beau
/
relab
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

ng: Added NetGuard (ng) as a submodule.

master
BB 1 year ago
parent
7a6e0282a7
commit
1884e6e63e
515 changed files with 4 additions and 40790 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      .gitmodules
  2. 1
      NetGuard
  3. 105
      NetGuard/ADBLOCKING.md
  4. 500
      NetGuard/FAQ-de.txt
  5. 751
      NetGuard/FAQ.md
  6. 1
      NetGuard/FUNDING.yml
  7. 675
      NetGuard/LICENSE
  8. 411
      NetGuard/README.md
  9. 1
      NetGuard/app/.gitignore
  10. 23
      NetGuard/app/CMakeLists.txt
  11. 100
      NetGuard/app/build.gradle
  12. 62
      NetGuard/app/proguard-rules.pro
  13. 287
      NetGuard/app/src/main/AndroidManifest.xml
  14. 144
      NetGuard/app/src/main/aidl/com/android/vending/billing/IInAppBillingService.aidl
  15. BIN
      NetGuard/app/src/main/ic_launcher-web.png
  16. BIN
      NetGuard/app/src/main/ic_launcher_foreground.xcf
  17. BIN
      NetGuard/app/src/main/ic_launcher_round-web.png
  18. 256
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityDns.java
  19. 130
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityForwardApproval.java
  20. 251
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityForwarding.java
  21. 643
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityLog.java
  22. 1304
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityMain.java
  23. 447
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivityPro.java
  24. 1466
      NetGuard/app/src/main/java/eu/faircode/netguard/ActivitySettings.java
  25. 186
      NetGuard/app/src/main/java/eu/faircode/netguard/AdapterAccess.java
  26. 95
      NetGuard/app/src/main/java/eu/faircode/netguard/AdapterDns.java
  27. 74
      NetGuard/app/src/main/java/eu/faircode/netguard/AdapterForwarding.java
  28. 370
      NetGuard/app/src/main/java/eu/faircode/netguard/AdapterLog.java
  29. 1033
      NetGuard/app/src/main/java/eu/faircode/netguard/AdapterRule.java
  30. 35
      NetGuard/app/src/main/java/eu/faircode/netguard/Allowed.java
  31. 78
      NetGuard/app/src/main/java/eu/faircode/netguard/ApplicationEx.java
  32. 1164
      NetGuard/app/src/main/java/eu/faircode/netguard/DatabaseHelper.java
  33. 181
      NetGuard/app/src/main/java/eu/faircode/netguard/DownloadTask.java
  34. 45
      NetGuard/app/src/main/java/eu/faircode/netguard/ExpandedListView.java
  35. 33
      NetGuard/app/src/main/java/eu/faircode/netguard/Forward.java
  36. 32
      NetGuard/app/src/main/java/eu/faircode/netguard/FragmentSettings.java
  37. 8
      NetGuard/app/src/main/java/eu/faircode/netguard/GlideHelper.java
  38. 240
      NetGuard/app/src/main/java/eu/faircode/netguard/IAB.java
  39. 140
      NetGuard/app/src/main/java/eu/faircode/netguard/IPUtil.java
  40. 42
      NetGuard/app/src/main/java/eu/faircode/netguard/Packet.java
  41. 132
      NetGuard/app/src/main/java/eu/faircode/netguard/ReceiverAutostart.java
  42. 50
      NetGuard/app/src/main/java/eu/faircode/netguard/ReceiverPackageRemoved.java
  43. 47
      NetGuard/app/src/main/java/eu/faircode/netguard/ResourceRecord.java
  44. 453
      NetGuard/app/src/main/java/eu/faircode/netguard/Rule.java
  45. 146
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceExternal.java
  46. 3331
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
  47. 81
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileFilter.java
  48. 80
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileGraph.java
  49. 75
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileLockdown.java
  50. 103
      NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileMain.java
  51. 39
      NetGuard/app/src/main/java/eu/faircode/netguard/SwitchPreference.java
  52. 46
      NetGuard/app/src/main/java/eu/faircode/netguard/Usage.java
  53. 1075
      NetGuard/app/src/main/java/eu/faircode/netguard/Util.java
  54. 50
      NetGuard/app/src/main/java/eu/faircode/netguard/Version.java
  55. 99
      NetGuard/app/src/main/java/eu/faircode/netguard/WidgetAdmin.java
  56. 70
      NetGuard/app/src/main/java/eu/faircode/netguard/WidgetLockdown.java
  57. 70
      NetGuard/app/src/main/java/eu/faircode/netguard/WidgetMain.java
  58. 143
      NetGuard/app/src/main/jni/netguard/dhcp.c
  59. 239
      NetGuard/app/src/main/jni/netguard/dns.c
  60. 374
      NetGuard/app/src/main/jni/netguard/icmp.c
  61. 513
      NetGuard/app/src/main/jni/netguard/ip.c
  62. 1113
      NetGuard/app/src/main/jni/netguard/netguard.c
  63. 571
      NetGuard/app/src/main/jni/netguard/netguard.h
  64. 78
      NetGuard/app/src/main/jni/netguard/pcap.c
  65. 370
      NetGuard/app/src/main/jni/netguard/session.c
  66. 1327
      NetGuard/app/src/main/jni/netguard/tcp.c
  67. 549
      NetGuard/app/src/main/jni/netguard/udp.c
  68. 182
      NetGuard/app/src/main/jni/netguard/util.c
  69. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_add_circle_outline_white_24dp.png
  70. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_attach_money_black_24dp.png
  71. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_attach_money_white_24dp.png
  72. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_check_white_24dp.png
  73. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_close_white_24dp.png
  74. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_cloud_upload_white_24dp.png
  75. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_delete_black_24dp.png
  76. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_delete_white_24dp.png
  77. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_equalizer_white_24dp.png
  78. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_equalizer_white_24dp_60.png
  79. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_error_white_24dp.png
  80. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_expand_less_black_24dp.png
  81. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_expand_less_white_24dp.png
  82. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_expand_more_black_24dp.png
  83. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_expand_more_white_24dp.png
  84. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_file_download_white_24dp.png
  85. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
  86. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp_60.png
  87. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_hourglass_empty_black_24dp.png
  88. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_hourglass_empty_white_24dp.png
  89. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_launch_black_24dp.png
  90. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_launch_white_24dp.png
  91. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_lock_open_white_24dp.png
  92. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_lock_outline_white_24dp.png
  93. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_lock_outline_white_24dp_60.png
  94. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_pause_black_24dp.png
  95. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_pause_white_24dp.png
  96. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_perm_data_setting_black_24dp.png
  97. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_perm_data_setting_white_24dp.png
  98. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_perm_identity_white_24dp.png
  99. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_play_arrow_black_24dp.png
  100. BIN
      NetGuard/app/src/main/res/drawable-hdpi/ic_play_arrow_white_24dp.png

3
.gitmodules
View File

@ -0,0 +1,3 @@
[submodule "NetGuard"]
path = NetGuard
url = git@github.com:Sana147/NetGuard.git

1
NetGuard

@ -0,0 +1 @@
Subproject commit efe1afd64c5507dd7ce17d2aee27714fa3d9f417

105
NetGuard/ADBLOCKING.md
View File

@ -1,105 +0,0 @@
Ad Blocking with NetGuard
-------------------------
Instructions (you need to follow **all** the steps):
1. Download/install the latest NetGuard version [from GitHub](https://github.com/M66B/NetGuard/releases) (ad blocking is not possible with the Play store version because Google does not allow ad blocking apps in the Play store)
1. Enable the setting *'Filter traffic'* in the advanced options (three dot menu > Settings > Advanced options > Filter traffic; default is disabled except always enabled in Android 5.0 and earlier)
1. Enable the setting *'Block domain names'* in the advanced options (three dot menu > Settings > Advanced options > Block domain names; default is enabled)
1. Import or download [a hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) using the NetGuard backup settings (three dot menu > Settings > Backup > Download hosts file)
1. Disable browser compression (in Chrome: three dot menu > Settings > Lite mode > Off)
1. Wait at least 10 minutes to let the Android DNS cache time out (clear via Chrome: [chrome://net-internals/#dns](chrome://net-internals/#dns))
1. Test to see if ad blocking works by opening [this page](http://www.netguard.me/test)
1. Enjoy ad blocking, but don't forget to support application developers and website authors in other ways
<br />
Troubleshooting:
Because of routing bugs, some devices/Android versions require:
* the advanced option *Manage system applications* to be enabled and/or
* the network option *Subnet routing* to be disabled and/or
* two (not just one) DNS server addresses to be set in the advanced options, for example 8.8.8.8 and 8.8.4.4 or more privacy friendly [these](https://dns.watch/)
* disabling of private DNS
<br />
Note that:
* applications, like web browsers, may cache data, so you may need to clear caches
* applications, browsers mostly, that have a *"data saver"*-like feature that proxies requests through their servers (eg. Opera w/ Turbo, Opera Max, Puffin, Chrome w/ data saver, UC Browser, Yandex w/ Turbo, Apus Browser, KK Browser, Onavo Extend, Maxthon) will not have ads blocked as NetGuard cannot see those domain requests
* applications, browsers mostly, can have a private DNS feature (Chrome: three-dots menu, Settings, Privacy, Use secure DNS, turn off) **
* applications, including browser, can be system apps, which require managing system apps in the advanced settings to be enabled
* the Android always-on VPN setting *Block connections without VPN* will result in stop sending domain names to the VPN after some time
* YouTube ads are not domain-based, and thus cannot be blocked with NetGuard
* NetGuard ignores the IP addresses in the hosts file, because it does not route blocked domains to localhost
* When NetGuard imports the hosts file, it automatically discards any duplicates entries, so duplicate entries are not a problem and have no performance impact after the file is imported
* you can check the number of hosts (domains) imported by pulling the NetGuard notification down using two fingers if your version of Android supports that functionality
* wildcards are not supported due to performance and battery usage reasons
* it is not possible to edit the hosts file (change/add/delete domain names) with NetGuard
* you can disable ad blocking by disabling the setting *'Block domain names'* in the advanced options
* you cannot exclude a single app from ad blocking because Android resolves domain names on behalf of all apps
* **ad blocking is provided as-is**, see also [here](https://forum.xda-developers.com/showpost.php?p=71805655&postcount=4668)
* **ad blocking is not available when NetGuard was installed from the Google Play store!** (disable automatic updates of NetGuard in the Play store application)
** Some browsers (and also apps) now use DNS over TLS (DoT) or DNS over
HTTPS (DoH). If one of the two protocols is active in the browser,
NetGuard cannot "see" the outgoing DNS requests (due to encryption).
They still flow through NetGuard, but are not treated as DNS requests,
but as normal connections (via port 853 or 443). It is therefore not
sufficient to disable Private DNS within Android, but you must also
check the settings for DoT and DoH (especially for browsers).
<br />
The NetGuard version from GitHub:
* is signed with the same signature as the version from the Google Play store, so any purchases will be restored (this will not happen with for example the F-Droid version)
* will automatically notify you if there are updates available via GitHub (this can be switched off in NetGuard's settings)
<br />
Which hosts (ad servers) will be blocked depends on the hosts file being used.
NetGuard downloads the [StevenBlack hosts file](https://github.com/StevenBlack/hosts) by default.
<br />
Automation:
You can automatically download a hosts file by sending this service intent with your favorite automation tool, like Tasker:
`eu.faircode.netguard.DOWNLOAD_HOSTS_FILE`
For example using [adb](https://developer.android.com/studio/command-line/adb.html) from the command line:
`adb shell am startservice -a eu.faircode.netguard.DOWNLOAD_HOSTS_FILE`
<br />
Apart from using a hosts file, you can block most in-app ads by blocking this address in the access list of Google Play services:
*googleads.g.doubleclick.net/443*
You'll need to enable filtering and (temporarily) logging for this (you can do this by using the *Configure* button; check both options)
and you'll need to wait until the address appears (you can speed this up by opening some apps with in-app ads).
Note that ads are likely being cached, so this may not take effect immediately.
<br />
An alternate way to block advertisements is by using special DNS servers, like these:
* [AdGuard DNS](https://adguard.com/en/adguard-dns/overview.html) - Free
* [Alternate DNS](https://alternate-dns.com/) - 14 day free trial
* [NoAd](https://noad.zone/) - Not working as of 2017 June 03
Be sure to read the privacy policies of these services as they might log your DNS requests.
You can set DNS server addresses for all connection types in NetGuard's *Advanced options*.
Note that when you set two DNS server addresses, the default (operating system/network provider) DNS servers will not be used anymore.
Feel free to let me know about other servers or request to add them in alphabetic order by doing a pull request.
<br />
**Please do not mention this feature in Google Play store comments, since Google does not allow ad blocking applications in the Google Play store.**

