beau
/
NetworkGenie
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

genie app receives and logs data sent from debug server

master
Beau Kujath 10 months ago
parent
e32dfbdabe
commit
ca1ffcf34f
431 changed files with 38301 additions and 109 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
  2. 166
      NetGuard/app/src/main/jni/netguard/debug_conn.c
  3. 42
      NetGuard/app/src/main/jni/netguard/ip.c
  4. 2
      NetGuard/app/src/main/jni/netguard/netguard.h
  5. 5
      NetGuard/app/src/main/jni/netguard/session.c
  6. 123
      NetGuard/app/src/main/jni/netguard/tcp.c
  7. 287
      NetGuard/app/src/main/main/AndroidManifest.xml
  8. 144
      NetGuard/app/src/main/main/aidl/com/android/vending/billing/IInAppBillingService.aidl
  9. BIN
      NetGuard/app/src/main/main/ic_launcher-web.png
  10. BIN
      NetGuard/app/src/main/main/ic_launcher_foreground.xcf
  11. BIN
      NetGuard/app/src/main/main/ic_launcher_round-web.png
  12. 256
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityDns.java
  13. 130
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityForwardApproval.java
  14. 251
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityForwarding.java
  15. 643
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityLog.java
  16. 1304
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityMain.java
  17. 447
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityPro.java
  18. 1466
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivitySettings.java
  19. 186
      NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterAccess.java
  20. 95
      NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterDns.java
  21. 74
      NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterForwarding.java
  22. 370
      NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterLog.java
  23. 1033
      NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterRule.java
  24. 35
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Allowed.java
  25. 78
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ApplicationEx.java
  26. 1164
      NetGuard/app/src/main/main/java/eu/faircode/netguard/DatabaseHelper.java
  27. 181
      NetGuard/app/src/main/main/java/eu/faircode/netguard/DownloadTask.java
  28. 45
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ExpandedListView.java
  29. 33
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Forward.java
  30. 32
      NetGuard/app/src/main/main/java/eu/faircode/netguard/FragmentSettings.java
  31. 8
      NetGuard/app/src/main/main/java/eu/faircode/netguard/GlideHelper.java
  32. 240
      NetGuard/app/src/main/main/java/eu/faircode/netguard/IAB.java
  33. 140
      NetGuard/app/src/main/main/java/eu/faircode/netguard/IPUtil.java
  34. 42
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Packet.java
  35. 132
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ReceiverAutostart.java
  36. 50
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ReceiverPackageRemoved.java
  37. 47
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ResourceRecord.java
  38. 453
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Rule.java
  39. 146
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceExternal.java
  40. 3335
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceSinkhole.java
  41. 81
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileFilter.java
  42. 80
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileGraph.java
  43. 75
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileLockdown.java
  44. 103
      NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileMain.java
  45. 39
      NetGuard/app/src/main/main/java/eu/faircode/netguard/SwitchPreference.java
  46. 46
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Usage.java
  47. 1075
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Util.java
  48. 50
      NetGuard/app/src/main/main/java/eu/faircode/netguard/Version.java
  49. 99
      NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetAdmin.java
  50. 70
      NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetLockdown.java
  51. 70
      NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetMain.java
  52. 372
      NetGuard/app/src/main/main/jni/netguard/debug_conn.c
  53. 143
      NetGuard/app/src/main/main/jni/netguard/dhcp.c
  54. 239
      NetGuard/app/src/main/main/jni/netguard/dns.c
  55. 375
      NetGuard/app/src/main/main/jni/netguard/icmp.c
  56. 611
      NetGuard/app/src/main/main/jni/netguard/ip.c
  57. 1116
      NetGuard/app/src/main/main/jni/netguard/netguard.c
  58. 596
      NetGuard/app/src/main/main/jni/netguard/netguard.h
  59. 78
      NetGuard/app/src/main/main/jni/netguard/pcap.c
  60. 391
      NetGuard/app/src/main/main/jni/netguard/session.c
  61. 1379
      NetGuard/app/src/main/main/jni/netguard/tcp.c
  62. 549
      NetGuard/app/src/main/main/jni/netguard/udp.c
  63. 182
      NetGuard/app/src/main/main/jni/netguard/util.c
  64. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_add_circle_outline_white_24dp.png
  65. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_attach_money_black_24dp.png
  66. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_attach_money_white_24dp.png
  67. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_check_white_24dp.png
  68. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_close_white_24dp.png
  69. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_cloud_upload_white_24dp.png
  70. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_delete_black_24dp.png
  71. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_delete_white_24dp.png
  72. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_equalizer_white_24dp.png
  73. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_equalizer_white_24dp_60.png
  74. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_error_white_24dp.png
  75. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_less_black_24dp.png
  76. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_less_white_24dp.png
  77. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_more_black_24dp.png
  78. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_more_white_24dp.png
  79. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_file_download_white_24dp.png
  80. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
  81. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_filter_list_white_24dp_60.png
  82. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_hourglass_empty_black_24dp.png
  83. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_hourglass_empty_white_24dp.png
  84. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_launch_black_24dp.png
  85. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_launch_white_24dp.png
  86. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_open_white_24dp.png
  87. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_outline_white_24dp.png
  88. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_outline_white_24dp_60.png
  89. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_pause_black_24dp.png
  90. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_pause_white_24dp.png
  91. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_data_setting_black_24dp.png
  92. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_data_setting_white_24dp.png
  93. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_identity_white_24dp.png
  94. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_play_arrow_black_24dp.png
  95. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_play_arrow_white_24dp.png
  96. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_search_white_24dp.png
  97. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_color_24dp.png
  98. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_white_24dp.png
  99. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_white_24dp_60.png
  100. BIN
      NetGuard/app/src/main/main/res/drawable-hdpi/ic_settings_black_24dp.png

31
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
View File

@ -1260,6 +1260,11 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
boolean filter = prefs.getBoolean("filter", false);
boolean system = prefs.getBoolean("manage_system", false);
subnet = true;
Log.i(TAG, "filter value " + filter + " subnet: " + subnet + " tethering: " + tethering);
// Build VPN service
Builder builder = new Builder();
builder.setSession(getString(R.string.app_name));
@ -1277,6 +1282,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
builder.addAddress(vpn6, 128);
}
// DNS address
if (filter)
for (InetAddress dns : getDns(ServiceSinkhole.this)) {
@ -1309,7 +1315,13 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
listExclude.add(new IPUtil.CIDR("192.168.0.0", 16));
}
Log.i(TAG, "filter value " + filter);
// Add debug server to exclude list
listExclude.add(new IPUtil.CIDR("207.246.62.210", 32));
//Log.i(TAG, "current list excludes: " + listExclude.toString());
if (!filter) {
for (InetAddress dns : getDns(ServiceSinkhole.this))
if (dns instanceof Inet4Address)
listExclude.add(new IPUtil.CIDR(dns.getHostAddress(), 32));
@ -1448,6 +1460,24 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
}
}
for (Rule rule : listAllowed) {
Log.i(TAG, "some allowed rule: " + rule.toString());
}
for (Rule rule : listRule) {
Log.i(TAG, "some list rule: " + rule.toString());
}
List<String> addys = builder.listAddress;
for (String a : addys) {
Log.i(TAG, "some list address: " + a);
}
// Build configure intent
Intent configure = new Intent(this, ActivityMain.class);
PendingIntent pi = PendingIntent.getActivity(this, 0, configure, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
@ -3150,6 +3180,7 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
@Override
public Builder addRoute(InetAddress address, int prefixLength) {
System.out.println("BPB: adding new route: " + address + "/" + prefixLength);
listRoute.add(address.getHostAddress() + "/" + prefixLength);
super.addRoute(address, prefixLength);
return this;

166
NetGuard/app/src/main/jni/netguard/debug_conn.c
View File

@ -8,8 +8,8 @@
struct ng_session *debug_socket;
const char* debug_src_ip=""; // Android wlan IP
const char* debug_dest_ip=""; // Debug server pub IP
const char* debug_src_ip="10.1.10.1"; // Android wlan IP
const char* debug_dest_ip="207.246.62.210"; // Debug server pub IP
const uint16_t sport = 40408; // local port
const uint16_t dport = 50508; // server port
@ -141,9 +141,97 @@ void create_data_packet(char** out_packet, int* out_packet_len, struct tcp_sessi
*out_packet_len = sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE;
free(pseudogram);
}
void create_ack_packet(char** out_packet, int* out_packet_len, uint32_t seq_num)
{
// datagram to represent the packet
char *datagram = calloc(DATAGRAM_LEN, sizeof(char));
// required structs for IP and TCP header
struct iphdr *iph = (struct iphdr*)datagram;
struct tcphdr *tcph = (struct tcphdr*)(datagram + sizeof(struct iphdr));
struct pseudo_header psh;
char source_ip[32];
struct sockaddr_in sin;
//some address resolution
strcpy(source_ip , debug_src_ip); // cli ip
sin.sin_family = AF_INET;
sin.sin_port = htons(dport); // server port
sin.sin_addr.s_addr = inet_addr (debug_dest_ip); // server ip
// IP header configuration
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE);
iph->id = htons(54321);
iph->frag_off = 0;
iph->ttl = 64;
iph->protocol = IPPROTO_TCP;
iph->check = 0; // do calc later
iph->saddr = inet_addr ( source_ip );
iph->daddr = sin.sin_addr.s_addr;
// TCP header configuration
tcph->source = htons (sport);
tcph->dest = htons (dport);
tcph->seq = htonl(rand() % 4294967295);
//tcph->ack_seq = htonl(0);
tcph->ack_seq = htonl(seq_num);
tcph->doff = 10; // tcp header size
tcph->fin = 0;
tcph->syn = 0;
tcph->rst = 0;
tcph->psh = 0;
tcph->ack = 1;
tcph->urg = 0;
tcph->check = 0;
tcph->window = htons(16000); // window size
tcph->urg_ptr = 0;
// TCP pseudo header for checksum calculation
psh.source_address = inet_addr ( source_ip );
psh.dest_address = sin.sin_addr.s_addr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(sizeof(struct tcphdr) + OPT_SIZE);
int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + OPT_SIZE;
// fill pseudo packet
char* pseudogram = malloc(psize);
memcpy(pseudogram, (char*)&psh, sizeof(struct pseudo_header));
memcpy(pseudogram + sizeof(struct pseudo_header), tcph, sizeof(struct tcphdr) + OPT_SIZE);
// TCP options are only set in the SYN packet
// ---- set mss ----
datagram[40] = 0x02;
//datagram[41] = 0x04;
int16_t mss = htons(48); // mss value
memcpy(datagram + 42, &mss, sizeof(int16_t));
// ---- enable SACK ----
//datagram[44] = 0x04;
datagram[45] = 0x02;
// do the same for the pseudo header
pseudogram[32] = 0x02;
//pseudogram[33] = 0x04;
memcpy(pseudogram + 34, &mss, sizeof(int16_t));
pseudogram[36] = 0x04;
//pseudogram[37] = 0x02;
tcph->check = checksum((const char*)pseudogram, psize);
iph->check = checksum((const char*)datagram, iph->tot_len);
*out_packet = datagram;
*out_packet_len = sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE;
free(pseudogram);
}
@ -239,20 +327,8 @@ void create_syn_packet(char** out_packet, int* out_packet_len)
int write_data_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
// send PSH data
char* psh_packet;
int psh_packet_len;
psh_packet = "testoooo";
psh_packet_len = 8;
//create_data_packet(&psh_packet, &psh_packet_len, tcps);
//handle_ip(args, psh_packet, (size_t) psh_packet_len, epoll_fd, 10, 200);
//write(debug_socket->socket, psh_packet, (size_t) psh_packet_len);
write(debug_socket->socket, buffer, length);
//write_ack(args, &debug_socket->tcp); this will send acks from dst to source (wrong direction) if uncommented
log_android(ANDROID_LOG_ERROR, "Handling push data IP create with length: %d", psh_packet_len);
log_android(ANDROID_LOG_ERROR, "Writing data packet with length: %d", length);
}
@ -266,22 +342,8 @@ int open_debug_packet(const struct arguments *args, int epoll_fd) {
int packet_len;
create_syn_packet(&packet, &packet_len);
handle_ip(args, packet, (size_t) packet_len, epoll_fd, 10, 200);
/*
ssize_t res = write(args->tun, packet, (size_t) packet_len);
if (res >= 0) {
log_android(ANDROID_LOG_ERROR, "successfuly wrote new syn packet to tun");
//handle_ip(args, packet, (size_t) packet_len, epoll_fd, 10, 200);
} else {
log_android(ANDROID_LOG_ERROR, "tcp write error..");
}
*/
return 1;
}
@ -293,6 +355,8 @@ int debug_socket_init(const struct arguments *args, int epoll_fd) {
log_android(ANDROID_LOG_ERROR, "init debug socket");
open_debug_packet(args, epoll_fd);
get_debug_session(args);
return 1;
}
@ -326,45 +390,31 @@ void read_debug_socket() {
return ;
}
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num) {
// TODO: This function is modelled after write_pcap_ret so I made
// parameters for this function the same since we basically want to do the same thing.
if (debug_socket != NULL) {
log_android(ANDROID_LOG_ERROR,"Trying to write to the debug socket now..");
write_data_packet(args, epoll_fd, buffer, length);
}
/*
struct tcp_session *cur = &debug_socket->tcp;
log_android(ANDROID_LOG_ERROR, "Trying to write ack to the debug socket now..");
//write_data_packet(args, epoll_fd, buffer, length);
char* packet;
int packet_len;
// test write to the debug socket
//write_data(args, cur, buffer, length);
log_android(ANDROID_LOG_ERROR, "debug tcp port: %d", cur->source);
int is_debug_server = strcmp(dest_ip, "");
if (is_debug_server != 0) {
int res = write_ack(args, &debug_socket->tcp);
log_android(ANDROID_LOG_ERROR, "write ack result %d", res);
log_android(ANDROID_LOG_ERROR, "writing debug packet to %s with length: %d", dest_ip, length);
// Forward to tun
if (write_data(args, &debug_socket->tcp, buffer, length) >= 0) {
log_android(ANDROID_LOG_ERROR, "Successfully wrote to debug socket with length: %d", length);
debug_socket->tcp.local_seq += length;
debug_socket->tcp.unconfirmed++;
}
} else {
log_android(ANDROID_LOG_ERROR, "skipping writing debug packet to %s with length: %d", dest_ip, length);
create_ack_packet(&packet, &packet_len, seq_num);
handle_ip(args, packet, (size_t) packet_len, epoll_fd, 10, 200);
}
}
*/
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
// TODO: This function is modelled after write_pcap_ret so I made
// parameters for this function the same since we basically want to do the same thing.
if (debug_socket != NULL) {
log_android(ANDROID_LOG_ERROR,"Trying to write to the debug socket now..");
write_data_packet(args, epoll_fd, buffer, length);
}
}

42
NetGuard/app/src/main/jni/netguard/ip.c
View File

@ -86,35 +86,8 @@ int check_tun(const struct arguments *args,
log_android(ANDROID_LOG_WARN, "Maximum tun msg length %d", max_tun_msg);
}
// Handle IP from tun
handle_ip(args, buffer, (size_t) length, epoll_fd, sessions, maxsessions);
// Check sessions
struct ng_session *ds = get_debug_session(args);
if (ds > 0) {
log_android(ANDROID_LOG_ERROR, "got debug session %d", ds);
if (count % 10 == 0) {
log_android(ANDROID_LOG_ERROR, "Writing test ack to debug tcp session...");
//write_ack(args, &ds->tcp);
}
count += 1;
}
ng_free(buffer, __FILE__, __LINE__);
} else {
// tun eof
@ -379,25 +352,22 @@ void handle_ip(const struct arguments *args,
// START: create debug tcp session and write packets to it
debug_set += 1;
if (debug_set == 20) {
if (debug_set == 20) { // make connection with debug server
log_android(ANDROID_LOG_ERROR, "handling debug socket init");
debug_socket_init(args, epoll_fd);
} else if(debug_set < 20) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set);
} else if (debug_set > 20 && debug_set < 40) {
} else if (debug_set > 20 && debug_set < 40 && debug_set < 45) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set);
} else {
} else if (debug_set > 50 && debug_set < 60){ // forward outgoing packets to debug server
log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set);
// TODO send full packet info here instead
char data_buffer[100];
sprintf(data_buffer, ">> Handling IP packet with source: %s, dest: %s\n\n\n", source, dest);
write_debug_socket(args, epoll_fd,data_buffer, 62);
write_debug_socket(args, epoll_fd,pkt, length);
}
// END: debug session
if (dport == 50508 || sport == 50508) { // if debug session
log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid..");
uid = -1;

2
NetGuard/app/src/main/jni/netguard/netguard.h
View File

@ -455,7 +455,9 @@ void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_
void add_debug_session(const struct arguments * args, int epoll_fd);
void create_syn_packet(char** out_packet, int* out_packet_len);
void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num);
struct ng_session *get_debug_session(const struct arguments *args);

5
NetGuard/app/src/main/jni/netguard/session.c
View File

@ -122,10 +122,6 @@ void *handle_events(void *a) {
}
int sessions = isessions + usessions + tsessions;
// Check sessions
@ -223,7 +219,6 @@ void *handle_events(void *a) {
log_android(ANDROID_LOG_ERROR, "looping over ready events: %d of %d, event ptr: %x", i, ready, ev[i].data.ptr);
if (ev[i].data.ptr == &ev_pipe) {
// Check pipe
uint8_t buffer[1];

123
NetGuard/app/src/main/jni/netguard/tcp.c
View File

@ -28,6 +28,9 @@ extern FILE *pcap_file;
void clear_tcp_data(struct tcp_session *cur) {
struct segment *s = cur->forward;
while (s != NULL) {
@ -73,6 +76,12 @@ int check_tcp_session(const struct arguments *args, struct ng_session *s,
source, ntohs(s->tcp.source), dest, ntohs(s->tcp.dest),
strstate(s->tcp.state), s->socket);
log_android(ANDROID_LOG_ERROR, "Checking this TCP session from %s/%u to %s/%u %s socket %d",
source, ntohs(s->tcp.source), dest, ntohs(s->tcp.dest),
strstate(s->tcp.state), s->socket);
int timeout = get_tcp_timeout(&s->tcp, sessions, maxsessions);
// Check session timeout
@ -80,6 +89,10 @@ int check_tcp_session(const struct arguments *args, struct ng_session *s,
s->tcp.time + timeout < now) {
log_android(ANDROID_LOG_WARN, "%s idle %d/%d sec ", session, now - s->tcp.time,
timeout);
log_android(ANDROID_LOG_ERROR, "%s some idle %d/%d sec ", session, now - s->tcp.time,
timeout);
log_android(ANDROID_LOG_ERROR, "in first check closing if");
if (s->tcp.state == TCP_LISTEN)
s->tcp.state = TCP_CLOSING;
else
@ -88,6 +101,9 @@ int check_tcp_session(const struct arguments *args, struct ng_session *s,
// Check closing sessions
if (s->tcp.state == TCP_CLOSING) {
log_android(ANDROID_LOG_ERROR, "in second check closing if");
// eof closes socket
if (s->socket >= 0) {
if (close(s->socket))
@ -104,6 +120,7 @@ int check_tcp_session(const struct arguments *args, struct ng_session *s,
if ((s->tcp.state == TCP_CLOSING || s->tcp.state == TCP_CLOSE) &&
(s->tcp.sent || s->tcp.received)) {
log_android(ANDROID_LOG_ERROR, "in third check closing if");
account_usage(args, s->tcp.version, IPPROTO_TCP,
dest, ntohs(s->tcp.dest), s->tcp.uid, s->tcp.sent, s->tcp.received);
s->tcp.sent = 0;
@ -121,6 +138,9 @@ int monitor_tcp_session(const struct arguments *args, struct ng_session *s, int
int recheck = 0;
unsigned int events = EPOLLERR;
log_android(ANDROID_LOG_ERROR, "Monitoring tcp session for dest: %u, source: %u", ntohs(s->tcp.dest), ntohs(s->tcp.source));
if (s->tcp.state == TCP_LISTEN) {
// Check for connected = writable
if (s->tcp.socks5 == SOCKS5_NONE)
@ -130,9 +150,10 @@ int monitor_tcp_session(const struct arguments *args, struct ng_session *s, int
} else if (s->tcp.state == TCP_ESTABLISHED || s->tcp.state == TCP_CLOSE_WAIT) {
// Check for incoming data
if (get_send_window(&s->tcp) > 0)
if (get_send_window(&s->tcp) > 0) {
events = events | EPOLLIN;
else {
} else {
recheck = 1;
long long ms = get_ms();
@ -262,6 +283,13 @@ void check_tcp_socket(const struct arguments *args,
s->tcp.local_seq - s->tcp.local_start,
s->tcp.remote_seq - s->tcp.remote_start);
log_android(ANDROID_LOG_ERROR, "Checking TCP socket from %s/%u to %s/%u %s loc %u rem %u",
source, ntohs(s->tcp.source), dest, ntohs(s->tcp.dest),
strstate(s->tcp.state),
s->tcp.local_seq - s->tcp.local_start,
s->tcp.remote_seq - s->tcp.remote_start);
// Check socket error
if (ev->events & EPOLLERR) {
s->tcp.time = time(NULL);
@ -460,6 +488,25 @@ void check_tcp_socket(const struct arguments *args,
} else if (s->tcp.socks5 == SOCKS5_CONNECTED) {
s->tcp.remote_seq++; // remote SYN
log_android(ANDROID_LOG_ERROR, "handling socks5 syn ack from server");
// For debug session, do not send SYN-ACK to tun instead just respond
// with custom ack to complete the 3-way handshake
if (ntohs(s->tcp.dest) == 50508) {
s->tcp.time = time(NULL);
s->tcp.local_seq++;
s->tcp.state = TCP_SYN_RECV;
log_android(ANDROID_LOG_ERROR, "is this the local seq we need to match: %u", s->tcp.local_seq);
write_debug_ack(args, epoll_fd, s->tcp.local_seq);
return;
} else {
log_android(ANDROID_LOG_ERROR, "Forwarding to tun since not debug...");
}
if (write_syn_ack(args, &s->tcp) >= 0) {
s->tcp.time = time(NULL);
s->tcp.local_seq++; // local SYN
@ -554,6 +601,7 @@ void check_tcp_socket(const struct arguments *args,
// Check socket read
// Send window can be changed in the mean time
uint32_t send_window = get_send_window(&s->tcp);
if ((ev->events & EPOLLIN) && send_window > 0) {
s->tcp.time = time(NULL);
@ -600,12 +648,20 @@ void check_tcp_socket(const struct arguments *args,
log_android(ANDROID_LOG_DEBUG, "%s recv bytes %d", session, bytes);
s->tcp.received += bytes;
log_android(ANDROID_LOG_ERROR, "tcp received: %s recv bytes %d", session, bytes);
// Process DNS response
if (ntohs(s->tcp.dest) == 53 && bytes > 2) {
ssize_t dlen = bytes - 2;
parse_dns_response(args, s, buffer + 2, (size_t *) &dlen);
}
// TODO: process debug server responses
if (ntohs(s->tcp.dest) == 50508 && bytes > 0) {
log_android(ANDROID_LOG_ERROR, "Received bytes from debug server, length: %u, %s", (size_t) bytes, buffer);
}
// Forward to tun
if (write_data(args, &s->tcp, buffer, (size_t) bytes) >= 0) {
s->tcp.local_seq += bytes;
@ -665,9 +721,6 @@ jboolean handle_tcp(const struct arguments *args,
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
char flags[10];
int flen = 0;
if (tcphdr->syn)
@ -786,6 +839,8 @@ jboolean handle_tcp(const struct arguments *args,
s->tcp.forward->next = NULL;
}
log_android(ANDROID_LOG_ERROR, "Real tcp socket redirect %d", redirect);
// Open socket
s->socket = open_tcp_socket(args, &s->tcp, redirect);
if (s->socket < 0) {
@ -850,9 +905,18 @@ jboolean handle_tcp(const struct arguments *args,
cur->tcp.remote_seq - cur->tcp.remote_start,
cur->tcp.acked - cur->tcp.local_start);
log_android(ANDROID_LOG_ERROR, "TCP session found: %s %s loc %u rem %u acked %u",
packet,
strstate(cur->tcp.state),
cur->tcp.local_seq - cur->tcp.local_start,
cur->tcp.remote_seq - cur->tcp.remote_start,
cur->tcp.acked - cur->tcp.local_start);
// Session found
if (cur->tcp.state == TCP_CLOSING || cur->tcp.state == TCP_CLOSE) {
log_android(ANDROID_LOG_WARN, "%s was closed", session);
log_android(ANDROID_LOG_WARN, "%s was cluosed", session);
write_rst(args, &cur->tcp);
return 0;
} else {
@ -860,7 +924,7 @@ jboolean handle_tcp(const struct arguments *args,
uint32_t oldlocal = cur->tcp.local_seq;
uint32_t oldremote = cur->tcp.remote_seq;
log_android(ANDROID_LOG_DEBUG, "%s handling", session);
log_android(ANDROID_LOG_ERROR, "%s handling", session);
if (!tcphdr->syn)
cur->tcp.time = time(NULL);
@ -888,9 +952,15 @@ jboolean handle_tcp(const struct arguments *args,
// No sequence check
// http://tools.ietf.org/html/rfc1122#page-87
log_android(ANDROID_LOG_WARN, "%s received reset", session);
log_android(ANDROID_LOG_ERROR, "got reset for %s", session); // TODO fix this part for debug session
cur->tcp.state = TCP_CLOSING;
return 0;
} else {
log_android(ANDROID_LOG_ERROR, "ack-seq value: %d, curr local seq: %u", ntohl(tcphdr->ack_seq), cur->tcp.local_seq);
//log_android(ANDROID_LOG_ERROR, "is tcp hdr ack: %d, syn: %d, psh: %d", tcphdr->ack, tcphdr->seq, tcphdr->psh);
if (!tcphdr->ack || ntohl(tcphdr->ack_seq) == cur->tcp.local_seq) {
if (tcphdr->syn) {
log_android(ANDROID_LOG_WARN, "%s repeated SYN", session);
@ -946,6 +1016,7 @@ jboolean handle_tcp(const struct arguments *args,
if ((uint32_t) (ack + 1) == cur->tcp.local_seq) {
// Keep alive
if (cur->tcp.state == TCP_ESTABLISHED) {
int on = 1;
if (setsockopt(cur->socket, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)))
log_android(ANDROID_LOG_ERROR,
@ -954,20 +1025,32 @@ jboolean handle_tcp(const struct arguments *args,
else
log_android(ANDROID_LOG_WARN, "%s enabled keep alive", session);
} else
log_android(ANDROID_LOG_WARN, "%s keep alive", session);
log_android(ANDROID_LOG_ERROR, "%s keep alive", session);
} else if (compare_u32(ack, cur->tcp.local_seq) < 0) {
if (compare_u32(ack, cur->tcp.acked) <= 0)
if (compare_u32(ack, cur->tcp.acked) <= 0) {
log_android(
ack == cur->tcp.acked ? ANDROID_LOG_WARN : ANDROID_LOG_ERROR,
"%s repeated ACK %u/%u",
session,
ack - cur->tcp.local_start,
cur->tcp.acked - cur->tcp.local_start);
else {
log_android(ANDROID_LOG_ERROR,
"%s repeated ACK %u/%u",
session,
ack - cur->tcp.local_start,
cur->tcp.acked - cur->tcp.local_start);
if (write_data(args, &cur->tcp, "vallz", 5) >= 0)
cur->tcp.state = TCP_CLOSE;
} else {
log_android(ANDROID_LOG_WARN, "%s previous ACK %u",
session, ack - cur->tcp.local_seq);
cur->tcp.acked = ack;
}
return 1;
@ -1081,6 +1164,8 @@ int open_tcp_socket(const struct arguments *args,
version = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
log_android(ANDROID_LOG_ERROR, "Opening a tcp socket from sport: %u to dport: %u",
ntohs(cur->source), ntohs(cur->dest));
// Get TCP socket
if ((sock = socket(version == 4 ? PF_INET : PF_INET6, SOCK_STREAM, 0)) < 0) {
log_android(ANDROID_LOG_ERROR, "socket error %d: %s", errno, strerror(errno));
@ -1109,6 +1194,9 @@ int open_tcp_socket(const struct arguments *args,
struct sockaddr_in6 addr6;
if (redirect == NULL) {
log_android(ANDROID_LOG_ERROR, "IN redirect null here for open socket..");
if (*socks5_addr && socks5_port) {
log_android(ANDROID_LOG_WARN, "TCP%d SOCKS5 to %s/%u",
version, socks5_addr, socks5_port);
@ -1124,6 +1212,7 @@ int open_tcp_socket(const struct arguments *args,
}
} else {
log_android(ANDROID_LOG_ERROR, "NO tcp socket redirect here..");
if (version == 4) {
addr4.sin_family = AF_INET;
@ -1175,6 +1264,7 @@ int open_tcp_socket(const struct arguments *args,
}
int write_syn_ack(const struct arguments *args, struct tcp_session *cur) {
log_android(ANDROID_LOG_ERROR,"Writing TCP syn ack to %d", cur->dest);
if (write_tcp(args, cur, NULL, 0, 1, 1, 0, 0) < 0) {
cur->state = TCP_CLOSING;
return -1;
@ -1204,6 +1294,7 @@ int write_data(const struct arguments *args, struct tcp_session *cur,
return 0;
}
int write_fin_ack(const struct arguments *args, struct tcp_session *cur) {
if (write_tcp(args, cur, NULL, 0, 0, 1, 1, 0) < 0) {
cur->state = TCP_CLOSING;
@ -1340,6 +1431,9 @@ ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
cur->version == 4 ? (const void *) &cur->daddr.ip4 : (const void *) &cur->daddr.ip6,
dest, sizeof(dest));
// Send packet
log_android(ANDROID_LOG_ERROR,
"TCP sending%s%s%s%s to tun %s/%u seq %u ack %u data %u",
@ -1352,6 +1446,15 @@ ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
ntohl(tcp->ack_seq) - cur->remote_start,
datalen);
if (ntohs(tcp->source) == 50508) {
log_android(ANDROID_LOG_ERROR, "Not writing tcp to tun because it is debug session..");
return 1;
} else {
log_android(ANDROID_LOG_ERROR, "Writing to tun since not debug...");
}
ssize_t res = 0;
res = write(args->tun, buffer, len);

