Block domains by correct IP version

2018-02-04 12:33:22 +01:00 · 2018-02-04 12:33:22 +01:00 · d8cbe18294
parent a89ecce786
commit d8cbe18294
1 changed files with 21 additions and 6 deletions
--- a/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
+++ b/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
@ -84,6 +84,7 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.math.BigInteger;
 import java.net.Inet4Address;
+import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.InterfaceAddress;
@ -1605,14 +1606,20 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
                    mapUidIPFilters.put(key, new HashMap());

                try {
-                    if (dname != null)
-                        Log.i(TAG, "Set filter uid=" + uid + " " + daddr + " " + dresource + "/" + dport + "=" + block);
                    String name = (dresource == null ? daddr : dresource);
                    if (Util.isNumericAddress(name)) {
                        InetAddress iname = InetAddress.getByName(name);
+                        if (version == 4 && !(iname instanceof Inet4Address))
+                            continue;
+                        if (version == 6 && !(iname instanceof Inet6Address))
+                            continue;
+
+                        //if (dname != null)
+                        Log.i(TAG, "Set filter uid=" + uid + " " + daddr + " " + dresource + "/" + dport + "=" + block);
+
                        boolean exists = mapUidIPFilters.get(key).containsKey(iname);
                        if (!exists || !mapUidIPFilters.get(key).get(iname).isBlocked()) {
-                            IPRule rule = new IPRule(block, time + ttl);
+                            IPRule rule = new IPRule(name + "/" + iname, block, time + ttl);
                            mapUidIPFilters.get(key).put(iname, rule);
                            if (exists)
                                Log.w(TAG, "Address conflict uid=" + uid + " " + daddr + " " + dresource + "/" + dport);
@ -1856,11 +1863,12 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
                        if (map != null && map.containsKey(iaddr)) {
                            IPRule rule = map.get(iaddr);
                            if (rule.isExpired())
-                                Log.i(TAG, "DNS expired " + packet);
+                                Log.i(TAG, "DNS expired " + packet + " rule " + rule);
                            else {
                                filtered = true;
                                packet.allowed = !rule.isBlocked();
-                                Log.i(TAG, "Filtering " + packet);
+                                Log.i(TAG, "Filtering " + packet +
+                                        " allowed=" + packet.allowed + " rule " + rule);
                            }
                        }
                    } catch (UnknownHostException ex) {
@ -3050,10 +3058,12 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
    }

    private class IPRule {
+        private String name;
        private boolean block;
        private long expires;

-        public IPRule(boolean block, long expires) {
+        public IPRule(String name, boolean block, long expires) {
+            this.name = name;
            this.block = block;
            this.expires = expires;
        }
@ -3075,6 +3085,11 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
            IPRule other = (IPRule) obj;
            return (this.block == other.block && this.expires == other.expires);
        }
+
+        @Override
+        public String toString() {
+            return this.name;
+        }
    }

    public static void run(String reason, Context context) {