500
NetGuard/FAQ-de.txt
View File

@ -1,500 +0,0 @@
Häufig gestellte Fragen (FAQ)
(0) Wie verwende ich NetGuard?
Aktivieren Sie die NetGuard-Firewall über den Schalter in der Aktionsleiste von NetGuard
Erlauben (grünlich*) oder verweigern (rötlich*) Sie den Wi-Fi- oder mobilen Internetzugang über die Symbole neben den Anwendungsnamen in der Anwendungsliste des NetGuard
Über Einstellungen > Standardeinstellungen können Sie vom Modus "Blockieren/Blacklist" (Deaktivieren von "Wi-Fi blockieren" und "Mobile blockieren" und anschließendes Blockieren unerwünschter Anwendungen in der Anwendungsliste des NetGuard) in den Modus "Zulassen/Whitelist" (Aktivieren von "Wi-Fi blockieren" und "Mobile blockieren" und anschließendes Zulassen gewünschter Anwendungen in der Anwendungsliste des NetGuard) wechseln.
* Je nach dem von Ihnen verwendeten Thema können die Symbole wie folgt aussehen:
Erlaubt (Internetzugang erlaubt): grünlich (teal) / blau / lila / grau
Blockiert (Internetzugang verweigert): rötlich (lachsfarben) / orange / gelb / gelb
(1) Kann NetGuard meine Privatsphäre vollständig schützen?
Nein - nichts kann Ihre Privatsphäre vollständig schützen. NetGuard tut sein Bestes, ist aber durch die Tatsache eingeschränkt, dass es den Android-VPN-Dienst verwenden muss. Dies ist der Kompromiss, der erforderlich ist, um eine Firewall zu entwickeln, die keinen Root-Zugriff erfordert. Die Firewall kann nur gestartet werden, wenn Android den Start "erlaubt". Sie bietet also keinen Schutz beim frühen Hochfahren (obwohl Sie Ihr Netzwerk vor dem Neustart deaktivieren können). Außerdem muss der Android-VPN-Dienst neu gestartet werden, um neue Regeln anzuwenden, wenn sich die Konnektivität geändert hat oder wenn der Bildschirm ein- oder ausgeschaltet wird. Das ist jedoch viel besser als gar nichts.
In den erweiterten Optionen können Sie Seamless VPN Handover on reload aktivieren, um zu verhindern, dass Datenverkehr verloren geht, wenn der Android VPN-Dienst neu gestartet wird. Dies funktioniert jedoch nicht bei allen Android-Versionen/Varianten und führt dazu, dass NetGuard hängen bleibt und alle Verbindungen blockiert.
Unter Android N und höher kann NetGuard als Always-On VPN konfiguriert werden. Aktivieren Sie unter Android O nicht die Unteroption "Verbindungen ohne VPN blockieren", siehe Frage 51) für weitere Informationen dazu.
Um sich besser zu schützen, denken Sie daran, Wi-Fi und mobile Daten vor dem Neustart zu deaktivieren und sie erst beim Neustart zu aktivieren, nachdem der Firewall-Dienst gestartet wurde (und das Schlüsselsymbol in der Statusleiste sichtbar ist).
Vielen Dank @pulser
(2) Kann ich eine andere VPN-Anwendung verwenden, während ich NetGuard nutze?
Wenn die VPN-Anwendung den VPN-Dienst nutzt, dann nicht, denn NetGuard muss diesen Dienst nutzen. Android erlaubt immer nur einer Anwendung, diesen Dienst zu nutzen.
NetGuard ist eine Firewall-Anwendung, es ist also nicht beabsichtigt, VPN-Unterstützung hinzuzufügen. NetGuard unterstützt jedoch einen SOCKS5-Proxy zur Verkettung von VPN-Anwendungen. Eine mögliche Lösung, die von der Community beigesteuert wurde, finden Sie hier.
3) Kann ich NetGuard auf jeder Android-Version verwenden?
Nein, die minimal erforderliche Android-Version ist 5.1 (Lollipop).
(4) Verbraucht NetGuard zusätzliche Akkuleistung?
In der Standardeinstellung verbraucht NetGuard kaum Akkuleistung. Alle Einstellungen, die zusätzlichen Akkuverbrauch verursachen, wie IP-Filterung und Protokollierung, sind mit einer Warnung versehen. Wenn NetGuard sehr viel Strom verbraucht, überprüfen Sie bitte Ihre Einstellungen.
Der Akkuverbrauch bei aktivierter IP-Filterung hängt von der Qualität der Implementierung Ihres Android-VPN-Dienstes und der Leistungsfähigkeit des Prozessors Ihres Geräts ab. Im Allgemeinen kann der Akkuverbrauch auf älteren Geräten inakzeptabel sein, während er auf modernen Geräten mit einem effizienten Prozessor kaum auffällt.
Die Benachrichtigung über die Netzwerkgeschwindigkeitsgrafik verbraucht zusätzliche Akkuleistung. Deshalb wird die Benachrichtigung nur angezeigt, wenn der Bildschirm eingeschaltet ist. Sie können die Aktualisierungshäufigkeit in den Einstellungen verringern, um den Akkuverbrauch zu reduzieren.
Beachten Sie, dass Android oft fälschlicherweise den Akkuverbrauch anderer Anwendungen dem NetGuard zuordnet, da der Netzwerkverkehr anderer Anwendungen durch den NetGuard fließt. Das bedeutet, dass es so aussehen kann, als würde NetGuard viel Akkuleistung verbrauchen, aber in Wirklichkeit ist der Gesamtakkuverbrauch aller Apps immer noch derselbe.
(6) Sendet NetGuard meinen Internetverkehr an einen externen (VPN-)Server?
Nein, je nach Betriebsmodus geschieht grundsätzlich eines von zwei Dingen mit Ihrem Internetverkehr:
Wenn die IP-Filterung deaktiviert ist, wird der blockierte Internetverkehr an den lokalen VPN-Dienst weitergeleitet, der dann als Sinkhole fungiert (d.h. den gesamten blockierten Verkehr verwirft).
Wenn die IP-Filterung aktiviert ist, wird sowohl der blockierte als auch der erlaubte Internetverkehr in den lokalen VPN-Dienst geleitet und nur der erlaubte Verkehr wird an das vorgesehene Ziel weitergeleitet (und nicht an einen VPN-Server).
Der Android-VPN-Dienst wird verwendet, um den gesamten Internetverkehr lokal zu NetGuard zu leiten, so dass für die Erstellung dieser Firewall-Anwendung kein Root-Recht erforderlich ist. NetGuard ist im Gegensatz zu allen anderen No-Root-Firewall-Anwendungen zu 100 % Open Source, so dass Sie im Zweifelsfall den Quellcode selbst überprüfen können.
(7) Warum werden Anwendungen ohne Internetzulassung angezeigt?
Die Internetzugangsberechtigung kann bei jedem Anwendungsupdate ohne Zustimmung des Benutzers erteilt werden. Indem NetGuard alle Anwendungen anzeigt, können Sie den Internetzugang kontrollieren, noch bevor ein solches Update erfolgt.
(8) Was muss ich aktivieren, damit die Google Play™ Store-App funktioniert?
Sie müssen 3 Pakete (Anwendungen) aktivieren (verwenden Sie die Suche in NetGuard, um sie schnell zu finden):
com.android.vending (Play Store)
com.google.android.gms (Play-Dienste)
com.android.providers.downloads (Download-Manager)
Da die Google Play™ Store-App dazu neigt, von sich aus nach Updates zu suchen oder sie sogar herunterzuladen (auch wenn kein Konto damit verknüpft ist), kann man sie in Schach halten, indem man "Bei eingeschaltetem Bildschirm zulassen" für alle 3 Pakete aktiviert. Klicken Sie auf den Pfeil nach unten auf der linken Seite eines Anwendungsnamens und aktivieren Sie diese Option, aber lassen Sie die Netzwerksymbole auf rot stehen (daher blockiert). Das kleine menschliche Symbol wird für diese Pakete angezeigt.
Beachten Sie, dass NetGuard die Installation eines Google-Dienstes nicht erfordert.
(9) Warum wird der VPN-Dienst neu gestartet?
Der VPN-Dienst wird neu gestartet, wenn Sie den Bildschirm ein- oder ausschalten und wenn sich die Konnektivität ändert (Wi-Fi, Mobilfunk), um die Regeln mit den Bedingungen "Zulassen, wenn der Bildschirm eingeschaltet ist" und "Blockieren, wenn Roaming" anzuwenden.
Siehe hier für weitere Details.
(10) Werden Sie ein Tasker-Plug-in anbieten?
Nein, denn wenn es Tasker erlaubt ist, den NetGuard zu deaktivieren, kann jede Anwendung den NetGuard deaktivieren. Es ist keine gute Idee, einer Sicherheitsanwendung zu erlauben, von anderen Anwendungen deaktiviert zu werden.
(13) Wie kann ich den laufenden NetGuard-Eintrag auf dem Benachrichtigungsbildschirm entfernen?
Klicken Sie lange auf die NetGuard-Benachrichtigung
Tippen Sie auf das "i"-Symbol
Je nach den Software-Anpassungen Ihres Geräts und/oder ROM-Herstellers werden Sie entweder zu
zum Bildschirm "App-Info", wo Sie das Häkchen bei "Benachrichtigungen anzeigen" entfernen und dem nächsten Dialog zustimmen können
zum Bildschirm "App-Benachrichtigungen", wo Sie den Schieberegler "Blockieren" auf "Ein" stellen können
Beachten Sie, dass unabhängig davon, ob Sie eine Dialogwarnung erhalten oder nicht, dieser Vorgang auch alle Informations- oder Warnbenachrichtigungen von NetGuard deaktiviert, wie z. B. die Benachrichtigung über eine neu installierte Anwendung.
Um zu erfahren, warum diese Benachrichtigung überhaupt notwendig ist, lesen Sie bitte Frage 24.
Einige Android-Versionen zeigen eine zusätzliche Benachrichtigung an, die ein Schlüsselsymbol enthalten kann. Diese Benachrichtigung kann leider nicht entfernt werden.
(14) Warum kann ich nicht OK wählen, um die VPN-Verbindungsanfrage zu bestätigen?
Möglicherweise befindet sich eine weitere (unsichtbare) Anwendung über dem Dialog für die VPN-Verbindungsanfrage. Einige bekannte (den Bildschirm verdunkelnde) Anwendungen, die dies verursachen können, sind Lux Brightness, Night Mode und Twilight. Um dieses Problem zumindest vorübergehend zu vermeiden, schließen Sie alle Anwendungen und/oder Dienste, die im Hintergrund ausgeführt werden können.
(15) Werden F-Droid-Builds unterstützt?
F-Droid-Builds werden nicht unterstützt, da ich keine Kontrolle darüber habe, ob und wann die F-Droid-Version von NetGuard aktualisiert wird, so dass ich keine rechtzeitigen Updates garantieren kann, z. B. wenn es ein kritisches oder Sicherheitsproblem gibt.
Da F-Droid-Builds und GitHub-Versionen unterschiedlich signiert sind, muss ein F-Droid-Build zuerst deinstalliert werden, um auf eine GitHub-Version aktualisieren zu können.
(16) Warum werden einige Anwendungen abgeblendet angezeigt?
Deaktivierte Anwendungen und Anwendungen ohne Internetzugang werden abgeblendet dargestellt.
(17) Warum verbraucht der NetGuard so viel Speicher?
Das tut er nicht. NetGuard weist keinen Speicher zu, außer ein wenig für die Anzeige der Elemente der Benutzeroberfläche und für die Pufferung des Datenverkehrs. Bei einigen Android-Varianten scheint die Verbindung mit der Google Play™ Store-App fast 150 MB zu verbrauchen. Sie wird für In-App-Spenden benötigt und wird fälschlicherweise NetGuard statt der Google Play™ Store-App zugewiesen.
(18) Warum kann ich NetGuard nicht in der Google Play™-Store-App finden?
NetGuard erfordert mindestens Android 5.1 und ist daher in der Google Play™ Store-App auf Geräten mit früheren Android-Versionen nicht verfügbar.
(18) Warum kann ich NetGuard nicht in der Google Play™ Store-App finden?
NetGuard erfordert mindestens Android 5.1 und ist daher in der Google Play™ Store-App auf Geräten mit früheren Android-Versionen nicht verfügbar.
(19) Warum hat die Anwendung XYZ immer noch Internetzugang?
Wenn Sie den Internetzugang für eine Anwendung sperren, gibt es keine Möglichkeit, dies zu umgehen. Anwendungen können jedoch über andere (System-)Anwendungen/Komponenten auf das Internet zugreifen. So erhalten beispielsweise die Google Play-Dienste eingehende Push-Nachrichten und Werbung für die meisten Anwendungen, einschließlich WhatsApp und Facebook Messenger. Sie können dies verhindern, indem Sie den Internetzugang auch für die andere Anwendung/Komponente blockieren. Sie können Systemanwendungen und -komponenten wie Google Play Services blockieren, indem Sie die erweiterte NetGuard-Option Systemanwendungen verwalten aktivieren. Dies lässt sich am besten diagnostizieren, indem Sie das globale Zugriffsprotokoll überprüfen (Drei-Punkte-Menü, Protokoll anzeigen).
