPROTO_TCP) {
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE) {
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));

95
app/src/main/jni/netguard/tcp.c
View file

@ -61,7 +61,8 @@ int check_tcp_session(const struct arguments *args, struct ng_session *s,
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
@ -234,7 +235,8 @@ void check_tcp_socket(const struct arguments *args,
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
@ -279,7 +281,8 @@ void check_tcp_socket(const struct arguments *args,
if (s->tcp.version == 4) {
sicmp.saddr.ip4 = (__be32) s->tcp.saddr.ip4;
sicmp.daddr.ip4 = (__be32) s->tcp.daddr.ip4;
} else {
}
else {
memcpy(&sicmp.saddr.ip6, &s->tcp.saddr.ip6, 16);
memcpy(&sicmp.daddr.ip6, &s->tcp.daddr.ip6, 16);
}
@ -303,7 +306,8 @@ void check_tcp_socket(const struct arguments *args,
else
s->tcp.socks5 = SOCKS5_CONNECTED;
}
} else {
}
else {
if (ev->events & EPOLLIN) {
uint8_t buffer[32];
ssize_t bytes = recv(s->socket, buffer, sizeof(buffer), 0);
@ -330,26 +334,30 @@ void check_tcp_socket(const struct arguments *args,
write_rst(args, &s->tcp);
}
} else if (s->tcp.socks5 == SOCKS5_AUTH &&
bytes == 2 &&
(buffer[0] == 1 || buffer[0] == 5)) {
}
else if (s->tcp.socks5 == SOCKS5_AUTH &&
bytes == 2 &&
(buffer[0] == 1 || buffer[0] == 5)) {
if (buffer[1] == 0) {
s->tcp.socks5 = SOCKS5_CONNECT;
log_android(ANDROID_LOG_WARN, "%s SOCKS5 auth OK", session);
} else {
}
else {
s->tcp.socks5 = 0;
log_android(ANDROID_LOG_ERROR, "%s SOCKS5 auth error %d",
session, buffer[1]);
write_rst(args, &s->tcp);
}
} else if (s->tcp.socks5 == SOCKS5_CONNECT &&
bytes == 6 + (s->tcp.version == 4 ? 4 : 16) &&
buffer[0] == 5) {
}
else if (s->tcp.socks5 == SOCKS5_CONNECT &&
bytes == 6 + (s->tcp.version == 4 ? 4 : 16) &&
buffer[0] == 5) {
if (buffer[1] == 0) {
s->tcp.socks5 = SOCKS5_CONNECTED;
log_android(ANDROID_LOG_WARN, "%s SOCKS5 connected", session);
} else {
}
else {
s->tcp.socks5 = 0;
log_android(ANDROID_LOG_ERROR, "%s SOCKS5 connect error %d",
session, buffer[1]);
@ -367,7 +375,8 @@ void check_tcp_socket(const struct arguments *args,
*/
}
} else {
}
else {
s->tcp.socks5 = 0;
log_android(ANDROID_LOG_ERROR, "%s recv SOCKS5 state %d",
session, s->tcp.socks5);
@ -390,7 +399,8 @@ void check_tcp_socket(const struct arguments *args,
write_rst(args, &s->tcp);
}
} else if (s->tcp.socks5 == SOCKS5_AUTH) {
}
else if (s->tcp.socks5 == SOCKS5_AUTH) {
uint8_t ulen = strlen(socks5_username);
uint8_t plen = strlen(socks5_password);
uint8_t buffer[512];
@ -414,7 +424,8 @@ void check_tcp_socket(const struct arguments *args,
write_rst(args, &s->tcp);
}
} else if (s->tcp.socks5 == SOCKS5_CONNECT) {
}
else if (s->tcp.socks5 == SOCKS5_CONNECT) {
uint8_t buffer[22];
*(buffer + 0) = 5; // version
*(buffer + 1) = 1; // TCP/IP stream connection
@ -423,7 +434,8 @@ void check_tcp_socket(const struct arguments *args,
if (s->tcp.version == 4) {
memcpy(buffer + 4, &s->tcp.daddr.ip4, 4);
*((__be16 *) (buffer + 4 + 4)) = s->tcp.dest;
} else {
}
else {
memcpy(buffer + 4, &s->tcp.daddr.ip6, 16);
*((__be16 *) (buffer + 4 + 16)) = s->tcp.dest;
}
@ -442,7 +454,8 @@ void check_tcp_socket(const struct arguments *args,
write_rst(args, &s->tcp);
}
} else if (s->tcp.socks5 == SOCKS5_CONNECTED) {
}
else if (s->tcp.socks5 == SOCKS5_CONNECTED) {
s->tcp.remote_seq++; // remote SYN
if (write_syn_ack(args, &s->tcp) >= 0) {
s->tcp.time = time(NULL);
@ -450,7 +463,8 @@ void check_tcp_socket(const struct arguments *args,
s->tcp.state = TCP_SYN_RECV;
}
}
} else {
}
else {
// Always forward data
int fwd = 0;