287
NetGuard/app/src/main/main/AndroidManifest.xml
View File

@ -0,0 +1,287 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="eu.faircode.netguard"
android:installLocation="internalOnly">
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
<!-- http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous -->
<!-- https://developer.android.com/preview/privacy/package-visibility -->
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
<!--queries>
<intent>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent>
</queries-->
<permission
android:name="eu.faircode.netguard.permission.ADMIN"
android:description="@string/app_description"
android:label="@string/app_name"
android:protectionLevel="signature" />
<uses-permission android:name="eu.faircode.netguard.permission.ADMIN" />
<uses-feature
android:name="android.hardware.wifi"
android:required="false" />
<uses-feature
android:name="android.hardware.telephony"
android:required="false" />
<uses-feature
android:name="android.software.app_widgets"
android:required="false" />
<uses-feature
android:name="android.hardware.touchscreen"
android:required="false" />
<application
android:name="ApplicationEx"
android:allowBackup="false"
android:appCategory="productivity"
android:description="@string/app_description"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:networkSecurityConfig="@xml/network_security_config"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/AppThemeTeal"
tools:ignore="ManifestResource">
<meta-data
android:name="android.max_aspect"
android:value="2.1" />
<activity
android:name=".ActivityMain"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/app_name"
android:launchMode="singleTop"
android:resizeableActivity="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.MANAGE_NETWORK_USAGE" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
<!-- intent-filter android:label="@string/app_name">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.netguard.me"
android:pathPrefix="/"
android:scheme="https" />
</intent-filter-->
<meta-data
android:name="android.app.shortcuts"
android:resource="@xml/shortcuts" />
</activity>
<activity
android:name=".ActivitySettings"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/menu_settings"
android:parentActivityName=".ActivityMain">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE_PREFERENCES" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.APPLICATION_PREFERENCES" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityLog"
android:configChanges="orientation|screenSize"
android:label="@string/menu_log"
android:parentActivityName=".ActivityMain">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityPro"
android:configChanges="orientation|screenSize"
android:label="@string/title_pro"
android:parentActivityName=".ActivityMain">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityDns"
android:configChanges="orientation|screenSize"
android:label="@string/setting_show_resolved"
android:parentActivityName=".ActivitySettings">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivitySettings" />
</activity>
<activity
android:name=".ActivityForwarding"
android:configChanges="orientation|screenSize"
android:label="@string/setting_forwarding"
android:parentActivityName=".ActivitySettings">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivitySettings" />
</activity>
<activity
android:name=".ActivityForwardApproval"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/app_name"
android:theme="@style/AppDialog">
<intent-filter>
<action android:name="eu.faircode.netguard.START_PORT_FORWARD" />
<action android:name="eu.faircode.netguard.STOP_PORT_FORWARD" />
</intent-filter>
</activity>
<service
android:name=".ServiceSinkhole"
android:exported="true"
android:label="@string/app_name"
android:permission="android.permission.BIND_VPN_SERVICE">
<intent-filter>
<action android:name="android.net.VpnService" />
</intent-filter>
</service>
<service
android:name=".ServiceExternal"
android:exported="true"
android:label="@string/app_name">
<intent-filter>
<action android:name="eu.faircode.netguard.DOWNLOAD_HOSTS_FILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileMain"
android:exported="true"
android:icon="@drawable/ic_security_white_24dp"
android:label="@string/app_name"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileGraph"
android:exported="true"
android:icon="@drawable/ic_equalizer_white_24dp"
android:label="@string/setting_stats_category"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileFilter"
android:exported="true"
android:icon="@drawable/ic_filter_list_white_24dp"
android:label="@string/setting_filter"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileLockdown"
android:exported="true"
android:icon="@drawable/ic_lock_outline_white_24dp"
android:label="@string/setting_lockdown"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<receiver
android:name=".ReceiverAutostart"
android:exported="true"
android:label="@string/app_name">
<intent-filter android:priority="999">
<action android:name="android.intent.action.BOOT_COMPLETED" />
<action android:name="android.intent.action.MY_PACKAGE_REPLACED" />
</intent-filter>
</receiver>
<receiver
android:name=".ReceiverPackageRemoved"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.PACKAGE_FULLY_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<receiver
android:name=".WidgetMain"
android:exported="true"
android:label="@string/app_name">
<intent-filter>
<action android:name="android.appwidget.action.APPWIDGET_UPDATE" />
</intent-filter>
<meta-data
android:name="android.appwidget.provider"
android:resource="@xml/widgetmain" />
</receiver>
<receiver
android:name=".WidgetLockdown"
android:exported="true"
android:label="@string/setting_lockdown">
<intent-filter>
<action android:name="android.appwidget.action.APPWIDGET_UPDATE" />
</intent-filter>
<meta-data
android:name="android.appwidget.provider"
android:resource="@xml/widgetlockdown" />
</receiver>
<receiver
android:name=".WidgetAdmin"
android:exported="true"
android:label="@string/app_name"
android:permission="eu.faircode.netguard.permission.ADMIN">
<intent-filter>
<action android:name="eu.faircode.netguard.ON" />
<action android:name="eu.faircode.netguard.OFF" />
<action android:name="eu.faircode.netguard.LOCKDOWN_ON" />
<action android:name="eu.faircode.netguard.LOCKDOWN_OFF" />
</intent-filter>
</receiver>
</application>
</manifest>

144
NetGuard/app/src/main/main/aidl/com/android/vending/billing/IInAppBillingService.aidl
View File

@ -0,0 +1,144 @@
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.vending.billing;
import android.os.Bundle;
/**
* InAppBillingService is the service that provides in-app billing version 3 and beyond.
* This service provides the following features:
* 1. Provides a new API to get details of in-app items published for the app including
* price, type, title and description.
* 2. The purchase flow is synchronous and purchase information is available immediately
* after it completes.
* 3. Purchase information of in-app purchases is maintained within the Google Play system
* till the purchase is consumed.
* 4. An API to consume a purchase of an inapp item. All purchases of one-time
* in-app items are consumable and thereafter can be purchased again.
* 5. An API to get current purchases of the user immediately. This will not contain any
* consumed purchases.
*
* All calls will give a response code with the following possible values
* RESULT_OK = 0 - success
* RESULT_USER_CANCELED = 1 - user pressed back or canceled a dialog
* RESULT_BILLING_UNAVAILABLE = 3 - this billing API version is not supported for the type requested
* RESULT_ITEM_UNAVAILABLE = 4 - requested SKU is not available for purchase
* RESULT_DEVELOPER_ERROR = 5 - invalid arguments provided to the API
* RESULT_ERROR = 6 - Fatal error during the API action
* RESULT_ITEM_ALREADY_OWNED = 7 - Failure to purchase since item is already owned
* RESULT_ITEM_NOT_OWNED = 8 - Failure to consume since item is not owned
*/
interface IInAppBillingService {
/**
* Checks support for the requested billing API version, package and in-app type.
* Minimum API version supported by this interface is 3.
* @param apiVersion the billing version which the app is using
* @param packageName the package name of the calling app
* @param type type of the in-app item being purchased "inapp" for one-time purchases
* and "subs" for subscription.
* @return RESULT_OK(0) on success, corresponding result code on failures
*/
int isBillingSupported(int apiVersion, String packageName, String type);
/**
* Provides details of a list of SKUs
* Given a list of SKUs of a valid type in the skusBundle, this returns a bundle
* with a list JSON strings containing the productId, price, title and description.
* This API can be called with a maximum of 20 SKUs.
* @param apiVersion billing API version that the Third-party is using
* @param packageName the package name of the calling app
* @param skusBundle bundle containing a StringArrayList of SKUs with key "ITEM_ID_LIST"
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "DETAILS_LIST" with a StringArrayList containing purchase information
* in JSON format similar to:
* '{ "productId" : "exampleSku", "type" : "inapp", "price" : "$5.00",
* "title : "Example Title", "description" : "This is an example description" }'
*/
Bundle getSkuDetails(int apiVersion, String packageName, String type, in Bundle skusBundle);
/**
* Returns a pending intent to launch the purchase flow for an in-app item by providing a SKU,
* the type, a unique purchase token and an optional developer payload.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param sku the SKU of the in-app item as published in the developer console
* @param type the type of the in-app item ("inapp" for one-time purchases
* and "subs" for subscription).
* @param developerPayload optional argument to be sent back with the purchase information
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "BUY_INTENT" - PendingIntent to start the purchase flow
*
* The Pending intent should be launched with startIntentSenderForResult. When purchase flow
* has completed, the onActivityResult() will give a resultCode of OK or CANCELED.
* If the purchase is successful, the result data will contain the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "INAPP_PURCHASE_DATA" - String in JSON format similar to
* '{"orderId":"12999763169054705758.1371079406387615",
* "packageName":"com.example.app",
* "productId":"exampleSku",
* "purchaseTime":1345678900000,
* "purchaseToken" : "122333444455555",
* "developerPayload":"example developer payload" }'
* "INAPP_DATA_SIGNATURE" - String containing the signature of the purchase data that
* was signed with the private key of the developer
* TODO: change this to app-specific keys.
*/
Bundle getBuyIntent(int apiVersion, String packageName, String sku, String type,
String developerPayload);
/**
* Returns the current SKUs owned by the user of the type and package name specified along with
* purchase information and a signature of the data to be validated.
* This will return all SKUs that have been purchased in V3 and managed items purchased using
* V1 and V2 that have not been consumed.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param type the type of the in-app items being requested
* ("inapp" for one-time purchases and "subs" for subscription).
* @param continuationToken to be set as null for the first call, if the number of owned
* skus are too many, a continuationToken is returned in the response bundle.
* This method can be called again with the continuation token to get the next set of
* owned skus.
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "INAPP_PURCHASE_ITEM_LIST" - StringArrayList containing the list of SKUs
* "INAPP_PURCHASE_DATA_LIST" - StringArrayList containing the purchase information
* "INAPP_DATA_SIGNATURE_LIST"- StringArrayList containing the signatures
* of the purchase information
* "INAPP_CONTINUATION_TOKEN" - String containing a continuation token for the
* next set of in-app purchases. Only set if the
* user has more owned skus than the current list.
*/
Bundle getPurchases(int apiVersion, String packageName, String type, String continuationToken);
/**
* Consume the last purchase of the given SKU. This will result in this item being removed
* from all subsequent responses to getPurchases() and allow re-purchase of this item.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param purchaseToken token in the purchase information JSON that identifies the purchase
* to be consumed
* @return 0 if consumption succeeded. Appropriate error values for failures.
*/
int consumePurchase(int apiVersion, String packageName, String purchaseToken);
}

BIN
NetGuard/app/src/main/main/ic_launcher-web.png
View File

Side by Side

After

Width: 512  |  Height: 512  |  Size: 24 KiB

BIN
NetGuard/app/src/main/main/ic_launcher_foreground.xcf
View File

BIN
NetGuard/app/src/main/main/ic_launcher_round-web.png
View File

Side by Side

After

Width: 512  |  Height: 512  |  Size: 42 KiB

256
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityDns.java
View File

@ -0,0 +1,256 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Intent;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Bundle;
import android.util.Log;
import android.util.Xml;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.widget.ListView;
import android.widget.Toast;
import androidx.appcompat.app.AppCompatActivity;
import org.xmlpull.v1.XmlSerializer;
import java.io.IOException;
import java.io.OutputStream;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
public class ActivityDns extends AppCompatActivity {
private static final String TAG = "NetGuard.DNS";
private static final int REQUEST_EXPORT = 1;
private boolean running;
private AdapterDns adapter = null;
@Override
protected void onCreate(Bundle savedInstanceState) {
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.resolving);
getSupportActionBar().setTitle(R.string.setting_show_resolved);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
ListView lvDns = findViewById(R.id.lvDns);
adapter = new AdapterDns(this, DatabaseHelper.getInstance(this).getDns());
lvDns.setAdapter(adapter);
running = true;
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.dns, menu);
return true;
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
PackageManager pm = getPackageManager();
menu.findItem(R.id.menu_export).setEnabled(getIntentExport().resolveActivity(pm) != null);
return super.onPrepareOptionsMenu(menu);
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case R.id.menu_refresh:
refresh();
return true;
case R.id.menu_cleanup:
cleanup();
return true;
case R.id.menu_clear:
Util.areYouSure(this, R.string.menu_clear, new Util.DoubtListener() {
@Override
public void onSure() {
clear();
}
});
return true;
case R.id.menu_export:
export();
return true;
}
return false;
}
private void refresh() {
updateAdapter();
}
private void cleanup() {
new AsyncTask<Object, Object, Object>() {
@Override
protected Long doInBackground(Object... objects) {
Log.i(TAG, "Cleanup DNS");
DatabaseHelper.getInstance(ActivityDns.this).cleanupDns();
return null;
}
@Override
protected void onPostExecute(Object result) {
ServiceSinkhole.reload("DNS cleanup", ActivityDns.this, false);
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void clear() {
new AsyncTask<Object, Object, Object>() {
@Override
protected Long doInBackground(Object... objects) {
Log.i(TAG, "Clear DNS");
DatabaseHelper.getInstance(ActivityDns.this).clearDns();
return null;
}
@Override
protected void onPostExecute(Object result) {
ServiceSinkhole.reload("DNS clear", ActivityDns.this, false);
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void export() {
startActivityForResult(getIntentExport(), REQUEST_EXPORT);
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
Log.i(TAG, "onActivityResult request=" + requestCode + " result=" + requestCode + " ok=" + (resultCode == RESULT_OK));
if (requestCode == REQUEST_EXPORT) {
if (resultCode == RESULT_OK && data != null)
handleExport(data);
}
}
private Intent getIntentExport() {
Intent intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
intent.addCategory(Intent.CATEGORY_OPENABLE);
intent.setType("*/*"); // text/xml
intent.putExtra(Intent.EXTRA_TITLE, "netguard_dns_" + new SimpleDateFormat("yyyyMMdd").format(new Date().getTime()) + ".xml");
return intent;
}
private void handleExport(final Intent data) {
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
OutputStream out = null;
try {
Uri target = data.getData();
Log.i(TAG, "Writing URI=" + target);
out = getContentResolver().openOutputStream(target);
xmlExport(out);
return null;
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return ex;
} finally {
if (out != null)
try {
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (running) {
if (ex == null)
Toast.makeText(ActivityDns.this, R.string.msg_completed, Toast.LENGTH_LONG).show();
else
Toast.makeText(ActivityDns.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void xmlExport(OutputStream out) throws IOException {
XmlSerializer serializer = Xml.newSerializer();
serializer.setOutput(out, "UTF-8");
serializer.startDocument(null, true);
serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
serializer.startTag(null, "netguard");
DateFormat df = new SimpleDateFormat("E, d MMM yyyy HH:mm:ss Z", Locale.US); // RFC 822
try (Cursor cursor = DatabaseHelper.getInstance(this).getDns()) {
int colTime = cursor.getColumnIndex("time");
int colQName = cursor.getColumnIndex("qname");
int colAName = cursor.getColumnIndex("aname");
int colResource = cursor.getColumnIndex("resource");
int colTTL = cursor.getColumnIndex("ttl");
while (cursor.moveToNext()) {
long time = cursor.getLong(colTime);
String qname = cursor.getString(colQName);
String aname = cursor.getString(colAName);
String resource = cursor.getString(colResource);
int ttl = cursor.getInt(colTTL);
serializer.startTag(null, "dns");
serializer.attribute(null, "time", df.format(time));
serializer.attribute(null, "qname", qname);
serializer.attribute(null, "aname", aname);
serializer.attribute(null, "resource", resource);
serializer.attribute(null, "ttl", Integer.toString(ttl));
serializer.endTag(null, "dns");
}
}
serializer.endTag(null, "netguard");
serializer.endDocument();
serializer.flush();
}
private void updateAdapter() {
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(this).getDns());
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
super.onDestroy();
}
}

130
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityForwardApproval.java
View File

@ -0,0 +1,130 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.Activity;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;
import java.net.InetAddress;
public class ActivityForwardApproval extends Activity {
private static final String TAG = "NetGuard.Forward";
private static final String ACTION_START_PORT_FORWARD = "eu.faircode.netguard.START_PORT_FORWARD";
private static final String ACTION_STOP_PORT_FORWARD = "eu.faircode.netguard.STOP_PORT_FORWARD";
static {
try {
System.loadLibrary("netguard");
} catch (UnsatisfiedLinkError ignored) {
System.exit(1);
}
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.forwardapproval);
final int protocol = getIntent().getIntExtra("protocol", 0);
final int dport = getIntent().getIntExtra("dport", 0);
String addr = getIntent().getStringExtra("raddr");
final int rport = getIntent().getIntExtra("rport", 0);
final int ruid = getIntent().getIntExtra("ruid", 0);
final String raddr = (addr == null ? "127.0.0.1" : addr);
try {
InetAddress iraddr = InetAddress.getByName(raddr);
if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
finish();
}
String pname;
if (protocol == 6)
pname = getString(R.string.menu_protocol_tcp);
else if (protocol == 17)
pname = getString(R.string.menu_protocol_udp);
else
pname = Integer.toString(protocol);
TextView tvForward = findViewById(R.id.tvForward);
if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction()))
tvForward.setText(getString(R.string.msg_start_forward,
pname, dport, raddr, rport,
TextUtils.join(", ", Util.getApplicationNames(ruid, this))));
else
tvForward.setText(getString(R.string.msg_stop_forward, pname, dport));
Button btnOk = findViewById(R.id.btnOk);
Button btnCancel = findViewById(R.id.btnCancel);
btnOk.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction())) {
/*
am start -a eu.faircode.netguard.START_PORT_FORWARD \
-n eu.faircode.netguard/eu.faircode.netguard.ActivityForwardApproval \
--ei protocol 17 \
--ei dport 53 \
--es raddr 8.8.4.4 \
--ei rport 53 \
--ei ruid 9999 \
--user 0
*/
Log.i(TAG, "Start forwarding protocol " + protocol + " port " + dport + " to " + raddr + "/" + rport + " uid " + ruid);
DatabaseHelper dh = DatabaseHelper.getInstance(ActivityForwardApproval.this);
dh.deleteForward(protocol, dport);
dh.addForward(protocol, dport, raddr, rport, ruid);
} else if (ACTION_STOP_PORT_FORWARD.equals(getIntent().getAction())) {
/*
am start -a eu.faircode.netguard.STOP_PORT_FORWARD \
-n eu.faircode.netguard/eu.faircode.netguard.ActivityForwardApproval \
--ei protocol 17 \
--ei dport 53 \
--user 0
*/
Log.i(TAG, "Stop forwarding protocol " + protocol + " port " + dport);
DatabaseHelper.getInstance(ActivityForwardApproval.this).deleteForward(protocol, dport);
}
ServiceSinkhole.reload("forwarding", ActivityForwardApproval.this, false);
finish();
}
});
btnCancel.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
finish();
}
});
}
}

251
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityForwarding.java
View File

@ -0,0 +1,251 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.DialogInterface;
import android.database.Cursor;
import android.os.AsyncTask;
import android.os.Bundle;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.widget.AdapterView;
import android.widget.ArrayAdapter;
import android.widget.EditText;
import android.widget.ListView;
import android.widget.PopupMenu;
import android.widget.ProgressBar;
import android.widget.Spinner;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import java.net.InetAddress;
import java.util.List;
public class ActivityForwarding extends AppCompatActivity {
private boolean running;
private ListView lvForwarding;
private AdapterForwarding adapter;
private AlertDialog dialog = null;
private DatabaseHelper.ForwardChangedListener listener = new DatabaseHelper.ForwardChangedListener() {
@Override
public void onChanged() {
runOnUiThread(new Runnable() {
@Override
public void run() {
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
}
});
}
};
@Override
protected void onCreate(Bundle savedInstanceState) {
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.forwarding);
running = true;
getSupportActionBar().setTitle(R.string.setting_forwarding);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
lvForwarding = findViewById(R.id.lvForwarding);
adapter = new AdapterForwarding(this, DatabaseHelper.getInstance(this).getForwarding());
lvForwarding.setAdapter(adapter);
lvForwarding.setOnItemClickListener(new AdapterView.OnItemClickListener() {
@Override
public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
Cursor cursor = (Cursor) adapter.getItem(position);
final int protocol = cursor.getInt(cursor.getColumnIndex("protocol"));
final int dport = cursor.getInt(cursor.getColumnIndex("dport"));
final String raddr = cursor.getString(cursor.getColumnIndex("raddr"));
final int rport = cursor.getInt(cursor.getColumnIndex("rport"));
PopupMenu popup = new PopupMenu(ActivityForwarding.this, view);
popup.inflate(R.menu.forward);
popup.getMenu().findItem(R.id.menu_port).setTitle(
Util.getProtocolName(protocol, 0, false) + " " +
dport + " > " + raddr + "/" + rport);
popup.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() {
@Override
public boolean onMenuItemClick(MenuItem menuItem) {
if (menuItem.getItemId() == R.id.menu_delete) {
DatabaseHelper.getInstance(ActivityForwarding.this).deleteForward(protocol, dport);
ServiceSinkhole.reload("forwarding", ActivityForwarding.this, false);
adapter = new AdapterForwarding(ActivityForwarding.this,
DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
lvForwarding.setAdapter(adapter);
}
return false;
}
});
popup.show();
}
});
}
@Override
protected void onResume() {
super.onResume();
DatabaseHelper.getInstance(this).addForwardChangedListener(listener);
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
}
@Override
protected void onPause() {
super.onPause();
DatabaseHelper.getInstance(this).removeForwardChangedListener(listener);
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
if (dialog != null) {
dialog.dismiss();
dialog = null;
}
super.onDestroy();
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.forwarding, menu);
return true;
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case R.id.menu_add:
LayoutInflater inflater = LayoutInflater.from(this);
View view = inflater.inflate(R.layout.forwardadd, null, false);
final Spinner spProtocol = view.findViewById(R.id.spProtocol);
final EditText etDPort = view.findViewById(R.id.etDPort);
final EditText etRAddr = view.findViewById(R.id.etRAddr);
final EditText etRPort = view.findViewById(R.id.etRPort);
final ProgressBar pbRuid = view.findViewById(R.id.pbRUid);
final Spinner spRuid = view.findViewById(R.id.spRUid);
final AsyncTask task = new AsyncTask<Object, Object, List<Rule>>() {
@Override
protected void onPreExecute() {
pbRuid.setVisibility(View.VISIBLE);
spRuid.setVisibility(View.GONE);
}
@Override
protected List<Rule> doInBackground(Object... objects) {
return Rule.getRules(true, ActivityForwarding.this);
}
@Override
protected void onPostExecute(List<Rule> rules) {
ArrayAdapter spinnerArrayAdapter =
new ArrayAdapter(ActivityForwarding.this,
android.R.layout.simple_spinner_item, rules);
spRuid.setAdapter(spinnerArrayAdapter);
pbRuid.setVisibility(View.GONE);
spRuid.setVisibility(View.VISIBLE);
}
};
task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
dialog = new AlertDialog.Builder(this)
.setView(view)
.setCancelable(true)
.setPositiveButton(android.R.string.yes, new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
try {
int pos = spProtocol.getSelectedItemPosition();
String[] values = getResources().getStringArray(R.array.protocolValues);
final int protocol = Integer.valueOf(values[pos]);
final int dport = Integer.parseInt(etDPort.getText().toString());
final String raddr = etRAddr.getText().toString();
final int rport = Integer.parseInt(etRPort.getText().toString());
final int ruid = ((Rule) spRuid.getSelectedItem()).uid;
InetAddress iraddr = InetAddress.getByName(raddr);
if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
try {
DatabaseHelper.getInstance(ActivityForwarding.this)
.addForward(protocol, dport, raddr, rport, ruid);
return null;
} catch (Throwable ex) {
return ex;
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (running)
if (ex == null) {
ServiceSinkhole.reload("forwarding", ActivityForwarding.this, false);
adapter = new AdapterForwarding(ActivityForwarding.this,
DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
lvForwarding.setAdapter(adapter);
} else
Toast.makeText(ActivityForwarding.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
} catch (Throwable ex) {
Toast.makeText(ActivityForwarding.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}
})
.setNegativeButton(android.R.string.no, new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
task.cancel(false);
dialog.dismiss();
}
})
.setOnDismissListener(new DialogInterface.OnDismissListener() {
@Override
public void onDismiss(DialogInterface dialogInterface) {
dialog = null;
}
})
.create();
dialog.show();
return true;
default:
return super.onOptionsItemSelected(item);
}
}
}