Beachten Sie, dass einige Anwendungen immer wieder versuchen, auf das Internet zuzugreifen, was durch das Senden eines Verbindungsanforderungspakets geschieht. Dieses Paket geht in das VPN-Sinkhole, wenn der Internetzugang für die Anwendung blockiert ist. Dieses Paket besteht aus weniger als 100 Bytes und wird von Android als ausgehender Datenverkehr gezählt und ist auch in der Geschwindigkeitsanzeige sichtbar.
(20) Kann ich den NetGuard "grün" machen/bewerben?
Nein. Wenn Sie den NetGuard auf "grün" stellen oder anderweitig in den Ruhezustand versetzen, werden die Regeln nicht angewendet, wenn sich die Konnektivität von Wi-Fi/Mobilfunk, Bildschirm ein/aus und Roaming/nicht Roaming ändert.
(21) Wirkt sich der Dämmerungsmodus auf den NetGuard aus?
Ich bin mir nicht sicher, denn aus der Dokumentation zum Dämmerungsmodus geht nicht hervor, ob der Android-VPN-Dienst davon betroffen ist.
Um sicher zu gehen, können Sie die Akku-Optimierung für NetGuard wie folgt manuell deaktivieren:
Android-Einstellungen > Akku > Drei-Punkte-Menü > Akku-Optimierungen > Dropdown > Alle Apps > NetGuard > Nicht optimieren > Fertig
Die Vorgehensweise kann von Gerät zu Gerät unterschiedlich sein.
Das Deaktivieren des Standby-Modus für NetGuard kann nicht von NetGuard aus erfolgen, da NetGuard laut Google kein Anwendungstyp ist, der dies tun darf.
(22) Kann ich mit dem NetGuard Tethering (Android-Hotspot) oder Wi-Fi-Anrufe nutzen?
Ja, aber Sie müssen das Subnetz-Routing und Tethering in den NetGuard-Netzwerkeinstellungen aktivieren. Ob dies funktioniert, hängt von Ihrer Android-Version ab, da einige Android-Versionen einen Fehler aufweisen, der die Zusammenarbeit zwischen Tethering und dem VPN-Dienst verhindert.
Einige Geräte schalten das Wi-Fi in den Ruhezustand, so dass Tethering nicht funktioniert, wenn der Bildschirm ausgeschaltet ist. Dieses Verhalten kann in den erweiterten Wi-Fi-Einstellungen von Android deaktiviert werden.
(24) Kann man die Benachrichtigung aus der Statusleiste entfernen?
Android kann Hintergrunddienste jederzeit beenden. Dies kann nur verhindert werden, indem ein Hintergrunddienst in einen Vordergrunddienst umgewandelt wird. Android verlangt eine ständige Benachrichtigung für alle Vordergrunddienste, um Sie auf einen möglichen Batterieverbrauch aufmerksam zu machen (siehe Frage 4). Die Benachrichtigung kann also nicht entfernt werden, ohne Instabilität zu verursachen. Allerdings wird die Benachrichtigung als niedrige Priorität markiert, was dazu führen sollte, dass sie an das Ende der Liste verschoben wird.
Das Schlüsselsymbol und/oder die Benachrichtigung "VPN läuft", die von Android und nicht von NetGuard angezeigt wird, kann leider nicht entfernt werden. In der Google-Dokumentation steht: "Eine vom System verwaltete Benachrichtigung wird während der Lebensdauer einer VPN-Verbindung angezeigt".
Android 8 Oreo und höher zeigen eine Benachrichtigung "... läuft im Hintergrund" an, die alle im Hintergrund laufenden Apps auflistet. Sie können diese Benachrichtigung nicht deaktivieren, aber Sie können das Symbol wie folgt aus der Statusleiste entfernen:
Öffnen Sie Einstellungen > Apps & Benachrichtigungen > App-Info
Öffnen Sie die Einstellungen (drei Punkte); Wählen Sie "System anzeigen".
Wählen Sie "Android-System".
Wählen Sie "App-Benachrichtigungen".
Wählen Sie "Im Hintergrund laufende Apps".
Wählen Sie "Wichtigkeit" und wählen Sie "Niedrig".
(25) Können Sie eine Funktion "Alle auswählen" hinzufügen?
Die Funktion "Alle auswählen" ist nicht erforderlich, da Sie in den Einstellungen von Netguard vom Modus "Blockieren" (Blacklist) auf "Zulassen" (Whitelist) umschalten können. Siehe auch Frage 0.
(27) Wie lese ich das Protokoll des blockierten Datenverkehrs?
Die Spalten haben die folgenden Bedeutungen:
Zeit (tippen Sie auf einen Protokolleintrag, um das Datum zu sehen)
Anwendungssymbol (tippen Sie auf einen Protokolleintrag, um den Anwendungsnamen zu sehen)
UID der Anwendung
Wi-Fi / mobile Verbindung, grün=erlaubt, rot=geblockt
Interaktiver Status (Bildschirm an oder aus)
Protokoll (siehe unten) und Paketflags (siehe unten)
Quell- und Zielport (tippen Sie auf einen Protokolleintrag, um einen Zielport zu suchen)
Quell- und Ziel-IPv4- oder IPv6-Adresse (tippen Sie auf einen Protokolleintrag, um eine Ziel-IP-Adresse nachzuschlagen)
Name der Organisation, der die IP-Adresse gehört (muss über das Menü aktiviert werden)
Protokolle:
HOPO (IPv6 Hop-by-Hop-Option)
ICMP
IGMP
ESP (IPSec)
TCP
UDP
Nummer = eines der Protokolle in dieser Liste
4 = IPv4
6 = IPv6
Paket-Flags:
S = SYN
A = ACK
P = PSH
F = FIN
R = RST
Eine ausführliche Erklärung finden Sie hier.
Nur TCP-, UDP- und ICMP-Ping-Datenverkehr kann durch den Android VPN-Dienst geleitet werden. Alle anderen Daten werden verworfen und im globalen Datenverkehrsprotokoll als blockiert angezeigt. Dies ist auf einem Android-Gerät fast nie ein Problem.
(28) Warum wird den Google-Konnektivitätsdiensten standardmäßig der Internetzugang gestattet?
Die Systemanwendung der Google-Konnektivitätsdienste prüft, ob das aktuelle Netzwerk wirklich mit dem Internet verbunden ist. Dies wird wahrscheinlich durch eine kurze Verbindung zu einem Google-Server erreicht.
Wenn dies nicht der Fall ist, erscheint ein '!' im Wi-Fi- oder Mobil-Symbol in der Systemstatusleiste.
Neuere Android-Versionen scheinen die Konnektivität nicht von Mobil auf Wi-Fi umzuschalten, wenn das Wi-Fi-Netzwerk nicht wirklich verbunden ist, obwohl eine Verbindung zum Wi-Fi-Netzwerk besteht (oder umgekehrt). Unter Android 6.0 und höher erhalten Sie möglicherweise eine Benachrichtigung, in der Sie gefragt werden, ob Sie die Verbindung aufrechterhalten möchten oder nicht. Um eine schlechte Benutzererfahrung zu vermeiden, enthält NetGuard eine vordefinierte Regel, um die Google-Konnektivitätsdienste standardmäßig zuzulassen.
Sie können alle vordefinierten Regeln hier finden.
Sie können vordefinierte Regeln außer Kraft setzen.
(29) Warum erhalte ich die Meldung "Das von Ihnen angeforderte Element ist nicht zum Kauf verfügbar"?
Sie können nur Pro-Funktionen erwerben, wenn Sie NetGuard aus dem Google Play Store installiert haben.
(30) Kann ich auch AFWall+ auf demselben Gerät ausführen?
Sofern Sie NetGuard nicht nur testen, gibt es derzeit keinen Grund, beide zu verwenden, da sie dieselbe Funktion (Firewall) abdecken, wenn auch mit unterschiedlichen Grundvoraussetzungen (AFWall+ benötigt ein gerootetes Gerät) und Vorgehensweisen (AFWall+ verwendet iptables, während NetGuard ein VPN verwendet).
Außerdem müssen Sie die Zugriffsregeln für jede Anwendung zwischen AFWall+ und NetGuard synchron halten, da die Anwendung sonst nicht auf das Netzwerk zugreifen kann.
Einige Hinweise zur Einrichtung von AFWall+ für den gleichzeitigen Einsatz mit NetGuard:
Wenn Sie keine Filterung in NetGuard verwenden, benötigen die Anwendungen direkten Internetzugang (Wi-Fi und/oder mobil) in AFWall+
Wenn Sie die Filterung verwenden, benötigt NetGuard einen Internetzugang (Wi-Fi und/oder mobil) in AFWall+
Wenn Sie die Filterung verwenden, müssen Sie NetGuard in AFWall+ wieder zulassen, wenn Sie NetGuard deinstallieren/neu installieren.
Wenn Sie die Filterung verwenden, benötigen die Anwendungen einen VPN-Internetzugang (aktivieren Sie das Kontrollkästchen, um diese Option in den AFWall+-Einstellungen anzuzeigen).
Diese Frage wurde von der Community gestellt. Es gibt keine Unterstützung für die Verwendung von NetGuard und AFWall+ zusammen.
(31) Warum können einige Anwendungen nur als Gruppe konfiguriert werden?
Für viele Zwecke, einschließlich des Netzwerkzugriffs, gruppiert Android Anwendungen nach UID und nicht nach Paket/Anwendungsname. Insbesondere Systemanwendungen haben oft dieselbe UID, obwohl sie einen anderen Paket- und Anwendungsnamen haben; diese werden vom ROM-Hersteller bei der Erstellung so eingerichtet. Diesen Anwendungen kann nur als Gruppe der Zugang zum Internet erlaubt/gesperrt werden.
(32) Warum ist der Akku-/Netzwerkverbrauch von NetGuard so hoch?
Das liegt daran, dass Android die Batterie- und Netzwerknutzung zählt, die normalerweise für andere Anwendungen gegen NetGuard im IP-Filtermodus gezählt wird. Der gesamte Akkuverbrauch ist etwas höher, wenn der IP-Filtermodus aktiviert ist. Der IP-Filtermodus ist bei Android-Versionen vor 5.0 immer aktiviert, bei späteren Android-Versionen ist er optional.
(33) Können Sie Profile hinzufügen?
Profile sind unpraktisch, da sie manuell bedient werden müssen. Bedingungen wie "Wenn der Bildschirm eingeschaltet ist" sind dagegen praktisch, weil sie automatisch funktionieren. Daher werden keine Profile hinzugefügt, aber Sie können gerne neue Bedingungen vorschlagen; diese müssen jedoch allgemein verwendbar sein, um aufgenommen zu werden.
Als Abhilfe können Sie die Export-/Importfunktion verwenden, um bestimmte Einstellungen unter bestimmten Umständen anzuwenden. Alternativ können Sie auch den Sperrmodus als Profil verwenden.
(34) Können Sie eine Bedingung "wenn im Vordergrund" oder "wenn aktiv" hinzufügen?
Aktuelle Android-Versionen erlauben es einer Anwendung nicht, abzufragen, ob andere Anwendungen im Vordergrund/Hintergrund oder aktiv/inaktiv sind, ohne eine zusätzliche, die Privatsphäre verletzende Berechtigung zu besitzen und auf Kosten eines zusätzlichen Batterieverbrauchs (da eine regelmäßige Abfrage erforderlich ist). Daher kann dies nicht ohne erhebliche Nachteile, wie diesen, hinzugefügt werden. Sie können stattdessen die Bedingung "wenn der Bildschirm eingeschaltet ist" verwenden.
(35) Warum startet das VPN nicht?
NetGuard "bittet" Android, den lokalen VPN-Dienst zu starten, aber einige Android-Versionen enthalten einen Fehler, der den (automatischen) Start des VPN verhindert. Manchmal wird dies durch ein Update von NetGuard verursacht. Leider kann dieser Fehler nicht von NetGuard behoben werden. Sie können versuchen, Ihr Gerät neu zu starten und/oder die VPN-Berechtigungen von NetGuard über die Android-Einstellungen zu widerrufen. Manchmal hilft es auch, NetGuard zu deinstallieren und neu zu installieren (exportieren Sie vorher unbedingt Ihre Einstellungen!).
(36) Können Sie einen PIN- oder Passwortschutz hinzufügen?
Da das Ausschalten des VPN-Dienstes über die Android-Einstellungen nicht verhindert werden kann, ist es wenig sinnvoll, einen PIN- oder Passwortschutz hinzuzufügen.
(37) Warum sind die Profi-Funktionen so teuer?
Die richtige Frage lautet: "Warum gibt es so viele Steuern und Gebühren":