@ -478,11 +492,13 @@ void check_tcp_socket(const struct arguments *args,
if (errno == EINTR || errno == EAGAIN) {
// Retry later
break;
} else {
}
else {
write_rst(args, &s->tcp);
break;
}
} else {
}
else {
fwd = 1;
buffer_size -= sent;
s->tcp.sent += sent;
@ -494,7 +510,8 @@ void check_tcp_socket(const struct arguments *args,
s->tcp.forward = s->tcp.forward->next;
free(p->data);
free(p);
} else {
}
else {
log_android(ANDROID_LOG_WARN,
"%s partial send %u/%u",
session, s->tcp.forward->sent, s->tcp.forward->len);
@ -580,7 +597,8 @@ void check_tcp_socket(const struct arguments *args,
session, errno, strerror(errno));
s->socket = -1;
} else {
}
else {
// Socket read data
log_android(ANDROID_LOG_DEBUG, "%s recv bytes %d", session, bytes);
s->tcp.received += bytes;
@ -633,7 +651,8 @@ jboolean handle_tcp(const struct arguments *args,
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
@ -726,7 +745,8 @@ jboolean handle_tcp(const struct arguments *args,
if (version == 4) {
s->tcp.saddr.ip4 = (__be32) ip4->saddr;
s->tcp.daddr.ip4 = (__be32) ip4->daddr;
} else {
}
else {
memcpy(&s->tcp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->tcp.daddr.ip6, &ip6->ip6_dst, 16);
}
@ -786,7 +806,8 @@ jboolean handle_tcp(const struct arguments *args,
if (version == 4) {
rst.saddr.ip4 = (__be32) ip4->saddr;
rst.daddr.ip4 = (__be32) ip4->daddr;
} else {
}
else {
memcpy(&rst.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&rst.daddr.ip6, &ip6->ip6_dst, 16);
}
@ -854,7 +875,8 @@ jboolean handle_tcp(const struct arguments *args,
log_android(ANDROID_LOG_WARN, "%s repeated SYN", session);
// The socket is probably not opened yet
} else if (tcphdr->fin /* +ACK */) {
}
else if (tcphdr->fin /* +ACK */) {
if (cur->tcp.state == TCP_ESTABLISHED) {
log_android(ANDROID_LOG_WARN, "%s FIN received", session);
if (cur->tcp.forward == NULL) {
@ -883,7 +905,8 @@ jboolean handle_tcp(const struct arguments *args,
return 0;
}
} else if (tcphdr->ack) {
}
else if (tcphdr->ack) {
cur->tcp.acked = ntohl(tcphdr->ack_seq);
if (cur->tcp.state == TCP_SYN_RECV)
@ -931,7 +954,8 @@ jboolean handle_tcp(const struct arguments *args,
else
log_android(ANDROID_LOG_WARN, "%s keep alive", session);
} else if (compare_u32(ack, cur->tcp.local_seq) < 0) {
}
else if (compare_u32(ack, cur->tcp.local_seq) < 0) {
if (compare_u32(ack, cur->tcp.acked) <= 0)
log_android(
ack == cur->tcp.acked ? ANDROID_LOG_WARN : ANDROID_LOG_ERROR,
@ -1035,7 +1059,8 @@ int open_tcp_socket(const struct arguments *args,
version = (strstr(socks5_addr, ":") == NULL ? 4 : 6);
else
version = cur->version;
} else
}
else
version = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
// Get TCP socket
@ -1074,18 +1099,21 @@ int open_tcp_socket(const struct arguments *args,
inet_pton(AF_INET6, socks5_addr, &addr6.sin6_addr);
addr6.sin6_port = htons(socks5_port);
}
} else {
}
else {
if (version == 4) {
addr4.sin_family = AF_INET;
addr4.sin_addr.s_addr = (__be32) cur->daddr.ip4;
addr4.sin_port = cur->dest;
} else {
}
else {
addr6.sin6_family = AF_INET6;
memcpy(&addr6.sin6_addr, &cur->daddr.ip6, 16);
addr6.sin6_port = cur->dest;
}
}
} else {
}
else {
log_android(ANDROID_LOG_WARN, "TCP%d redirect to %s/%u",
version, redirect->raddr, redirect->rport);
@ -1287,7 +1315,8 @@ ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
if (res >= 0) {
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) res);
} else
}
else
log_android(ANDROID_LOG_ERROR, "TCP write%s%s%s%s data %d error %d: %s",
(tcp->syn ? " SYN" : ""),
(tcp->ack ? " ACK" : ""),