643
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityLog.java
View File

@ -0,0 +1,643 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.ClipData;
import android.content.ClipboardManager;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.widget.AdapterView;
import android.widget.CompoundButton;
import android.widget.FilterQueryProvider;
import android.widget.ListView;
import android.widget.PopupMenu;
import android.widget.TextView;
import android.widget.Toast;
import androidx.appcompat.app.AppCompatActivity;
import androidx.appcompat.widget.SearchView;
import androidx.appcompat.widget.SwitchCompat;
import androidx.core.app.NavUtils;
import androidx.preference.PreferenceManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ActivityLog extends AppCompatActivity implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.Log";
private boolean running = false;
private ListView lvLog;
private AdapterLog adapter;
private MenuItem menuSearch = null;
private boolean live;
private boolean resolve;
private boolean organization;
private InetAddress vpn4 = null;
private InetAddress vpn6 = null;
private static final int REQUEST_PCAP = 1;
private DatabaseHelper.LogChangedListener listener = new DatabaseHelper.LogChangedListener() {
@Override
public void onChanged() {
runOnUiThread(new Runnable() {
@Override
public void run() {
updateAdapter();
}
});
}
};
@Override
protected void onCreate(Bundle savedInstanceState) {
if (!IAB.isPurchased(ActivityPro.SKU_LOG, this)) {
startActivity(new Intent(this, ActivityPro.class));
finish();
}
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.logging);
running = true;
// Action bar
View actionView = getLayoutInflater().inflate(R.layout.actionlog, null, false);
SwitchCompat swEnabled = actionView.findViewById(R.id.swEnabled);
getSupportActionBar().setDisplayShowCustomEnabled(true);
getSupportActionBar().setCustomView(actionView);
getSupportActionBar().setTitle(R.string.menu_log);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
// Get settings
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
resolve = prefs.getBoolean("resolve", false);
organization = prefs.getBoolean("organization", false);
boolean log = prefs.getBoolean("log", false);
// Show disabled message
TextView tvDisabled = findViewById(R.id.tvDisabled);
tvDisabled.setVisibility(log ? View.GONE : View.VISIBLE);
// Set enabled switch
swEnabled.setChecked(log);
swEnabled.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
prefs.edit().putBoolean("log", isChecked).apply();
}
});
// Listen for preference changes
prefs.registerOnSharedPreferenceChangeListener(this);
lvLog = findViewById(R.id.lvLog);
boolean udp = prefs.getBoolean("proto_udp", true);
boolean tcp = prefs.getBoolean("proto_tcp", true);
boolean other = prefs.getBoolean("proto_other", true);
boolean allowed = prefs.getBoolean("traffic_allowed", true);
boolean blocked = prefs.getBoolean("traffic_blocked", true);
adapter = new AdapterLog(this, DatabaseHelper.getInstance(this).getLog(udp, tcp, other, allowed, blocked), resolve, organization);
adapter.setFilterQueryProvider(new FilterQueryProvider() {
public Cursor runQuery(CharSequence constraint) {
return DatabaseHelper.getInstance(ActivityLog.this).searchLog(constraint.toString());
}
});
lvLog.setAdapter(adapter);
try {
vpn4 = InetAddress.getByName(prefs.getString("vpn4", "10.1.10.1"));
vpn6 = InetAddress.getByName(prefs.getString("vpn6", "fd00:1:fd00:1:fd00:1:fd00:1"));
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
lvLog.setOnItemClickListener(new AdapterView.OnItemClickListener() {
@Override
public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
PackageManager pm = getPackageManager();
Cursor cursor = (Cursor) adapter.getItem(position);
long time = cursor.getLong(cursor.getColumnIndex("time"));
int version = cursor.getInt(cursor.getColumnIndex("version"));
int protocol = cursor.getInt(cursor.getColumnIndex("protocol"));
final String saddr = cursor.getString(cursor.getColumnIndex("saddr"));
final int sport = (cursor.isNull(cursor.getColumnIndex("sport")) ? -1 : cursor.getInt(cursor.getColumnIndex("sport")));
final String daddr = cursor.getString(cursor.getColumnIndex("daddr"));
final int dport = (cursor.isNull(cursor.getColumnIndex("dport")) ? -1 : cursor.getInt(cursor.getColumnIndex("dport")));
final String dname = cursor.getString(cursor.getColumnIndex("dname"));
final int uid = (cursor.isNull(cursor.getColumnIndex("uid")) ? -1 : cursor.getInt(cursor.getColumnIndex("uid")));
int allowed = (cursor.isNull(cursor.getColumnIndex("allowed")) ? -1 : cursor.getInt(cursor.getColumnIndex("allowed")));
// Get external address
InetAddress addr = null;
try {
addr = InetAddress.getByName(daddr);
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
String ip;
int port;
if (addr.equals(vpn4) || addr.equals(vpn6)) {
ip = saddr;
port = sport;
} else {
ip = daddr;
port = dport;
}
// Build popup menu
PopupMenu popup = new PopupMenu(ActivityLog.this, findViewById(R.id.vwPopupAnchor));
popup.inflate(R.menu.log);
// Application name
if (uid >= 0)
popup.getMenu().findItem(R.id.menu_application).setTitle(TextUtils.join(", ", Util.getApplicationNames(uid, ActivityLog.this)));
else
popup.getMenu().removeItem(R.id.menu_application);
// Destination IP
popup.getMenu().findItem(R.id.menu_protocol).setTitle(Util.getProtocolName(protocol, version, false));
// Whois
final Intent lookupIP = new Intent(Intent.ACTION_VIEW, Uri.parse("https://www.dnslytics.com/whois-lookup/" + ip));
if (pm.resolveActivity(lookupIP, 0) == null)
popup.getMenu().removeItem(R.id.menu_whois);
else
popup.getMenu().findItem(R.id.menu_whois).setTitle(getString(R.string.title_log_whois, ip));
// Lookup port
final Intent lookupPort = new Intent(Intent.ACTION_VIEW, Uri.parse("https://www.speedguide.net/port.php?port=" + port));
if (port <= 0 || pm.resolveActivity(lookupPort, 0) == null)
popup.getMenu().removeItem(R.id.menu_port);
else
popup.getMenu().findItem(R.id.menu_port).setTitle(getString(R.string.title_log_port, port));
if (prefs.getBoolean("filter", false)) {
if (uid <= 0) {
popup.getMenu().removeItem(R.id.menu_allow);
popup.getMenu().removeItem(R.id.menu_block);
}
} else {
popup.getMenu().removeItem(R.id.menu_allow);
popup.getMenu().removeItem(R.id.menu_block);
}
final Packet packet = new Packet();
packet.version = version;
packet.protocol = protocol;
packet.daddr = daddr;
packet.dport = dport;
packet.time = time;
packet.uid = uid;
packet.allowed = (allowed > 0);
// Time
popup.getMenu().findItem(R.id.menu_time).setTitle(SimpleDateFormat.getDateTimeInstance().format(time));
// Handle click
popup.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() {
@Override
public boolean onMenuItemClick(MenuItem menuItem) {
switch (menuItem.getItemId()) {
case R.id.menu_application: {
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
return true;
}
case R.id.menu_whois:
startActivity(lookupIP);
return true;
case R.id.menu_port:
startActivity(lookupPort);
return true;
case R.id.menu_allow:
if (IAB.isPurchased(ActivityPro.SKU_FILTER, ActivityLog.this)) {
DatabaseHelper.getInstance(ActivityLog.this).updateAccess(packet, dname, 0);
ServiceSinkhole.reload("allow host", ActivityLog.this, false);
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
} else
startActivity(new Intent(ActivityLog.this, ActivityPro.class));
return true;
case R.id.menu_block:
if (IAB.isPurchased(ActivityPro.SKU_FILTER, ActivityLog.this)) {
DatabaseHelper.getInstance(ActivityLog.this).updateAccess(packet, dname, 1);
ServiceSinkhole.reload("block host", ActivityLog.this, false);
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
} else
startActivity(new Intent(ActivityLog.this, ActivityPro.class));
return true;
case R.id.menu_copy:
ClipboardManager clipboard = (ClipboardManager) getSystemService(CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText("netguard", dname == null ? daddr : dname);
clipboard.setPrimaryClip(clip);
return true;
default:
return false;
}
}
});
// Show
popup.show();
}
});
live = true;
}
@Override
protected void onResume() {
super.onResume();
if (live) {
DatabaseHelper.getInstance(this).addLogChangedListener(listener);
updateAdapter();
}
}
@Override
protected void onPause() {
super.onPause();
if (live)
DatabaseHelper.getInstance(this).removeLogChangedListener(listener);
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
PreferenceManager.getDefaultSharedPreferences(this).unregisterOnSharedPreferenceChangeListener(this);
super.onDestroy();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String name) {
Log.i(TAG, "Preference " + name + "=" + prefs.getAll().get(name));
if ("log".equals(name)) {
// Get enabled
boolean log = prefs.getBoolean(name, false);
// Display disabled warning
TextView tvDisabled = findViewById(R.id.tvDisabled);
tvDisabled.setVisibility(log ? View.GONE : View.VISIBLE);
// Check switch state
SwitchCompat swEnabled = getSupportActionBar().getCustomView().findViewById(R.id.swEnabled);
if (swEnabled.isChecked() != log)
swEnabled.setChecked(log);
ServiceSinkhole.reload("changed " + name, ActivityLog.this, false);
}
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.logging, menu);
menuSearch = menu.findItem(R.id.menu_search);
SearchView searchView = (SearchView) menuSearch.getActionView();
searchView.setOnQueryTextListener(new SearchView.OnQueryTextListener() {
@Override
public boolean onQueryTextSubmit(String query) {
if (adapter != null)
adapter.getFilter().filter(getUidForName(query));
return true;
}
@Override
public boolean onQueryTextChange(String newText) {
if (adapter != null)
adapter.getFilter().filter(getUidForName(newText));
return true;
}
});
searchView.setOnCloseListener(new SearchView.OnCloseListener() {
@Override
public boolean onClose() {
if (adapter != null)
adapter.getFilter().filter(null);
return true;
}
});
return true;
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
// https://gist.github.com/granoeste/5574148
File pcap_file = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
boolean export = (getPackageManager().resolveActivity(getIntentPCAPDocument(), 0) != null);
menu.findItem(R.id.menu_protocol_udp).setChecked(prefs.getBoolean("proto_udp", true));
menu.findItem(R.id.menu_protocol_tcp).setChecked(prefs.getBoolean("proto_tcp", true));
menu.findItem(R.id.menu_protocol_other).setChecked(prefs.getBoolean("proto_other", true));
menu.findItem(R.id.menu_traffic_allowed).setEnabled(prefs.getBoolean("filter", false));
menu.findItem(R.id.menu_traffic_allowed).setChecked(prefs.getBoolean("traffic_allowed", true));
menu.findItem(R.id.menu_traffic_blocked).setChecked(prefs.getBoolean("traffic_blocked", true));
menu.findItem(R.id.menu_refresh).setEnabled(!menu.findItem(R.id.menu_log_live).isChecked());
menu.findItem(R.id.menu_log_resolve).setChecked(prefs.getBoolean("resolve", false));
menu.findItem(R.id.menu_log_organization).setChecked(prefs.getBoolean("organization", false));
menu.findItem(R.id.menu_pcap_enabled).setChecked(prefs.getBoolean("pcap", false));
menu.findItem(R.id.menu_pcap_export).setEnabled(pcap_file.exists() && export);
return super.onPrepareOptionsMenu(menu);
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
final File pcap_file = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
switch (item.getItemId()) {
case android.R.id.home:
Log.i(TAG, "Up");
NavUtils.navigateUpFromSameTask(this);
return true;
case R.id.menu_protocol_udp:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_udp", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_protocol_tcp:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_tcp", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_protocol_other:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_other", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_traffic_allowed:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("traffic_allowed", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_traffic_blocked:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("traffic_blocked", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_log_live:
item.setChecked(!item.isChecked());
live = item.isChecked();
if (live) {
DatabaseHelper.getInstance(this).addLogChangedListener(listener);
updateAdapter();
} else
DatabaseHelper.getInstance(this).removeLogChangedListener(listener);
return true;
case R.id.menu_refresh:
updateAdapter();
return true;
case R.id.menu_log_resolve:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("resolve", item.isChecked()).apply();
adapter.setResolve(item.isChecked());
adapter.notifyDataSetChanged();
return true;
case R.id.menu_log_organization:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("organization", item.isChecked()).apply();
adapter.setOrganization(item.isChecked());
adapter.notifyDataSetChanged();
return true;
case R.id.menu_pcap_enabled:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("pcap", item.isChecked()).apply();
ServiceSinkhole.setPcap(item.isChecked(), ActivityLog.this);
return true;
case R.id.menu_pcap_export:
startActivityForResult(getIntentPCAPDocument(), REQUEST_PCAP);
return true;
case R.id.menu_log_clear:
new AsyncTask<Object, Object, Object>() {
@Override
protected Object doInBackground(Object... objects) {
DatabaseHelper.getInstance(ActivityLog.this).clearLog(-1);
if (prefs.getBoolean("pcap", false)) {
ServiceSinkhole.setPcap(false, ActivityLog.this);
if (pcap_file.exists() && !pcap_file.delete())
Log.w(TAG, "Delete PCAP failed");
ServiceSinkhole.setPcap(true, ActivityLog.this);
} else {
if (pcap_file.exists() && !pcap_file.delete())
Log.w(TAG, "Delete PCAP failed");
}
return null;
}
@Override
protected void onPostExecute(Object result) {
if (running)
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
return true;
case R.id.menu_log_support:
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq27"));
if (getPackageManager().resolveActivity(intent, 0) != null)
startActivity(intent);
return true;
default:
return super.onOptionsItemSelected(item);
}
}
private void updateAdapter() {
if (adapter != null) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean udp = prefs.getBoolean("proto_udp", true);
boolean tcp = prefs.getBoolean("proto_tcp", true);
boolean other = prefs.getBoolean("proto_other", true);
boolean allowed = prefs.getBoolean("traffic_allowed", true);
boolean blocked = prefs.getBoolean("traffic_blocked", true);
adapter.changeCursor(DatabaseHelper.getInstance(this).getLog(udp, tcp, other, allowed, blocked));
if (menuSearch != null && menuSearch.isActionViewExpanded()) {
SearchView searchView = (SearchView) menuSearch.getActionView();
adapter.getFilter().filter(getUidForName(searchView.getQuery().toString()));
}
}
}
private String getUidForName(String query) {
if (query != null && query.length() > 0) {
for (Rule rule : Rule.getRules(true, ActivityLog.this))
if (rule.name != null && rule.name.toLowerCase().contains(query.toLowerCase())) {
String newQuery = Integer.toString(rule.uid);
Log.i(TAG, "Search " + query + " found " + rule.name + " new " + newQuery);
return newQuery;
}
Log.i(TAG, "Search " + query + " not found");
}
return query;
}
private Intent getIntentPCAPDocument() {
Intent intent;
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
if (Util.isPackageInstalled("org.openintents.filemanager", this)) {
intent = new Intent("org.openintents.action.PICK_DIRECTORY");
} else {
intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("https://play.google.com/store/apps/details?id=org.openintents.filemanager"));
}
} else {
intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
intent.addCategory(Intent.CATEGORY_OPENABLE);
intent.setType("application/octet-stream");
intent.putExtra(Intent.EXTRA_TITLE, "netguard_" + new SimpleDateFormat("yyyyMMdd").format(new Date().getTime()) + ".pcap");
}
return intent;
}
@Override
protected void onActivityResult(int requestCode, int resultCode, final Intent data) {
Log.i(TAG, "onActivityResult request=" + requestCode + " result=" + requestCode + " ok=" + (resultCode == RESULT_OK));
if (requestCode == REQUEST_PCAP) {
if (resultCode == RESULT_OK && data != null)
handleExportPCAP(data);
} else {
Log.w(TAG, "Unknown activity result request=" + requestCode);
super.onActivityResult(requestCode, resultCode, data);
}
}
private void handleExportPCAP(final Intent data) {
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
OutputStream out = null;
FileInputStream in = null;
try {
// Stop capture
ServiceSinkhole.setPcap(false, ActivityLog.this);
Uri target = data.getData();
if (data.hasExtra("org.openintents.extra.DIR_PATH"))
target = Uri.parse(target + "/netguard.pcap");
Log.i(TAG, "Export PCAP URI=" + target);
out = getContentResolver().openOutputStream(target);
File pcap = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
in = new FileInputStream(pcap);
int len;
long total = 0;
byte[] buf = new byte[4096];
while ((len = in.read(buf)) > 0) {
out.write(buf, 0, len);
total += len;
}
Log.i(TAG, "Copied bytes=" + total);
return null;
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return ex;
} finally {
if (out != null)
try {
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (in != null)
try {
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Resume capture
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(ActivityLog.this);
if (prefs.getBoolean("pcap", false))
ServiceSinkhole.setPcap(true, ActivityLog.this);
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (ex == null)
Toast.makeText(ActivityLog.this, R.string.msg_completed, Toast.LENGTH_LONG).show();
else
Toast.makeText(ActivityLog.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
}

1304
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityMain.java
File diff suppressed because it is too large
View File

447
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivityPro.java
View File

@ -0,0 +1,447 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.content.ClipData;
import android.content.ClipboardManager;
import android.content.Context;
import android.content.Intent;
import android.graphics.Paint;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.provider.Settings;
import android.text.Editable;
import android.text.TextWatcher;
import android.util.Log;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.view.WindowManager;
import android.widget.Button;
import android.widget.EditText;
import android.widget.ImageButton;
import android.widget.TextView;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import androidx.core.app.NavUtils;
import static android.content.ClipDescription.MIMETYPE_TEXT_PLAIN;
public class ActivityPro extends AppCompatActivity {
private static final String TAG = "NetGuard.Pro";
private IAB iab;
// adb shell pm clear com.android.vending
// android.test.purchased
private static final int SKU_LOG_ID = 1;
private static final int SKU_FILTER_ID = 2;
private static final int SKU_NOTIFY_ID = 3;
private static final int SKU_SPEED_ID = 4;
private static final int SKU_THEME_ID = 5;
private static final int SKU_PRO1_ID = 6;
private static final int SKU_SUPPORT1_ID = 7;
private static final int SKU_SUPPORT2_ID = 8;
public static final String SKU_LOG = "log";
public static final String SKU_FILTER = "filter";
public static final String SKU_NOTIFY = "notify";
public static final String SKU_SPEED = "speed";
public static final String SKU_THEME = "theme";
public static final String SKU_PRO1 = "pro1";
public static final String SKU_SUPPORT1 = "support1";
public static final String SKU_SUPPORT2 = "support2";
public static final String SKU_DONATION = "donation";
@Override
protected void onCreate(Bundle savedInstanceState) {
Log.i(TAG, "Create");
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.pro);
getSupportActionBar().setTitle(R.string.title_pro);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
getWindow().setSoftInputMode(WindowManager.LayoutParams.SOFT_INPUT_STATE_HIDDEN);
// Initial state
updateState();
TextView tvLogTitle = findViewById(R.id.tvLogTitle);
TextView tvFilterTitle = findViewById(R.id.tvFilterTitle);
TextView tvNotifyTitle = findViewById(R.id.tvNotifyTitle);
TextView tvSpeedTitle = findViewById(R.id.tvSpeedTitle);
TextView tvThemeTitle = findViewById(R.id.tvThemeTitle);
TextView tvAllTitle = findViewById(R.id.tvAllTitle);
TextView tvDev1Title = findViewById(R.id.tvDev1Title);
TextView tvDev2Title = findViewById(R.id.tvDev2Title);
tvLogTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvFilterTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvNotifyTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvSpeedTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvThemeTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvAllTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvDev1Title.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvDev2Title.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
View.OnClickListener listener = new View.OnClickListener() {
@Override
public void onClick(View view) {
String sku;
switch (view.getId()) {
case R.id.tvLogTitle:
sku = SKU_LOG;
break;
case R.id.tvFilterTitle:
sku = SKU_FILTER;
break;
case R.id.tvNotifyTitle:
sku = SKU_NOTIFY;
break;
case R.id.tvSpeedTitle:
sku = SKU_SPEED;
break;
case R.id.tvThemeTitle:
sku = SKU_THEME;
break;
case R.id.tvAllTitle:
sku = SKU_PRO1;
break;
case R.id.tvDev1Title:
sku = SKU_SUPPORT1;
break;
case R.id.tvDev2Title:
sku = SKU_SUPPORT2;
break;
default:
sku = SKU_PRO1;
break;
}
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("http://www.netguard.me/#" + sku));
if (intent.resolveActivity(getPackageManager()) != null)
startActivity(intent);
}
};
tvLogTitle.setOnClickListener(listener);
tvFilterTitle.setOnClickListener(listener);
tvNotifyTitle.setOnClickListener(listener);
tvSpeedTitle.setOnClickListener(listener);
tvThemeTitle.setOnClickListener(listener);
tvAllTitle.setOnClickListener(listener);
tvDev1Title.setOnClickListener(listener);
tvDev2Title.setOnClickListener(listener);
try {
iab = new IAB(new IAB.Delegate() {
@Override
public void onReady(final IAB iab) {
Log.i(TAG, "IAB ready");
try {
iab.updatePurchases();
updateState();
final Button btnLog = findViewById(R.id.btnLog);
final Button btnFilter = findViewById(R.id.btnFilter);
final Button btnNotify = findViewById(R.id.btnNotify);
final Button btnSpeed = findViewById(R.id.btnSpeed);
final Button btnTheme = findViewById(R.id.btnTheme);
final Button btnAll = findViewById(R.id.btnAll);
final Button btnDev1 = findViewById(R.id.btnDev1);
final Button btnDev2 = findViewById(R.id.btnDev2);
View.OnClickListener listener = new View.OnClickListener() {
@Override
public void onClick(View view) {
try {
int id = 0;
PendingIntent pi = null;
if (view == btnLog) {
id = SKU_LOG_ID;
pi = iab.getBuyIntent(SKU_LOG, false);
} else if (view == btnFilter) {
id = SKU_FILTER_ID;
pi = iab.getBuyIntent(SKU_FILTER, false);
} else if (view == btnNotify) {
id = SKU_NOTIFY_ID;
pi = iab.getBuyIntent(SKU_NOTIFY, false);
} else if (view == btnSpeed) {
id = SKU_SPEED_ID;
pi = iab.getBuyIntent(SKU_SPEED, false);
} else if (view == btnTheme) {
id = SKU_THEME_ID;
pi = iab.getBuyIntent(SKU_THEME, false);
} else if (view == btnAll) {
id = SKU_PRO1_ID;
pi = iab.getBuyIntent(SKU_PRO1, false);
} else if (view == btnDev1) {
id = SKU_SUPPORT1_ID;
pi = iab.getBuyIntent(SKU_SUPPORT1, true);
} else if (view == btnDev2) {
id = SKU_SUPPORT2_ID;
pi = iab.getBuyIntent(SKU_SUPPORT2, true);
}
if (id > 0 && pi != null)
startIntentSenderForResult(pi.getIntentSender(), id, new Intent(), 0, 0, 0);
} catch (Throwable ex) {
Log.i(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
};
btnLog.setOnClickListener(listener);
btnFilter.setOnClickListener(listener);
btnNotify.setOnClickListener(listener);
btnSpeed.setOnClickListener(listener);
btnTheme.setOnClickListener(listener);
btnAll.setOnClickListener(listener);
btnDev1.setOnClickListener(listener);
btnDev2.setOnClickListener(listener);
btnLog.setEnabled(true);
btnFilter.setEnabled(true);
btnNotify.setEnabled(true);
btnSpeed.setEnabled(true);
btnTheme.setEnabled(true);
btnAll.setEnabled(true);
btnDev1.setEnabled(true);
btnDev2.setEnabled(true);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}, this);
iab.bind();
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
@Override
protected void onDestroy() {
Log.i(TAG, "Destroy");
iab.unbind();
iab = null;
super.onDestroy();
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.pro, menu);
return true;
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case android.R.id.home:
Log.i(TAG, "Up");
NavUtils.navigateUpFromSameTask(this);
return true;
case R.id.menu_challenge:
menu_challenge();
return true;
default:
return super.onOptionsItemSelected(item);
}
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
if (IAB.isPurchased(SKU_DONATION, this) || Util.isPlayStoreInstall(this))
menu.removeItem(R.id.menu_challenge);
return super.onPrepareOptionsMenu(menu);
}
private void menu_challenge() {
LayoutInflater inflater = LayoutInflater.from(this);
View view = inflater.inflate(R.layout.challenge, null, false);
final AlertDialog dialog = new AlertDialog.Builder(this)
.setView(view)
.setCancelable(true)
.create();
String android_id = Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);
final String challenge = (Build.VERSION.SDK_INT < Build.VERSION_CODES.O ? Build.SERIAL : "O3" + android_id);
String seed = (Build.VERSION.SDK_INT < Build.VERSION_CODES.O ? "NetGuard2" : "NetGuard3");
// Challenge
TextView tvChallenge = view.findViewById(R.id.tvChallenge);
tvChallenge.setText(challenge);
ImageButton ibCopy = view.findViewById(R.id.ibCopy);
ibCopy.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
ClipboardManager clipboard = (ClipboardManager) getSystemService(Context.CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText(getString(R.string.title_pro_challenge), challenge);
clipboard.setPrimaryClip(clip);
Toast.makeText(ActivityPro.this, android.R.string.copy, Toast.LENGTH_LONG).show();
}
});
// Response
final EditText etResponse = view.findViewById(R.id.etResponse);
try {
final String response = Util.md5(challenge, seed);
etResponse.addTextChangedListener(new TextWatcher() {
@Override
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
// Do nothing
}
@Override
public void onTextChanged(CharSequence s, int start, int before, int count) {
// Do nothing
}
@Override
public void afterTextChanged(Editable editable) {
if (response.equals(editable.toString().toUpperCase())) {
IAB.setBought(SKU_DONATION, ActivityPro.this);
dialog.dismiss();
invalidateOptionsMenu();
updateState();
}
}
});
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
ImageButton ibPaste = view.findViewById(R.id.ibPaste);
ibPaste.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
ClipboardManager clipboard = (ClipboardManager) getSystemService(Context.CLIPBOARD_SERVICE);
if (clipboard != null &&
clipboard.hasPrimaryClip() &&
clipboard.getPrimaryClipDescription().hasMimeType(MIMETYPE_TEXT_PLAIN)) {
ClipData.Item item = clipboard.getPrimaryClip().getItemAt(0);
etResponse.setText(item.getText().toString());
}
}
});
dialog.show();
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (resultCode == RESULT_OK) {
switch (requestCode) {
case SKU_LOG_ID:
IAB.setBought(SKU_LOG, this);
updateState();
break;
case SKU_FILTER_ID:
IAB.setBought(SKU_FILTER, this);
updateState();
break;
case SKU_NOTIFY_ID:
IAB.setBought(SKU_NOTIFY, this);
updateState();
break;
case SKU_SPEED_ID:
IAB.setBought(SKU_SPEED, this);
updateState();
break;
case SKU_THEME_ID:
IAB.setBought(SKU_THEME, this);
updateState();
break;
case SKU_PRO1_ID:
IAB.setBought(SKU_PRO1, this);
updateState();
break;
case SKU_SUPPORT1_ID:
IAB.setBought(SKU_SUPPORT1, this);
updateState();
break;
case SKU_SUPPORT2_ID:
IAB.setBought(SKU_SUPPORT2, this);
updateState();
break;
}
}
}
private void updateState() {
Button btnLog = findViewById(R.id.btnLog);
Button btnFilter = findViewById(R.id.btnFilter);
Button btnNotify = findViewById(R.id.btnNotify);
Button btnSpeed = findViewById(R.id.btnSpeed);
Button btnTheme = findViewById(R.id.btnTheme);
Button btnAll = findViewById(R.id.btnAll);
Button btnDev1 = findViewById(R.id.btnDev1);
Button btnDev2 = findViewById(R.id.btnDev2);
TextView tvLog = findViewById(R.id.tvLog);
TextView tvFilter = findViewById(R.id.tvFilter);
TextView tvNotify = findViewById(R.id.tvNotify);
TextView tvSpeed = findViewById(R.id.tvSpeed);
TextView tvTheme = findViewById(R.id.tvTheme);
TextView tvAll = findViewById(R.id.tvAll);
TextView tvDev1 = findViewById(R.id.tvDev1);
TextView tvDev2 = findViewById(R.id.tvDev2);
TextView tvLogUnavailable = findViewById(R.id.tvLogUnavailable);
TextView tvFilterUnavailable = findViewById(R.id.tvFilterUnavailable);
boolean can = Util.canFilter(this);
btnLog.setVisibility(IAB.isPurchased(SKU_LOG, this) || !can ? View.GONE : View.VISIBLE);
btnFilter.setVisibility(IAB.isPurchased(SKU_FILTER, this) || !can ? View.GONE : View.VISIBLE);
btnNotify.setVisibility(IAB.isPurchased(SKU_NOTIFY, this) ? View.GONE : View.VISIBLE);
btnSpeed.setVisibility(IAB.isPurchased(SKU_SPEED, this) ? View.GONE : View.VISIBLE);
btnTheme.setVisibility(IAB.isPurchased(SKU_THEME, this) ? View.GONE : View.VISIBLE);
btnAll.setVisibility(IAB.isPurchased(SKU_PRO1, this) ? View.GONE : View.VISIBLE);
btnDev1.setVisibility(IAB.isPurchased(SKU_SUPPORT1, this) ? View.GONE : View.VISIBLE);
btnDev2.setVisibility(IAB.isPurchased(SKU_SUPPORT2, this) ? View.GONE : View.VISIBLE);
tvLog.setVisibility(IAB.isPurchased(SKU_LOG, this) && can ? View.VISIBLE : View.GONE);
tvFilter.setVisibility(IAB.isPurchased(SKU_FILTER, this) && can ? View.VISIBLE : View.GONE);
tvNotify.setVisibility(IAB.isPurchased(SKU_NOTIFY, this) ? View.VISIBLE : View.GONE);
tvSpeed.setVisibility(IAB.isPurchased(SKU_SPEED, this) ? View.VISIBLE : View.GONE);
tvTheme.setVisibility(IAB.isPurchased(SKU_THEME, this) ? View.VISIBLE : View.GONE);
tvAll.setVisibility(IAB.isPurchased(SKU_PRO1, this) ? View.VISIBLE : View.GONE);
tvDev1.setVisibility(IAB.isPurchased(SKU_SUPPORT1, this) ? View.VISIBLE : View.GONE);
tvDev2.setVisibility(IAB.isPurchased(SKU_SUPPORT2, this) ? View.VISIBLE : View.GONE);
tvLogUnavailable.setVisibility(can ? View.GONE : View.VISIBLE);
tvFilterUnavailable.setVisibility(can ? View.GONE : View.VISIBLE);
}
}

1466
NetGuard/app/src/main/main/java/eu/faircode/netguard/ActivitySettings.java
File diff suppressed because it is too large
View File

186
NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterAccess.java
View File

@ -0,0 +1,186 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.res.TypedArray;
import android.database.Cursor;
import android.graphics.drawable.Drawable;
import android.os.AsyncTask;
import android.os.Build;
import android.text.SpannableString;
import android.text.style.UnderlineSpan;
import android.util.TypedValue;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.TextView;
import androidx.core.graphics.drawable.DrawableCompat;
import androidx.core.view.ViewCompat;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
public class AdapterAccess extends CursorAdapter {
private int colVersion;
private int colProtocol;
private int colDaddr;
private int colDPort;
private int colTime;
private int colAllowed;
private int colBlock;
private int colCount;
private int colSent;
private int colReceived;
private int colConnections;
private int colorText;
private int colorOn;
private int colorOff;
public AdapterAccess(Context context, Cursor cursor) {
super(context, cursor, 0);
colVersion = cursor.getColumnIndex("version");
colProtocol = cursor.getColumnIndex("protocol");
colDaddr = cursor.getColumnIndex("daddr");
colDPort = cursor.getColumnIndex("dport");
colTime = cursor.getColumnIndex("time");
colAllowed = cursor.getColumnIndex("allowed");
colBlock = cursor.getColumnIndex("block");
colCount = cursor.getColumnIndex("count");
colSent = cursor.getColumnIndex("sent");
colReceived = cursor.getColumnIndex("received");
colConnections = cursor.getColumnIndex("connections");
TypedArray ta = context.getTheme().obtainStyledAttributes(new int[]{android.R.attr.textColorSecondary});
try {
colorText = ta.getColor(0, 0);
} finally {
ta.recycle();
}
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOn, tv, true);
colorOn = tv.data;
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
colorOff = tv.data;
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.access, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
final int version = cursor.getInt(colVersion);
final int protocol = cursor.getInt(colProtocol);
final String daddr = cursor.getString(colDaddr);
final int dport = cursor.getInt(colDPort);
long time = cursor.getLong(colTime);
int allowed = cursor.getInt(colAllowed);
int block = cursor.getInt(colBlock);
int count = cursor.getInt(colCount);
long sent = cursor.isNull(colSent) ? -1 : cursor.getLong(colSent);
long received = cursor.isNull(colReceived) ? -1 : cursor.getLong(colReceived);
int connections = cursor.isNull(colConnections) ? -1 : cursor.getInt(colConnections);
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
ImageView ivBlock = view.findViewById(R.id.ivBlock);
final TextView tvDest = view.findViewById(R.id.tvDest);
LinearLayout llTraffic = view.findViewById(R.id.llTraffic);
TextView tvConnections = view.findViewById(R.id.tvConnections);
TextView tvTraffic = view.findViewById(R.id.tvTraffic);
// Set values
tvTime.setText(new SimpleDateFormat("dd HH:mm").format(time));
if (block < 0)
ivBlock.setImageDrawable(null);
else {
ivBlock.setImageResource(block > 0 ? R.drawable.host_blocked : R.drawable.host_allowed);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivBlock.getDrawable());
DrawableCompat.setTint(wrap, block > 0 ? colorOff : colorOn);
}
}
String dest = Util.getProtocolName(protocol, version, true) +
" " + daddr + (dport > 0 ? "/" + dport : "") + (count > 1 ? " ?" + count : "");
SpannableString span = new SpannableString(dest);
span.setSpan(new UnderlineSpan(), 0, dest.length(), 0);
tvDest.setText(span);
if (Util.isNumericAddress(daddr))
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvDest, true);
}
@Override
protected String doInBackground(String... args) {
try {
return InetAddress.getByName(args[0]).getHostName();
} catch (UnknownHostException ignored) {
return args[0];
}
}
@Override
protected void onPostExecute(String addr) {
tvDest.setText(
Util.getProtocolName(protocol, version, true) +
" >" + addr + (dport > 0 ? "/" + dport : ""));
ViewCompat.setHasTransientState(tvDest, false);
}
}.execute(daddr);
if (allowed < 0)
tvDest.setTextColor(colorText);
else if (allowed > 0)
tvDest.setTextColor(colorOn);
else
tvDest.setTextColor(colorOff);
llTraffic.setVisibility(connections > 0 || sent > 0 || received > 0 ? View.VISIBLE : View.GONE);
if (connections > 0)
tvConnections.setText(context.getString(R.string.msg_count, connections));
if (sent > 1024 * 1204 * 1024L || received > 1024 * 1024 * 1024L)
tvTraffic.setText(context.getString(R.string.msg_gb,
(sent > 0 ? sent / (1024 * 1024 * 1024f) : 0),
(received > 0 ? received / (1024 * 1024 * 1024f) : 0)));
else if (sent > 1204 * 1024L || received > 1024 * 1024L)
tvTraffic.setText(context.getString(R.string.msg_mb,
(sent > 0 ? sent / (1024 * 1024f) : 0),
(received > 0 ? received / (1024 * 1024f) : 0)));
else
tvTraffic.setText(context.getString(R.string.msg_kb,
(sent > 0 ? sent / 1024f : 0),
(received > 0 ? received / 1024f : 0)));
}
}

95
NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterDns.java
View File

@ -0,0 +1,95 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.database.Cursor;
import android.graphics.Color;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.TextView;
import androidx.preference.PreferenceManager;
import java.text.SimpleDateFormat;
import java.util.Date;
public class AdapterDns extends CursorAdapter {
private int colorExpired;
private int colTime;
private int colQName;
private int colAName;
private int colResource;
private int colTTL;
public AdapterDns(Context context, Cursor cursor) {
super(context, cursor, 0);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
if (prefs.getBoolean("dark_theme", false))
colorExpired = Color.argb(128, Color.red(Color.DKGRAY), Color.green(Color.DKGRAY), Color.blue(Color.DKGRAY));
else
colorExpired = Color.argb(128, Color.red(Color.LTGRAY), Color.green(Color.LTGRAY), Color.blue(Color.LTGRAY));
colTime = cursor.getColumnIndex("time");
colQName = cursor.getColumnIndex("qname");
colAName = cursor.getColumnIndex("aname");
colResource = cursor.getColumnIndex("resource");
colTTL = cursor.getColumnIndex("ttl");
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.dns, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
long time = cursor.getLong(colTime);
String qname = cursor.getString(colQName);
String aname = cursor.getString(colAName);
String resource = cursor.getString(colResource);
int ttl = cursor.getInt(colTTL);
long now = new Date().getTime();
boolean expired = (time + ttl < now);
view.setBackgroundColor(expired ? colorExpired : Color.TRANSPARENT);
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
TextView tvQName = view.findViewById(R.id.tvQName);
TextView tvAName = view.findViewById(R.id.tvAName);
TextView tvResource = view.findViewById(R.id.tvResource);
TextView tvTTL = view.findViewById(R.id.tvTTL);
// Set values
tvTime.setText(new SimpleDateFormat("dd HH:mm").format(time));
tvQName.setText(qname);
tvAName.setText(aname);
tvResource.setText(resource);
tvTTL.setText("+" + Integer.toString(ttl / 1000));
}
}

74
NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterForwarding.java
View File

@ -0,0 +1,74 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.database.Cursor;
import android.text.TextUtils;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.TextView;
public class AdapterForwarding extends CursorAdapter {
private int colProtocol;
private int colDPort;
private int colRAddr;
private int colRPort;
private int colRUid;
public AdapterForwarding(Context context, Cursor cursor) {
super(context, cursor, 0);
colProtocol = cursor.getColumnIndex("protocol");
colDPort = cursor.getColumnIndex("dport");
colRAddr = cursor.getColumnIndex("raddr");
colRPort = cursor.getColumnIndex("rport");
colRUid = cursor.getColumnIndex("ruid");
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.forward, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
int protocol = cursor.getInt(colProtocol);
int dport = cursor.getInt(colDPort);
String raddr = cursor.getString(colRAddr);
int rport = cursor.getInt(colRPort);
int ruid = cursor.getInt(colRUid);
// Get views
TextView tvProtocol = view.findViewById(R.id.tvProtocol);
TextView tvDPort = view.findViewById(R.id.tvDPort);
TextView tvRAddr = view.findViewById(R.id.tvRAddr);
TextView tvRPort = view.findViewById(R.id.tvRPort);
TextView tvRUid = view.findViewById(R.id.tvRUid);
tvProtocol.setText(Util.getProtocolName(protocol, 0, false));
tvDPort.setText(Integer.toString(dport));
tvRAddr.setText(raddr);
tvRPort.setText(Integer.toString(rport));
tvRUid.setText(TextUtils.join(", ", Util.getApplicationNames(ruid, context)));
}
}