Mehrwertsteuer: 25% (abhängig von Ihrem Land)
Google-Gebühr: 30%
Einkommenssteuer: 50%
Was für den Entwickler übrig bleibt, ist also nur ein Bruchteil dessen, was Sie bezahlen.
Obwohl NetGuard wirklich viel Arbeit macht, müssen nur einige der Komfort- und erweiterten Funktionen gekauft werden, was bedeutet, dass NetGuard im Grunde kostenlos ist und Sie nichts bezahlen müssen, um Ihren Datenverbrauch zu reduzieren, die Akkulaufzeit zu erhöhen und Ihre Privatsphäre zu schützen.
Beachten Sie auch, dass die meisten kostenlosen Anwendungen am Ende nicht nachhaltig zu sein scheinen, während NetGuard ordnungsgemäß gewartet und unterstützt wird, und dass kostenlose Anwendungen einen Haken haben können, wie z. B. das Senden von datenschutzrelevanten Informationen an das Internet.
Siehe hier für weitere Informationen.
(38) Warum hat NetGuard aufgehört zu laufen?
Vergewissern Sie sich zunächst, dass Sie in den Android-Einstellungen die Akku-Optimierung für NetGuard deaktiviert haben.
Auf den meisten Geräten läuft der NetGuard im Hintergrund mit seinem Dienst im Vordergrund weiter. Auf einigen Geräten (insbesondere einigen Samsung-Modellen), auf denen viele Anwendungen um den Speicher konkurrieren, kann Android NetGuard als letzte Möglichkeit noch stoppen. Einige Android-Versionen, insbesondere von Huawei (siehe hier für einen Fix) oder Xiaomi (siehe hier für einen Fix) stoppen Apps und Dienste zu aggressiv. Dies kann leider nicht von NetGuard behoben werden und kann als Mangel des Gerätes und/oder als Fehler in Android angesehen werden. In der Tat leiden viele Apps unter diesem Problem, siehe die Website Don't kill my app! für weitere Informationen und Lösungen. Sie können dieses Problem umgehen, indem Sie in den erweiterten Optionen des NetGuard den Watchdog aktivieren, der alle 10-15 Minuten überprüft.
(39) Wie unterscheidet sich eine VPN-basierte Firewall von einer iptables-basierten Firewall?
Siehe diese Stack Exchange-Frage.
(40) Kann man Zeitpläne hinzufügen?
Abgesehen davon, dass es nicht trivial ist, Zeitpläne hinzuzufügen, sind sie - meiner Meinung nach - keine gute Idee, da Zeit keine gute Regelbedingung ist. Eine Regelbedingung wie Wenn der Bildschirm eingeschaltet ist ist eine bessere und einfachere Bedingung. Daher werden keine Zeitpläne hinzugefügt, aber Sie können gerne andere neue Bedingungen vorschlagen.
(41) Können Sie Wildcards / Adress-/Portbereiche hinzufügen?
Wildcards zum Zulassen/Blockieren von Adressen und Adress-/Anschlussbereichen hätten erhebliche Auswirkungen auf die Leistung und Benutzerfreundlichkeit und werden daher nicht hinzugefügt. Wildcard-Regeln und Adress-/Port-Bereiche müssten für jeden einzelnen Verbindungsversuch überprüft werden. Da NetGuard im Gegensatz zu anderen No-Root-Firewalls Domänennamen anstelle von IP-Adressen blockiert, gibt es kaum einen Bedarf für Wildcards.
(42) Warum wird die Berechtigung ... benötigt?
INTERNET ('Voller Netzwerkzugriff'): um erlaubten (gefilterten) Datenverkehr an das Internet weiterzuleiten
ACCESS_NETWORK_STATE ("Netzwerkverbindungen anzeigen"): um zu prüfen, ob das Gerät über Wi-Fi mit dem Internet verbunden ist
READ_PHONE_STATE ('Device ID & call information'): um Änderungen im Mobilfunknetz zu erkennen, siehe hier für weitere Details
ACCESS_WIFI_STATE ("Wi-Fi-Verbindungsinformationen"): zur Erkennung von Änderungen im Wi-Fi-Netzwerk
RECEIVE_BOOT_COMPLETED ('Run at startup'): zum Starten der Firewall beim Booten des Geräts
WAKE_LOCK ("Gerät am Schlafen hindern"): zum zuverlässigen Neuladen von Regeln im Hintergrund bei Änderungen der Konnektivität
VIBRATE: um eine Vibrationsrückmeldung beim Antippen des Widgets zu geben
FOREGROUND_SERVICE ('Vordergrunddienst'): zur Ausführung eines Vordergrunddienstes unter Android 9 Pie und höher
QUERY_ALL_PACKAGES: zum Auflisten aller Apps unter Android 11 und höher
BILLING: zur Verwendung der In-App-Abrechnung
(43) Ich erhalte die Meldung "Diese App führt dazu, dass Ihr Gerät langsam läuft".
Diese Meldung wird vom Smart Manager angezeigt, aber eigentlich ist es die Smart Manager-Anwendung selbst, die Verzögerungen und Lags verursacht. Einige Links:
Smart Manager beschwert sich über LastPass
Smart Manager deaktivieren?
(44) Ich erhalte keine Benachrichtigungen beim Zugriff
Um eine hohe Anzahl von Benachrichtigungen in der Statusleiste zu vermeiden, wird die Benachrichtigung bei Zugriff nur einmal pro Domainname und Anwendung durchgeführt. Zugriffe auf Domänennamen, die im Zugriffsprotokoll der Anwendung angezeigt werden (Drilldown in den NetGuard-Anwendungseinstellungen), werden nicht erneut benachrichtigt, selbst wenn Sie die Benachrichtigung bei Zugriff gerade aktiviert haben. Um wieder für alle Domainnamen benachrichtigt zu werden, können Sie das Anwendungszugriffsprotokoll über das Mülleimer-Symbol löschen. Wenn Sie alle Anwendungsprotokolle löschen möchten, können Sie Ihre Einstellungen exportieren und importieren.
Ein weiterer Grund, warum Sie keine Benachrichtigungen erhalten, könnte ein aktivierter Energiesparmodus sein, z. B. bei Samsung-Geräten. Auch wenn Sie die CPU-Frequenz in diesem Modus nicht einschränken.
(45) Verarbeitet NetGuard eingehende Verbindungen?
Der Android VPN-Dienst behandelt nur ausgehende Verbindungen (von Anwendungen zum Internet), eingehende Verbindungen werden also normalerweise nicht behandelt.
Wenn Sie eine Serveranwendung auf Android ausführen möchten, sollten Sie beachten, dass die Verwendung von Portnummern unter 1024 Root-Berechtigungen erfordert und dass einige Android-Versionen Routing-Fehler enthalten, die dazu führen, dass eingehender Datenverkehr fälschlicherweise in das VPN geleitet wird.
(46) Kann ich eine Rückerstattung erhalten?
Wenn eine gekaufte Pro-Funktion nicht wie beschrieben funktioniert und dies nicht durch ein Problem in den kostenlosen Funktionen verursacht wird und ich das Problem nicht zeitnah beheben kann, können Sie eine Rückerstattung erhalten. In allen anderen Fällen ist eine Rückerstattung nicht möglich. In keinem Fall kann es eine Rückerstattung für ein Problem im Zusammenhang mit den kostenlosen Funktionen geben, da für diese nichts bezahlt wurde und sie ohne Einschränkung bewertet werden können. Ich übernehme die Verantwortung als Verkäufer, das zu liefern, was versprochen wurde, und ich erwarte, dass Sie die Verantwortung übernehmen, sich über das zu informieren, was Sie kaufen.
(48) Warum werden einige Domänennamen blockiert, obwohl sie als erlaubt eingestellt sind?
NetGuard blockiert den Datenverkehr auf der Grundlage der IP-Adressen, mit denen eine Anwendung versucht, eine Verbindung herzustellen. Wenn mehr als ein Domänenname auf dieselbe IP-Adresse verweist, können sie nicht unterschieden werden. Wenn Sie für 2 Domänen, die auf dieselbe IP-Adresse aufgelöst werden, unterschiedliche Regeln festlegen, werden beide blockiert.
Danke @pulser
Ein weiteres mögliches Problem ist, dass Android den DNS-TTL-Wert nicht beachtet und seine eigenen Caching-Regeln anwendet. Dies könnte dazu führen, dass NetGuard einen DNS-Eintrag zu früh oder zu spät aus seinem eigenen Cache löscht, was dazu führt, dass eine IP-Adresse nicht oder falsch erkannt wird. Sie können versuchen, dieses Problem zu umgehen, indem Sie den DNS-TTL-Wert von NetGuard ändern. Dieser Wert wird als minimaler DNS TTL-Wert verwendet, um das Verhalten von Android zu imitieren.
NetGuard blockiert den Datenverkehr auch, wenn der Android-VPN-Dienst neu gestartet wird, um neue Regeln anzuwenden, z. B. wenn sich die Konnektivität ändert oder wenn der Bildschirm ein- oder ausgeschaltet wird.
(49) Verschlüsselt NetGuard meinen Internetverkehr / verbirgt es meine IP-Adresse?
NetGuard ist eine Firewall-Anwendung, die den Internetverkehr auf Ihrem Gerät filtert (siehe auch diese Frage). Sie ist also nicht dazu gedacht - und tut es auch nicht -, Ihren Internetverkehr zu verschlüsseln oder Ihre IP-Adresse zu verbergen.
(50) Wird NetGuard beim Booten automatisch gestartet?
Ja, NetGuard wird beim Hochfahren automatisch gestartet, wenn Sie Ihr Gerät mit aktiviertem NetGuard ausgeschaltet haben und NetGuard nicht auf einem externen Speicher installiert ist.
Einige Geräte, z. B. OnePlus- und Mi-Geräte, können verhindern, dass bestimmte Apps nach dem Neustart automatisch gestartet werden. Dies kann in den Android-Einstellungen deaktiviert werden.
(51) Warum blockiert der NetGuard den gesamten Internetverkehr?
Vergewissern Sie sich, dass Sie NetGuard auf die Doze-Ausnahmeliste gesetzt haben (Android 6 Marshmallow oder höher) und dass Android NetGuard erlaubt, das Internet im Hintergrund zu nutzen (siehe auch diese Frage).
Stellen Sie sicher, dass Sie NetGuard nicht im Erlaubnismodus (Whitelist) betreiben (überprüfen Sie die Standardeinstellungen von NetGuard).
Stellen Sie sicher, dass Sie die Always-On-VPN-Unteroption "Verbindungen ohne VPN blockieren" nicht aktiviert haben (Android 8 Oreo oder höher). Dadurch wird auch die Auflösung von Domainnamen blockiert (ist das ein Fehler oder eine Funktion?).
Einige Internetanbieter blockieren alle DNS-Anfragen, außer über ihre eigenen DNS-Server. Wenn Sie also benutzerdefinierte DNS-Server konfiguriert haben, versuchen Sie, dies rückgängig zu machen.
Einige Android-Versionen, darunter LineageOS und /e/ für einige Geräte, enthalten einen Fehler, der dazu führt, dass der gesamte Internetverkehr blockiert wird. Meistens können Sie diesen Fehler umgehen, indem Sie die Filterung in den erweiterten Optionen von NetGuard aktivieren. Wenn dies das Problem nicht löst, kann es leider nicht von NetGuard behoben oder umgangen werden. Bitte schauen Sie hier für eine Lösung.
(52) Was ist der Lockdown-Modus?
Im Sperrmodus wird der gesamte Datenverkehr für alle Anwendungen blockiert, mit Ausnahme von Anwendungen, für die die Bedingung "Im Sperrmodus zulassen" aktiviert ist. Sie können diesen Modus verwenden, um die Nutzung des Akkus oder des Netzes einzuschränken, z. B. wenn Ihr Akku fast leer ist oder Ihr Datenkontingent fast erschöpft ist.
Beachten Sie, dass der Sperrmodus nur angewendet werden kann, wenn die entsprechende Option auch unter "Netzwerkoptionen" eingestellt ist (eine für den Wi-Fi-Modus, eine für mobile Daten), so dass die Sperrung nur in einem der beiden Netzwerkmodi und nicht im anderen erfolgen kann (z. B. Sperren, wenn mobile Daten aktiv sind, aber nicht, wenn Wi-Fi gerade verwendet wird).
Beachten Sie auch, dass Systemanwendungen in diesem Modus nur blockiert werden, wenn die Verwaltung von Systemanwendungen in den erweiterten Einstellungen aktiviert ist.
Sie können den Sperrmodus im Hauptmenü, über ein Widget oder über eine Einstellungs-Kachel aktivieren/deaktivieren (Android 7 Nougat oder höher).
(53) Die Übersetzung in meiner Sprache fehlt / ist falsch / unvollständig
Sie können hier Übersetzungen beisteuern (die Registrierung ist kostenlos). Wenn deine Sprache fehlt, kontaktiere mich bitte, damit ich sie hinzufügen kann.
