Log not supported protocols as blocked

Refs #321
2016-02-14 12:48:26 +01:00 · 2016-02-14 12:48:26 +01:00 · db43a95de3
parent 87b3d0c33c
commit db43a95de3
1 changed files with 11 additions and 2 deletions
--- a/app/src/main/java/eu/faircode/netguard/SinkholeService.java
+++ b/app/src/main/java/eu/faircode/netguard/SinkholeService.java
@ -1205,6 +1205,13 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
        return (mapHostsBlocked.containsKey(name) && mapHostsBlocked.get(name));
    }

+    private boolean isSupported(int protocol) {
+        return (protocol == 1 /* ICMPv4 */ ||
+                protocol == 59 /* ICMPv6 */ ||
+                protocol == 6 /* TCP */ ||
+                protocol == 17 /* UDP */);
+    }
+
    // Called from native code
    private Allowed isAddressAllowed(Packet packet) {
        SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
@ -1212,12 +1219,14 @@ public class SinkholeService extends VpnService implements SharedPreferences.OnS
        packet.allowed = false;
        if (prefs.getBoolean("filter", false)) {
            // https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h
-            if (packet.uid < 2000 && !last_connected) {
+            if (packet.uid < 2000 &&
+                    !last_connected && isSupported(packet.protocol)) {
                // Allow system applications in disconnected state
                packet.allowed = true;
                Log.w(TAG, "Allowing disconnected system " + packet);

-            } else if (packet.uid < 2000 && !mapUidKnown.containsKey(packet.uid)) {
+            } else if (packet.uid < 2000 &&
+                    !mapUidKnown.containsKey(packet.uid) && isSupported(packet.protocol)) {
                // Allow unknown system traffic
                packet.allowed = true;
                Log.w(TAG, "Allowing unknown system " + packet);