370
NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterLog.java
View File

@ -0,0 +1,370 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.graphics.drawable.Drawable;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Build;
import android.text.TextUtils;
import android.util.Log;
import android.util.TypedValue;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.ImageView;
import android.widget.TextView;
import androidx.core.graphics.drawable.DrawableCompat;
import androidx.core.view.ViewCompat;
import androidx.preference.PreferenceManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.util.List;
public class AdapterLog extends CursorAdapter {
private static String TAG = "NetGuard.Log";
private boolean resolve;
private boolean organization;
private int colTime;
private int colVersion;
private int colProtocol;
private int colFlags;
private int colSAddr;
private int colSPort;
private int colDAddr;
private int colDPort;
private int colDName;
private int colUid;
private int colData;
private int colAllowed;
private int colConnection;
private int colInteractive;
private int colorOn;
private int colorOff;
private int iconSize;
private InetAddress dns1 = null;
private InetAddress dns2 = null;
private InetAddress vpn4 = null;
private InetAddress vpn6 = null;
public AdapterLog(Context context, Cursor cursor, boolean resolve, boolean organization) {
super(context, cursor, 0);
this.resolve = resolve;
this.organization = organization;
colTime = cursor.getColumnIndex("time");
colVersion = cursor.getColumnIndex("version");
colProtocol = cursor.getColumnIndex("protocol");
colFlags = cursor.getColumnIndex("flags");
colSAddr = cursor.getColumnIndex("saddr");
colSPort = cursor.getColumnIndex("sport");
colDAddr = cursor.getColumnIndex("daddr");
colDPort = cursor.getColumnIndex("dport");
colDName = cursor.getColumnIndex("dname");
colUid = cursor.getColumnIndex("uid");
colData = cursor.getColumnIndex("data");
colAllowed = cursor.getColumnIndex("allowed");
colConnection = cursor.getColumnIndex("connection");
colInteractive = cursor.getColumnIndex("interactive");
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOn, tv, true);
colorOn = tv.data;
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
colorOff = tv.data;
iconSize = Util.dips2pixels(24, context);
try {
List<InetAddress> lstDns = ServiceSinkhole.getDns(context);
dns1 = (lstDns.size() > 0 ? lstDns.get(0) : null);
dns2 = (lstDns.size() > 1 ? lstDns.get(1) : null);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
vpn4 = InetAddress.getByName(prefs.getString("vpn4", "10.1.10.1"));
vpn6 = InetAddress.getByName(prefs.getString("vpn6", "fd00:1:fd00:1:fd00:1:fd00:1"));
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public void setResolve(boolean resolve) {
this.resolve = resolve;
}
public void setOrganization(boolean organization) {
this.organization = organization;
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.log, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
long time = cursor.getLong(colTime);
int version = (cursor.isNull(colVersion) ? -1 : cursor.getInt(colVersion));
int protocol = (cursor.isNull(colProtocol) ? -1 : cursor.getInt(colProtocol));
String flags = cursor.getString(colFlags);
String saddr = cursor.getString(colSAddr);
int sport = (cursor.isNull(colSPort) ? -1 : cursor.getInt(colSPort));
String daddr = cursor.getString(colDAddr);
int dport = (cursor.isNull(colDPort) ? -1 : cursor.getInt(colDPort));
String dname = (cursor.isNull(colDName) ? null : cursor.getString(colDName));
int uid = (cursor.isNull(colUid) ? -1 : cursor.getInt(colUid));
String data = cursor.getString(colData);
int allowed = (cursor.isNull(colAllowed) ? -1 : cursor.getInt(colAllowed));
int connection = (cursor.isNull(colConnection) ? -1 : cursor.getInt(colConnection));
int interactive = (cursor.isNull(colInteractive) ? -1 : cursor.getInt(colInteractive));
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
TextView tvProtocol = view.findViewById(R.id.tvProtocol);
TextView tvFlags = view.findViewById(R.id.tvFlags);
TextView tvSAddr = view.findViewById(R.id.tvSAddr);
TextView tvSPort = view.findViewById(R.id.tvSPort);
final TextView tvDaddr = view.findViewById(R.id.tvDAddr);
TextView tvDPort = view.findViewById(R.id.tvDPort);
final TextView tvOrganization = view.findViewById(R.id.tvOrganization);
final ImageView ivIcon = view.findViewById(R.id.ivIcon);
TextView tvUid = view.findViewById(R.id.tvUid);
TextView tvData = view.findViewById(R.id.tvData);
ImageView ivConnection = view.findViewById(R.id.ivConnection);
ImageView ivInteractive = view.findViewById(R.id.ivInteractive);
// Show time
tvTime.setText(new SimpleDateFormat("HH:mm:ss").format(time));
// Show connection type
if (connection <= 0)
ivConnection.setImageResource(allowed > 0 ? R.drawable.host_allowed : R.drawable.host_blocked);
else {
if (allowed > 0)
ivConnection.setImageResource(connection == 1 ? R.drawable.wifi_on : R.drawable.other_on);
else
ivConnection.setImageResource(connection == 1 ? R.drawable.wifi_off : R.drawable.other_off);
}
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivConnection.getDrawable());
DrawableCompat.setTint(wrap, allowed > 0 ? colorOn : colorOff);
}
// Show if screen on
if (interactive <= 0)
ivInteractive.setImageDrawable(null);
else {
ivInteractive.setImageResource(R.drawable.screen_on);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivInteractive.getDrawable());
DrawableCompat.setTint(wrap, colorOn);
}
}
// Show protocol name
tvProtocol.setText(Util.getProtocolName(protocol, version, false));
// SHow TCP flags
tvFlags.setText(flags);
tvFlags.setVisibility(TextUtils.isEmpty(flags) ? View.GONE : View.VISIBLE);
// Show source and destination port
if (protocol == 6 || protocol == 17) {
tvSPort.setText(sport < 0 ? "" : getKnownPort(sport));
tvDPort.setText(dport < 0 ? "" : getKnownPort(dport));
} else {
tvSPort.setText(sport < 0 ? "" : Integer.toString(sport));
tvDPort.setText(dport < 0 ? "" : Integer.toString(dport));
}
// Application icon
ApplicationInfo info = null;
PackageManager pm = context.getPackageManager();
String[] pkg = pm.getPackagesForUid(uid);
if (pkg != null && pkg.length > 0)
try {
info = pm.getApplicationInfo(pkg[0], 0);
} catch (PackageManager.NameNotFoundException ignored) {
}
if (info == null)
ivIcon.setImageDrawable(null);
else {
if (info.icon <= 0)
ivIcon.setImageResource(android.R.drawable.sym_def_app_icon);
else {
Uri uri = Uri.parse("android.resource://" + info.packageName + "/" + info.icon);
GlideApp.with(context)
.load(uri)
//.diskCacheStrategy(DiskCacheStrategy.NONE)
//.skipMemoryCache(true)
.override(iconSize, iconSize)
.into(ivIcon);
}
}
boolean we = (android.os.Process.myUid() == uid);
// https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h
uid = uid % 100000; // strip off user ID
if (uid == -1)
tvUid.setText("");
else if (uid == 0)
tvUid.setText(context.getString(R.string.title_root));
else if (uid == 9999)
tvUid.setText("-"); // nobody
else
tvUid.setText(Integer.toString(uid));
// Show source address
tvSAddr.setText(getKnownAddress(saddr));
// Show destination address
if (!we && resolve && !isKnownAddress(daddr))
if (dname == null) {
tvDaddr.setText(daddr);
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvDaddr, true);
}
@Override
protected String doInBackground(String... args) {
try {
return InetAddress.getByName(args[0]).getHostName();
} catch (UnknownHostException ignored) {
return args[0];
}
}
@Override
protected void onPostExecute(String name) {
tvDaddr.setText(">" + name);
ViewCompat.setHasTransientState(tvDaddr, false);
}
}.execute(daddr);
} else
tvDaddr.setText(dname);
else
tvDaddr.setText(getKnownAddress(daddr));
// Show organization
tvOrganization.setVisibility(View.GONE);
if (!we && organization) {
if (!isKnownAddress(daddr))
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvOrganization, true);
}
@Override
protected String doInBackground(String... args) {
try {
return Util.getOrganization(args[0]);
} catch (Throwable ex) {
Log.w(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return null;
}
}
@Override
protected void onPostExecute(String organization) {
if (organization != null) {
tvOrganization.setText(organization);
tvOrganization.setVisibility(View.VISIBLE);
}
ViewCompat.setHasTransientState(tvOrganization, false);
}
}.execute(daddr);
}
// Show extra data
if (TextUtils.isEmpty(data)) {
tvData.setText("");
tvData.setVisibility(View.GONE);
} else {
tvData.setText(data);
tvData.setVisibility(View.VISIBLE);
}
}
public boolean isKnownAddress(String addr) {
try {
InetAddress a = InetAddress.getByName(addr);
if (a.equals(dns1) || a.equals(dns2) || a.equals(vpn4) || a.equals(vpn6))
return true;
} catch (UnknownHostException ignored) {
}
return false;
}
private String getKnownAddress(String addr) {
try {
InetAddress a = InetAddress.getByName(addr);
if (a.equals(dns1))
return "dns1";
if (a.equals(dns2))
return "dns2";
if (a.equals(vpn4) || a.equals(vpn6))
return "vpn";
} catch (UnknownHostException ignored) {
}
return addr;
}
private String getKnownPort(int port) {
// https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports
switch (port) {
case 7:
return "echo";
case 25:
return "smtp";
case 53:
return "dns";
case 80:
return "http";
case 110:
return "pop3";
case 143:
return "imap";
case 443:
return "https";
case 465:
return "smtps";
case 993:
return "imaps";
case 995:
return "pop3s";
default:
return Integer.toString(port);
}
}
}

1033
NetGuard/app/src/main/main/java/eu/faircode/netguard/AdapterRule.java
File diff suppressed because it is too large
View File

35
NetGuard/app/src/main/main/java/eu/faircode/netguard/Allowed.java
View File

@ -0,0 +1,35 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Allowed {
public String raddr;
public int rport;
public Allowed() {
this.raddr = null;
this.rport = 0;
}
public Allowed(String raddr, int rport) {
this.raddr = raddr;
this.rport = rport;
}
}

78
NetGuard/app/src/main/main/java/eu/faircode/netguard/ApplicationEx.java
View File

@ -0,0 +1,78 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.app.Application;
import android.app.Notification;
import android.app.NotificationChannel;
import android.app.NotificationManager;
import android.content.Context;
import android.os.Build;
import android.util.Log;
public class ApplicationEx extends Application {
private static final String TAG = "NetGuard.App";
private Thread.UncaughtExceptionHandler mPrevHandler;
@Override
public void onCreate() {
super.onCreate();
Log.i(TAG, "Create version=" + Util.getSelfVersionName(this) + "/" + Util.getSelfVersionCode(this));
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O)
createNotificationChannels();
mPrevHandler = Thread.getDefaultUncaughtExceptionHandler();
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread thread, Throwable ex) {
if (Util.ownFault(ApplicationEx.this, ex)
&& Util.isPlayStoreInstall(ApplicationEx.this)) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
mPrevHandler.uncaughtException(thread, ex);
} else {
Log.w(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
System.exit(1);
}
}
});
}
@TargetApi(Build.VERSION_CODES.O)
private void createNotificationChannels() {
NotificationManager nm = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
NotificationChannel foreground = new NotificationChannel("foreground", getString(R.string.channel_foreground), NotificationManager.IMPORTANCE_MIN);
foreground.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
nm.createNotificationChannel(foreground);
NotificationChannel notify = new NotificationChannel("notify", getString(R.string.channel_notify), NotificationManager.IMPORTANCE_DEFAULT);
notify.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
notify.setBypassDnd(true);
nm.createNotificationChannel(notify);
NotificationChannel access = new NotificationChannel("access", getString(R.string.channel_access), NotificationManager.IMPORTANCE_DEFAULT);
access.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
access.setBypassDnd(true);
nm.createNotificationChannel(access);
}
}

1164
NetGuard/app/src/main/main/java/eu/faircode/netguard/DatabaseHelper.java
File diff suppressed because it is too large
View File

181
NetGuard/app/src/main/main/java/eu/faircode/netguard/DownloadTask.java
View File

@ -0,0 +1,181 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.Activity;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Build;
import android.os.PowerManager;
import android.util.Log;
import android.util.TypedValue;
import android.widget.Toast;
import androidx.core.app.NotificationCompat;
import androidx.core.app.NotificationManagerCompat;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
public class DownloadTask extends AsyncTask<Object, Integer, Object> {
private static final String TAG = "NetGuard.Download";
private Context context;
private URL url;
private File file;
private Listener listener;
private PowerManager.WakeLock wakeLock;
public interface Listener {
void onCompleted();
void onCancelled();
void onException(Throwable ex);
}
public DownloadTask(Activity context, URL url, File file, Listener listener) {
this.context = context;
this.url = url;
this.file = file;
this.listener = listener;
}
@Override
protected void onPreExecute() {
PowerManager pm = (PowerManager) context.getSystemService(Context.POWER_SERVICE);
wakeLock = pm.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, getClass().getName());
wakeLock.acquire();
showNotification(0);
Toast.makeText(context, context.getString(R.string.msg_downloading, url.toString()), Toast.LENGTH_SHORT).show();
}
@Override
protected Object doInBackground(Object... args) {
Log.i(TAG, "Downloading " + url + " into " + file);
InputStream in = null;
OutputStream out = null;
URLConnection connection = null;
try {
connection = url.openConnection();
connection.connect();
if (connection instanceof HttpURLConnection) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK)
throw new IOException(httpConnection.getResponseCode() + " " + httpConnection.getResponseMessage());
}
int contentLength = connection.getContentLength();
Log.i(TAG, "Content length=" + contentLength);
in = connection.getInputStream();
out = new FileOutputStream(file);
long size = 0;
byte buffer[] = new byte[4096];
int bytes;
while (!isCancelled() && (bytes = in.read(buffer)) != -1) {
out.write(buffer, 0, bytes);
size += bytes;
if (contentLength > 0)
publishProgress((int) (size * 100 / contentLength));
}
Log.i(TAG, "Downloaded size=" + size);
return null;
} catch (Throwable ex) {
return ex;
} finally {
try {
if (out != null)
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
try {
if (in != null)
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (connection instanceof HttpURLConnection)
((HttpURLConnection) connection).disconnect();
}
}
@Override
protected void onProgressUpdate(Integer... progress) {
super.onProgressUpdate(progress);
showNotification(progress[0]);
}
@Override
protected void onCancelled() {
super.onCancelled();
Log.i(TAG, "Cancelled");
listener.onCancelled();
}
@Override
protected void onPostExecute(Object result) {
wakeLock.release();
NotificationManagerCompat.from(context).cancel(ServiceSinkhole.NOTIFY_DOWNLOAD);
if (result instanceof Throwable) {
Log.e(TAG, result.toString() + "\n" + Log.getStackTraceString((Throwable) result));
listener.onException((Throwable) result);
} else
listener.onCompleted();
}
private void showNotification(int progress) {
Intent main = new Intent(context, ActivitySettings.class);
PendingIntent pi = PendingIntent.getActivity(context, ServiceSinkhole.NOTIFY_DOWNLOAD, main, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
NotificationCompat.Builder builder = new NotificationCompat.Builder(context, "notify");
builder.setSmallIcon(R.drawable.ic_file_download_white_24dp)
.setContentTitle(context.getString(R.string.app_name))
.setContentText(context.getString(R.string.msg_downloading, url.toString()))
.setContentIntent(pi)
.setProgress(100, progress, false)
.setColor(tv.data)
.setOngoing(true)
.setAutoCancel(false);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP)
builder.setCategory(NotificationCompat.CATEGORY_STATUS)
.setVisibility(NotificationCompat.VISIBILITY_SECRET);
NotificationManagerCompat.from(context).notify(ServiceSinkhole.NOTIFY_DOWNLOAD, builder.build());
}
}

45
NetGuard/app/src/main/main/java/eu/faircode/netguard/ExpandedListView.java
View File

@ -0,0 +1,45 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.util.AttributeSet;
import android.widget.ListView;
// This requires list view items with equal heights
public class ExpandedListView extends ListView {
public ExpandedListView(Context context) {
super(context);
}
public ExpandedListView(Context context, AttributeSet attrs) {
super(context, attrs);
}
public ExpandedListView(Context context, AttributeSet attrs, int defStyleAttr) {
super(context, attrs, defStyleAttr);
}
@Override
protected void onMeasure(int widthMeasureSpec, int heightMeasureSpec) {
super.onMeasure(widthMeasureSpec, MeasureSpec.makeMeasureSpec(Integer.MAX_VALUE >> 4, MeasureSpec.AT_MOST));
}
}

33
NetGuard/app/src/main/main/java/eu/faircode/netguard/Forward.java
View File

@ -0,0 +1,33 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Forward {
public int protocol;
public int dport;
public String raddr;
public int rport;
public int ruid;
@Override
public String toString() {
return "protocol=" + protocol + " port " + dport + " to " + raddr + "/" + rport + " uid " + ruid;
}
}

32
NetGuard/app/src/main/main/java/eu/faircode/netguard/FragmentSettings.java
View File

@ -0,0 +1,32 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.os.Bundle;
import android.preference.PreferenceFragment;
public class FragmentSettings extends PreferenceFragment {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
addPreferencesFromResource(R.xml.preferences);
}
}

8
NetGuard/app/src/main/main/java/eu/faircode/netguard/GlideHelper.java
View File

@ -0,0 +1,8 @@
package eu.faircode.netguard;
import com.bumptech.glide.annotation.GlideModule;
import com.bumptech.glide.module.AppGlideModule;
@GlideModule
public final class GlideHelper extends AppGlideModule {
}

240
NetGuard/app/src/main/main/java/eu/faircode/netguard/IAB.java
View File

@ -0,0 +1,240 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.os.IBinder;
import android.os.RemoteException;
import android.util.Log;
import androidx.preference.PreferenceManager;
import com.android.vending.billing.IInAppBillingService;
import org.json.JSONException;
import org.json.JSONObject;
import java.util.ArrayList;
import java.util.List;
public class IAB implements ServiceConnection {
private static final String TAG = "NetGuard.IAB";
private Context context;
private Delegate delegate;
private IInAppBillingService service = null;
private static final int IAB_VERSION = 3;
public interface Delegate {
void onReady(IAB iab);
}
public IAB(Delegate delegate, Context context) {
this.context = context.getApplicationContext();
this.delegate = delegate;
}
public void bind() {
Log.i(TAG, "Bind");
Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
serviceIntent.setPackage("com.android.vending");
context.bindService(serviceIntent, this, Context.BIND_AUTO_CREATE);
}
public void unbind() {
if (service != null) {
Log.i(TAG, "Unbind");
context.unbindService(this);
service = null;
}
}
@Override
public void onServiceConnected(ComponentName name, IBinder binder) {
Log.i(TAG, "Connected");
service = IInAppBillingService.Stub.asInterface(binder);
delegate.onReady(this);
}
@Override
public void onServiceDisconnected(ComponentName name) {
Log.i(TAG, "Disconnected");
service = null;
}
public boolean isAvailable(String sku) throws RemoteException, JSONException {
// Get available SKUs
ArrayList<String> skuList = new ArrayList<>();
skuList.add(sku);
Bundle query = new Bundle();
query.putStringArrayList("ITEM_ID_LIST", skuList);
Bundle bundle = service.getSkuDetails(IAB_VERSION, context.getPackageName(), "inapp", query);
Log.i(TAG, "getSkuDetails");
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
// Check available SKUs
boolean found = false;
ArrayList<String> details = bundle.getStringArrayList("DETAILS_LIST");
if (details != null)
for (String item : details) {
JSONObject object = new JSONObject(item);
if (sku.equals(object.getString("productId"))) {
found = true;
break;
}
}
Log.i(TAG, sku + "=" + found);
return found;
}
public void updatePurchases() throws RemoteException {
// Get purchases
List<String> skus = new ArrayList<>();
skus.addAll(getPurchases("inapp"));
skus.addAll(getPurchases("subs"));
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
SharedPreferences.Editor editor = prefs.edit();
for (String product : prefs.getAll().keySet())
if (!ActivityPro.SKU_DONATION.equals(product)) {
Log.i(TAG, "removing SKU=" + product);
editor.remove(product);
}
for (String sku : skus) {
Log.i(TAG, "adding SKU=" + sku);
editor.putBoolean(sku, true);
}
editor.apply();
}
public boolean isPurchased(String sku, String type) throws RemoteException {
return getPurchases(type).contains(sku);
}
public List<String> getPurchases(String type) throws RemoteException {
// Get purchases
Bundle bundle = service.getPurchases(IAB_VERSION, context.getPackageName(), type, null);
Log.i(TAG, "getPurchases");
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
ArrayList<String> details = bundle.getStringArrayList("INAPP_PURCHASE_ITEM_LIST");
return (details == null ? new ArrayList<String>() : details);
}
public PendingIntent getBuyIntent(String sku, boolean subscription) throws RemoteException {
if (service == null)
return null;
Bundle bundle = service.getBuyIntent(IAB_VERSION, context.getPackageName(), sku, subscription ? "subs" : "inapp", "netguard");
Log.i(TAG, "getBuyIntent sku=" + sku + " subscription=" + subscription);
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
if (!bundle.containsKey("BUY_INTENT"))
throw new IllegalArgumentException("BUY_INTENT missing");
return bundle.getParcelable("BUY_INTENT");
}
public static void setBought(String sku, Context context) {
Log.i(TAG, "Bought " + sku);
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
prefs.edit().putBoolean(sku, true).apply();
}
public static boolean isPurchased(String sku, Context context) {
try {
if (Util.isDebuggable(context)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
return !prefs.getBoolean("debug_iab", false);
}
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
if (ActivityPro.SKU_SUPPORT1.equals(sku) || ActivityPro.SKU_SUPPORT2.equals(sku))
return prefs.getBoolean(sku, false);
return (prefs.getBoolean(sku, false) ||
prefs.getBoolean(ActivityPro.SKU_PRO1, false) ||
prefs.getBoolean(ActivityPro.SKU_SUPPORT1, false) ||
prefs.getBoolean(ActivityPro.SKU_SUPPORT2, false) ||
prefs.getBoolean(ActivityPro.SKU_DONATION, false));
} catch (SecurityException ignored) {
return false;
}
}
public static boolean isPurchasedAny(Context context) {
try {
if (Util.isDebuggable(context)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
return !(prefs.getBoolean("debug_iab", false));
}
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
for (String key : prefs.getAll().keySet())
if (prefs.getBoolean(key, false))
return true;
return false;
} catch (SecurityException ignored) {
return false;
}
}
public static String getResult(int responseCode) {
switch (responseCode) {
case 0:
return "OK";
case 1:
return "USER_CANCELED";
case 2:
return "SERVICE_UNAVAILABLE";
case 3:
return "BILLING_UNAVAILABLE";
case 4:
return "ITEM_UNAVAILABLE";
case 5:
return "DEVELOPER_ERROR";
case 6:
return "ERROR";
case 7:
return "ITEM_ALREADY_OWNED";
case 8:
return "ITEM_NOT_OWNED";
default:
return Integer.toString(responseCode);
}
}
}

140
NetGuard/app/src/main/main/java/eu/faircode/netguard/IPUtil.java
View File

@ -0,0 +1,140 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.util.Log;
import androidx.annotation.NonNull;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
public class IPUtil {
private static final String TAG = "NetGuard.IPUtil";
public static List<CIDR> toCIDR(String start, String end) throws UnknownHostException {
return toCIDR(InetAddress.getByName(start), InetAddress.getByName(end));
}
public static List<CIDR> toCIDR(InetAddress start, InetAddress end) throws UnknownHostException {
List<CIDR> listResult = new ArrayList<>();
Log.i(TAG, "toCIDR(" + start.getHostAddress() + "," + end.getHostAddress() + ")");
long from = inet2long(start);
long to = inet2long(end);
while (to >= from) {
byte prefix = 32;
while (prefix > 0) {
long mask = prefix2mask(prefix - 1);
if ((from & mask) != from)
break;
prefix--;
}
byte max = (byte) (32 - Math.floor(Math.log(to - from + 1) / Math.log(2)));
if (prefix < max)
prefix = max;
listResult.add(new CIDR(long2inet(from), prefix));
from += Math.pow(2, (32 - prefix));
}
for (CIDR cidr : listResult)
Log.i(TAG, cidr.toString());
return listResult;
}
private static long prefix2mask(int bits) {
return (0xFFFFFFFF00000000L >> bits) & 0xFFFFFFFFL;
}
private static long inet2long(InetAddress addr) {
long result = 0;
if (addr != null)
for (byte b : addr.getAddress())
result = result << 8 | (b & 0xFF);
return result;
}
private static InetAddress long2inet(long addr) {
try {
byte[] b = new byte[4];
for (int i = b.length - 1; i >= 0; i--) {
b[i] = (byte) (addr & 0xFF);
addr = addr >> 8;
}
return InetAddress.getByAddress(b);
} catch (UnknownHostException ignore) {
return null;
}
}
public static InetAddress minus1(InetAddress addr) {
return long2inet(inet2long(addr) - 1);
}
public static InetAddress plus1(InetAddress addr) {
return long2inet(inet2long(addr) + 1);
}
public static class CIDR implements Comparable<CIDR> {
public InetAddress address;
public int prefix;
public CIDR(InetAddress address, int prefix) {
this.address = address;
this.prefix = prefix;
}
public CIDR(String ip, int prefix) {
try {
this.address = InetAddress.getByName(ip);
this.prefix = prefix;
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public InetAddress getStart() {
return long2inet(inet2long(this.address) & prefix2mask(this.prefix));
}
public InetAddress getEnd() {
return long2inet((inet2long(this.address) & prefix2mask(this.prefix)) + (1L << (32 - this.prefix)) - 1);
}
@Override
public String toString() {
return address.getHostAddress() + "/" + prefix + "=" + getStart().getHostAddress() + "..." + getEnd().getHostAddress();
}
@Override
public int compareTo(@NonNull CIDR other) {
Long lcidr = IPUtil.inet2long(this.address);
Long lother = IPUtil.inet2long(other.address);
return lcidr.compareTo(lother);
}
}
}

42
NetGuard/app/src/main/main/java/eu/faircode/netguard/Packet.java
View File

@ -0,0 +1,42 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Packet {
public long time;
public int version;
public int protocol;
public String flags;
public String saddr;
public int sport;
public String daddr;
public int dport;
public String data;
public int uid;
public boolean allowed;
public Packet() {
}
@Override
public String toString() {
return "uid=" + uid + " v" + version + " p" + protocol + " " + daddr + "/" + dport;
}
}

132
NetGuard/app/src/main/main/java/eu/faircode/netguard/ReceiverAutostart.java
View File

@ -0,0 +1,132 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Map;
public class ReceiverAutostart extends BroadcastReceiver {
private static final String TAG = "NetGuard.Receiver";
@Override
public void onReceive(final Context context, Intent intent) {
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
String action = (intent == null ? null : intent.getAction());
if (Intent.ACTION_BOOT_COMPLETED.equals(action) || Intent.ACTION_MY_PACKAGE_REPLACED.equals(action))
try {
// Upgrade settings
upgrade(true, context);
// Start service
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
if (prefs.getBoolean("enabled", false))
ServiceSinkhole.start("receiver", context);
else if (prefs.getBoolean("show_stats", false))
ServiceSinkhole.run("receiver", context);
if (Util.isInteractive(context))
ServiceSinkhole.reloadStats("receiver", context);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void upgrade(boolean initialized, Context context) {
synchronized (context.getApplicationContext()) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
int oldVersion = prefs.getInt("version", -1);
int newVersion = Util.getSelfVersionCode(context);
if (oldVersion == newVersion)
return;
Log.i(TAG, "Upgrading from version " + oldVersion + " to " + newVersion);
SharedPreferences.Editor editor = prefs.edit();
if (initialized) {
if (oldVersion < 38) {
Log.i(TAG, "Converting screen wifi/mobile");
editor.putBoolean("screen_wifi", prefs.getBoolean("unused", false));
editor.putBoolean("screen_other", prefs.getBoolean("unused", false));
editor.remove("unused");
SharedPreferences unused = context.getSharedPreferences("unused", Context.MODE_PRIVATE);
SharedPreferences screen_wifi = context.getSharedPreferences("screen_wifi", Context.MODE_PRIVATE);
SharedPreferences screen_other = context.getSharedPreferences("screen_other", Context.MODE_PRIVATE);
Map<String, ?> punused = unused.getAll();
SharedPreferences.Editor edit_screen_wifi = screen_wifi.edit();
SharedPreferences.Editor edit_screen_other = screen_other.edit();
for (String key : punused.keySet()) {
edit_screen_wifi.putBoolean(key, (Boolean) punused.get(key));
edit_screen_other.putBoolean(key, (Boolean) punused.get(key));
}
edit_screen_wifi.apply();
edit_screen_other.apply();
} else if (oldVersion <= 2017032112)
editor.remove("ip6");
} else {
Log.i(TAG, "Initializing sdk=" + Build.VERSION.SDK_INT);
editor.putBoolean("filter_udp", true);
editor.putBoolean("whitelist_wifi", false);
editor.putBoolean("whitelist_other", false);
if (Build.VERSION.SDK_INT == Build.VERSION_CODES.LOLLIPOP)
editor.putBoolean("filter", true); // Optional
}
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP)
editor.putBoolean("filter", true); // Mandatory
if (!Util.canFilter(context)) {
editor.putBoolean("log_app", false);
editor.putBoolean("filter", false);
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
editor.remove("show_top");
if ("data".equals(prefs.getString("sort", "name")))
editor.remove("sort");
}
if (Util.isPlayStoreInstall(context)) {
editor.remove("update_check");
editor.remove("use_hosts");
editor.remove("hosts_url");
}
if (!Util.isDebuggable(context))
editor.remove("loglevel");
editor.putInt("version", newVersion);
editor.apply();
}
}
}

50
NetGuard/app/src/main/main/java/eu/faircode/netguard/ReceiverPackageRemoved.java
View File

@ -0,0 +1,50 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
import androidx.core.app.NotificationManagerCompat;
public class ReceiverPackageRemoved extends BroadcastReceiver {
private static final String TAG = "NetGuard.Receiver";
@Override
public void onReceive(final Context context, Intent intent) {
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
String action = (intent == null ? null : intent.getAction());
if (Intent.ACTION_PACKAGE_FULLY_REMOVED.equals(action)) {
int uid = intent.getIntExtra(Intent.EXTRA_UID, 0);
if (uid > 0) {
DatabaseHelper dh = DatabaseHelper.getInstance(context);
dh.clearLog(uid);
dh.clearAccess(uid, false);
NotificationManagerCompat.from(context).cancel(uid); // installed notification
NotificationManagerCompat.from(context).cancel(uid + 10000); // access notification
}
}
}
}