(54) Wie kann ich alle TCP-Verbindungen durch das Tor-Netzwerk tunneln?
Tor mit NetGuard wird nur im XDA NetGuard Forum unterstützt. Es gibt keinen persönlichen Support für Tor mit NetGuard, da ich Tor selbst nicht benutze.
Installiere zunächst Orbot, den Android-Client für Tor, starte ihn, drücke auf Start, während er sich verbindet, öffne die Einstellungen und stelle sicher, dass er so eingestellt ist, dass er beim Start des Gerätes automatisch startet.
In den Netzwerkoptionen von NetGuard aktiviere Subnetz-Routing und in den erweiterten Optionen SOCKS5-Proxy verwenden mit der Adresse 127.0.0.1 und dem Port 9050 (das ist der Standard-Port, wenn du ihn in Orbot geändert hast, dann ändere ihn auch hier).
Das sollte ausreichen. Wenn der Test fehlschlägt (z.B. keine Verbindung), können Sie die App-Details von Orbot öffnen, das Häkchen bei Regeln und Bedingungen anwenden entfernen und es erneut versuchen.
Wie man testet: Öffne Firefox (oder einen anderen nicht-proxyfähigen Browser) mit der Adresse https://ipleak.net/ und du solltest eine andere IP-Adresse als deine normale sehen, und unten im Feld Tor Exit Node etwas anderes als Unknown.
Sei dir bewusst, dass alle anderen Tor-Hinweise (https://www.torproject.org/docs/faq.html.en) immer noch gelten, wie z.B. dass das Tor-Netzwerk nicht erreichbar ist, deine Aktivitäten in deinem Land aktiv überwacht/gezielt werden, Online-Dienste (z.B. Gmail, Google Play Store) sich nicht anmelden können oder du gezwungen bist, endlose Capchas zu lösen, wenn du auf Seiten zugreifst, die Cloudflare's CDN-Dienste nutzen.
(55) Warum verbindet sich NetGuard mit Amazon / ipinfo.io / 216.239.34.21?
NetGuard stellt eine Verbindung zu Amazon / ipinfo.io her, um die Namen und Organisationen für IP-Adressen anzuzeigen. Wenn Sie dies nicht wünschen, deaktivieren Sie einfach die Anzeige von Namen und Organisationen über das Drei-Punkte-Menü in der globalen Protokollansicht.
(56) Warum lässt der NetGuard den gesamten Internetverkehr zu?
NetGuard kann jede einzelne Anwendung blockieren, sogar Systemanwendungen und -komponenten.
NetGuard lässt standardmäßig jeglichen Datenverkehr zu, um schwer zu findende Probleme zu vermeiden. Sie müssen den Datenverkehr selbst selektiv blockieren, indem Sie auf das Mobil- oder Wi-Fi-Symbol tippen.
Beachten Sie, dass NetGuard den Datenverkehr zu einer Anwendung zulässt, wenn der Bildschirm eingeschaltet ist und die Bedingung "wenn Bildschirm eingeschaltet" aktiviert ist.
(57) Warum verbraucht der NetGuard so viele Daten?
Im Grunde genommen verbraucht NetGuard selbst keine Daten. Bei vielen Android-Versionen werden jedoch die Daten anderer Anwendungen, die durch NetGuard fließen, fälschlicherweise dem NetGuard statt den Anwendungen zugerechnet. In diesem Fall ist der Datenverbrauch anderer Anwendungen bei aktiviertem NetGuard gleich Null.
Der gesamte Datenverbrauch Ihres Geräts ist mit und ohne NetGuard gleich.
(58) Warum dauert das Laden der Anwendungsliste so lange?
Die Anwendungsliste wird von Android bereitgestellt, daher hängt die Ladegeschwindigkeit hauptsächlich von der Leistung Ihres Geräts und der Effizienz Ihrer Android-Version ab. So kann z. B. Speicherknappheit zu längeren Ladezeiten führen, da Speicher freigegeben werden muss, z. B. durch das Pausieren anderer Anwendungen.
Es ist bekannt, dass die Einschränkung von Systemanwendungen und Systemkomponenten unter bestimmten Umständen dazu führt, dass die Anwendungsliste langsam oder gar nicht geladen wird. Die genauen Umstände sind nicht bekannt.
(59) Können Sie mir helfen, meinen Kauf wiederherzustellen?
Google verwaltet alle Käufe, so dass ich als Entwickler keine Kontrolle über die Käufe habe. Daher kann ich Ihnen nur einige Ratschläge geben:
Stellen Sie sicher, dass Sie eine aktive Internetverbindung haben.
Stellen Sie sicher, dass Sie den Google Play Store / die Play-Dienste nicht blockiert haben.
Vergewissern Sie sich, dass Sie mit dem richtigen Google-Konto angemeldet sind und dass mit Ihrem Google-Konto alles in Ordnung ist.
Stellen Sie sicher, dass Sie NetGuard über das richtige Google-Konto installiert haben, wenn Sie mehrere Google-Konten auf Ihrem Gerät eingerichtet haben
Öffnen Sie die Play Store-App und warten Sie mindestens eine Minute, um ihr Zeit zu geben, sich mit den Google-Servern zu synchronisieren.
Öffnen Sie NetGuard und navigieren Sie zum Bildschirm mit den Profi-Funktionen; NetGuard wird die Einkäufe erneut überprüfen
Sie können auch versuchen, den Cache der Play Store-App über die Einstellungen der Android-Apps zu löschen.
Beachten Sie dies:
Einkäufe werden in der Google-Cloud gespeichert und können nicht verloren gehen.
Es gibt keine zeitliche Begrenzung für Einkäufe, sie können also nicht verfallen
Google gibt keine Details (Name, E-Mail, etc.) über Käufer an Entwickler weiter.
Eine Anwendung wie NetGuard kann nicht auswählen, welches Google-Konto verwendet werden soll.
Es kann eine Weile dauern, bis die Play Store-App einen Kauf mit einem anderen Gerät synchronisiert hat
Play Store-Einkäufe können nicht ohne den Play Store verwendet werden, was nach den Play Store-Regeln ebenfalls nicht zulässig ist
Wenn Sie das Problem mit dem Kauf nicht lösen können, müssen Sie sich mit Google in Verbindung setzen.
(60) Warum funktionieren IP (Wi-Fi) Anrufe/SMS/MMS nicht?
Bitte lesen Sie dazu den Abschnitt über die Kompatibilität (wenn Sie ein mobiles Gerät verwenden, müssen Sie möglicherweise die Desktop-Version anfordern, um diesen Abschnitt zu sehen).
(61) Hilfe, NetGuard ist abgestürzt!
NetGuard stürzt selten ab ("unerwartet gestoppt"), aber wenn es abgestürzt ist (was etwas anderes ist, als von Android gestoppt zu werden, siehe diese FAQ), dann liegt es meist an Fehlern in Ihrer Android-Version (entweder in der Implementierung des Android-VPN-Dienstes oder im Android-Linux-Kernel). Ich bin gerne bereit, die Ursache eines Absturzes zu überprüfen und wenn möglich zu beheben, aber dazu benötige ich ein Logcat, das von Ihrem PC mit dem Absturzprotokoll aufgezeichnet wurde. Da Logcats meist recht umfangreich sind, benötige ich auch den genauen Zeitpunkt des Absturzes. Wenn Sie nicht wissen, wie Sie ein Logcat von Ihrem PC erfassen können, verwenden Sie bitte Ihre Lieblingssuchmaschine, um eine der zahlreichen Anleitungen zu finden.
(62) Wie kann ich das Problem "Es gab ein Problem beim Parsen des Pakets" lösen?
Wahrscheinliche Ursachen sind, dass die heruntergeladene APK-Datei beschädigt ist (was durch einen Virenscanner verursacht werden könnte) oder dass Sie versuchen, NetGuard auf einer nicht unterstützten Android-Version zu installieren.
(63) Warum ist der gesamte DNS-Verkehr erlaubt?
NetGuard blockiert im Gegensatz zu allen anderen Android-Firewalls echte Domainnamen. Hierfür muss eine Liste von Domainnamen und IP-Adressen erstellt werden. Zu diesem Zweck lässt NetGuard jeglichen DNS-Verkehr zu, auch wenn der Domainname in der Hosts-Datei aufgeführt ist. Das bedeutet jedoch nicht, dass der Verkehr zur aufgelösten IP-Adresse erlaubt ist.
Wenn Sie dem System (Google) oder den DNS-Servern Ihres Providers nicht trauen, können Sie in den erweiterten Einstellungen alternative DNS-Server festlegen. Achten Sie darauf, die Adressen einzugeben und zu bestätigen und zwei DNS-Serveradressen festzulegen. Wenn Sie nur eine DNS-Serveradresse eingeben, wird diese zusätzlich zu den Standard-DNS-Serveradressen verwendet.
(64) Können Sie DNS über TLS/HTTP hinzufügen?
Wenn Sie DNS-over-HTTP- (DoH) oder DNS-over-TLS- (DoT) Anfragen abfangen wollen, um Domänennamen aufzulösen, ist dies nicht möglich, da der DoH/DoT-Verkehr verschlüsselt ist, was ja der Sinn von DoH/DoT ist.
Bitte lesen Sie hier, wie Sie DoH/DoT trotzdem mit NetGuard nutzen können.
(65) Warum kann sich NetGuard nicht selbst blockieren?
Zunächst einmal, wenn NetGuard sich selbst blockieren kann, sollten Sie darauf vertrauen, dass NetGuard sich wirklich selbst blockiert, was im Grunde dasselbe ist, wie darauf zu vertrauen, dass NetGuard sich nicht mit dem Internet verbindet, wenn es nicht benötigt wird.
Beachten Sie, dass NetGuard sich mit dem Internet verbinden muss, um den Datenverkehr anderer Anwendungen an das Internet weiterzuleiten und um Informationen über IP-Adressen nachzuschlagen, siehe auch diese FAQ.
NetGuard konnte sich in älteren Versionen selbst blockieren, aber das erforderte den Aufruf von VpnService.protect für jede einzelne Verbindung. Da es in einer typischen Android-Umgebung viele Verbindungen von vielen Apps gibt, führte dies zu einer Verschwendung von Batteriestrom und zu Abstürzen auf einigen Android-Versionen mit Fehlern in dieser Funktion.
Da das Blockieren von NetGuard mit sich selbst nichts Nützliches gebracht hat, wurde das Blockieren von NetGuard mit sich selbst entfernt, um Batteriestrom zu sparen und Abstürze zu vermeiden.
(66) Warum greift eine blockierte App trotzdem auf das Internet zu?
Gesperrte Anwendungen können nicht auf das Internet zugreifen. Hierfür gibt es keine Ausnahmen. Der gesamte App- und Systemverkehr fließt durch den Android-VPN-Dienst, was für Unternehmen mit hohen Sicherheitsanforderungen ein Muss ist. Das bedeutet auch, dass alle Apps gleich behandelt werden und dass das globale Zugriffsprotokoll (Protokoll anzeigen im Drei-Punkte-Überlaufmenü) den gesamten Datenverkehr anzeigt.
Allerdings:
Apps können lokal zwischengespeicherte Inhalte anzeigen
Eingehende (Push-)Nachrichten werden von der Systemkomponente Google Play-Dienste und nicht von Apps empfangen, insbesondere wenn die App im Hintergrund läuft oder der Bildschirm ausgeschaltet ist.
Ebenso wird Werbung meist von der Systemkomponente Google Play-Dienste empfangen.
Downloads werden oft durch den Download-Manager und nicht durch Apps durchgeführt.
Wenn Sie Google Play-Dienste oder den Download-Manager blockieren möchten, müssen Sie die Verwaltung von System-Apps in den erweiterten Einstellungen aktivieren.
Wenn Sie sicherstellen möchten, dass Push-Nachrichten immer empfangen werden, können Sie Regeln und Bedingungen für Google Play-Dienste anwenden deaktivieren.
Um es klar zu sagen: In den meisten Fällen können Sie Anzeigen nicht durch das Blockieren von Apps blockieren. Sie können jedoch mit NetGuard Werbung für alle Apps blockieren, wie das geht, erfahren Sie hier.
(67) Wer ist "nobody"?
"nobody" ist die übliche Bezeichnung für ein Benutzerkonto, das keine Dateien besitzt, in keiner privilegierten Gruppe ist und keine anderen Fähigkeiten hat als die, die jeder andere Benutzer hat.
NetGuard wird nur für Telefone und Tablets unterstützt, also nicht für andere Gerätetypen wie Fernsehgeräte oder Fahrzeuge.
Wenn Sie die Antwort auf Ihre Frage nicht gefunden haben, können Sie Ihre Fragen in diesem Forum stellen oder mich über dieses Kontaktformular kontaktieren.