24
app/src/main/jni/netguard/udp.c
View file

@ -121,7 +121,8 @@ void check_udp_socket(const struct arguments *args, const struct epoll_event *ev
log_android(ANDROID_LOG_WARN, "UDP recv eof");
s->udp.state = UDP_FINISHING;
} else {
}
else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->udp.version == 4)
@ -191,7 +192,8 @@ void block_udp(const struct arguments *args,
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
@ -210,7 +212,8 @@ void block_udp(const struct arguments *args,
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
}
else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
@ -254,7 +257,8 @@ jboolean handle_udp(const struct arguments *args,
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
}
else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
@ -291,7 +295,8 @@ jboolean handle_udp(const struct arguments *args,
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
}
else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
@ -370,12 +375,14 @@ jboolean handle_udp(const struct arguments *args,
addr4.sin_family = AF_INET;
addr4.sin_addr.s_addr = (__be32) cur->udp.daddr.ip4;
addr4.sin_port = cur->udp.dest;
} else {
}
else {
addr6.sin6_family = AF_INET6;
memcpy(&addr6.sin6_addr, &cur->udp.daddr.ip6, 16);
addr6.sin6_port = cur->udp.dest;
}
} else {
}
else {
rversion = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
log_android(ANDROID_LOG_WARN, "UDP%d redirect to %s/%u",
rversion, redirect->raddr, redirect->rport);
@ -437,7 +444,8 @@ int open_udp_socket(const struct arguments *args,
log_android(ANDROID_LOG_ERROR, "UDP setsockopt SO_BROADCAST error %d: %s",
errno, strerror(errno));
}
} else {
}
else {
// http://man7.org/linux/man-pages/man7/ipv6.7.html
if (*((uint8_t *) &cur->daddr.ip6) == 0xFF) {
log_android(ANDROID_LOG_WARN, "UDP6 broadcast");

3
app/src/main/jni/netguard/util.c
View file

@ -148,7 +148,8 @@ int32_t get_local_port(const int sock) {
if (getsockname(sock, (struct sockaddr *) &sin, &len) < 0) {
log_android(ANDROID_LOG_ERROR, "getsockname error %d: %s", errno, strerror(errno));
return -1;
} else
}
else
return ntohs(sin.sin_port);
}