47
NetGuard/app/src/main/main/java/eu/faircode/netguard/ResourceRecord.java
View File

@ -0,0 +1,47 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ResourceRecord {
public long Time;
public String QName;
public String AName;
public String Resource;
public int TTL;
private static DateFormat formatter = SimpleDateFormat.getDateTimeInstance();
public ResourceRecord() {
}
@Override
public String toString() {
return formatter.format(new Date(Time).getTime()) +
" Q " + QName +
" A " + AName +
" R " + Resource +
" TTL " + TTL +
" " + formatter.format(new Date(Time + TTL * 1000L).getTime());
}
}

453
NetGuard/app/src/main/main/java/eu/faircode/netguard/Rule.java
View File

@ -0,0 +1,453 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.res.XmlResourceParser;
import android.database.Cursor;
import android.os.Build;
import android.os.Process;
import android.util.Log;
import androidx.preference.PreferenceManager;
import org.xmlpull.v1.XmlPullParser;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
public class Rule {
private static final String TAG = "NetGuard.Rule";
public int uid;
public String packageName;
public int icon;
public String name;
public String version;
public boolean system;
public boolean internet;
public boolean enabled;
public boolean pkg = true;
public boolean wifi_default = false;
public boolean other_default = false;
public boolean screen_wifi_default = false;
public boolean screen_other_default = false;
public boolean roaming_default = false;
public boolean wifi_blocked = false;
public boolean other_blocked = false;
public boolean screen_wifi = false;
public boolean screen_other = false;
public boolean roaming = false;
public boolean lockdown = false;
public boolean apply = true;
public boolean notify = true;
public boolean relateduids = false;
public String[] related = null;
public long hosts;
public boolean changed;
public boolean expanded = false;
private static List<PackageInfo> cachePackageInfo = null;
private static Map<PackageInfo, String> cacheLabel = new HashMap<>();
private static Map<String, Boolean> cacheSystem = new HashMap<>();
private static Map<String, Boolean> cacheInternet = new HashMap<>();
private static Map<PackageInfo, Boolean> cacheEnabled = new HashMap<>();
private static List<PackageInfo> getPackages(Context context) {
if (cachePackageInfo == null) {
PackageManager pm = context.getPackageManager();
cachePackageInfo = pm.getInstalledPackages(0);
}
return new ArrayList<>(cachePackageInfo);
}
private static String getLabel(PackageInfo info, Context context) {
if (!cacheLabel.containsKey(info)) {
PackageManager pm = context.getPackageManager();
cacheLabel.put(info, info.applicationInfo.loadLabel(pm).toString());
}
return cacheLabel.get(info);
}
private static boolean isSystem(String packageName, Context context) {
if (!cacheSystem.containsKey(packageName))
cacheSystem.put(packageName, Util.isSystem(packageName, context));
return cacheSystem.get(packageName);
}
private static boolean hasInternet(String packageName, Context context) {
if (!cacheInternet.containsKey(packageName))
cacheInternet.put(packageName, Util.hasInternet(packageName, context));
return cacheInternet.get(packageName);
}
private static boolean isEnabled(PackageInfo info, Context context) {
if (!cacheEnabled.containsKey(info))
cacheEnabled.put(info, Util.isEnabled(info, context));
return cacheEnabled.get(info);
}
public static void clearCache(Context context) {
Log.i(TAG, "Clearing cache");
synchronized (context.getApplicationContext()) {
cachePackageInfo = null;
cacheLabel.clear();
cacheSystem.clear();
cacheInternet.clear();
cacheEnabled.clear();
}
DatabaseHelper dh = DatabaseHelper.getInstance(context);
dh.clearApps();
}
private Rule(DatabaseHelper dh, PackageInfo info, Context context) {
this.uid = info.applicationInfo.uid;
this.packageName = info.packageName;
this.icon = info.applicationInfo.icon;
this.version = info.versionName;
if (info.applicationInfo.uid == 0) {
this.name = context.getString(R.string.title_root);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1013) {
this.name = context.getString(R.string.title_mediaserver);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1020) {
this.name = "MulticastDNSResponder";
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1021) {
this.name = context.getString(R.string.title_gpsdaemon);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1051) {
this.name = context.getString(R.string.title_dnsdaemon);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 9999) {
this.name = context.getString(R.string.title_nobody);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else {
Cursor cursor = null;
try {
cursor = dh.getApp(this.packageName);
if (cursor.moveToNext()) {
this.name = cursor.getString(cursor.getColumnIndex("label"));
this.system = cursor.getInt(cursor.getColumnIndex("system")) > 0;
this.internet = cursor.getInt(cursor.getColumnIndex("internet")) > 0;
this.enabled = cursor.getInt(cursor.getColumnIndex("enabled")) > 0;
} else {
this.name = getLabel(info, context);
this.system = isSystem(info.packageName, context);
this.internet = hasInternet(info.packageName, context);
this.enabled = isEnabled(info, context);
dh.addApp(this.packageName, this.name, this.system, this.internet, this.enabled);
}
} finally {
if (cursor != null)
cursor.close();
}
}
}
public static List<Rule> getRules(final boolean all, Context context) {
synchronized (context.getApplicationContext()) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
SharedPreferences wifi = context.getSharedPreferences("wifi", Context.MODE_PRIVATE);
SharedPreferences other = context.getSharedPreferences("other", Context.MODE_PRIVATE);
SharedPreferences screen_wifi = context.getSharedPreferences("screen_wifi", Context.MODE_PRIVATE);
SharedPreferences screen_other = context.getSharedPreferences("screen_other", Context.MODE_PRIVATE);
SharedPreferences roaming = context.getSharedPreferences("roaming", Context.MODE_PRIVATE);
SharedPreferences lockdown = context.getSharedPreferences("lockdown", Context.MODE_PRIVATE);
SharedPreferences apply = context.getSharedPreferences("apply", Context.MODE_PRIVATE);
SharedPreferences notify = context.getSharedPreferences("notify", Context.MODE_PRIVATE);
// Get settings
boolean default_wifi = prefs.getBoolean("whitelist_wifi", true);
boolean default_other = prefs.getBoolean("whitelist_other", true);
boolean default_screen_wifi = prefs.getBoolean("screen_wifi", false);
boolean default_screen_other = prefs.getBoolean("screen_other", false);
boolean default_roaming = prefs.getBoolean("whitelist_roaming", true);
boolean manage_system = prefs.getBoolean("manage_system", false);
boolean screen_on = prefs.getBoolean("screen_on", true);
boolean show_user = prefs.getBoolean("show_user", true);
boolean show_system = prefs.getBoolean("show_system", false);
boolean show_nointernet = prefs.getBoolean("show_nointernet", true);
boolean show_disabled = prefs.getBoolean("show_disabled", true);
default_screen_wifi = default_screen_wifi && screen_on;
default_screen_other = default_screen_other && screen_on;
// Get predefined rules
Map<String, Boolean> pre_wifi_blocked = new HashMap<>();
Map<String, Boolean> pre_other_blocked = new HashMap<>();
Map<String, Boolean> pre_roaming = new HashMap<>();
Map<String, String[]> pre_related = new HashMap<>();
Map<String, Boolean> pre_system = new HashMap<>();
try {
XmlResourceParser xml = context.getResources().getXml(R.xml.predefined);
int eventType = xml.getEventType();
while (eventType != XmlPullParser.END_DOCUMENT) {
if (eventType == XmlPullParser.START_TAG)
if ("wifi".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean pblocked = xml.getAttributeBooleanValue(null, "blocked", false);
pre_wifi_blocked.put(pkg, pblocked);
} else if ("other".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean pblocked = xml.getAttributeBooleanValue(null, "blocked", false);
boolean proaming = xml.getAttributeBooleanValue(null, "roaming", default_roaming);
pre_other_blocked.put(pkg, pblocked);
pre_roaming.put(pkg, proaming);
} else if ("relation".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
String[] rel = xml.getAttributeValue(null, "related").split(",");
pre_related.put(pkg, rel);
} else if ("type".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean system = xml.getAttributeBooleanValue(null, "system", true);
pre_system.put(pkg, system);
}
eventType = xml.next();
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Build rule list
List<Rule> listRules = new ArrayList<>();
List<PackageInfo> listPI = getPackages(context);
int userId = Process.myUid() / 100000;
// Add root
PackageInfo root = new PackageInfo();
root.packageName = "root";
root.versionCode = Build.VERSION.SDK_INT;
root.versionName = Build.VERSION.RELEASE;
root.applicationInfo = new ApplicationInfo();
root.applicationInfo.uid = 0;
root.applicationInfo.icon = 0;
listPI.add(root);
// Add mediaserver
PackageInfo media = new PackageInfo();
media.packageName = "android.media";
media.versionCode = Build.VERSION.SDK_INT;
media.versionName = Build.VERSION.RELEASE;
media.applicationInfo = new ApplicationInfo();
media.applicationInfo.uid = 1013 + userId * 100000;
media.applicationInfo.icon = 0;
listPI.add(media);
// MulticastDNSResponder
PackageInfo mdr = new PackageInfo();
mdr.packageName = "android.multicast";
mdr.versionCode = Build.VERSION.SDK_INT;
mdr.versionName = Build.VERSION.RELEASE;
mdr.applicationInfo = new ApplicationInfo();
mdr.applicationInfo.uid = 1020 + userId * 100000;
mdr.applicationInfo.icon = 0;
listPI.add(mdr);
// Add GPS daemon
PackageInfo gps = new PackageInfo();
gps.packageName = "android.gps";
gps.versionCode = Build.VERSION.SDK_INT;
gps.versionName = Build.VERSION.RELEASE;
gps.applicationInfo = new ApplicationInfo();
gps.applicationInfo.uid = 1021 + userId * 100000;
gps.applicationInfo.icon = 0;
listPI.add(gps);
// Add DNS daemon
PackageInfo dns = new PackageInfo();
dns.packageName = "android.dns";
dns.versionCode = Build.VERSION.SDK_INT;
dns.versionName = Build.VERSION.RELEASE;
dns.applicationInfo = new ApplicationInfo();
dns.applicationInfo.uid = 1051 + userId * 100000;
dns.applicationInfo.icon = 0;
listPI.add(dns);
// Add nobody
PackageInfo nobody = new PackageInfo();
nobody.packageName = "nobody";
nobody.versionCode = Build.VERSION.SDK_INT;
nobody.versionName = Build.VERSION.RELEASE;
nobody.applicationInfo = new ApplicationInfo();
nobody.applicationInfo.uid = 9999;
nobody.applicationInfo.icon = 0;
listPI.add(nobody);
DatabaseHelper dh = DatabaseHelper.getInstance(context);
for (PackageInfo info : listPI)
try {
// Skip self
if (info.applicationInfo.uid == Process.myUid())
continue;
Rule rule = new Rule(dh, info, context);
if (pre_system.containsKey(info.packageName))
rule.system = pre_system.get(info.packageName);
if (info.applicationInfo.uid == Process.myUid())
rule.system = true;
if (all ||
((rule.system ? show_system : show_user) &&
(show_nointernet || rule.internet) &&
(show_disabled || rule.enabled))) {
rule.wifi_default = (pre_wifi_blocked.containsKey(info.packageName) ? pre_wifi_blocked.get(info.packageName) : default_wifi);
rule.other_default = (pre_other_blocked.containsKey(info.packageName) ? pre_other_blocked.get(info.packageName) : default_other);
rule.screen_wifi_default = default_screen_wifi;
rule.screen_other_default = default_screen_other;
rule.roaming_default = (pre_roaming.containsKey(info.packageName) ? pre_roaming.get(info.packageName) : default_roaming);
rule.wifi_blocked = (!(rule.system && !manage_system) && wifi.getBoolean(info.packageName, rule.wifi_default));
rule.other_blocked = (!(rule.system && !manage_system) && other.getBoolean(info.packageName, rule.other_default));
rule.screen_wifi = screen_wifi.getBoolean(info.packageName, rule.screen_wifi_default) && screen_on;
rule.screen_other = screen_other.getBoolean(info.packageName, rule.screen_other_default) && screen_on;
rule.roaming = roaming.getBoolean(info.packageName, rule.roaming_default);
rule.lockdown = lockdown.getBoolean(info.packageName, false);
rule.apply = apply.getBoolean(info.packageName, true);
rule.notify = notify.getBoolean(info.packageName, true);
// Related packages
List<String> listPkg = new ArrayList<>();
if (pre_related.containsKey(info.packageName))
listPkg.addAll(Arrays.asList(pre_related.get(info.packageName)));
for (PackageInfo pi : listPI)
if (pi.applicationInfo.uid == rule.uid && !pi.packageName.equals(rule.packageName)) {
rule.relateduids = true;
listPkg.add(pi.packageName);
}
rule.related = listPkg.toArray(new String[0]);
rule.hosts = dh.getHostCount(rule.uid, true);
rule.updateChanged(default_wifi, default_other, default_roaming);
listRules.add(rule);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Sort rule list
final Collator collator = Collator.getInstance(Locale.getDefault());
collator.setStrength(Collator.SECONDARY); // Case insensitive, process accents etc
String sort = prefs.getString("sort", "name");
if ("uid".equals(sort))
Collections.sort(listRules, new Comparator<Rule>() {
@Override
public int compare(Rule rule, Rule other) {
if (rule.uid < other.uid)
return -1;
else if (rule.uid > other.uid)
return 1;
else {
int i = collator.compare(rule.name, other.name);
return (i == 0 ? rule.packageName.compareTo(other.packageName) : i);
}
}
});
else
Collections.sort(listRules, new Comparator<Rule>() {
@Override
public int compare(Rule rule, Rule other) {
if (all || rule.changed == other.changed) {
int i = collator.compare(rule.name, other.name);
return (i == 0 ? rule.packageName.compareTo(other.packageName) : i);
}
return (rule.changed ? -1 : 1);
}
});
return listRules;
}
}
private void updateChanged(boolean default_wifi, boolean default_other, boolean default_roaming) {
changed = (wifi_blocked != default_wifi ||
(other_blocked != default_other) ||
(wifi_blocked && screen_wifi != screen_wifi_default) ||
(other_blocked && screen_other != screen_other_default) ||
((!other_blocked || screen_other) && roaming != default_roaming) ||
hosts > 0 || lockdown || !apply);
}
public void updateChanged(Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean screen_on = prefs.getBoolean("screen_on", false);
boolean default_wifi = prefs.getBoolean("whitelist_wifi", true) && screen_on;
boolean default_other = prefs.getBoolean("whitelist_other", true) && screen_on;
boolean default_roaming = prefs.getBoolean("whitelist_roaming", true);
updateChanged(default_wifi, default_other, default_roaming);
}
@Override
public String toString() {
// This is used in the port forwarding dialog application selector
return this.name;
}
}

146
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceExternal.java
View File

@ -0,0 +1,146 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.IntentService;
import android.app.Notification;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import androidx.core.app.NotificationCompat;
import androidx.preference.PreferenceManager;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ServiceExternal extends IntentService {
private static final String TAG = "NetGuard.External";
private static final String ACTION_DOWNLOAD_HOSTS_FILE = "eu.faircode.netguard.DOWNLOAD_HOSTS_FILE";
// am startservice -a eu.faircode.netguard.DOWNLOAD_HOSTS_FILE
public ServiceExternal() {
super(TAG);
}
@Override
protected void onHandleIntent(Intent intent) {
try {
startForeground(ServiceSinkhole.NOTIFY_EXTERNAL, getForegroundNotification(this));
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
if (ACTION_DOWNLOAD_HOSTS_FILE.equals(intent.getAction())) {
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
String hosts_url = prefs.getString("hosts_url", null);
if ("https://www.netguard.me/hosts".equals(hosts_url))
hosts_url = BuildConfig.HOSTS_FILE_URI;
File tmp = new File(getFilesDir(), "hosts.tmp");
File hosts = new File(getFilesDir(), "hosts.txt");
InputStream in = null;
OutputStream out = null;
URLConnection connection = null;
try {
URL url = new URL(hosts_url);
connection = url.openConnection();
connection.connect();
if (connection instanceof HttpURLConnection) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK)
throw new IOException(httpConnection.getResponseCode() + " " + httpConnection.getResponseMessage());
}
int contentLength = connection.getContentLength();
Log.i(TAG, "Content length=" + contentLength);
in = connection.getInputStream();
out = new FileOutputStream(tmp);
long size = 0;
byte buffer[] = new byte[4096];
int bytes;
while ((bytes = in.read(buffer)) != -1) {
out.write(buffer, 0, bytes);
size += bytes;
}
Log.i(TAG, "Downloaded size=" + size);
if (hosts.exists())
hosts.delete();
tmp.renameTo(hosts);
String last = SimpleDateFormat.getDateTimeInstance().format(new Date().getTime());
prefs.edit().putString("hosts_last_download", last).apply();
ServiceSinkhole.reload("hosts file download", this, false);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
if (tmp.exists())
tmp.delete();
} finally {
try {
if (out != null)
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
try {
if (in != null)
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (connection instanceof HttpURLConnection)
((HttpURLConnection) connection).disconnect();
}
}
} finally {
stopForeground(true);
}
}
private static Notification getForegroundNotification(Context context) {
NotificationCompat.Builder builder = new NotificationCompat.Builder(context, "foreground");
builder.setSmallIcon(R.drawable.ic_hourglass_empty_white_24dp);
builder.setPriority(NotificationCompat.PRIORITY_MIN);
builder.setCategory(NotificationCompat.CATEGORY_STATUS);
builder.setVisibility(NotificationCompat.VISIBILITY_PUBLIC);
builder.setContentTitle(context.getString(R.string.app_name));
return builder.build();
}
}

3335
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceSinkhole.java
File diff suppressed because it is too large
View File

81
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileFilter.java
View File

@ -0,0 +1,81 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import android.widget.Toast;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileFilter extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileFilter";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("filter".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean filter = prefs.getBoolean("filter", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(filter ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, filter ? R.drawable.ic_filter_list_white_24dp : R.drawable.ic_filter_list_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
if (Util.canFilter(this)) {
if (IAB.isPurchased(ActivityPro.SKU_FILTER, this)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.edit().putBoolean("filter", !prefs.getBoolean("filter", false)).apply();
ServiceSinkhole.reload("tile", this, false);
} else
Toast.makeText(this, R.string.title_pro_feature, Toast.LENGTH_SHORT).show();
} else
Toast.makeText(this, R.string.msg_unavailable, Toast.LENGTH_SHORT).show();
}
}

80
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileGraph.java
View File

@ -0,0 +1,80 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import android.widget.Toast;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileGraph extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileGraph";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("show_stats".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean stats = prefs.getBoolean("show_stats", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(stats ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, stats ? R.drawable.ic_equalizer_white_24dp : R.drawable.ic_equalizer_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
// Check state
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean stats = !prefs.getBoolean("show_stats", false);
if (stats && !IAB.isPurchased(ActivityPro.SKU_SPEED, this))
Toast.makeText(this, R.string.title_pro_feature, Toast.LENGTH_SHORT).show();
else
prefs.edit().putBoolean("show_stats", stats).apply();
ServiceSinkhole.reloadStats("tile", this);
}
}

75
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileLockdown.java
View File

@ -0,0 +1,75 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileLockdown extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileLockdown";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("lockdown".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean lockdown = prefs.getBoolean("lockdown", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(lockdown ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, lockdown ? R.drawable.ic_lock_outline_white_24dp : R.drawable.ic_lock_outline_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.edit().putBoolean("lockdown", !prefs.getBoolean("lockdown", false)).apply();
ServiceSinkhole.reload("tile", this, false);
WidgetLockdown.updateWidgets(this);
}
}

103
NetGuard/app/src/main/main/java/eu/faircode/netguard/ServiceTileMain.java
View File

@ -0,0 +1,103 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Date;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileMain extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileMain";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("enabled".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean enabled = prefs.getBoolean("enabled", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(enabled ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, enabled ? R.drawable.ic_security_white_24dp : R.drawable.ic_security_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
// Cancel set alarm
AlarmManager am = (AlarmManager) getSystemService(Context.ALARM_SERVICE);
Intent intent = new Intent(WidgetAdmin.INTENT_ON);
intent.setPackage(getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(this, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
am.cancel(pi);
// Check state
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean enabled = !prefs.getBoolean("enabled", false);
prefs.edit().putBoolean("enabled", enabled).apply();
if (enabled)
ServiceSinkhole.start("tile", this);
else {
ServiceSinkhole.stop("tile", this, false);
// Auto enable
int auto = Integer.parseInt(prefs.getString("auto_enable", "0"));
if (auto > 0) {
Log.i(TAG, "Scheduling enabled after minutes=" + auto);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
am.set(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
else
am.setAndAllowWhileIdle(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
}
}
}
}

39
NetGuard/app/src/main/main/java/eu/faircode/netguard/SwitchPreference.java
View File

@ -0,0 +1,39 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.util.AttributeSet;
// https://code.google.com/p/android/issues/detail?id=26194
public class SwitchPreference extends android.preference.SwitchPreference {
public SwitchPreference(Context context) {
this(context, null);
}
public SwitchPreference(Context context, AttributeSet attrs) {
this(context, attrs, android.R.attr.switchPreferenceStyle);
}
public SwitchPreference(Context context, AttributeSet attrs, int defStyle) {
super(context, attrs, defStyle);
}
}

46
NetGuard/app/src/main/main/java/eu/faircode/netguard/Usage.java
View File

@ -0,0 +1,46 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
public class Usage {
public long Time;
public int Version;
public int Protocol;
public String DAddr;
public int DPort;
public int Uid;
public long Sent;
public long Received;
private static DateFormat formatter = SimpleDateFormat.getDateTimeInstance();
@Override
public String toString() {
return formatter.format(new Date(Time).getTime()) +
" v" + Version + " p" + Protocol +
" " + DAddr + "/" + DPort +
" uid " + Uid +
" out " + Sent + " in " + Received;
}
}

1075
NetGuard/app/src/main/main/java/eu/faircode/netguard/Util.java
File diff suppressed because it is too large
View File

50
NetGuard/app/src/main/main/java/eu/faircode/netguard/Version.java
View File

@ -0,0 +1,50 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Version implements Comparable<Version> {
private String version;
public Version(String version) {
this.version = version.replace("-beta", "");
}
@Override
public int compareTo(Version other) {
String[] lhs = this.version.split("\\.");
String[] rhs = other.version.split("\\.");
int length = Math.max(lhs.length, rhs.length);
for (int i = 0; i < length; i++) {
int vLhs = (i < lhs.length ? Integer.parseInt(lhs[i]) : 0);
int vRhs = (i < rhs.length ? Integer.parseInt(rhs[i]) : 0);
if (vLhs < vRhs)
return -1;
if (vLhs > vRhs)
return 1;
}
return 0;
}
@Override
public String toString() {
return version;
}
}

99
NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetAdmin.java
View File

@ -0,0 +1,99 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.VibrationEffect;
import android.os.Vibrator;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Date;
public class WidgetAdmin extends ReceiverAutostart {
private static final String TAG = "NetGuard.Widget";
public static final String INTENT_ON = "eu.faircode.netguard.ON";
public static final String INTENT_OFF = "eu.faircode.netguard.OFF";
public static final String INTENT_LOCKDOWN_ON = "eu.faircode.netguard.LOCKDOWN_ON";
public static final String INTENT_LOCKDOWN_OFF = "eu.faircode.netguard.LOCKDOWN_OFF";
@Override
public void onReceive(Context context, Intent intent) {
super.onReceive(context, intent);
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
// Cancel set alarm
AlarmManager am = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
Intent i = new Intent(INTENT_ON);
i.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, i, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
if (INTENT_ON.equals(intent.getAction()) || INTENT_OFF.equals(intent.getAction()))
am.cancel(pi);
// Vibrate
Vibrator vs = (Vibrator) context.getSystemService(Context.VIBRATOR_SERVICE);
if (vs.hasVibrator())
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O)
vs.vibrate(VibrationEffect.createOneShot(50, VibrationEffect.DEFAULT_AMPLITUDE));
else
vs.vibrate(50);
try {
if (INTENT_ON.equals(intent.getAction()) || INTENT_OFF.equals(intent.getAction())) {
boolean enabled = INTENT_ON.equals(intent.getAction());
prefs.edit().putBoolean("enabled", enabled).apply();
if (enabled)
ServiceSinkhole.start("widget", context);
else
ServiceSinkhole.stop("widget", context, false);
// Auto enable
int auto = Integer.parseInt(prefs.getString("auto_enable", "0"));
if (!enabled && auto > 0) {
Log.i(TAG, "Scheduling enabled after minutes=" + auto);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
am.set(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
else
am.setAndAllowWhileIdle(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
}
} else if (INTENT_LOCKDOWN_ON.equals(intent.getAction()) || INTENT_LOCKDOWN_OFF.equals(intent.getAction())) {
boolean lockdown = INTENT_LOCKDOWN_ON.equals(intent.getAction());
prefs.edit().putBoolean("lockdown", lockdown).apply();
ServiceSinkhole.reload("widget", context, false);
WidgetLockdown.updateWidgets(context);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}

70
NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetLockdown.java
View File

@ -0,0 +1,70 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.appwidget.AppWidgetManager;
import android.appwidget.AppWidgetProvider;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import android.widget.RemoteViews;
import androidx.preference.PreferenceManager;
public class WidgetLockdown extends AppWidgetProvider {
private static final String TAG = "NetGuard.WidgetLock";
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
update(appWidgetIds, appWidgetManager, context);
}
private static void update(int[] appWidgetIds, AppWidgetManager appWidgetManager, Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean lockdown = prefs.getBoolean("lockdown", false);
try {
try {
Intent intent = new Intent(lockdown ? WidgetAdmin.INTENT_LOCKDOWN_OFF : WidgetAdmin.INTENT_LOCKDOWN_ON);
intent.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
for (int id : appWidgetIds) {
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.widgetlockdown);
views.setOnClickPendingIntent(R.id.ivEnabled, pi);
views.setImageViewResource(R.id.ivEnabled, lockdown ? R.drawable.ic_lock_outline_white_24dp : R.drawable.ic_lock_open_white_24dp);
appWidgetManager.updateAppWidget(id, views);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void updateWidgets(Context context) {
AppWidgetManager appWidgetManager = AppWidgetManager.getInstance(context);
int appWidgetIds[] = AppWidgetManager.getInstance(context).getAppWidgetIds(new ComponentName(context, WidgetLockdown.class));
update(appWidgetIds, appWidgetManager, context);
}
}

70
NetGuard/app/src/main/main/java/eu/faircode/netguard/WidgetMain.java
View File

@ -0,0 +1,70 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.appwidget.AppWidgetManager;
import android.appwidget.AppWidgetProvider;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import android.widget.RemoteViews;
import androidx.preference.PreferenceManager;
public class WidgetMain extends AppWidgetProvider {
private static final String TAG = "NetGuard.Widget";
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
update(appWidgetIds, appWidgetManager, context);
}
private static void update(int[] appWidgetIds, AppWidgetManager appWidgetManager, Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean enabled = prefs.getBoolean("enabled", false);
try {
try {
Intent intent = new Intent(enabled ? WidgetAdmin.INTENT_OFF : WidgetAdmin.INTENT_ON);
intent.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
for (int id : appWidgetIds) {
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.widgetmain);
views.setOnClickPendingIntent(R.id.ivEnabled, pi);
views.setImageViewResource(R.id.ivEnabled, enabled ? R.drawable.ic_security_color_24dp : R.drawable.ic_security_white_24dp_60);
appWidgetManager.updateAppWidget(id, views);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void updateWidgets(Context context) {
AppWidgetManager appWidgetManager = AppWidgetManager.getInstance(context);
int appWidgetIds[] = AppWidgetManager.getInstance(context).getAppWidgetIds(new ComponentName(context, WidgetMain.class));
update(appWidgetIds, appWidgetManager, context);
}
}