751
NetGuard/FAQ.md
View File

@ -1,751 +0,0 @@
NetGuard
========
Please scroll down if you want to ask a question, request a feature, or report a bug.
[Deutsche Übersetzung](https://raw.githubusercontent.com/M66B/NetGuard/master/FAQ-de.txt)
Frequently Asked Questions (FAQ)
--------------------------------
<a name="faq0"></a>
**(0) How do I use NetGuard?**
* Enable the NetGuard firewall using the switch in NetGuard's action bar
* Allow (greenish\*) or deny (reddish\*) Wi-Fi or mobile internet access using the icons next to an application name in NetGuard's applications list
You can use *Settings > Defaults* to change from block/blacklist mode (disable *Block Wi-Fi* and *Block mobile*, and then block unwanted applications in NetGuard's applications list) to allow/whitelist mode (enable *Block Wi-Fi* and *Block mobile*, and then allow desired applications in NetGuard's applications list).
\* Depending on the theme you use, the icons may be:
* Allowed (internet access permitted): greenish (teal) / blue / purple / gray
* Blocked (internet access denied): reddish (salmon) / orange / yellow / amber
<a name="faq1"></a>
**(1) Can NetGuard completely protect my privacy?**
No - nothing can completely protect your privacy.
NetGuard will do its best, but it is limited by the fact it must use the Android VPN service.
This is the trade-off required to make a firewall which does not require root access.
The firewall can only start when Android "allows" it to start,
so it will not offer protection during early boot-up (although you can disable your network before rebooting).
Also, the Android VPN service needs to be restarted to apply new rules when connectivity has changed or when the screen is being turned on or off.
It will, however, be much better than nothing.
In the advanced options you can enable *Seamless VPN handover on reload* to prevent traffic from leaking when the Android VPN service is being restarted.
However, this does not work properly on all Android versions/variants causing NetGuard to hang and block all connections.
On Android N and later NetGuard can be configured as [Always-On VPN](https://developer.android.com/guide/topics/connectivity/vpn#always-on).
On Android O **do not** enable the sub option '*Block connections without VPN*', see [question 51](#user-content-faq51)) for more information on this.
To protect yourself more, remember to disable Wi-Fi and mobile data before rebooting,
and only enable them on reboot, after the firewall service has started (and the key icon is visible in the status bar).
Thanks @[pulser](https://github.com/pulser/)
<a name="faq2"></a>
**(2) Can I use another VPN application while using NetGuard**
If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html),
then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.
NetGuard is a firewall application, so there is no intention to add VPN support.
However, NetGuard supports a [SOCKS5 proxy](https://en.wikipedia.org/wiki/SOCKS) to chain VPN applications.
You can find one possible community contributed solution [here](https://itsignacioportal.github.io/netguard-pdnsf-any-vpn-combo/).
<a name="faq3"></a>
**(3) Can I use NetGuard on any Android version?**
No, the minimum required Android version is 5.1 (<a href= "https://developer.android.com/about/versions/lollipop">Lollipop</a>)
<a name="faq4"></a>
**(4) Will NetGuard use extra battery power?**
By default NetGuard will hardly use any battery power.
All settings resulting in extra battery usage, like IP filtering and logging, have a warning.
If NetGuard uses a lot of battery power, please double check your settings.
The battery usage when IP filtering is enabled depends on the quality of your Android VPN service implementation and the efficiency of the processor of your device.
Generally the battery usage on older devices might be unacceptable, yet hardly noticeable on modern devices with an efficient processor.
The network speed graph notification will use extra battery power.
This is why the notification is shown only when the screen is on.
You can decrease the update frequency using the settings to reduce the battery usage.
Note that Android often incorrectly contribute battery usage of other apps to NetGuard,
because the network traffic of other apps is flowing through NetGuard.
This means that it might look like NetGuard is using a lot of battery power,
but that in fact the total battery usage of all apps is still the same.
<a name="faq6"></a>
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
No, depending on the mode of operation basically one of two things will happen with your internet traffic:
* When IP filtering is disabled, blocked internet traffic will be routed into the local VPN service, which will operate as a sinkhole (in effect dropping all blocked traffic)
* When IP filtering is enabled, both blocked and allowed internet traffic will be routed into the local VPN service and only allowed traffic will be forwarded to the intended destination (and not to a VPN server)
The [Android VPN service](http://developer.android.com/reference/android/net/VpnService.html) is being used to locally route all internet traffic to NetGuard so no root is required to build this firewall application.
NetGuard, unlike all other no-root firewalls applications, is 100% open source, so when you are in doubt you can check [the source code](https://github.com/M66B/NetGuard/) yourself.
<a name="faq7"></a>
**(7) Why are applications without internet permission shown?**
Internet permission can be granted with each application update without user consent.
By showing all applications, NetGuard allows you to control internet access even *before* such an update occurs.
<a name="faq8"></a>
**(8) What do I need to enable for the Google Play™ store app to work?**
You need 3 packages (applications) enabled (use search in NetGuard to find them quickly):
* com.android.vending (Play store)
* com.google.android.gms (Play services)
* com.android.providers.downloads (Download manager)
Since the Google Play™ store app has a tendency to check for updates or even download them all by itself (even if no account is associated),
one can keep it in check by enabling "*Allow when screen is on*" for all 3 of these packages.
Click on the down arrow on the left side of an application name and check that option,
but leave the network icons set to red (hence blocked). The little human icon will appear for those packages.
Note that NetGuard does *not* require any Google service to be installed.
<a name="faq9"></a>
**(9) Why is the VPN service being restarted?**
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile)
to apply the rules with the conditions *'Allow when screen is on'* and *'Block when roaming'*.
See [here](http://forum.xda-developers.com/showpost.php?p=65723629&postcount=1788) for more details.
<a name="faq10"></a>
**(10) Will you provide a Tasker plug-in?**
No, because if Tasker is allowed to disable NetGuard, any application can disable NetGuard.
Allowing a security application to be disabled by other applications is not a good idea.
<a name="faq13"></a>
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
* Long click the NetGuard notification
* Tap the 'i' icon
* Depending on your device and/or ROM manufacturer's software customizations, you can be directed to either:
* the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog
* the **App Notifications** screen and you can toggle the '*Block*' slider to on
Note that, whether or not you get a dialog warning to agree upon,
this operation will also disable any information or warning notifications from NetGuard,
such as the new application installed notification.
To read about the need for the notification in the first place, see [question 24](#user-content-faq24).
Some Android versions display an additional notification, which might include a key icon.
This notification, unfortunately, cannot be removed.
<a name="faq14"></a>
**(14) Why can't I select OK to approve the VPN connection request?**
There might be another (invisible) application on top of the VPN connection request dialog.
Some known (screen dimming) applications which can cause this are *Lux Brightness*, *Night Mode*, and *Twilight*.
To avoid this problem, at least temporarily, close all applications and/or services which may be running in the background.
<a name="faq15"></a>
**(15) Are F-Droid builds supported?**
F-Droid builds are not supported because I have no control over if and when the F-Droid version of NetGuard will be updated,
so I cannot guarantee timely updates, for example if there is a critical or security issue.
Because F-Droid builds and GitHub releases are signed differently, an F-Droid build needs to be uninstalled first to be able to update to a GitHub release.
<a name="faq16"></a>
**(16) Why are some applications shown dimmed?**
Disabled applications and applications without internet permission are shown dimmed.
<a name="faq17"></a>
**(17) Why is NetGuard using so much memory?**
It isn't. NetGuard doesn't allocate any memory, except a little for displaying the user interface elements and for buffering traffic.
It appears, on some Android variants, that the Google Play™ store app connection uses almost 150 MB. It is needed for in-app donations,
and is incorrectly attributed to NetGuard instead to the Google Play™ store app.
<a name="faq18"></a>
**(18) Why can't I find NetGuard in the Google Play™ store app?**
NetGuard requires at least Android 5.1, so it is not available in the Google Play™ store app on devices running prior Android versions.
<a name="faq19"></a>
**(19) Why does application XYZ still have internet access?**
If you block internet access for an application, there is no way around it.
However, applications could access the internet through other (system) applications/components.
For example, Google Play services receives incoming push messages and ads for most applications, including WhatsApp and Facebook messenger.
You can prevent this by blocking internet access for the other application/component as well.
You can block system applications and components, like Google Play services, by enabling the advanced NetGuard option *Manage system apps*.
This can best be diagnosed by checking the global access log (three dot menu, *Show log*).
Note that some applications keep trying to access the internet, which is done by sending a connection request packet.
This packet goes into the VPN sinkhole when internet access for the application is blocked.
This packet consists of less than 100 bytes and is counted by Android as outgoing traffic
and will be visible in the speed graph notification as well.
<a name="faq20"></a>
**(20) Can I Greenify/hibernate NetGuard?**
No. [Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify)
or otherwise hibernating NetGuard will result in rules not being applied
when connectivity changes from Wi-Fi/mobile, screen on/off, and roaming/not roaming.
<a name="faq21"></a>
**(21) Does doze mode affect NetGuard?**
I am not sure, because the [doze mode documentation](http://developer.android.com/training/monitoring-device-state/doze-standby.html)
is not clear if the [Android VPN service](http://developer.android.com/reference/android/net/VpnService.html) will be affected.
To be sure, you can disable battery optimizations for NetGuard manually like this:
```
Android settings > Battery > three dot menu > Battery optimizations > Dropdown > All apps > NetGuard > Don't optimize > Done
```
The procedure to accomplish this can vary between devices.
Disabling doze mode for NetGuard cannot be done from within NetGuard
because, according to Google, NetGuard is [not an application type allowed to do this](http://developer.android.com/training/monitoring-device-state/doze-standby.html#whitelisting-cases).
<a name="faq22"></a>
**(22) Can I tether (use the Android hotspot) / use Wi-Fi calling while using NetGuard?**
Yes, but you'll need to enable subnet routing and tethering in the NetGuard network settings.
Whether or not it works depends on your Android version
because some Android versions have a bug preventing tethering and the VPN service working together.
Some devices hibernate Wi-Fi, preventing tethering from working when the screen is off.
This behavior can be disabled in the Android enhanced/advanced Wi-Fi settings.
<a name="faq24"></a>
**(24) Can you remove the notification from the status bar?**
Android can kill background services at any time.
This can only be prevented by turning a background service into a foreground service.
Android requires an ongoing notification for all foreground services
to make you aware of potential battery usage (see [question 4](#user-content-faq4)).
So, the notification cannot be removed without causing instability.
However, the notification is being marked as low priority,
which should result in moving it to the bottom of the list.
The key icon and/or the VPN running notification,
which is shown by Android and not by NetGuard, unfortunately, cannot be removed.
The [Google documentation](http://developer.android.com/reference/android/net/VpnService.html) states:
*"A system-managed notification is shown during the lifetime of a VPN connection"*.
Android 8 Oreo and later display a notification "*... running in the background*" listing all apps running in the background.
You can't disable this notification, but you can remove the icon from the status bar like this:
* Open Settings > Apps & notifications > App info
* Open settings (three dots); Select "Show system"
* Select "Android System"
* Select "App notifications"
* Select "Apps running in background"
* Select "Importance" and select "Low"
<a name="faq25"></a>
**(25) Can you add a 'Select All' function?**
There is no need for a 'Select All' function
because you can switch from block (blacklist) to allow (whitelist) mode using Netguard's settings.
See also [question 0](#user-content-faq0).
<a name="faq27"></a>
**(27) How do I read the blocked traffic log?**
The columns have the following meanings:
1. Time (tap on a log entry to see the date)
1. Application icon (tap on a log entry to see the application name)
1. Application UID
1. Wi-Fi / mobile connection, green=allowed, red=blocked
1. Interactive state (screen on or off)
1. Protocol (see below) and packet flags (see below)
1. Source and destination port (tap on a log entry to lookup a destination port)
1. Source and destination IPv4 or IPv6 address (tap on a log entry to lookup a destination IP address)
1. Organization name owning the IP address (needs to be enabled via the menu)
Protocols:
* HOPO ([IPv6 Hop-by-Hop Option](https://en.m.wikipedia.org/wiki/IPv6_packet#Hop-by-hop_options_and_destination_options))
* ICMP
* IGMP
* ESP (IPSec)
* TCP
* UDP
* Number = one of the protocols in [this list](https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers)
* 4 = IPv4
* 6 = IPv6
Packet flags:
* S = SYN
* A = ACK
* P = PSH
* F = FIN
* R = RST
For a detailed explanation see [here](https://en.wikipedia.org/wiki/Transmission_Control_Protocol).
Only TCP, UDP, and ICMP ping traffic can be routed through the Android VPN service.
All other traffic will be dropped and will be shown as blocked in the global traffic log.
This is almost never a problem on an Android device.
<a name="faq28"></a>
**(28) Why is Google connectivity services allowed internet access by default?**
The Google connectivity services system application checks if the current network is really connected to the internet.
This is probably accomplished by briefly connecting to some Google server.
If this is not the case, there will be an '!' in the Wi-Fi or mobile icon in the system status bar.
Recent Android versions seem not to switch connectivity from mobile to Wi-Fi when the Wi-Fi network is not really connected,
even though there is a connection to the Wi-Fi network (or the other way around). On Android 6.0 and later you might get a notification asking you if you want to keep this connection on or not.
To prevent a bad user experience, NetGuard includes a predefined rule to default allow the Google connectivity services.
You can find all predefined rules [here](https://github.com/M66B/NetGuard/blob/master/app/src/main/res/xml/predefined.xml).
You can override predefined rules.
<a name="faq29"></a>
**(29) Why do I get 'The item you requested is not available for purchase'?**
You can only purchase pro features when you have installed NetGuard from the Google Play store.
<a name="faq30"></a>
**(30) Can I also run AFWall+ on the same device?**
Unless you are just testing NetGuard, there is no current reason to use them both, since they cover the same function (firewall),
although with different base needs (AFWall+ needs a rooted device) and ways of doing their thing (AFWall+ uses iptables whereas NetGuard uses a VPN).
Also you need to keep per application access rules _always_ in sync between AFWall+ and NetGuard,
else the application will not be able to access the network,
hence bringing another level of complexity when setting and assuring everything work as expected.
Some pointers on how to set up AFWall+ to be used simultaneously with NetGuard:
* if not using filtering in NetGuard, applications _need_ direct internet access (Wi-Fi and/or mobile) in AFWall+
* if using filtering, NetGuard will _need_ internet access (Wi-Fi and/or mobile) in AFWall+
* if using filtering, when you un/reinstall NetGuard, remember to re-allow NetGuard in AFWall+
* if using filtering, applications _need_ VPN internet access (check the box to show that option in AFWall+ settings)
This question was community contributed. There is no support on using NetGuard and AFWall+ together.
<a name="faq31"></a>
**(31) Why can some applications be configured as a group only?**
For many purposes, including network access, Android groups applications on UID and not on package/application name.
Especially system applications often have the same UID, despite having a different package and application name; these are set up like this by the ROM manufacturer at build time.
These applications can only be allowed/blocked access to the internet as a group.
<a name="faq32"></a>
**(32) Why is the battery/network usage of NetGuard so high?**
This is because Android counts battery and network usage which is normally counted for other applications
against NetGuard in IP filtering mode. The total battery usage is slightly higher when IP filtering mode is enabled.
IP filtering mode is always enabled on Android versions prior to 5.0, and optionally enabled on later Android versions.
<a name="faq33"></a>
**(33) Can you add profiles?**
Profiles are inconvenient because they need to be operated manually.
Conditions like '*When screen is on*' are, on the other hand, convenient because they work automatically.
Therefore profiles will not be added, but you are welcome to propose new conditions;
however, they need to be generally usable to be included.
As a workaround you can use the export/import function to apply specific settings in specific circumstances.
Alternatively, you can use lockdown mode as a profile.
<a name="faq34"></a>
**(34) Can you add a condition 'when on foreground' or 'when active'?**
Recent Android versions do not allow an application to query if other applications are in the foreground/background or active/inactive
without holding an [additional privacy violating permission](https://developer.android.com/reference/android/Manifest.permission.html#PACKAGE_USAGE_STATS)
and at the expense of extra battery usage (because periodic polling is required).
As a result, this cannot be added without significant disadvantages, like [this one](http://www.xda-developers.com/working-as-intended-an-exploration-into-androids-accessibility-lag/).
You can use the condition '*when screen is on*' instead.
<a name="faq35"></a>
**(35) Why does the VPN not start?**
NetGuard "asks" Android to start the local VPN service,
but some Android versions contain a bug which prevents the VPN from starting (automatically).
Sometimes this is caused by updating NetGuard.
Unfortunately this cannot be fixed by NetGuard.
You can try to restart your device and/or revoke the VPN permissions from NetGuard using the Android settings.
Sometimes it helps to uninstall and install NetGuard again (be sure to export your settings first!).
<a name="faq36"></a>
**(36) Can you add PIN or password protection?**
Since turning off the VPN service using the Android settings cannot be prevented,
there is little use in adding PIN or password protection.
<a name="faq37"></a>
**(37) Why are the pro features so expensive?**
The right question is "*why are there so many taxes and fees*":
* VAT: 25% (depending on your country)
* Google fee: 30%
* Income tax: 50%
So, what is left for the developer is just a fraction of what you pay.
Despite NetGuard being *really* a lot of work, only some of the convenience and advanced features need to be purchased,
which means that NetGuard is basically free to use
and that you don't need to pay anything to reduce your data usage, increase battery life, and increase your privacy.
Also note that most free applications will appear not to be sustainable in the end, whereas NetGuard is properly maintained and supported,
and that free applications may have a catch, like sending privacy sensitive information to the internet.
See [here](http://forum.xda-developers.com/showpost.php?p=67892427&postcount=3030) for some more information.
<a name="faq38"></a>
**(38) Why did NetGuard stop running?**
First of all, please make sure you disabled battery optimizations for NetGuard in the Android settings.
On most devices, NetGuard will keep running in the background with its foreground service.
On some devices (in particular some Samsung models), where there are lots of applications competing for memory, Android may still stop NetGuard as a last resort.
Some Android versions, in particular of Huawei (see [here](https://www.forbes.com/sites/bensin/2016/07/04/push-notifications-not-coming-through-to-your-huawei-phone-heres-how-to-fix-it/) for a fix) or Xiaomi (see [here](https://www.forbes.com/sites/bensin/2016/11/17/how-to-fix-push-notifications-on-xiaomis-miui-8-for-real/) for a fix) stop apps and services too aggressively.
Unfortunately this cannot be fixed by NetGuard, and can be considered a shortcoming of the device and/or as a bug in Android.
As a matter of fact lots of apps suffer from this, see the website [Don't kill my app!](https://dontkillmyapp.com/) for more information and solutions.
You can workaround this problem by enabling the watchdog in the NetGuard advanced options to check every 10-15 minutes.
<a name="faq39"></a>
**(39) How does a VPN based firewall differ from a iptables based firewall?**
See this [Stack Exchange question](http://android.stackexchange.com/questions/152087/any-security-difference-between-root-based-firewall-afwall-and-non-root-based).
<a name="faq40"></a>
**(40) Can you add schedules?**
Besides not being trivial to add, schedules - in my opinion - are not a good idea, since time is not a good rule condition.
A rule condition like *When screen is on* is a better and more straightforward condition.
Therefore schedules will not be added, but you are welcome to propose other new conditions.
<a name="faq41"></a>
**(41) Can you add wildcards / address/port ranges?**
Wildcards to allow/block addresses and address/port ranges would have a significant performance and usability impact and therefore will not be added.
Wildcards rules and address/port ranges would need to be checked for each and every connection attempt.
Since NetGuard blocks, unlike any other no-root firewall, domain names instead of IP addresses there is hardly a need for wildcards.
<a name="faq42"></a>
**(42) Why is permission ... needed?**
* INTERNET ('*Full network access*'): to forward allowed (filtered) traffic to the internet
* ACCESS_NETWORK_STATE ('*View network connections*'): to check if the device is connected to the internet through Wi-Fi
* READ_PHONE_STATE ('*Device ID & call information*'): to detect mobile network changes, see [here](http://forum.xda-developers.com/showpost.php?p=64107371&postcount=489) for more details
* ACCESS_WIFI_STATE ('*Wi-Fi connection information*'): to detect Wi-Fi network changes
* RECEIVE_BOOT_COMPLETED ('*Run at startup*'): to start the firewall when booting the device
* WAKE_LOCK ('*Prevent device from sleeping*'): to reliably reload rules in the background on connectivity changes
* VIBRATE: to provide vibration feedback on widget tap
* FOREGROUND_SERVICE ('foreground service'): to run a foreground service on Android 9 Pie and later
* QUERY_ALL_PACKAGES: to list all apps on Android 11 and later
* BILLING: to use in-app billing
<a name="faq43"></a>
**(43) I get 'This app is causing your device to run slowly'**
This message is displayed by the *Smart Manager*,
but actually it is the 'Smart' Manager application itself which is causing delays and lags.
Some links:
* [Smart Manager complaining about LastPass](https://www.reddit.com/r/GalaxyS6/comments/3htu2y/smart_manager_cmoplaining_about_lastpass/)
* [Disable Smart Manager?](http://forums.androidcentral.com/samsung-galaxy-s4/595483-disable-smart-manager.html)
<a name="faq44"></a>
**(44) I don't get notifications on access**
To prevent a high number of status bar notifications, notify on access is done only once per domain name per application.
Access to domain names shown in the application access log (drill down in the NetGuard application settings) will not be notified again,
even if you just enabled notify on access.
To get notified for all domain names again, you can clear the application access log using the trashcan icon.
If you want to clear all applications logs, you can export and import your settings.
Another reason why you don't get notifications could be an applied "Power Saving Mode" for example on Samsung devices. Even if you do not restrict CPU frequency in this mode.
<a name="faq45"></a>
**(45) Does NetGuard handle incoming connections?**
The Android VPN service handles outgoing connections only (from applications to the internet), so incoming connections are normally left alone.
If you want to run a server application on Android, then be aware that using port numbers below 1024 require root permissions
and that some Android versions contain routing bugs, causing inbound traffic incorrectly being routed into the VPN.
<a name="faq46"></a>
**(46) Can I get a refund?**
If a purchased pro feature doesn't work [as described](https://www.netguard.me/)
and this isn't caused by a problem in the free features
and I cannot fix the problem in a timely manner, you can get a refund.
In all other cases there is no refund possible.
In no circumstances there can be a refund for any problem related to the free features,
since there wasn't paid anything for them and because they can be evaluated without any limitation.
I take my responsibility as seller to deliver what has been promised
and I expect that you take responsibility for informing yourself of what you are buying.
<a name="faq48"></a>
**(48) Why are some domain names blocked while they are set to be allowed?**
NetGuard blocks traffic based on the IP addresses an application is trying to connect to.
If more than one domain name is on the same IP, they cannot be distinguished.
If you set different rules for 2 domains which resolve to the same IP, both will be blocked.
Thanks @[pulser](https://github.com/pulser/)
Another potential problem is that Android doesn't honor the DNS TTL value and applies its own caching rules.
This could result in NetGuard too early or too late purging a DNS record from its own cache,
resulting in not recognizing an IP address or recognizing a wrong IP address.
You can try to workaround this by changing the DNS TTL value setting of NetGuard.
This value is used as a minimum DNS TTL value in an attempt to mimick the behavior of Android.
NetGuard will also block traffic while restarting the Android VPN service to apply new rules,
for example when connectivity changes or when the screen is turned on or off.
<a name="faq49"></a>
**(49) Does NetGuard encrypt my internet traffic / hide my IP address?**
NetGuard is a firewall application that filters internet traffic on your device (see also [this question](#user-content-faq6)),
so it is not meant to - and does not - encrypt your internet traffic or hide your IP address.
<a name="faq50"></a>
**(50) Will NetGuard automatically start on boot?**
Yes, NetGuard will automatically be started on boot if you powered off your device with NetGuard enabled and NetGuard is not installed on external storage.
Some devices, for example OnePlus and Mi devices, can prevent certain apps from auto-starting after reboot.
This can be disabled in the Android settings.
<a name="faq51"></a>
**(51) Why does NetGuard block all internet traffic?!**
Make sure you have put NetGuard on the doze exception list (Android 6 Marshmallow or later)
and that Android allows NetGuard to use the internet in the background (see also [this question](#user-content-faq21)).
Make sure you are not running NetGuard in allow (whitelist) mode (check the NetGuard default settings).
Make sure you didn't enable the Always-On VPN sub option '*Block connections without VPN*' (Android 8 Oreo or later).
This will block resolving domain names too (is it a bug or feature?).
Some internet providers block all DNS requests except via their own DNS servers.
So, if you configured custom DNS servers, try to undo this.
Some Android versions, including LineageOS and /e/ for some devices, contain a bug resulting in all internet traffic being blocked.
Mostly, you can workaround this bug by enabling filtering in NetGuard's *Advanced options*.
If this doesn't solve the issue, the problem can unfortunately not be fixed or worked around by NetGuard.
Please [see here](https://forum.xda-developers.com/t/app-6-0-netguard-no-root-firewall.3233012/post-84457527) for a fix.
<a name="faq52"></a>
**(52) What is lockdown mode?**
In lockdown mode, all traffic for all applictions will be blocked,
except for applications with the condition *'Allow in lockdown mode'* enabled.
You can use this mode to limit battery usage or network usage,
for example, when your battery is almost empty or when your data allotment is almost exhausted.
Note that Lockdown mode applies only if the corresponding option is also set in "Network options"
(one for Wi-Fi mode, one for Mobile data), allowing to have lockdown in only one of the two network modes
and not in the other (eg. Lock down if mobile data are active, but not if Wi-Fi is currently used).
Note also that system applications will only be blocked in this mode
when managing system applications is enabled in the advanced settings.
You can enable/disable lockdown mode in the main menu, using a widget, or using a settings tile (Android 7 Nougat or later).
<a name="faq53"></a>
**(53) The translation in my language is missing / incorrect / incomplete**
You can contribute translations [here](https://crowdin.com/project/netguard) (registration is free).
If your language is missing, please contact me to have it added.
<a name="faq54"></a>
**(54) How to tunnel all TCP connections through the Tor network?**
Tor with NetGuard is only supported in the [XDA NetGuard forum](http://forum.xda-developers.com/showthread.php?t=3233012).
There is no personal support on Tor with NetGuard, because I don't use Tor myself.
First, install [Orbot](market://details?id=org.torproject.android), the Android client for Tor,
run it, press _Start_, while it connects open its _Settings_ and make sure it's setup to auto-start
on device start.
In NetGuard's _Network options_ enable _Subnet routing_ and in _Advanced options_ toggle on
_Use SOCKS5 proxy_ with address 127.0.0.1 and port as 9050 (this is the default port, if you changed
this in Orbot make the adjustment here also).
This should be enough, if testing fails (eg. no connection at all) you can open the app details
for Orbot, uncheck _Apply rules and conditions_ and retry.
How to test: open Firefox (or another non-proxy enabled browser) to the address https://ipleak.net/
and you should see a different IP address from your regular one, and below in the _Tor Exit Node_
field something else besides _Unknown_.
**Be aware** that all the other Tor caveats (https://www.torproject.org/docs/faq.html.en) still apply,
like having the Tor network unreacheable, your activity actively monitored/targeted in your country,
online services (eg. Gmail, Google Play store) failing to login or being forced to solve endless capchas
when accessing sites that use Cloudflare's CDN services.
<a name="faq55"></a>
**(55) Why does NetGuard connect to Amazon / ipinfo.io / 216.239.34.21?**
NetGuard connects to Amazon / [ipinfo.io](https://ipinfo.io/) to show the names and organizations for IP addresses.
If you don't want this, just disable showing names and organizations using the three dot menu in the global log view.
<a name="faq56"></a>
**(56) Why does NetGuard allow all internet traffic?!**
NetGuard can block each and every application, even system applications and components.
NetGuard, by default, allows all traffic to prevent hard to find problems. You need to selectively block traffic yourself by tapping on the mobile or Wi-Fi icons.
Be aware that NetGuard will allow traffic to an application when the screen is on and the condition *'when screen on'* is enabled.
<a name="faq57"></a>
**(57) Why does NetGuard use so much data?**
Basically, NetGuard doesn't use data itself.
However, many Android versions incorrectly account data of other applications flowing through NetGuard to NetGuard instead of to the applications.
The data usage of other applications will be zero with NetGuard enabled in this case.
The total data usage of your device will be the same with and without NetGuard.
<a name="faq58"></a>
**(58) Why does loading the application list take a long time?**
The application list is provided by Android, so the loading speed depends mostly on the power of your device and on the efficiency of your Android version.
For example shortage of memory could lead to increased loading times, because memory needs to be freed, for example by pausing other applications.
In some circumstances, restricting system apps and system components is known to cause the application list to load slowly or not at all. The exact circumstances are unknown.
<a name="faq59"></a>
**(59) Can you help me restore my purchase?**
Google manages all purchases, so as a developer I have no control over purchases.
So, the only thing I can do, is give some advice:
* Make sure you have an active internet connection
* Make sure you didn't block Google Play store / Play services
* Make sure you are logged in with the right Google account and that there is nothing wrong with your Google account
* Make sure you installed NetGuard via the right Google account if you configured multiple Google accounts on your device
* Open the Play store app and wait at least a minute to give it time to synchronize with the Google servers
* Open NetGuard and navigate to the pro features screen; NetGuard will check the purchases again
You can also try to clear the cache of the Play store app via the Android apps settings.
Note that:
* Purchases are stored in the Google cloud and cannot get lost
* There is no time limit on purchases, so they cannot expire
* Google does not expose details (name, e-mail, etc) about buyers to developers
* An app like NetGuard cannot select which Google account to use
* It may take a while until the Play store app has synchronized a purchase to another device
* Play Store purchases cannot be used without the Play Store, which is also not allowed by Play Store rules
If you cannot solve the problem with the purchase, you will have to contact Google about it.
<a name="faq60"></a>
**(60) Why does IP (Wi-Fi) calling/SMS/MMS not work?**
Please see the [compatibility section](https://github.com/M66B/NetGuard/#compatibility) about this
(you might need to request the desktop version to see this section if you are using a mobile device).
<a name="faq61"></a>
**(61) Help, NetGuard crashed!**
NetGuard rarely crashes ("unexpectedly stopped"), but if it crashed (which is something different than being stopped by Android, see [this FAQ](#user-content-faq38)),
then it is mostly caused by bugs in your Android version
(either in the [Android VPN service](https://developer.android.com/reference/android/net/VpnService.html) implementation or in the [Android Linux kernel](https://developer.android.com/guide/platform/index.html#linux-kernel)).
I am happy to check what the cause of a crash is and I will fix it whenever possible, but I need a logcat captured from your PC with the crash log for this.
Since logcats are mostly quite large, I will need the exact time of the crash as well.
If you don't know how to capture a logcat from your PC, please use your favorite search engine to find one of the numerous guides.
<a name="faq62"></a>
**(62) How can I solve 'There was a problem parsing the package' ?**
Likely causes are that the downloaded APK file is damaged (which could be caused by a virus scanner)
or that you are trying to install NetGuard on a not supported Android version.
<a name="faq63"></a>
**(63) Why is all DNS traffic allowed?**
NetGuard blocks unlike any other Android firewall on real domain names.
For this a list of domain names and IP address needs to be built.
For this purpose, NetGuard allows all DNS traffic, even if the domain name is listed in the hosts file.
However, this doesn't mean traffic to the resolved IP address is allowed.
If you don't trust the system (Google's) or your provider's DNS servers, you can set alternative DNS servers in the advanced settings.
Be sure to enter and confirm the addresses and to set two DNS server addresses.
If you enter just one DNS server address, it will be used in addition to the default DNS server addresses.
<a name="faq64"></a>
**(64) Can you add DNS over TLS/HTTP?**
If you mean to intercept [DNS over HTTP](https://en.wikipedia.org/wiki/DNS_over_HTTPS) (DoH)
or [DNS over TLS](https://en.wikipedia.org/wiki/DNS_over_TLS) (DoT) requests to resolve domain names,
this is not possible because DoH/DoT traffic is encrypted, which is the whole point of DoH/DoT.
Please [see here](https://github.com/Ch4t4r/Nebulo/blob/master/docs/NONVPNMODE.md) about how you can use DoH/DoT with NetGuard anyway.
<br />
<a name="faq65"></a>
**(65) Why can NetGuard not block itself?**
First of all, if NetGuard could block itself, you should trust that NetGuard really blocks itself,
which is basically the same as trusting that NetGuard doesn't connect to the internet when not needed.
Note that NetGuard needs to connect to the internet to forward traffic of other apps to the internet and to lookup information on IP addresses,
see also [this FAQ](#user-content-faq55).
NetGuard could block itself in older versions,
but this required calling [VpnService.protect](https://developer.android.com/reference/android/net/VpnService.html#protect(int)) for each and every connection.
Since there are lots of connections of lots of apps in a typical Android environment,
this resulted in wasting battery power and in crashes on some Android versions with bugs in this function.
So, because blocking NetGuard with itself didn't added anything useful
and to save on battery power and to prevent crashes blocking NetGuard with itself was removed.
<br />
<a name="faq66"></a>
**(66) Why is a blocked app still accessing the internet?**
Blocked apps cannot access the internet. There are no exceptions to this.
All app and system traffic flows through the [Android VPN service](https://developer.android.com/guide/topics/connectivity/vpn),
which is a *must* for companies with high security requirements.
This also means that all apps will be treated in the same way
and that the global access log (*Show log* in the three-dots overflow menu) will show all traffic.
However:
* Apps can show locally cached content
* Incoming (push) messages are received by the system component Google Play services and not apps, especially when the app is in the background or when the screen is turned off
* Similarly, advertisements are mostly received by the system component Google Play services
* Downloads are often performed by the download manager and not apps
If you like to block Google Play services or the download manager, you'll need to enable managing system apps in the advanced settings.
If you like to make sure that push messages will always be received, you can disable *Apply rules and conditions* for Google Play services.
To be clear: in most cases **you cannot block ads by blocking apps**.
However, you can block ads for all apps with NetGuard, please see [here](https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md) about how to.
<br />
<a name="faq67"></a>
**(67) Who is 'nobody'?**
["nobody" is the conventional name of a user account](https://en.wikipedia.org/wiki/Nobody_(username))
which owns no files, is in no privileged groups, and has no abilities except those which every other user has.
<br />
**NetGuard is supported for phones and tablets only, so not for other device types like televisions or vehicles.**
**If you didn't find the answer to your question, you can ask your questions [in this forum](http://forum.xda-developers.com/showthread.php?t=3233012) or contact me by using [this contact form](https://contact.faircode.eu/)**.