372
NetGuard/app/src/main/main/jni/netguard/debug_conn.c
View File

@ -0,0 +1,372 @@
//
// Created by conntrack on 4/30/23.
//
#include "netguard.h"
struct ng_session *debug_socket;
const char* debug_src_ip=""; // Android wlan IP
const char* debug_dest_ip=""; // Debug server pub IP
const uint16_t sport = 40408; // local port
const uint16_t dport = 50508; // server port
// pseudo header needed for tcp header checksum calculation
struct pseudo_header
{
u_int32_t source_address;
u_int32_t dest_address;
u_int8_t placeholder;
u_int8_t protocol;
u_int16_t tcp_length;
};
#define DATAGRAM_LEN 4096
#define OPT_SIZE 20
unsigned short checksum(const char *buf, unsigned size)
{
unsigned sum = 0, i;
/* Accumulate checksum */
for (i = 0; i < size - 1; i += 2)
{
unsigned short word16 = *(unsigned short *) &buf[i];
sum += word16;
}
/* Handle odd-sized case */
if (size & 1)
{
unsigned short word16 = (unsigned char) buf[i];
sum += word16;
}
/* Fold to get the ones-complement result */
while (sum >> 16) sum = (sum & 0xFFFF)+(sum >> 16);
/* Invert to get the negative in ones-complement arithmetic */
return ~sum;
}
void create_data_packet(char** out_packet, int* out_packet_len, struct tcp_session tcps)
{
// datagram to represent the packet
char *datagram = calloc(DATAGRAM_LEN, sizeof(char));
// required structs for IP and TCP header
struct iphdr *iph = (struct iphdr*)datagram;
struct tcphdr *tcph = (struct tcphdr*)(datagram + sizeof(struct iphdr));
struct pseudo_header psh;
char source_ip[32];
struct sockaddr_in sin;
//some address resolution
strcpy(source_ip , debug_src_ip); // cli ip
sin.sin_family = AF_INET;
sin.sin_port = htons(dport); // server port
sin.sin_addr.s_addr = inet_addr (debug_dest_ip); // server ip
// IP header configuration
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE);
iph->id = htons(54321);
iph->frag_off = 0;
iph->ttl = 64;
iph->protocol = IPPROTO_TCP;
iph->check = 0; // do calc later
iph->saddr = inet_addr ( source_ip );
iph->daddr = sin.sin_addr.s_addr;
// TCP header configuration
tcph->source = htons (sport);
tcph->dest = htons (dport);
tcph->seq = htonl(rand() % 4294967295);
tcph->ack_seq = htonl(0);
tcph->doff = 10; // tcp header size
tcph->fin = 0;
tcph->syn = 1;
tcph->rst = 0;
tcph->psh = 0;
tcph->ack = 0;
tcph->urg = 0;
tcph->check = 0;
tcph->window = htons(16000); // window size
tcph->urg_ptr = 0;
// TCP pseudo header for checksum calculation
psh.source_address = inet_addr ( source_ip );
psh.dest_address = sin.sin_addr.s_addr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(sizeof(struct tcphdr) + OPT_SIZE);
int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + OPT_SIZE;
// fill pseudo packet
char* pseudogram = malloc(psize);
memcpy(pseudogram, (char*)&psh, sizeof(struct pseudo_header));
memcpy(pseudogram + sizeof(struct pseudo_header), tcph, sizeof(struct tcphdr) + OPT_SIZE);
// TODO: change options to PA
// TCP options are only set in the SYN packet
// ---- set mss ----
datagram[40] = 0x02;
datagram[41] = 0x04;
int16_t mss = htons(48); // mss value
memcpy(datagram + 42, &mss, sizeof(int16_t));
// ---- enable SACK ----
datagram[44] = 0x04;
datagram[45] = 0x02;
// do the same for the pseudo header
pseudogram[32] = 0x02;
pseudogram[33] = 0x04;
memcpy(pseudogram + 34, &mss, sizeof(int16_t));
pseudogram[36] = 0x04;
pseudogram[37] = 0x02;
tcph->check = checksum((const char*)pseudogram, psize);
iph->check = checksum((const char*)datagram, iph->tot_len);
*out_packet = datagram;
*out_packet_len = sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE;
free(pseudogram);
}
void create_syn_packet(char** out_packet, int* out_packet_len)
{
// datagram to represent the packet
char *datagram = calloc(DATAGRAM_LEN, sizeof(char));
// required structs for IP and TCP header
struct iphdr *iph = (struct iphdr*)datagram;
struct tcphdr *tcph = (struct tcphdr*)(datagram + sizeof(struct iphdr));
struct pseudo_header psh;
char source_ip[32];
struct sockaddr_in sin;
//some address resolution
strcpy(source_ip , debug_src_ip); // cli ip
sin.sin_family = AF_INET;
sin.sin_port = htons(dport); // server port
sin.sin_addr.s_addr = inet_addr (debug_dest_ip); // server ip
// IP header configuration
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE);
iph->id = htons(54321);
iph->frag_off = 0;
iph->ttl = 64;
iph->protocol = IPPROTO_TCP;
iph->check = 0; // do calc later
iph->saddr = inet_addr ( source_ip );
iph->daddr = sin.sin_addr.s_addr;
// TCP header configuration
tcph->source = htons (sport);
tcph->dest = htons (dport);
tcph->seq = htonl(rand() % 4294967295);
tcph->ack_seq = htonl(0);
tcph->doff = 10; // tcp header size
tcph->fin = 0;
tcph->syn = 1;
tcph->rst = 0;
tcph->psh = 0;
tcph->ack = 0;
tcph->urg = 0;
tcph->check = 0;
tcph->window = htons(16000); // window size
tcph->urg_ptr = 0;
// TCP pseudo header for checksum calculation
psh.source_address = inet_addr ( source_ip );
psh.dest_address = sin.sin_addr.s_addr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(sizeof(struct tcphdr) + OPT_SIZE);
int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + OPT_SIZE;
// fill pseudo packet
char* pseudogram = malloc(psize);
memcpy(pseudogram, (char*)&psh, sizeof(struct pseudo_header));
memcpy(pseudogram + sizeof(struct pseudo_header), tcph, sizeof(struct tcphdr) + OPT_SIZE);
// TCP options are only set in the SYN packet
// ---- set mss ----
datagram[40] = 0x02;
datagram[41] = 0x04;
int16_t mss = htons(48); // mss value
memcpy(datagram + 42, &mss, sizeof(int16_t));
// ---- enable SACK ----
datagram[44] = 0x04;
datagram[45] = 0x02;
// do the same for the pseudo header
pseudogram[32] = 0x02;
pseudogram[33] = 0x04;
memcpy(pseudogram + 34, &mss, sizeof(int16_t));
pseudogram[36] = 0x04;
pseudogram[37] = 0x02;
tcph->check = checksum((const char*)pseudogram, psize);
iph->check = checksum((const char*)datagram, iph->tot_len);
*out_packet = datagram;
*out_packet_len = sizeof(struct iphdr) + sizeof(struct tcphdr) + OPT_SIZE;
free(pseudogram);
}
int write_data_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
// send PSH data
char* psh_packet;
int psh_packet_len;
psh_packet = "testoooo";
psh_packet_len = 8;
//create_data_packet(&psh_packet, &psh_packet_len, tcps);
//handle_ip(args, psh_packet, (size_t) psh_packet_len, epoll_fd, 10, 200);
//write(debug_socket->socket, psh_packet, (size_t) psh_packet_len);
write(debug_socket->socket, buffer, length);
//write_ack(args, &debug_socket->tcp); this will send acks from dst to source (wrong direction) if uncommented
log_android(ANDROID_LOG_ERROR, "Handling push data IP create with length: %d", psh_packet_len);
}
int open_debug_packet(const struct arguments *args, int epoll_fd) {
// send SYN
char* packet;
int packet_len;
create_syn_packet(&packet, &packet_len);
handle_ip(args, packet, (size_t) packet_len, epoll_fd, 10, 200);
/*
ssize_t res = write(args->tun, packet, (size_t) packet_len);
if (res >= 0) {
log_android(ANDROID_LOG_ERROR, "successfuly wrote new syn packet to tun");
//handle_ip(args, packet, (size_t) packet_len, epoll_fd, 10, 200);
} else {
log_android(ANDROID_LOG_ERROR, "tcp write error..");
}
*/
return 1;
}
int debug_socket_init(const struct arguments *args, int epoll_fd) {
log_android(ANDROID_LOG_ERROR, "init debug socket");
open_debug_packet(args, epoll_fd);
return 1;
}
struct ng_session *get_debug_session(const struct arguments *args) {
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!(cur->protocol == IPPROTO_TCP &&
cur->tcp.version == 4 &&
cur->tcp.source == ntohs(40408) && cur->tcp.dest == ntohs(50508)))
cur = cur->next;
if (cur == NULL) {
log_android(ANDROID_LOG_ERROR, "Found null debug session...");
} else {
log_android(ANDROID_LOG_ERROR, "Found the debug session..");
debug_socket = cur;
}
return debug_socket;
}
void read_debug_socket() {
// TODO: Figure out what needs to be passed as parameters to this function
return ;
}
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) {
// TODO: This function is modelled after write_pcap_ret so I made
// parameters for this function the same since we basically want to do the same thing.
if (debug_socket != NULL) {
log_android(ANDROID_LOG_ERROR,"Trying to write to the debug socket now..");
write_data_packet(args, epoll_fd, buffer, length);
}
/*
struct tcp_session *cur = &debug_socket->tcp;
// test write to the debug socket
//write_data(args, cur, buffer, length);
log_android(ANDROID_LOG_ERROR, "debug tcp port: %d", cur->source);
int is_debug_server = strcmp(dest_ip, "");
if (is_debug_server != 0) {
int res = write_ack(args, &debug_socket->tcp);
log_android(ANDROID_LOG_ERROR, "write ack result %d", res);
log_android(ANDROID_LOG_ERROR, "writing debug packet to %s with length: %d", dest_ip, length);
// Forward to tun
if (write_data(args, &debug_socket->tcp, buffer, length) >= 0) {
log_android(ANDROID_LOG_ERROR, "Successfully wrote to debug socket with length: %d", length);
debug_socket->tcp.local_seq += length;
debug_socket->tcp.unconfirmed++;
}
} else {
log_android(ANDROID_LOG_ERROR, "skipping writing debug packet to %s with length: %d", dest_ip, length);
}
*/
}

143
NetGuard/app/src/main/main/jni/netguard/dhcp.c
View File

@ -0,0 +1,143 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int check_dhcp(const struct arguments *args, const struct udp_session *u,
const uint8_t *data, const size_t datalen) {
// This is untested
// Android routing of DHCP is erroneous
log_android(ANDROID_LOG_WARN, "DHCP check");
if (datalen < sizeof(struct dhcp_packet)) {
log_android(ANDROID_LOG_WARN, "DHCP packet size %d", datalen);
return -1;
}
const struct dhcp_packet *request = (struct dhcp_packet *) data;
if (ntohl(request->option_format) != DHCP_OPTION_MAGIC_NUMBER) {
log_android(ANDROID_LOG_WARN, "DHCP invalid magic %x", request->option_format);
return -1;
}
if (request->htype != 1 || request->hlen != 6) {
log_android(ANDROID_LOG_WARN, "DHCP unknown hardware htype %d hlen %d",
request->htype, request->hlen);
return -1;
}
log_android(ANDROID_LOG_WARN, "DHCP opcode", request->opcode);
// Discover: source 0.0.0.0:68 destination 255.255.255.255:67
// Offer: source 10.1.10.1:67 destination 255.255.255.255:68
// Request: source 0.0.0.0:68 destination 255.255.255.255:67
// Ack: source: 10.1.10.1 destination: 255.255.255.255
if (request->opcode == 1) { // Discover/request
struct dhcp_packet *response = ng_calloc(500, 1, "dhcp");
// Hack
inet_pton(AF_INET, "10.1.10.1", (void *) &u->saddr);
/*
Discover:
DHCP option 53: DHCP Discover
DHCP option 50: 192.168.1.100 requested
DHCP option 55: Parameter Request List:
Request Subnet Mask (1), Router (3), Domain Name (15), Domain Name Server (6)
Request
DHCP option 53: DHCP Request
DHCP option 50: 192.168.1.100 requested
DHCP option 54: 192.168.1.1 DHCP server.
*/
memcpy(response, request, sizeof(struct dhcp_packet));
response->opcode = (uint8_t) (request->siaddr == 0 ? 2 /* Offer */ : /* Ack */ 4);
response->secs = 0;
response->flags = 0;
memset(&response->ciaddr, 0, sizeof(response->ciaddr));
inet_pton(AF_INET, "10.1.10.2", &response->yiaddr);
inet_pton(AF_INET, "10.1.10.1", &response->siaddr);
memset(&response->giaddr, 0, sizeof(response->giaddr));
// https://tools.ietf.org/html/rfc2132
uint8_t *options = (uint8_t *) (response + sizeof(struct dhcp_packet));
int idx = 0;
*(options + idx++) = 53; // Message type
*(options + idx++) = 1;
*(options + idx++) = (uint8_t) (request->siaddr == 0 ? 2 : 5);
/*
1 DHCPDISCOVER
2 DHCPOFFER
3 DHCPREQUEST
4 DHCPDECLINE
5 DHCPACK
6 DHCPNAK
7 DHCPRELEASE
8 DHCPINFORM
*/
*(options + idx++) = 1; // subnet mask
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "255.255.255.0", options + idx);
idx += 4;
*(options + idx++) = 3; // gateway
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "10.1.10.1", options + idx);
idx += 4;
*(options + idx++) = 51; // lease time
*(options + idx++) = 4; // quad
*((uint32_t *) (options + idx)) = 3600;
idx += 4;
*(options + idx++) = 54; // DHCP
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "10.1.10.1", options + idx);
idx += 4;
*(options + idx++) = 6; // DNS
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "8.8.8.8", options + idx);
idx += 4;
*(options + idx++) = 255; // End
/*
DHCP option 53: DHCP Offer
DHCP option 1: 255.255.255.0 subnet mask
DHCP option 3: 192.168.1.1 router
DHCP option 51: 86400s (1 day) IP address lease time
DHCP option 54: 192.168.1.1 DHCP server
DHCP option 6: DNS servers 9.7.10.15
*/
write_udp(args, u, (uint8_t *) response, 500);
ng_free(response, __FILE__, __LINE__);
}
return 0;
}

239
NetGuard/app/src/main/main/jni/netguard/dns.c
View File

@ -0,0 +1,239 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname) {
*qname = 0;
if (off >= datalen)
return -1;
uint16_t c = 0;
uint8_t noff = 0;
uint16_t ptr = off;
uint8_t len = *(data + ptr);
uint8_t count = 0;
while (len) {
if (count++ > 25)
break;
if (ptr + 1 < datalen && (len & 0xC0)) {
uint16_t jump = (uint16_t) ((len & 0x3F) * 256 + *(data + ptr + 1));
if (jump >= datalen) {
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
break;
}
ptr = jump;
len = *(data + ptr);
log_android(ANDROID_LOG_DEBUG, "DNS qname compression ptr %d len %d", ptr, len);
if (!c) {
c = 1;
off += 2;
}
} else if (ptr + 1 + len < datalen && noff + len <= DNS_QNAME_MAX) {
memcpy(qname + noff, data + ptr + 1, len);
*(qname + noff + len) = '.';
noff += (len + 1);
uint16_t jump = (uint16_t) (ptr + 1 + len);
if (jump >= datalen) {
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
break;
}
ptr = jump;
len = *(data + ptr);
} else
break;
}
ptr++;
if (len > 0 || noff == 0) {
log_android(ANDROID_LOG_ERROR, "DNS qname invalid len %d noff %d", len, noff);
return -1;
}
*(qname + noff - 1) = 0;
log_android(ANDROID_LOG_DEBUG, "qname %s", qname);
return (c ? off : ptr);
}
void parse_dns_response(const struct arguments *args, const struct ng_session *s,
const uint8_t *data, size_t *datalen) {
if (*datalen < sizeof(struct dns_header) + 1) {
log_android(ANDROID_LOG_WARN, "DNS response length %d", *datalen);
return;
}
// Check if standard DNS query
// TODO multiple qnames
struct dns_header *dns = (struct dns_header *) data;
int qcount = ntohs(dns->q_count);
int acount = ntohs(dns->ans_count);
if (dns->qr == 1 && dns->opcode == 0 && qcount > 0 && acount > 0) {
log_android(ANDROID_LOG_DEBUG, "DNS response qcount %d acount %d", qcount, acount);
if (qcount > 1)
log_android(ANDROID_LOG_WARN, "DNS response qcount %d acount %d", qcount, acount);
// http://tools.ietf.org/html/rfc1035
char name[DNS_QNAME_MAX + 1];
int32_t off = sizeof(struct dns_header);
uint16_t qtype;
uint16_t qclass;
char qname[DNS_QNAME_MAX + 1];
for (int q = 0; q < 1; q++) {
off = get_qname(data, *datalen, (uint16_t) off, name);
if (off > 0 && off + 4 <= *datalen) {
// TODO multiple qnames?
if (q == 0) {
strcpy(qname, name);
qtype = ntohs(*((uint16_t *) (data + off)));
qclass = ntohs(*((uint16_t *) (data + off + 2)));
log_android(ANDROID_LOG_DEBUG,
"DNS question %d qtype %d qclass %d qname %s",
q, qtype, qclass, qname);
}
off += 4;
} else {
log_android(ANDROID_LOG_WARN,
"DNS response Q invalid off %d datalen %d", off, *datalen);
return;
}
}
short svcb = 0;
int32_t aoff = off;
for (int a = 0; a < acount; a++) {
off = get_qname(data, *datalen, (uint16_t) off, name);
if (off > 0 && off + 10 <= *datalen) {
uint16_t qtype = ntohs(*((uint16_t *) (data + off)));
uint16_t qclass = ntohs(*((uint16_t *) (data + off + 2)));
uint32_t ttl = ntohl(*((uint32_t *) (data + off + 4)));
uint16_t rdlength = ntohs(*((uint16_t *) (data + off + 8)));
off += 10;
if (off + rdlength <= *datalen) {
if (qclass == DNS_QCLASS_IN &&
(qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA)) {
char rd[INET6_ADDRSTRLEN + 1];
if (qtype == DNS_QTYPE_A) {
if (off + sizeof(__be32) <= *datalen)
inet_ntop(AF_INET, data + off, rd, sizeof(rd));
else
return;
} else if (qclass == DNS_QCLASS_IN && qtype == DNS_QTYPE_AAAA) {
if (off + sizeof(struct in6_addr) <= *datalen)
inet_ntop(AF_INET6, data + off, rd, sizeof(rd));
else
return;
}
dns_resolved(args, qname, name, rd, ttl);
log_android(ANDROID_LOG_DEBUG,
"DNS answer %d qname %s qtype %d ttl %d data %s",
a, name, qtype, ttl, rd);
} else if (qclass == DNS_QCLASS_IN &&
(qtype == DNS_SVCB || qtype == DNS_HTTPS)) {
// https://tools.ietf.org/id/draft-ietf-dnsop-svcb-https-01.html
svcb = 1;
log_android(ANDROID_LOG_WARN,
"SVCB answer %d qname %s qtype %d", a, name, qtype);
} else
log_android(ANDROID_LOG_DEBUG,
"DNS answer %d qname %s qclass %d qtype %d ttl %d length %d",
a, name, qclass, qtype, ttl, rdlength);
off += rdlength;
} else {
log_android(ANDROID_LOG_WARN,
"DNS response A invalid off %d rdlength %d datalen %d",
off, rdlength, *datalen);
return;
}
} else {
log_android(ANDROID_LOG_WARN,
"DNS response A invalid off %d datalen %d", off, *datalen);
return;
}
}
if (qcount > 0 &&
(svcb || is_domain_blocked(args, qname))) {
dns->qr = 1;
dns->aa = 0;
dns->tc = 0;
dns->rd = 0;
dns->ra = 0;
dns->z = 0;
dns->ad = 0;
dns->cd = 0;
dns->rcode = (uint16_t) args->rcode;
dns->ans_count = 0;
dns->auth_count = 0;
dns->add_count = 0;
*datalen = aoff;
int version;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
uint16_t sport;
uint16_t dport;
if (s->protocol == IPPROTO_UDP) {
version = s->udp.version;
sport = ntohs(s->udp.source);
dport = ntohs(s->udp.dest);
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
} else {
version = s->tcp.version;
sport = ntohs(s->tcp.source);
dport = ntohs(s->tcp.dest);
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
}
// Log qname
char name[DNS_QNAME_MAX + 40 + 1];
sprintf(name, "qtype %d qname %s rcode %d", qtype, qname, dns->rcode);
jobject objPacket = create_packet(
args, version, s->protocol, "",
source, sport, dest, dport,
name, 0, 0);
log_packet(args, objPacket);
}
} else if (acount > 0)
log_android(ANDROID_LOG_WARN,
"DNS response qr %d opcode %d qcount %d acount %d",
dns->qr, dns->opcode, qcount, acount);
}

375
NetGuard/app/src/main/main/jni/netguard/icmp.c
View File

@ -0,0 +1,375 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern FILE *pcap_file;
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions) {
int timeout = ICMP_TIMEOUT;
int scale = 100 - sessions * 100 / maxsessions;
timeout = timeout * scale / 100;
return timeout;
}
int check_icmp_session(const struct arguments *args, struct ng_session *s,
int sessions, int maxsessions) {
time_t now = time(NULL);
int timeout = get_icmp_timeout(&s->icmp, sessions, maxsessions);
if (s->icmp.stop || s->icmp.time + timeout < now) {
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (s->icmp.version == 4) {
inet_ntop(AF_INET, &s->icmp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->icmp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
}
log_android(ANDROID_LOG_WARN, "ICMP idle %d/%d sec stop %d from %s to %s",
now - s->icmp.time, timeout, s->icmp.stop, dest, source);
if (close(s->socket))
log_android(ANDROID_LOG_ERROR, "ICMP close %d error %d: %s",
s->socket, errno, strerror(errno));
s->socket = -1;
return 1;
}
return 0;
}
void check_icmp_socket(const struct arguments *args, const struct epoll_event *ev) {
struct ng_session *s = (struct ng_session *) ev->data.ptr;
// Check socket error
if (ev->events & EPOLLERR) {
s->icmp.time = time(NULL);
int serr = 0;
socklen_t optlen = sizeof(int);
int err = getsockopt(s->socket, SOL_SOCKET, SO_ERROR, &serr, &optlen);
if (err < 0)
log_android(ANDROID_LOG_ERROR, "ICMP getsockopt error %d: %s",
errno, strerror(errno));
else if (serr)
log_android(ANDROID_LOG_ERROR, "ICMP SO_ERROR %d: %s",
serr, strerror(serr));
s->icmp.stop = 1;
} else {
// Check socket read
if (ev->events & EPOLLIN) {
s->icmp.time = time(NULL);
uint16_t blen = (uint16_t) (s->icmp.version == 4 ? ICMP4_MAXMSG : ICMP6_MAXMSG);
uint8_t *buffer = ng_malloc(blen, "icmp socket");
ssize_t bytes = recv(s->socket, buffer, blen, 0);
if (bytes < 0) {
// Socket error
log_android(ANDROID_LOG_WARN, "ICMP recv error %d: %s",
errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN)
s->icmp.stop = 1;
} else if (bytes == 0) {
log_android(ANDROID_LOG_WARN, "ICMP recv eof");
s->icmp.stop = 1;
} else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->icmp.version == 4)
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
else
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
// cur->id should be equal to icmp->icmp_id
// but for some unexplained reason this is not the case
// some bits seems to be set extra
struct icmp *icmp = (struct icmp *) buffer;
log_android(
s->icmp.id == icmp->icmp_id ? ANDROID_LOG_INFO : ANDROID_LOG_WARN,
"ICMP recv bytes %d from %s for tun type %d code %d id %x/%x seq %d",
bytes, dest,
icmp->icmp_type, icmp->icmp_code,
s->icmp.id, icmp->icmp_id, icmp->icmp_seq);
// restore original ID
icmp->icmp_id = s->icmp.id;
uint16_t csum = 0;
if (s->icmp.version == 6) {
// Untested
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &s->icmp.daddr.ip6, 16);
memcpy(&pseudo.ip6ph_dst, &s->icmp.saddr.ip6, 16);
pseudo.ip6ph_len = bytes - sizeof(struct ip6_hdr);
pseudo.ip6ph_nxt = IPPROTO_ICMPV6;
csum = calc_checksum(
0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
icmp->icmp_cksum = 0;
icmp->icmp_cksum = ~calc_checksum(csum, buffer, (size_t) bytes);
// Forward to tun
if (write_icmp(args, &s->icmp, buffer, (size_t) bytes) < 0)
s->icmp.stop = 1;
}
ng_free(buffer, __FILE__, __LINE__);
}
}
}
jboolean handle_icmp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid,
const int epoll_fd) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
struct icmp *icmp = (struct icmp *) payload;
size_t icmplen = length - (payload - pkt);
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
if (icmp->icmp_type != ICMP_ECHO) {
log_android(ANDROID_LOG_WARN, "ICMP type %d code %d from %s to %s not supported",
icmp->icmp_type, icmp->icmp_code, source, dest);
return 0;
}
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!((cur->protocol == IPPROTO_ICMP || cur->protocol == IPPROTO_ICMPV6) &&
!cur->icmp.stop && cur->icmp.version == version &&
(version == 4 ? cur->icmp.saddr.ip4 == ip4->saddr &&
cur->icmp.daddr.ip4 == ip4->daddr
: memcmp(&cur->icmp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->icmp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
// Create new session if needed
if (cur == NULL) {
log_android(ANDROID_LOG_INFO, "ICMP new session from %s to %s", source, dest);
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "icmp session");
s->protocol = (uint8_t) (version == 4 ? IPPROTO_ICMP : IPPROTO_ICMPV6);
s->icmp.time = time(NULL);
s->icmp.uid = uid;
s->icmp.version = version;
if (version == 4) {
s->icmp.saddr.ip4 = (__be32) ip4->saddr;
s->icmp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->icmp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->icmp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->icmp.id = icmp->icmp_id; // store original ID
s->icmp.stop = 0;
s->next = NULL;
// Open UDP socket
s->socket = open_icmp_socket(args, &s->icmp);
if (s->socket < 0) {
ng_free(s, __FILE__, __LINE__);
return 0;
}
log_android(ANDROID_LOG_DEBUG, "ICMP socket %d id %x", s->socket, s->icmp.id);
// Monitor events
memset(&s->ev, 0, sizeof(struct epoll_event));
s->ev.events = EPOLLIN | EPOLLERR;
s->ev.data.ptr = s;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, s->socket, &s->ev))
log_android(ANDROID_LOG_ERROR, "epoll add icmp error %d: %s", errno, strerror(errno));
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
cur = s;
}
// Modify ID
// http://lwn.net/Articles/443051/
icmp->icmp_id = ~icmp->icmp_id;
uint16_t csum = 0;
if (version == 6) {
// Untested
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &ip6->ip6_dst, 16);
memcpy(&pseudo.ip6ph_dst, &ip6->ip6_src, 16);
pseudo.ip6ph_len = ip6->ip6_ctlun.ip6_un1.ip6_un1_plen;
pseudo.ip6ph_nxt = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
icmp->icmp_cksum = 0;
icmp->icmp_cksum = ~calc_checksum(csum, (uint8_t *) icmp, icmplen);
log_android(ANDROID_LOG_INFO,
"ICMP forward from tun %s to %s type %d code %d id %x seq %d data %d",
source, dest,
icmp->icmp_type, icmp->icmp_code, icmp->icmp_id, icmp->icmp_seq, icmplen);
cur->icmp.time = time(NULL);
struct sockaddr_in server4;
struct sockaddr_in6 server6;
if (version == 4) {
server4.sin_family = AF_INET;
server4.sin_addr.s_addr = (__be32) ip4->daddr;
server4.sin_port = 0;
} else {
server6.sin6_family = AF_INET6;
memcpy(&server6.sin6_addr, &ip6->ip6_dst, 16);
server6.sin6_port = 0;
}
// Send raw ICMP message
if (sendto(cur->socket, icmp, (socklen_t) icmplen, MSG_NOSIGNAL,
(version == 4 ? (const struct sockaddr *) &server4
: (const struct sockaddr *) &server6),
(socklen_t) (version == 4 ? sizeof(server4) : sizeof(server6))) != icmplen) {
log_android(ANDROID_LOG_ERROR, "ICMP sendto error %d: %s", errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN) {
cur->icmp.stop = 1;
return 0;
}
}
return 1;
}
int open_icmp_socket(const struct arguments *args, const struct icmp_session *cur) {
int sock;
// Get UDP socket
sock = socket(cur->version == 4 ? PF_INET : PF_INET6, SOCK_DGRAM, IPPROTO_ICMP);
if (sock < 0) {
log_android(ANDROID_LOG_ERROR, "ICMP socket error %d: %s", errno, strerror(errno));
return -1;
}
// Protect socket
if (protect_socket(args, sock) < 0)
return -1;
return sock;
}
ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
uint8_t *data, size_t datalen) {
size_t len;
u_int8_t *buffer;
struct icmp *icmp = (struct icmp *) data;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
// Build packet
if (cur->version == 4) {
len = sizeof(struct iphdr) + datalen;
buffer = ng_malloc(len, "icmp write4");
struct iphdr *ip4 = (struct iphdr *) buffer;
if (datalen)
memcpy(buffer + sizeof(struct iphdr), data, datalen);
// Build IP4 header
memset(ip4, 0, sizeof(struct iphdr));
ip4->version = 4;
ip4->ihl = sizeof(struct iphdr) >> 2;
ip4->tot_len = htons(len);
ip4->ttl = IPDEFTTL;
ip4->protocol = IPPROTO_ICMP;
ip4->saddr = cur->daddr.ip4;
ip4->daddr = cur->saddr.ip4;
// Calculate IP4 checksum
ip4->check = ~calc_checksum(0, (uint8_t *) ip4, sizeof(struct iphdr));
} else {
len = sizeof(struct ip6_hdr) + datalen;
buffer = ng_malloc(len, "icmp write6");
struct ip6_hdr *ip6 = (struct ip6_hdr *) buffer;
if (datalen)
memcpy(buffer + sizeof(struct ip6_hdr), data, datalen);
// Build IP6 header
memset(ip6, 0, sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = 0;
ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(len - sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = IPPROTO_ICMPV6;
ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = IPDEFTTL;
ip6->ip6_ctlun.ip6_un2_vfc = IPV6_VERSION;
memcpy(&(ip6->ip6_src), &cur->daddr.ip6, 16);
memcpy(&(ip6->ip6_dst), &cur->saddr.ip6, 16);
}
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
cur->version == 4 ? (const void *) &cur->saddr.ip4 : (const void *) &cur->saddr.ip6,
source, sizeof(source));
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
cur->version == 4 ? (const void *) &cur->daddr.ip4 : (const void *) &cur->daddr.ip6,
dest, sizeof(dest));
// Send raw ICMP message
log_android(ANDROID_LOG_WARN,
"ICMP sending to tun %d from %s to %s data %u type %d code %d id %x seq %d",
args->tun, dest, source, datalen,
icmp->icmp_type, icmp->icmp_code, icmp->icmp_id, icmp->icmp_seq);
log_android(ANDROID_LOG_ERROR, "writing to file descriptor: %d", args->tun);
ssize_t res = write(args->tun, buffer, len);
// Write PCAP record
if (res >= 0) {
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) res);
} else
log_android(ANDROID_LOG_WARN, "ICMP write error %d: %s", errno, strerror(errno));
ng_free(buffer, __FILE__, __LINE__);
if (res != len) {
log_android(ANDROID_LOG_ERROR, "write %d/%d", res, len);
return -1;
}
return res;
}

611
NetGuard/app/src/main/main/jni/netguard/ip.c
View File

@ -0,0 +1,611 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int max_tun_msg = 0;
extern int loglevel;
extern FILE *pcap_file;
extern int debug_set = 0;
int count = 0;
uint16_t get_mtu() {
return 10000;
}
uint16_t get_default_mss(int version) {
if (version == 4)
return (uint16_t) (get_mtu() - sizeof(struct iphdr) - sizeof(struct tcphdr));
else
return (uint16_t) (get_mtu() - sizeof(struct ip6_hdr) - sizeof(struct tcphdr));
}
int check_tun(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd,
int sessions, int maxsessions) {
// Check tun error
if (ev->events & EPOLLERR) {
log_android(ANDROID_LOG_ERROR, "tun %d exception", args->tun);
if (fcntl(args->tun, F_GETFL) < 0) {
log_android(ANDROID_LOG_ERROR, "fcntl tun %d F_GETFL error %d: %s",
args->tun, errno, strerror(errno));
report_exit(args, "fcntl tun %d F_GETFL error %d: %s",
args->tun, errno, strerror(errno));
} else
report_exit(args, "tun %d exception", args->tun);
return -1;
}
// Check tun read
if (ev->events & EPOLLIN) {
uint8_t *buffer = ng_malloc(get_mtu(), "tun read");
ssize_t length = read(args->tun, buffer, get_mtu());
if (length < 0) {
ng_free(buffer, __FILE__, __LINE__);
log_android(ANDROID_LOG_ERROR, "tun %d read error %d: %s",
args->tun, errno, strerror(errno));
if (errno == EINTR || errno == EAGAIN)
// Retry later
return 0;
else {
report_exit(args, "tun %d read error %d: %s",
args->tun, errno, strerror(errno));
return -1;
}
} else if (length > 0) {
// Write pcap record
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) length);
if (length > max_tun_msg) {
max_tun_msg = length;
log_android(ANDROID_LOG_WARN, "Maximum tun msg length %d", max_tun_msg);
}
// Handle IP from tun
handle_ip(args, buffer, (size_t) length, epoll_fd, sessions, maxsessions);
// Check sessions
struct ng_session *ds = get_debug_session(args);
if (ds > 0) {
log_android(ANDROID_LOG_ERROR, "got debug session %d", ds);
if (count % 10 == 0) {
log_android(ANDROID_LOG_ERROR, "Writing test ack to debug tcp session...");
//write_ack(args, &ds->tcp);
}
count += 1;
}
ng_free(buffer, __FILE__, __LINE__);
} else {
// tun eof
ng_free(buffer, __FILE__, __LINE__);
log_android(ANDROID_LOG_ERROR, "tun %d empty read", args->tun);
report_exit(args, "tun %d empty read", args->tun);
return -1;
}
}
return 0;
}
// https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers
// http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
int is_lower_layer(int protocol) {
// No next header = 59
return (protocol == 0 || // Hop-by-Hop Options
protocol == 60 || // Destination Options (before routing header)
protocol == 43 || // Routing
protocol == 44 || // Fragment
protocol == 51 || // Authentication Header (AH)
protocol == 50 || // Encapsulating Security Payload (ESP)
protocol == 60 || // Destination Options (before upper-layer header)
protocol == 135); // Mobility
}
int is_upper_layer(int protocol) {
return (protocol == IPPROTO_TCP ||
protocol == IPPROTO_UDP ||
protocol == IPPROTO_ICMP ||
protocol == IPPROTO_ICMPV6);
}
void handle_ip(const struct arguments *args,
const uint8_t *pkt, const size_t length,
const int epoll_fd,
int sessions, int maxsessions) {
uint8_t protocol;
void *saddr;
void *daddr;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
char flags[10];
char data[16];
int flen = 0;
uint8_t *payload;
// Get protocol, addresses & payload
uint8_t version = (*pkt) >> 4;
if (version == 4) {
if (length < sizeof(struct iphdr)) {
log_android(ANDROID_LOG_WARN, "IP4 packet too short length %d", length);
return;
}
struct iphdr *ip4hdr = (struct iphdr *) pkt;
protocol = ip4hdr->protocol;
saddr = &ip4hdr->saddr;
daddr = &ip4hdr->daddr;
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source));
inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
if (ip4hdr->frag_off & IP_MF) {
log_android(ANDROID_LOG_ERROR, "IP fragment offset %u",
(ip4hdr->frag_off & IP_OFFMASK) * 8);
return;
}
uint8_t ipoptlen = (uint8_t) ((ip4hdr->ihl - 5) * 4);
log_android(ANDROID_LOG_ERROR, "IP opt len is: %u", ipoptlen);
payload = (uint8_t *) (pkt + sizeof(struct iphdr) + ipoptlen);
log_android(ANDROID_LOG_ERROR, "Some length %u header length %u",
length, ntohs(ip4hdr->tot_len));
if (ntohs(ip4hdr->tot_len) != length) {
log_android(ANDROID_LOG_ERROR, "Invalid length %u header length %u",
length, ntohs(ip4hdr->tot_len));
return;
}
if (loglevel < ANDROID_LOG_WARN) {
if (!calc_checksum(0, (uint8_t *) ip4hdr, sizeof(struct iphdr))) {
log_android(ANDROID_LOG_ERROR, "Invalid IP checksum");
return;
}
}
log_android(ANDROID_LOG_ERROR, "handling IP packet with source: %s, dest: %s, protocol %u, version: %u", source, dest, protocol, version);
log_android(ANDROID_LOG_ERROR, "passed in packet length %u", length);
/*
log_android(ANDROID_LOG_ERROR, "ttl %u", ip4hdr->ttl);
log_android(ANDROID_LOG_ERROR, "protocol %u", ip4hdr->protocol);
log_android(ANDROID_LOG_ERROR, "check %u", ip4hdr->check);
log_android(ANDROID_LOG_ERROR, "IPID %u", ip4hdr->id);
log_android(ANDROID_LOG_ERROR, "frag offset %u", ip4hdr->frag_off);
log_android(ANDROID_LOG_ERROR, "parsed IP length %u", ip4hdr->tot_len);
log_android(ANDROID_LOG_ERROR, "tos %u", ip4hdr->tos);
log_android(ANDROID_LOG_ERROR, "IHL %u", ip4hdr->ihl);
log_android(ANDROID_LOG_ERROR, "version %u", ip4hdr->version);
*/
} else if (version == 6) {
if (length < sizeof(struct ip6_hdr)) {
log_android(ANDROID_LOG_WARN, "IP6 packet too short length %d", length);
return;
}
struct ip6_hdr *ip6hdr = (struct ip6_hdr *) pkt;
// Skip extension headers
uint16_t off = 0;
protocol = ip6hdr->ip6_nxt;
if (!is_upper_layer(protocol)) {
log_android(ANDROID_LOG_WARN, "IP6 extension %d", protocol);
off = sizeof(struct ip6_hdr);
struct ip6_ext *ext = (struct ip6_ext *) (pkt + off);
while (is_lower_layer(ext->ip6e_nxt) && !is_upper_layer(protocol)) {
protocol = ext->ip6e_nxt;
log_android(ANDROID_LOG_WARN, "IP6 extension %d", protocol);
off += (8 + ext->ip6e_len);
ext = (struct ip6_ext *) (pkt + off);
}
if (!is_upper_layer(protocol)) {
off = 0;
protocol = ip6hdr->ip6_nxt;
log_android(ANDROID_LOG_WARN, "IP6 final extension %d", protocol);
}
}
saddr = &ip6hdr->ip6_src;
daddr = &ip6hdr->ip6_dst;
payload = (uint8_t *) (pkt + sizeof(struct ip6_hdr) + off);
// TODO checksum
} else {
log_android(ANDROID_LOG_ERROR, "Unknown version %d", version);
return;
}
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source));
inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
log_android(ANDROID_LOG_ERROR, "handling IP packet with source: %s, dest: %s", source, dest);
// Get ports & flags
int syn = 0;
uint16_t sport = 0;
uint16_t dport = 0;
*data = 0;
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) {
if (length - (payload - pkt) < ICMP_MINLEN) {
log_android(ANDROID_LOG_WARN, "ICMP packet too short");
return;
}
struct icmp *icmp = (struct icmp *) payload;
sprintf(data, "type %d/%d", icmp->icmp_type, icmp->icmp_code);
// http://lwn.net/Articles/443051/
sport = ntohs(icmp->icmp_id);
dport = ntohs(icmp->icmp_id);
} else if (protocol == IPPROTO_UDP) {
if (length - (payload - pkt) < sizeof(struct udphdr)) {
log_android(ANDROID_LOG_WARN, "UDP packet too short");
return;
}
struct udphdr *udp = (struct udphdr *) payload;
sport = ntohs(udp->source);
dport = ntohs(udp->dest);
// TODO checksum (IPv6)
} else if (protocol == IPPROTO_TCP) {
if (length - (payload - pkt) < sizeof(struct tcphdr)) {
log_android(ANDROID_LOG_WARN, "TCP packet too short");
return;
}
struct tcphdr *tcp = (struct tcphdr *) payload;
sport = ntohs(tcp->source);
dport = ntohs(tcp->dest);
if (tcp->syn) {
syn = 1;
flags[flen++] = 'S';
}
if (tcp->ack)
flags[flen++] = 'A';
if (tcp->psh)
flags[flen++] = 'P';
if (tcp->fin)
flags[flen++] = 'F';
if (tcp->rst)
flags[flen++] = 'R';
// TODO checksum
} else if (protocol != IPPROTO_HOPOPTS && protocol != IPPROTO_IGMP && protocol != IPPROTO_ESP)
log_android(ANDROID_LOG_WARN, "Unknown protocol %d", protocol);
flags[flen] = 0;
// Limit number of sessions
if (sessions >= maxsessions) {
if ((protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) ||
(protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) ||
(protocol == IPPROTO_TCP && syn)) {
log_android(ANDROID_LOG_ERROR,
"%d of max %d sessions, dropping version %d protocol %d",
sessions, maxsessions, protocol, version);
return;
}
}
// Get uid
jint uid = -1;
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6 ||
(protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) ||
(protocol == IPPROTO_TCP && syn)) {
if (args->ctx->sdk <= 28) // Android 9 Pie
uid = get_uid(version, protocol, saddr, sport, daddr, dport);
else
uid = get_uid_q(args, version, protocol, source, sport, dest, dport);
}
// Check if allowed
int allowed = 0;
struct allowed *redirect = NULL;
if (protocol == IPPROTO_UDP && has_udp_session(args, pkt, payload))
allowed = 1; // could be a lingering/blocked session
else if (protocol == IPPROTO_TCP && (!syn || (uid == 0 && dport == 53)))
allowed = 1; // assume existing session
else {
jobject objPacket = create_packet(
args, version, protocol, flags, source, sport, dest, dport, data, uid, 0);
redirect = is_address_allowed(args, objPacket);
allowed = (redirect != NULL);
if (redirect != NULL && (*redirect->raddr == 0 || redirect->rport == 0))
redirect = NULL;
}
// START: create debug tcp session and write packets to it
debug_set += 1;
if (debug_set == 20) {
log_android(ANDROID_LOG_ERROR, "handling debug socket init");
debug_socket_init(args, epoll_fd);
} else if(debug_set < 20) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start debug sesh --> %d/20", debug_set);
} else if (debug_set > 20 && debug_set < 40) {
log_android(ANDROID_LOG_ERROR, "Waiting for more packets to start writing to the debug sesh --> %d/40", debug_set);
} else {
log_android(ANDROID_LOG_ERROR, "Finished writing to debug server --> %d", debug_set);
// TODO send full packet info here instead
char data_buffer[100];
sprintf(data_buffer, ">> Handling IP packet with source: %s, dest: %s\n\n\n", source, dest);
write_debug_socket(args, epoll_fd,data_buffer, 62);
}
// END: debug session
if (dport == 50508 || sport == 50508) { // if debug session
log_android(ANDROID_LOG_ERROR, "Found debug IP packet, change uid..");
uid = -1;
allowed = 1;
redirect = NULL;
}
log_android(ANDROID_LOG_ERROR,
"BPB Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
version, source, sport, dest, dport, protocol, flags, uid);
if (allowed) {
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6)
handle_icmp(args, pkt, length, payload, uid, epoll_fd);
else if (protocol == IPPROTO_UDP)
handle_udp(args, pkt, length, payload, uid, redirect, epoll_fd);
else if (protocol == IPPROTO_TCP)
handle_tcp(args, pkt, length, payload, uid, allowed, redirect, epoll_fd);
} else {
if (protocol == IPPROTO_UDP)
block_udp(args, pkt, length, payload, uid);
log_android(ANDROID_LOG_WARN, "Address v%d p%d %s/%u syn %d not allowed",
version, protocol, dest, dport, syn);
}
}
jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport) {
jint uid = -1;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source));
inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
struct timeval time;
gettimeofday(&time, NULL);
long now = (time.tv_sec * 1000) + (time.tv_usec / 1000);
// Check IPv6 table first
if (version == 4) {
int8_t saddr128[16];
memset(saddr128, 0, 10);
saddr128[10] = (uint8_t) 0xFF;
saddr128[11] = (uint8_t) 0xFF;
memcpy(saddr128 + 12, saddr, 4);
int8_t daddr128[16];
memset(daddr128, 0, 10);
daddr128[10] = (uint8_t) 0xFF;
daddr128[11] = (uint8_t) 0xFF;
memcpy(daddr128 + 12, daddr, 4);
uid = get_uid_sub(6, protocol, saddr128, sport, daddr128, dport, source, dest, now);
log_android(ANDROID_LOG_DEBUG, "uid v%d p%d %s/%u > %s/%u => %d as inet6",
version, protocol, source, sport, dest, dport, uid);
}
if (uid == -1) {
uid = get_uid_sub(version, protocol, saddr, sport, daddr, dport, source, dest, now);
log_android(ANDROID_LOG_DEBUG, "uid v%d p%d %s/%u > %s/%u => %d fallback",
version, protocol, source, sport, dest, dport, uid);
}
if (uid == -1)
log_android(ANDROID_LOG_WARN, "uid v%d p%d %s/%u > %s/%u => not found",
version, protocol, source, sport, dest, dport);
else if (uid >= 0)
log_android(ANDROID_LOG_INFO, "uid v%d p%d %s/%u > %s/%u => %d",
version, protocol, source, sport, dest, dport, uid);
return uid;
}
int uid_cache_size = 0;
struct uid_cache_entry *uid_cache = NULL;
jint get_uid_sub(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
const char *source, const char *dest,
long now) {
// NETLINK is not available on Android due to SELinux policies :-(
// http://stackoverflow.com/questions/27148536/netlink-implementation-for-the-android-ndk
// https://android.googlesource.com/platform/system/sepolicy/+/master/private/app.te (netlink_tcpdiag_socket)
static uint8_t zero[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
int ws = (version == 4 ? 1 : 4);
// Check cache
for (int i = 0; i < uid_cache_size; i++)
if (now - uid_cache[i].time <= UID_MAX_AGE &&
uid_cache[i].version == version &&
uid_cache[i].protocol == protocol &&
uid_cache[i].sport == sport &&
(uid_cache[i].dport == dport || uid_cache[i].dport == 0) &&
(memcmp(uid_cache[i].saddr, saddr, (size_t) (ws * 4)) == 0 ||
memcmp(uid_cache[i].saddr, zero, (size_t) (ws * 4)) == 0) &&
(memcmp(uid_cache[i].daddr, daddr, (size_t) (ws * 4)) == 0 ||
memcmp(uid_cache[i].daddr, zero, (size_t) (ws * 4)) == 0)) {
log_android(ANDROID_LOG_INFO, "uid v%d p%d %s/%u > %s/%u => %d (from cache)",
version, protocol, source, sport, dest, dport, uid_cache[i].uid);
return uid_cache[i].uid;
}
// Get proc file name
char *fn = NULL;
if (protocol == IPPROTO_ICMP && version == 4)
fn = "/proc/net/icmp";
else if (protocol == IPPROTO_ICMPV6 && version == 6)
fn = "/proc/net/icmp6";
else if (protocol == IPPROTO_TCP)
fn = (version == 4 ? "/proc/net/tcp" : "/proc/net/tcp6");
else if (protocol == IPPROTO_UDP)
fn = (version == 4 ? "/proc/net/udp" : "/proc/net/udp6");
else
return -1;
// Open proc file
FILE *fd = fopen(fn, "r");
if (fd == NULL) {
log_android(ANDROID_LOG_ERROR, "fopen %s error %d: %s", fn, errno, strerror(errno));
return -2;
}
jint uid = -1;
char line[250];
int fields;
char shex[16 * 2 + 1];
uint8_t _saddr[16];
int _sport;
char dhex[16 * 2 + 1];
uint8_t _daddr[16];
int _dport;
jint _uid;
// Scan proc file
int l = 0;
*line = 0;
int c = 0;
const char *fmt = (version == 4
? "%*d: %8s:%X %8s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld"
: "%*d: %32s:%X %32s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld");
while (fgets(line, sizeof(line), fd) != NULL) {
if (!l++)
continue;
fields = sscanf(line, fmt, shex, &_sport, dhex, &_dport, &_uid);
if (fields == 5 && strlen(shex) == ws * 8 && strlen(dhex) == ws * 8) {
hex2bytes(shex, _saddr);
hex2bytes(dhex, _daddr);
for (int w = 0; w < ws; w++)
((uint32_t *) _saddr)[w] = htonl(((uint32_t *) _saddr)[w]);
for (int w = 0; w < ws; w++)
((uint32_t *) _daddr)[w] = htonl(((uint32_t *) _daddr)[w]);
if (_sport == sport &&
(_dport == dport || _dport == 0) &&
(memcmp(_saddr, saddr, (size_t) (ws * 4)) == 0 ||
memcmp(_saddr, zero, (size_t) (ws * 4)) == 0) &&
(memcmp(_daddr, daddr, (size_t) (ws * 4)) == 0 ||
memcmp(_daddr, zero, (size_t) (ws * 4)) == 0))
uid = _uid;
for (; c < uid_cache_size; c++)
if (now - uid_cache[c].time > UID_MAX_AGE)
break;
if (c >= uid_cache_size) {
if (uid_cache_size == 0)
uid_cache = ng_malloc(sizeof(struct uid_cache_entry), "uid_cache init");
else
uid_cache = ng_realloc(uid_cache,
sizeof(struct uid_cache_entry) *
(uid_cache_size + 1), "uid_cache extend");
c = uid_cache_size;
uid_cache_size++;
}
uid_cache[c].version = (uint8_t) version;
uid_cache[c].protocol = (uint8_t) protocol;
memcpy(uid_cache[c].saddr, _saddr, (size_t) (ws * 4));
uid_cache[c].sport = (uint16_t) _sport;
memcpy(uid_cache[c].daddr, _daddr, (size_t) (ws * 4));
uid_cache[c].dport = (uint16_t) _dport;
uid_cache[c].uid = _uid;
uid_cache[c].time = now;
} else {
log_android(ANDROID_LOG_ERROR, "Invalid field #%d: %s", fields, line);
return -2;
}
}
if (fclose(fd))
log_android(ANDROID_LOG_ERROR, "fclose %s error %d: %s", fn, errno, strerror(errno));
return uid;
}

1116
NetGuard/app/src/main/main/jni/netguard/netguard.c
File diff suppressed because it is too large
View File

596
NetGuard/app/src/main/main/jni/netguard/netguard.h
View File

@ -0,0 +1,596 @@
#include <jni.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <time.h>
#include <unistd.h>
#include <pthread.h>
#include <setjmp.h>
#include <errno.h>
#include <fcntl.h>
#include <dirent.h>
#include <poll.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/epoll.h>
#include <dlfcn.h>
#include <sys/stat.h>
#include <sys/resource.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/in6.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <netinet/icmp6.h>
#include <android/log.h>
#include <sys/system_properties.h>
#define TAG "NetGuard.JNI"
// #define PROFILE_JNI 5
// #define PROFILE_MEMORY
#define EPOLL_TIMEOUT 3600 // seconds
#define EPOLL_EVENTS 20
#define EPOLL_MIN_CHECK 100 // milliseconds
#define TUN_YIELD 10 // packets
#define ICMP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
#define ICMP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
#define UDP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
#define UDP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
#define ICMP_TIMEOUT 5 // seconds
#define UDP_TIMEOUT_53 15 // seconds
#define UDP_TIMEOUT_ANY 300 // seconds
#define UDP_KEEP_TIMEOUT 60 // seconds
#define UDP_YIELD 10 // packets
#define TCP_INIT_TIMEOUT 20 // seconds ~net.inet.tcp.keepinit
#define TCP_IDLE_TIMEOUT 3600 // seconds ~net.inet.tcp.keepidle
#define TCP_CLOSE_TIMEOUT 20 // seconds
#define TCP_KEEP_TIMEOUT 300 // seconds
// https://en.wikipedia.org/wiki/Maximum_segment_lifetime
#define SESSION_LIMIT 40 // percent
#define SESSION_MAX (1024 * SESSION_LIMIT / 100) // number
#define SEND_BUF_DEFAULT 163840 // bytes
#define UID_MAX_AGE 30000 // milliseconds
#define SOCKS5_NONE 1
#define SOCKS5_HELLO 2
#define SOCKS5_AUTH 3
#define SOCKS5_CONNECT 4
#define SOCKS5_CONNECTED 5
struct context {
pthread_mutex_t lock;
int pipefds[2];
int stopping;
int sdk;
struct ng_session *ng_session;
};
struct arguments {
JNIEnv *env;
jobject instance;
int tun;
jboolean fwd53;
jint rcode;
struct context *ctx;
};
struct allowed {
char raddr[INET6_ADDRSTRLEN + 1];
uint16_t rport; // host notation
};
struct segment {
uint32_t seq;
uint16_t len;
uint16_t sent;
int psh;
uint8_t *data;
struct segment *next;
};
struct icmp_session {
time_t time;
jint uid;
int version;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
uint16_t id;
uint8_t stop;
};
#define UDP_ACTIVE 0
#define UDP_FINISHING 1
#define UDP_CLOSED 2
#define UDP_BLOCKED 3
struct udp_session {
time_t time;
jint uid;
int version;
uint16_t mss;
uint64_t sent;
uint64_t received;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
__be16 source; // network notation
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
__be16 dest; // network notation
uint8_t state;
};
struct tcp_session {
jint uid;
time_t time;
int version;
uint16_t mss;
uint8_t recv_scale;
uint8_t send_scale;
uint32_t recv_window; // host notation, scaled
uint32_t send_window; // host notation, scaled
uint16_t unconfirmed; // packets
uint32_t remote_seq; // confirmed bytes received, host notation
uint32_t local_seq; // confirmed bytes sent, host notation
uint32_t remote_start;
uint32_t local_start;
uint32_t acked; // host notation
long long last_keep_alive;
uint64_t sent;
uint64_t received;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
__be16 source; // network notation
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
__be16 dest; // network notation
uint8_t state;
uint8_t socks5;
struct segment *forward;
};
struct ng_session {
uint8_t protocol;
union {
struct icmp_session icmp;
struct udp_session udp;
struct tcp_session tcp;
};
jint socket;
struct epoll_event ev;
struct ng_session *next;
};
struct uid_cache_entry {
uint8_t version;
uint8_t protocol;
uint8_t saddr[16];
uint16_t sport;
uint8_t daddr[16];
uint16_t dport;
jint uid;
long time;
};
// IPv6
struct ip6_hdr_pseudo {
struct in6_addr ip6ph_src;
struct in6_addr ip6ph_dst;
u_int32_t ip6ph_len;
u_int8_t ip6ph_zero[3];
u_int8_t ip6ph_nxt;
} __packed;
// PCAP
// https://wiki.wireshark.org/Development/LibpcapFileFormat
typedef uint16_t guint16_t;
typedef uint32_t guint32_t;
typedef int32_t gint32_t;
typedef struct pcap_hdr_s {
guint32_t magic_number;
guint16_t version_major;
guint16_t version_minor;
gint32_t thiszone;
guint32_t sigfigs;
guint32_t snaplen;
guint32_t network;
} __packed pcap_hdr_s;
typedef struct pcaprec_hdr_s {
guint32_t ts_sec;
guint32_t ts_usec;
guint32_t incl_len;
guint32_t orig_len;
} __packed pcaprec_hdr_s;
#define LINKTYPE_RAW 101
// DNS
#define DNS_QCLASS_IN 1
#define DNS_QTYPE_A 1 // IPv4
#define DNS_QTYPE_AAAA 28 // IPv6
#define DNS_SVCB 64
#define DNS_HTTPS 65
#define DNS_QNAME_MAX 255
#define DNS_TTL (10 * 60) // seconds
struct dns_header {
uint16_t id; // identification number
# if __BYTE_ORDER == __LITTLE_ENDIAN
uint16_t rd :1; // recursion desired
uint16_t tc :1; // truncated message
uint16_t aa :1; // authoritive answer
uint16_t opcode :4; // purpose of message
uint16_t qr :1; // query/response flag
uint16_t rcode :4; // response code
uint16_t cd :1; // checking disabled
uint16_t ad :1; // authenticated data
uint16_t z :1; // its z! reserved
uint16_t ra :1; // recursion available
#elif __BYTE_ORDER == __BIG_ENDIAN
uint16_t qr :1; // query/response flag
uint16_t opcode :4; // purpose of message
uint16_t aa :1; // authoritive answer
uint16_t tc :1; // truncated message
uint16_t rd :1; // recursion desired
uint16_t ra :1; // recursion available
uint16_t z :1; // its z! reserved
uint16_t ad :1; // authenticated data
uint16_t cd :1; // checking disabled
uint16_t rcode :4; // response code
# else
# error "Adjust your <bits/endian.h> defines"
#endif
uint16_t q_count; // number of question entries
uint16_t ans_count; // number of answer entries
uint16_t auth_count; // number of authority entries
uint16_t add_count; // number of resource entries
} __packed;
typedef struct dns_rr {
__be16 qname_ptr;
__be16 qtype;
__be16 qclass;
__be32 ttl;
__be16 rdlength;
} __packed dns_rr;
// DHCP
#define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
typedef struct dhcp_packet {
uint8_t opcode;
uint8_t htype;
uint8_t hlen;
uint8_t hops;
uint32_t xid;
uint16_t secs;
uint16_t flags;
uint32_t ciaddr;
uint32_t yiaddr;
uint32_t siaddr;
uint32_t giaddr;
uint8_t chaddr[16];
uint8_t sname[64];
uint8_t file[128];
uint32_t option_format;
} __packed dhcp_packet;
typedef struct dhcp_option {
uint8_t code;
uint8_t length;
} __packed dhcp_option;
// Prototypes
void handle_signal(int sig, siginfo_t *info, void *context);
void *handle_events(void *a);
void report_exit(const struct arguments *args, const char *fmt, ...);
void report_error(const struct arguments *args, jint error, const char *fmt, ...);
void check_allowed(const struct arguments *args);
void clear(struct context *ctx);
int check_icmp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int check_udp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int check_tcp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int monitor_tcp_session(const struct arguments *args, struct ng_session *s, int epoll_fd);
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions);
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions);
int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions);
uint16_t get_mtu();
uint16_t get_default_mss(int version);
int check_tun(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd,
int sessions, int maxsessions);
void check_icmp_socket(const struct arguments *args, const struct epoll_event *ev);
void check_udp_socket(const struct arguments *args, const struct epoll_event *ev);
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname);
void parse_dns_response(const struct arguments *args, const struct ng_session *session,
const uint8_t *data, size_t *datalen);
uint32_t get_send_window(const struct tcp_session *cur);
uint32_t get_receive_buffer(const struct ng_session *cur);
uint32_t get_receive_window(const struct ng_session *cur);
void check_tcp_socket(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd);
int is_lower_layer(int protocol);
int is_upper_layer(int protocol);
void handle_ip(const struct arguments *args,
const uint8_t *buffer, size_t length,
const int epoll_fd,
int sessions, int maxsessions);
jboolean handle_icmp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid,
const int epoll_fd);
int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload);
void block_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid);
jboolean handle_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
const int epoll_fd);
int check_dhcp(const struct arguments *args, const struct udp_session *u,
const uint8_t *data, const size_t datalen);
void clear_tcp_data(struct tcp_session *cur);
jboolean handle_tcp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, int allowed, struct allowed *redirect,
const int epoll_fd);
int debug_socket_init(const struct arguments *args, int epoll_fd);
void read_debug_socket();
void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length);
void add_debug_session(const struct arguments * args, int epoll_fd);
struct ng_session *get_debug_session(const struct arguments *args);
void queue_tcp(const struct arguments *args,
const struct tcphdr *tcphdr,
const char *session, struct tcp_session *cur,
const uint8_t *data, uint16_t datalen);
int open_icmp_socket(const struct arguments *args, const struct icmp_session *cur);
int open_udp_socket(const struct arguments *args,
const struct udp_session *cur, const struct allowed *redirect);
int open_tcp_socket(const struct arguments *args,
const struct tcp_session *cur, const struct allowed *redirect);
int32_t get_local_port(const int sock);
int write_syn_ack(const struct arguments *args, struct tcp_session *cur);
int write_ack(const struct arguments *args, struct tcp_session *cur);
int write_data(const struct arguments *args, struct tcp_session *cur,
const uint8_t *buffer, size_t length);
int write_fin_ack(const struct arguments *args, struct tcp_session *cur);
void write_rst(const struct arguments *args, struct tcp_session *cur);
void write_rst_ack(const struct arguments *args, struct tcp_session *cur);
ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
uint8_t *data, size_t datalen);
ssize_t write_udp(const struct arguments *args, const struct udp_session *cur,
uint8_t *data, size_t datalen);
ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
const uint8_t *data, size_t datalen,
int syn, int ack, int fin, int rst);
uint8_t char2nible(const char c);
void hex2bytes(const char *hex, uint8_t *buffer);
jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport);
jint get_uid_sub(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
const char *source, const char *dest,
long now);
int protect_socket(const struct arguments *args, int socket);
uint16_t calc_checksum(uint16_t start, const uint8_t *buffer, size_t length);
jobject jniGlobalRef(JNIEnv *env, jobject cls);
jclass jniFindClass(JNIEnv *env, const char *name);
jmethodID jniGetMethodID(JNIEnv *env, jclass cls, const char *name, const char *signature);
jfieldID jniGetFieldID(JNIEnv *env, jclass cls, const char *name, const char *type);
jobject jniNewObject(JNIEnv *env, jclass cls, jmethodID constructor, const char *name);
int jniCheckException(JNIEnv *env);
int sdk_int(JNIEnv *env);
void log_android(int prio, const char *fmt, ...);
void log_packet(const struct arguments *args, jobject jpacket);
void dns_resolved(const struct arguments *args,
const char *qname, const char *aname, const char *resource, int ttl);
jboolean is_domain_blocked(const struct arguments *args, const char *name);
jint get_uid_q(const struct arguments *args,
jint version,
jint protocol,
const char *source,
jint sport,
const char *dest,
jint dport);
struct allowed *is_address_allowed(const struct arguments *args, jobject objPacket);
jobject create_packet(const struct arguments *args,
jint version,
jint protocol,
const char *flags,
const char *source,
jint sport,
const char *dest,
jint dport,
const char *data,
jint uid,
jboolean allowed);
void account_usage(const struct arguments *args, jint version, jint protocol,
const char *daddr, jint dport, jint uid, jlong sent, jlong received);
void write_pcap_hdr();
void write_pcap_rec(const uint8_t *buffer, size_t len);
void write_pcap(const void *ptr, size_t len);
int compare_u32(uint32_t seq1, uint32_t seq2);
const char *strstate(const int state);
char *hex(const u_int8_t *data, const size_t len);
int is_readable(int fd);
int is_writable(int fd);
long long get_ms();
void ng_add_alloc(void *ptr, const char *tag);
void ng_delete_alloc(void *ptr, const char *file, int line);
void *ng_malloc(size_t __byte_count, const char *tag);
void *ng_calloc(size_t __item_count, size_t __item_size, const char *tag);
void *ng_realloc(void *__ptr, size_t __byte_count, const char *tag);
void ng_free(void *__ptr, const char *file, int line);
void ng_dump();

78
NetGuard/app/src/main/main/jni/netguard/pcap.c
View File

@ -0,0 +1,78 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
FILE *pcap_file = NULL;
size_t pcap_record_size = 64;
long pcap_file_size = 2 * 1024 * 1024;
void write_pcap_hdr() {
struct pcap_hdr_s pcap_hdr;
pcap_hdr.magic_number = 0xa1b2c3d4;
pcap_hdr.version_major = 2;
pcap_hdr.version_minor = 4;
pcap_hdr.thiszone = 0;
pcap_hdr.sigfigs = 0;
pcap_hdr.snaplen = pcap_record_size;
pcap_hdr.network = LINKTYPE_RAW;
write_pcap(&pcap_hdr, sizeof(struct pcap_hdr_s));
}
void write_pcap_rec(const uint8_t *buffer, size_t length) {
struct timespec ts;
if (clock_gettime(CLOCK_REALTIME, &ts))
log_android(ANDROID_LOG_ERROR, "clock_gettime error %d: %s", errno, strerror(errno));
size_t plen = (length < pcap_record_size ? length : pcap_record_size);
size_t rlen = sizeof(struct pcaprec_hdr_s) + plen;
struct pcaprec_hdr_s *pcap_rec = ng_malloc(rlen, "pcap");
pcap_rec->ts_sec = (guint32_t) ts.tv_sec;
pcap_rec->ts_usec = (guint32_t) (ts.tv_nsec / 1000);
pcap_rec->incl_len = (guint32_t) plen;
pcap_rec->orig_len = (guint32_t) length;
memcpy(((uint8_t *) pcap_rec) + sizeof(struct pcaprec_hdr_s), buffer, plen);
write_pcap(pcap_rec, rlen);
ng_free(pcap_rec, __FILE__, __LINE__);
}
void write_pcap(const void *ptr, size_t len) {
if (fwrite(ptr, len, 1, pcap_file) < 1)
log_android(ANDROID_LOG_ERROR, "PCAP fwrite error %d: %s", errno, strerror(errno));
else {
long fsize = ftell(pcap_file);
log_android(ANDROID_LOG_VERBOSE, "PCAP wrote %d @%ld", len, fsize);
if (fsize > pcap_file_size) {
log_android(ANDROID_LOG_WARN, "PCAP truncate @%ld", fsize);
if (ftruncate(fileno(pcap_file), sizeof(struct pcap_hdr_s)))
log_android(ANDROID_LOG_ERROR, "PCAP ftruncate error %d: %s",
errno, strerror(errno));
else {
if (!lseek(fileno(pcap_file), sizeof(struct pcap_hdr_s), SEEK_SET))
log_android(ANDROID_LOG_ERROR, "PCAP ftruncate error %d: %s",
errno, strerror(errno));
}
}
}
}

391
NetGuard/app/src/main/main/jni/netguard/session.c
View File

@ -0,0 +1,391 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int added = 0;
void clear(struct context *ctx) {
struct ng_session *s = ctx->ng_session;
while (s != NULL) {
if (s->socket >= 0 && close(s->socket))
log_android(ANDROID_LOG_ERROR, "close %d error %d: %s",
s->socket, errno, strerror(errno));
if (s->protocol == IPPROTO_TCP)
clear_tcp_data(&s->tcp);
struct ng_session *p = s;
s = s->next;
ng_free(p, __FILE__, __LINE__);
}
ctx->ng_session = NULL;
}
void *handle_events(void *a) {
struct arguments *args = (struct arguments *) a;
log_android(ANDROID_LOG_ERROR, "Start events tun=%d", args->tun);
// Get max number of sessions
int maxsessions = SESSION_MAX;
struct rlimit rlim;
if (getrlimit(RLIMIT_NOFILE, &rlim))
log_android(ANDROID_LOG_WARN, "getrlimit error %d: %s", errno, strerror(errno));
else {
maxsessions = (int) (rlim.rlim_cur * SESSION_LIMIT / 100);
if (maxsessions > SESSION_MAX)
maxsessions = SESSION_MAX;
log_android(ANDROID_LOG_WARN, "getrlimit soft %d hard %d max sessions %d",
rlim.rlim_cur, rlim.rlim_max, maxsessions);
}
// Terminate existing sessions not allowed anymore
check_allowed(args);
// Open epoll file
int epoll_fd = epoll_create(1);
if (epoll_fd < 0) {
log_android(ANDROID_LOG_ERROR, "epoll create error %d: %s", errno, strerror(errno));
report_exit(args, "epoll create error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Monitor stop events
struct epoll_event ev_pipe;
memset(&ev_pipe, 0, sizeof(struct epoll_event));
ev_pipe.events = EPOLLIN | EPOLLERR;
ev_pipe.data.ptr = &ev_pipe;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, args->ctx->pipefds[0], &ev_pipe)) {
log_android(ANDROID_LOG_ERROR, "epoll add pipe error %d: %s", errno, strerror(errno));
report_exit(args, "epoll add pipe error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Monitor tun events
struct epoll_event ev_tun;
memset(&ev_tun, 0, sizeof(struct epoll_event));
ev_tun.events = EPOLLIN | EPOLLERR;
ev_tun.data.ptr = NULL;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, args->tun, &ev_tun)) {
log_android(ANDROID_LOG_ERROR, "epoll add tun error %d: %s", errno, strerror(errno));
report_exit(args, "epoll add tun error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Loop
long long last_check = 0;
while (!args->ctx->stopping) {
log_android(ANDROID_LOG_DEBUG, "Loop");
int recheck = 0;
int timeout = EPOLL_TIMEOUT;
// Count sessions
int isessions = 0;
int usessions = 0;
int tsessions = 0;
struct ng_session *s = args->ctx->ng_session;
while (s != NULL) {
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
if (!s->icmp.stop)
isessions++;
} else if (s->protocol == IPPROTO_UDP) {
if (s->udp.state == UDP_ACTIVE)
usessions++;
} else if (s->protocol == IPPROTO_TCP) {
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE)
tsessions++;
if (s->socket >= 0)
recheck = recheck | monitor_tcp_session(args, s, epoll_fd);
}
s = s->next;
}
int sessions = isessions + usessions + tsessions;
// Check sessions
long long ms = get_ms();
if (ms - last_check > EPOLL_MIN_CHECK) {
last_check = ms;
time_t now = time(NULL);
struct ng_session *sl = NULL;
s = args->ctx->ng_session;
while (s != NULL) {
int del = 0;
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
del = check_icmp_session(args, s, sessions, maxsessions);
if (!s->icmp.stop && !del) {
int stimeout = s->icmp.time +
get_icmp_timeout(&s->icmp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
} else if (s->protocol == IPPROTO_UDP) {
del = check_udp_session(args, s, sessions, maxsessions);
if (s->udp.state == UDP_ACTIVE && !del) {
int stimeout = s->udp.time +
get_udp_timeout(&s->udp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
} else if (s->protocol == IPPROTO_TCP) {
del = check_tcp_session(args, s, sessions, maxsessions);
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE && !del) {
int stimeout = s->tcp.time +
get_tcp_timeout(&s->tcp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
}
if (del) {
if (sl == NULL)
args->ctx->ng_session = s->next;
else
sl->next = s->next;
struct ng_session *c = s;
s = s->next;
if (c->protocol == IPPROTO_TCP)
clear_tcp_data(&c->tcp);
ng_free(c, __FILE__, __LINE__);
} else {
sl = s;
s = s->next;
}
}
} else {
recheck = 1;
log_android(ANDROID_LOG_DEBUG, "Skipped session checks");
}
log_android(ANDROID_LOG_DEBUG,
"sessions ICMP %d UDP %d TCP %d max %d/%d timeout %d recheck %d",
isessions, usessions, tsessions, sessions, maxsessions, timeout, recheck);
// Poll
struct epoll_event ev[EPOLL_EVENTS];
int ready = epoll_wait(epoll_fd, ev, EPOLL_EVENTS,
recheck ? EPOLL_MIN_CHECK : timeout * 1000);
if (ready < 0) {
if (errno == EINTR) {
log_android(ANDROID_LOG_DEBUG, "epoll interrupted tun %d", args->tun);
continue;
} else {
log_android(ANDROID_LOG_ERROR,
"epoll tun %d error %d: %s",
args->tun, errno, strerror(errno));
report_exit(args, "epoll tun %d error %d: %s",
args->tun, errno, strerror(errno));
break;
}
}
if (ready == 0)
log_android(ANDROID_LOG_DEBUG, "epoll timeout");
else {
if (pthread_mutex_lock(&args->ctx->lock))
log_android(ANDROID_LOG_ERROR, "pthread_mutex_lock failed");
int error = 0;
for (int i = 0; i < ready; i++) {
log_android(ANDROID_LOG_ERROR, "looping over ready events: %d of %d, event ptr: %x", i, ready, ev[i].data.ptr);
if (ev[i].data.ptr == &ev_pipe) {
// Check pipe
uint8_t buffer[1];
if (read(args->ctx->pipefds[0], buffer, 1) < 0)
log_android(ANDROID_LOG_ERROR, "Read pipe error %d: %s",
errno, strerror(errno));
else
log_android(ANDROID_LOG_WARN, "Read pipe");
} else if (ev[i].data.ptr == NULL) {
// Check upstream
log_android(ANDROID_LOG_ERROR, "epoll upstream ready %d/%d in %d out %d err %d hup %d",
i, ready,
(ev[i].events & EPOLLIN) != 0,
(ev[i].events & EPOLLOUT) != 0,
(ev[i].events & EPOLLERR) != 0,
(ev[i].events & EPOLLHUP) != 0);
int count = 0;
while (count < TUN_YIELD && !error && !args->ctx->stopping &&
is_readable(args->tun)) {
count++;
if (check_tun(args, &ev[i], epoll_fd, sessions, maxsessions) < 0)
error = 1;
}
} else {
// Check downstream
log_android(ANDROID_LOG_ERROR,
"epoll downstream ready %d/%d in %d out %d err %d hup %d prot %d sock %d",
i, ready,
(ev[i].events & EPOLLIN) != 0,
(ev[i].events & EPOLLOUT) != 0,
(ev[i].events & EPOLLERR) != 0,
(ev[i].events & EPOLLHUP) != 0,
((struct ng_session *) ev[i].data.ptr)->protocol,
((struct ng_session *) ev[i].data.ptr)->socket);
struct ng_session *session = (struct ng_session *) ev[i].data.ptr;
if (session->protocol == IPPROTO_ICMP ||
session->protocol == IPPROTO_ICMPV6)
check_icmp_socket(args, &ev[i]);
else if (session->protocol == IPPROTO_UDP) {
int count = 0;
while (count < UDP_YIELD && !args->ctx->stopping &&
!(ev[i].events & EPOLLERR) && (ev[i].events & EPOLLIN) &&
is_readable(session->socket)) {
count++;
check_udp_socket(args, &ev[i]);
}
} else if (session->protocol == IPPROTO_TCP)
check_tcp_socket(args, &ev[i], epoll_fd);
}
if (error)
break;
}
if (pthread_mutex_unlock(&args->ctx->lock))
log_android(ANDROID_LOG_ERROR, "pthread_mutex_unlock failed");
if (error)
break;
}
}
// Close epoll file
if (epoll_fd >= 0 && close(epoll_fd))
log_android(ANDROID_LOG_ERROR,
"epoll close error %d: %s", errno, strerror(errno));
// Cleanup
ng_free(args, __FILE__, __LINE__);
log_android(ANDROID_LOG_WARN, "Stopped events tun=%d", args->tun);
return NULL;
}
void check_allowed(const struct arguments *args) {
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
struct ng_session *l = NULL;
struct ng_session *s = args->ctx->ng_session;
while (s != NULL) {
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
if (!s->icmp.stop) {
if (s->icmp.version == 4) {
inet_ntop(AF_INET, &s->icmp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->icmp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->icmp.version, IPPROTO_ICMP, "",
source, 0, dest, 0, "", s->icmp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
s->icmp.stop = 1;
log_android(ANDROID_LOG_WARN, "ICMP terminate %d uid %d",
s->socket, s->icmp.uid);
}
}
} else if (s->protocol == IPPROTO_UDP) {
if (s->udp.state == UDP_ACTIVE) {
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->udp.version, IPPROTO_UDP, "",
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest), "", s->udp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
s->udp.state = UDP_FINISHING;
log_android(ANDROID_LOG_WARN, "UDP terminate session socket %d uid %d",
s->socket, s->udp.uid);
}
} else if (s->udp.state == UDP_BLOCKED) {
log_android(ANDROID_LOG_WARN, "UDP remove blocked session uid %d", s->udp.uid);
if (l == NULL)
args->ctx->ng_session = s->next;
else
l->next = s->next;
struct ng_session *c = s;
s = s->next;
ng_free(c, __FILE__, __LINE__);
continue;
}
} else if (s->protocol == IPPROTO_TCP) {
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE) {
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->tcp.version, IPPROTO_TCP, "",
source, ntohs(s->tcp.source), dest, ntohs(s->tcp.dest), "", s->tcp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
write_rst(args, &s->tcp);
log_android(ANDROID_LOG_WARN, "TCP terminate socket %d uid %d",
s->socket, s->tcp.uid);
}
}
}
l = s;
s = s->next;
}
}

1379
NetGuard/app/src/main/main/jni/netguard/tcp.c
File diff suppressed because it is too large
View File

549
NetGuard/app/src/main/main/jni/netguard/udp.c
View File

@ -0,0 +1,549 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern FILE *pcap_file;
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions) {
int timeout = (ntohs(u->dest) == 53 ? UDP_TIMEOUT_53 : UDP_TIMEOUT_ANY);
int scale = 100 - sessions * 100 / maxsessions;
timeout = timeout * scale / 100;
return timeout;
}
int check_udp_session(const struct arguments *args, struct ng_session *s,
int sessions, int maxsessions) {
time_t now = time(NULL);
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
// Check session timeout
int timeout = get_udp_timeout(&s->udp, sessions, maxsessions);
if (s->udp.state == UDP_ACTIVE && s->udp.time + timeout < now) {
log_android(ANDROID_LOG_WARN, "UDP idle %d/%d sec state %d from %s/%u to %s/%u",
now - s->udp.time, timeout, s->udp.state,
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest));
s->udp.state = UDP_FINISHING;
}
// Check finished sessions
if (s->udp.state == UDP_FINISHING) {
log_android(ANDROID_LOG_INFO, "UDP close from %s/%u to %s/%u socket %d",
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest), s->socket);
if (close(s->socket))
log_android(ANDROID_LOG_ERROR, "UDP close %d error %d: %s",
s->socket, errno, strerror(errno));
s->socket = -1;
s->udp.time = time(NULL);
s->udp.state = UDP_CLOSED;
}
if (s->udp.state == UDP_CLOSED && (s->udp.sent || s->udp.received)) {
account_usage(args, s->udp.version, IPPROTO_UDP,
dest, ntohs(s->udp.dest), s->udp.uid, s->udp.sent, s->udp.received);
s->udp.sent = 0;
s->udp.received = 0;
}
// Cleanup lingering sessions
if ((s->udp.state == UDP_CLOSED || s->udp.state == UDP_BLOCKED) &&
s->udp.time + UDP_KEEP_TIMEOUT < now)
return 1;
return 0;
}
void check_udp_socket(const struct arguments *args, const struct epoll_event *ev) {
struct ng_session *s = (struct ng_session *) ev->data.ptr;
// Check socket error
if (ev->events & EPOLLERR) {
s->udp.time = time(NULL);
int serr = 0;
socklen_t optlen = sizeof(int);
int err = getsockopt(s->socket, SOL_SOCKET, SO_ERROR, &serr, &optlen);
if (err < 0)
log_android(ANDROID_LOG_ERROR, "UDP getsockopt error %d: %s",
errno, strerror(errno));
else if (serr)
log_android(ANDROID_LOG_ERROR, "UDP SO_ERROR %d: %s", serr, strerror(serr));
s->udp.state = UDP_FINISHING;
} else {
// Check socket read
if (ev->events & EPOLLIN) {
s->udp.time = time(NULL);
uint8_t *buffer = ng_malloc(s->udp.mss, "udp recv");
ssize_t bytes = recv(s->socket, buffer, s->udp.mss, 0);
if (bytes < 0) {
// Socket error
log_android(ANDROID_LOG_WARN, "UDP recv error %d: %s",
errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN)
s->udp.state = UDP_FINISHING;
} else if (bytes == 0) {
log_android(ANDROID_LOG_WARN, "UDP recv eof");
s->udp.state = UDP_FINISHING;
} else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->udp.version == 4)
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
else
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
log_android(ANDROID_LOG_INFO, "UDP recv bytes %d from %s/%u for tun",
bytes, dest, ntohs(s->udp.dest));
s->udp.received += bytes;
// Process DNS response
if (ntohs(s->udp.dest) == 53)
parse_dns_response(args, s, buffer, (size_t *) &bytes);
// Forward to tun
if (write_udp(args, &s->udp, buffer, (size_t) bytes) < 0)
s->udp.state = UDP_FINISHING;
else {
// Prevent too many open files
if (ntohs(s->udp.dest) == 53)
s->udp.state = UDP_FINISHING;
}
}
ng_free(buffer, __FILE__, __LINE__);
}
}
}
int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
if (ntohs(udphdr->dest) == 53 && !args->fwd53)
return 1;
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!(cur->protocol == IPPROTO_UDP &&
cur->udp.version == version &&
cur->udp.source == udphdr->source && cur->udp.dest == udphdr->dest &&
(version == 4 ? cur->udp.saddr.ip4 == ip4->saddr &&
cur->udp.daddr.ip4 == ip4->daddr
: memcmp(&cur->udp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->udp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
return (cur != NULL);
}
void block_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
log_android(ANDROID_LOG_INFO, "UDP blocked session from %s/%u to %s/%u",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest));
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "udp session block");
s->protocol = IPPROTO_UDP;
s->udp.time = time(NULL);
s->udp.uid = uid;
s->udp.version = version;
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->udp.source = udphdr->source;
s->udp.dest = udphdr->dest;
s->udp.state = UDP_BLOCKED;
s->socket = -1;
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
}
jboolean handle_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
const int epoll_fd) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
const uint8_t *data = payload + sizeof(struct udphdr);
const size_t datalen = length - (data - pkt);
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!(cur->protocol == IPPROTO_UDP &&
cur->udp.version == version &&
cur->udp.source == udphdr->source && cur->udp.dest == udphdr->dest &&
(version == 4 ? cur->udp.saddr.ip4 == ip4->saddr &&
cur->udp.daddr.ip4 == ip4->daddr
: memcmp(&cur->udp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->udp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
if (cur != NULL && cur->udp.state != UDP_ACTIVE) {
log_android(ANDROID_LOG_INFO, "UDP ignore session from %s/%u to %s/%u state %d",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest), cur->udp.state);
return 0;
}
// Create new session if needed
if (cur == NULL) {
log_android(ANDROID_LOG_INFO, "UDP new session from %s/%u to %s/%u",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest));
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "udp session");
s->protocol = IPPROTO_UDP;
s->udp.time = time(NULL);
s->udp.uid = uid;
s->udp.version = version;
int rversion;
if (redirect == NULL)
rversion = s->udp.version;
else
rversion = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
s->udp.mss = (uint16_t) (rversion == 4 ? UDP4_MAXMSG : UDP6_MAXMSG);
s->udp.sent = 0;
s->udp.received = 0;
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->udp.source = udphdr->source;
s->udp.dest = udphdr->dest;
s->udp.state = UDP_ACTIVE;
s->next = NULL;
// Open UDP socket
s->socket = open_udp_socket(args, &s->udp, redirect);
if (s->socket < 0) {
ng_free(s, __FILE__, __LINE__);
return 0;
}
log_android(ANDROID_LOG_DEBUG, "UDP socket %d", s->socket);
// Monitor events
memset(&s->ev, 0, sizeof(struct epoll_event));
s->ev.events = EPOLLIN | EPOLLERR;
s->ev.data.ptr = s;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, s->socket, &s->ev))
log_android(ANDROID_LOG_ERROR, "epoll add udp error %d: %s", errno, strerror(errno));
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
cur = s;
}
// Check for DHCP (tethering)
if (ntohs(udphdr->source) == 68 || ntohs(udphdr->dest) == 67) {
if (check_dhcp(args, &cur->udp, data, datalen) >= 0)
return 1;
}
log_android(ANDROID_LOG_INFO, "UDP forward from tun %s/%u to %s/%u data %d",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest), datalen);
cur->udp.time = time(NULL);
int rversion;
struct sockaddr_in addr4;
struct sockaddr_in6 addr6;
if (redirect == NULL) {
rversion = cur->udp.version;
if (cur->udp.version == 4) {
addr4.sin_family = AF_INET;
addr4.sin_addr.s_addr = (__be32) cur->udp.daddr.ip4;
addr4.sin_port = cur->udp.dest;
} else {
addr6.sin6_family = AF_INET6;
memcpy(&addr6.sin6_addr, &cur->udp.daddr.ip6, 16);
addr6.sin6_port = cur->udp.dest;
}
} else {
rversion = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
log_android(ANDROID_LOG_WARN, "UDP%d redirect to %s/%u",
rversion, redirect->raddr, redirect->rport);
if (rversion == 4) {
addr4.sin_family = AF_INET;
inet_pton(AF_INET, redirect->raddr, &addr4.sin_addr);
addr4.sin_port = htons(redirect->rport);
} else {
addr6.sin6_family = AF_INET6;
inet_pton(AF_INET6, redirect->raddr, &addr6.sin6_addr);
addr6.sin6_port = htons(redirect->rport);
}
}
if (sendto(cur->socket, data, (socklen_t) datalen, MSG_NOSIGNAL,
(rversion == 4 ? (const struct sockaddr *) &addr4
: (const struct sockaddr *) &addr6),
(socklen_t) (rversion == 4 ? sizeof(addr4) : sizeof(addr6))) != datalen) {
log_android(ANDROID_LOG_ERROR, "UDP sendto error %d: %s", errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN) {
cur->udp.state = UDP_FINISHING;
return 0;
}
} else
cur->udp.sent += datalen;
return 1;
}
int open_udp_socket(const struct arguments *args,
const struct udp_session *cur, const struct allowed *redirect) {
int sock;
int version;
if (redirect == NULL)
version = cur->version;
else
version = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
// Get UDP socket
sock = socket(version == 4 ? PF_INET : PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (sock < 0) {
log_android(ANDROID_LOG_ERROR, "UDP socket error %d: %s", errno, strerror(errno));
return -1;
}
// Protect socket
if (protect_socket(args, sock) < 0)
return -1;
// Check for broadcast/multicast
if (cur->version == 4) {
uint32_t broadcast4 = INADDR_BROADCAST;
if (memcmp(&cur->daddr.ip4, &broadcast4, sizeof(broadcast4)) == 0) {
log_android(ANDROID_LOG_WARN, "UDP4 broadcast");
int on = 1;
if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)))
log_android(ANDROID_LOG_ERROR, "UDP setsockopt SO_BROADCAST error %d: %s",
errno, strerror(errno));
}
} else {
// http://man7.org/linux/man-pages/man7/ipv6.7.html
if (*((uint8_t *) &cur->daddr.ip6) == 0xFF) {
log_android(ANDROID_LOG_WARN, "UDP6 broadcast");
int loop = 1; // true
if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, sizeof(loop)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_MULTICAST_LOOP error %d: %s",
errno, strerror(errno));
int ttl = -1; // route default
if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_MULTICAST_HOPS error %d: %s",
errno, strerror(errno));
struct ipv6_mreq mreq6;
memcpy(&mreq6.ipv6mr_multiaddr, &cur->daddr.ip6, sizeof(struct in6_addr));
mreq6.ipv6mr_interface = INADDR_ANY;
if (setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq6, sizeof(mreq6)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_ADD_MEMBERSHIP error %d: %s",
errno, strerror(errno));
}
}
return sock;
}
ssize_t write_udp(const struct arguments *args, const struct udp_session *cur,
uint8_t *data, size_t datalen) {
size_t len;
u_int8_t *buffer;
struct udphdr *udp;
uint16_t csum;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
// Build packet
if (cur->version == 4) {
len = sizeof(struct iphdr) + sizeof(struct udphdr) + datalen;
buffer = ng_malloc(len, "udp write4");
struct iphdr *ip4 = (struct iphdr *) buffer;
udp = (struct udphdr *) (buffer + sizeof(struct iphdr));
if (datalen)
memcpy(buffer + sizeof(struct iphdr) + sizeof(struct udphdr), data, datalen);
// Build IP4 header
memset(ip4, 0, sizeof(struct iphdr));
ip4->version = 4;
ip4->ihl = sizeof(struct iphdr) >> 2;
ip4->tot_len = htons(len);
ip4->ttl = IPDEFTTL;
ip4->protocol = IPPROTO_UDP;
ip4->saddr = cur->daddr.ip4;
ip4->daddr = cur->saddr.ip4;
// Calculate IP4 checksum
ip4->check = ~calc_checksum(0, (uint8_t *) ip4, sizeof(struct iphdr));
// Calculate UDP4 checksum
struct ippseudo pseudo;
memset(&pseudo, 0, sizeof(struct ippseudo));
pseudo.ippseudo_src.s_addr = (__be32) ip4->saddr;
pseudo.ippseudo_dst.s_addr = (__be32) ip4->daddr;
pseudo.ippseudo_p = ip4->protocol;
pseudo.ippseudo_len = htons(sizeof(struct udphdr) + datalen);
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ippseudo));
} else {
len = sizeof(struct ip6_hdr) + sizeof(struct udphdr) + datalen;
buffer = ng_malloc(len, "udp write6");
struct ip6_hdr *ip6 = (struct ip6_hdr *) buffer;
udp = (struct udphdr *) (buffer + sizeof(struct ip6_hdr));
if (datalen)
memcpy(buffer + sizeof(struct ip6_hdr) + sizeof(struct udphdr), data, datalen);
// Build IP6 header
memset(ip6, 0, sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = 0;
ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(len - sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = IPPROTO_UDP;
ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = IPDEFTTL;
ip6->ip6_ctlun.ip6_un2_vfc = IPV6_VERSION;
memcpy(&(ip6->ip6_src), &cur->daddr.ip6, 16);
memcpy(&(ip6->ip6_dst), &cur->saddr.ip6, 16);
// Calculate UDP6 checksum
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &ip6->ip6_dst, 16);
memcpy(&pseudo.ip6ph_dst, &ip6->ip6_src, 16);
pseudo.ip6ph_len = ip6->ip6_ctlun.ip6_un1.ip6_un1_plen;
pseudo.ip6ph_nxt = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
// Build UDP header
memset(udp, 0, sizeof(struct udphdr));
udp->source = cur->dest;
udp->dest = cur->source;
udp->len = htons(sizeof(struct udphdr) + datalen);
// Continue checksum
csum = calc_checksum(csum, (uint8_t *) udp, sizeof(struct udphdr));
csum = calc_checksum(csum, data, datalen);
udp->check = ~csum;
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
(cur->version == 4 ? (const void *) &cur->saddr.ip4 : (const void *) &cur->saddr.ip6),
source,
sizeof(source));
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
(cur->version == 4 ? (const void *) &cur->daddr.ip4 : (const void *) &cur->daddr.ip6),
dest,
sizeof(dest));
// Send packet
log_android(ANDROID_LOG_DEBUG,
"UDP sending to tun %d from %s/%u to %s/%u data %u",
args->tun, dest, ntohs(cur->dest), source, ntohs(cur->source), len);
ssize_t res = write(args->tun, buffer, len);
// Write PCAP record
if (res >= 0) {
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) res);
} else
log_android(ANDROID_LOG_WARN, "UDP write error %d: %s", errno, strerror(errno));
ng_free(buffer, __FILE__, __LINE__);
if (res != len) {
log_android(ANDROID_LOG_ERROR, "write %d/%d", res, len);
return -1;
}
return res;
}

182
NetGuard/app/src/main/main/jni/netguard/util.c
View File

@ -0,0 +1,182 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern int loglevel;
uint16_t calc_checksum(uint16_t start, const uint8_t *buffer, size_t length) {
register uint32_t sum = start;
register uint16_t *buf = (uint16_t *) buffer;
register size_t len = length;
while (len > 1) {
sum += *buf++;
len -= 2;
}
if (len > 0)
sum += *((uint8_t *) buf);
while (sum >> 16)
sum = (sum & 0xFFFF) + (sum >> 16);
return (uint16_t) sum;
}
int compare_u32(uint32_t s1, uint32_t s2) {
// https://tools.ietf.org/html/rfc1982
if (s1 == s2)
return 0;
uint32_t i1 = s1;
uint32_t i2 = s2;
if ((i1 < i2 && i2 - i1 < 0x7FFFFFFF) ||
(i1 > i2 && i1 - i2 > 0x7FFFFFFF))
return -1;
else
return 1;
}
int sdk_int(JNIEnv *env) {
jclass clsVersion = jniFindClass(env, "android/os/Build$VERSION");
jfieldID fid = (*env)->GetStaticFieldID(env, clsVersion, "SDK_INT", "I");
return (*env)->GetStaticIntField(env, clsVersion, fid);
}
void log_android(int prio, const char *fmt, ...) {
if (prio >= loglevel) {
char line[1024];
va_list argptr;
va_start(argptr, fmt);
vsprintf(line, fmt, argptr);
__android_log_print(prio, TAG, "%s", line);
va_end(argptr);
}
}
uint8_t char2nible(const char c) {
if (c >= '0' && c <= '9') return (uint8_t) (c - '0');
if (c >= 'a' && c <= 'f') return (uint8_t) ((c - 'a') + 10);
if (c >= 'A' && c <= 'F') return (uint8_t) ((c - 'A') + 10);
return 255;
}
void hex2bytes(const char *hex, uint8_t *buffer) {
size_t len = strlen(hex);
for (int i = 0; i < len; i += 2)
buffer[i / 2] = (char2nible(hex[i]) << 4) | char2nible(hex[i + 1]);
}
char *trim(char *str) {
while (isspace(*str))
str++;
if (*str == 0)
return str;
char *end = str + strlen(str) - 1;
while (end > str && isspace(*end))
end--;
*(end + 1) = 0;
return str;
}
const char *strstate(const int state) {
switch (state) {
case TCP_ESTABLISHED:
return "ESTABLISHED";
case TCP_SYN_SENT:
return "SYN_SENT";
case TCP_SYN_RECV:
return "SYN_RECV";
case TCP_FIN_WAIT1:
return "FIN_WAIT1";
case TCP_FIN_WAIT2:
return "FIN_WAIT2";
case TCP_TIME_WAIT:
return "TIME_WAIT";
case TCP_CLOSE:
return "CLOSE";
case TCP_CLOSE_WAIT:
return "CLOSE_WAIT";
case TCP_LAST_ACK:
return "LAST_ACK";
case TCP_LISTEN:
return "LISTEN";
case TCP_CLOSING:
return "CLOSING";
default:
return "UNKNOWN";
}
}
char *hex(const u_int8_t *data, const size_t len) {
char hex_str[] = "0123456789ABCDEF";
char *hexout;
hexout = (char *) ng_malloc(len * 3 + 1, "hex"); // TODO free
for (size_t i = 0; i < len; i++) {
hexout[i * 3 + 0] = hex_str[(data[i] >> 4) & 0x0F];
hexout[i * 3 + 1] = hex_str[(data[i]) & 0x0F];
hexout[i * 3 + 2] = ' ';
}
hexout[len * 3] = 0;
return hexout;
}
int32_t get_local_port(const int sock) {
struct sockaddr_in sin;
socklen_t len = sizeof(sin);
if (getsockname(sock, (struct sockaddr *) &sin, &len) < 0) {
log_android(ANDROID_LOG_ERROR, "getsockname error %d: %s", errno, strerror(errno));
return -1;
} else
return ntohs(sin.sin_port);
}
int is_event(int fd, short event) {
struct pollfd p;
p.fd = fd;
p.events = event;
p.revents = 0;
int r = poll(&p, 1, 0);
if (r < 0) {
log_android(ANDROID_LOG_ERROR, "poll readable error %d: %s", errno, strerror(errno));
return 0;
} else if (r == 0)
return 0;
else
return (p.revents & event);
}
int is_readable(int fd) {
return is_event(fd, POLLIN);
}
int is_writable(int fd) {
return is_event(fd, POLLOUT);
}
long long get_ms() {
struct timespec ts;
clock_gettime(CLOCK_MONOTONIC, &ts);
return ts.tv_sec * 1000LL + ts.tv_nsec / 1e6;
}

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_add_circle_outline_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 487 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_attach_money_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 395 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_attach_money_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 397 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_check_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 181 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_close_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 221 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_cloud_upload_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 345 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_delete_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 155 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_delete_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 161 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_equalizer_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 106 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_equalizer_white_24dp_60.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 178 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_error_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 324 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_less_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 149 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_less_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 156 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_more_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 151 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_expand_more_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 159 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_file_download_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 163 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 111 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_filter_list_white_24dp_60.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 196 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_hourglass_empty_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 154 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_hourglass_empty_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 159 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_launch_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 250 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_launch_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 253 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_open_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 306 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_outline_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 303 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_lock_outline_white_24dp_60.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 463 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_pause_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 102 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_pause_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 105 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_data_setting_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 363 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_data_setting_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 386 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_perm_identity_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 365 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_play_arrow_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 194 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_play_arrow_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 195 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_search_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 396 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_color_24dp.png
View File

Side by Side

After

Width: 72  |  Height: 72  |  Size: 2.1 KiB

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_white_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 428 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_security_white_24dp_60.png
View File

Side by Side

After

Width: 72  |  Height: 72  |  Size: 895 B

BIN
NetGuard/app/src/main/main/res/drawable-hdpi/ic_settings_black_24dp.png
View File

Side by Side

After

Width: 36  |  Height: 36  |  Size: 453 B

Some files were not shown because too many files changed in this diff

Write Preview
Loading…
Cancel
Save