1
NetGuard/FUNDING.yml
View File

@ -1 +0,0 @@
github: [M66B]

675
NetGuard/LICENSE
View File

@ -1,675 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
{one line to give the program's name and a brief idea of what it does.}
Copyright (C) {year} {name of author}
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
{project} Copyright (C) {year} {fullname}
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

411
NetGuard/README.md
View File

@ -1,411 +0,0 @@
# NetGuard
# Edits in NetGuard Code
The NetGuard code has been taken from https://github.com/M66B/NetGuard
The compilation of the code was problematic and the problem was solved by modifiying the following lines of code in app --> Gradle Scripts --> build.gradle (Module :app)
Add the following lines:
storeFile file("my.keystore")
storePassword "store_password"
keyAlias "my_key_alias"
keyPassword "key_password"
and comment out the following lines:
// def keystorePropertiesFile = rootProject.file("keystore.properties")
// def keystoreProperties = new Properties()
// keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
// storeFile file(keystoreProperties['storeFile'])
// storePassword keystoreProperties['storePassword']
// keyAlias keystoreProperties['keyAlias']
// keyPassword keystoreProperties['keyPassword']
# The readme file from this point onwards is the original readme file.
*NetGuard* provides simple and advanced ways to block access to the internet - no root required.
Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
<br>
**WARNING: there is an app in the Samsung Galaxy app store "*Play Music - MP3 Music player*"
with the same package name as NetGuard, which will be installed as update without your confirmation.
This app is probably malicious and was reported to Samsung on December 8, 2021.**
<br>
Blocking access to the internet can help:
* reduce your data usage
* save your battery
* increase your privacy
NetGuard is the first free and open source no-root firewall for Android.
Features:
* Simple to use
* No root required
* 100% open source
* No calling home
* No tracking or analytics
* Actively developed and supported
* Android 5.1 and later supported
* IPv4/IPv6 TCP/UDP supported
* Tethering supported
* Optionally allow when screen on
* Optionally block when roaming
* Optionally block system applications
* Optionally forward ports, also to external addresses (not available if installed from the Play store)
* Optionally notify when an application accesses the internet
* Optionally record network usage per application per address
* Optionally [block ads using a hosts file](https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md) (not available if installed from the Play store)
* Material design theme with light and dark theme
PRO features:
* Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
* Allow/block individual addresses per application
* New application notifications; configure NetGuard directly from the notification
* Display network speed graph in a status bar notification
* Select from five additional themes in both light and dark version
There is no other no-root firewall offering all these features.
Requirements:
* Android 5.1 or later
* A [compatible device](#compatibility)
Downloads:
* [GitHub](https://github.com/M66B/NetGuard/releases)
* [Google Play](https://play.google.com/store/apps/details?id=eu.faircode.netguard)
Certificate fingerprints:
* MD5: B6:4A:E8:08:1C:3C:9C:19:D6:9E:29:00:46:89:DA:73
* SHA1: EF:46:F8:13:D2:C8:A0:64:D7:2C:93:6B:9B:96:D1:CC:CC:98:93:78
* SHA256: E4:A2:60:A2:DC:E7:B7:AF:23:EE:91:9C:48:9E:15:FD:01:02:B9:3F:9E:7C:9D:82:B0:9C:0B:39:50:00:E4:D4
Usage:
* Enable the firewall using the switch in the action bar
* Allow/deny Wi-Fi/mobile internet access using the icons along the right side of the application list
You can use the settings menu to change from blacklist mode (allow all in *Settings* but block unwanted applications in list) to whitelist mode (block all in *Settings* but allow favorite applications in list).
* Red/orange/yellow/amber = internet access denied
* Teal/blue/purple/grey = internet access allowed
<img src="https://raw.githubusercontent.com/M66B/NetGuard/master/screenshots/01-main.png" width="320" height="569" />
<img src="https://raw.githubusercontent.com/M66B/NetGuard/master/screenshots/02-main-details.png" width="320" height="569" />
<img src="https://raw.githubusercontent.com/M66B/NetGuard/master/screenshots/03-main-access.png" width="320" height="569" />
<img src="https://raw.githubusercontent.com/M66B/NetGuard/master/screenshots/08-notifications.png" width="320" height="569" />
For more screenshots, see [here](https://github.com/M66B/NetGuard/tree/master/screenshots).
Compatibility
-------------
The only way to build a no-root firewall on Android is to use the Android VPN service.
Android doesn't allow chaining of VPN services, so you cannot use NetGuard together with other VPN based applications.
See also [this FAQ](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq2).
NetGuard can be used on rooted devices too and even offers more features than most root firewalls.
Some older Android versions, especially Samsung's Android versions, have a buggy VPN implementation,
which results in Android refusing to start the VPN service in certain circumstances,
like when there is no internet connectivity yet (when starting up your device)
or when incorrectly requiring manual approval of the VPN service again (when starting up your device).
NetGuard will try to workaround this and remove the error message when it succeeds, else you are out of luck.
Some LineageOS versions have a broken Android VPN implementation, causing all traffic to be blocked,
please see [this FAQ](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq51) for more information.
NetGuard is not supported for apps installed in a [work profile](https://developer.android.com/work/managed-profiles),
or in a [Secure Folder](https://www.samsung.com/uk/support/mobile-devices/what-is-the-secure-folder-and-how-do-i-use-it/) (Samsung),
or as second instance (MIUI), or as Parallel app (OnePlus), or as Xiaomi dual app
because the Android VPN service too often does not work correctly in this situation, which can't be fixed by NetGuard.
Filtering mode cannot be used on [CopperheadOS](https://copperhead.co/android/).
NetGuard will not work or crash when the package *com.android.vpndialogs* has been removed or otherwise is unavailable.
Removing this package is possible with root permissions only.
If you disable this package, you can enable it with this command again:
```
adb shell pm enable --user 0 com.android.vpndialogs
```
NetGuard is supported for phones and tablets only, so not for other device types like on a television or in a car.
Android does not allow incoming connections (not the same as incoming traffic) and the Android VPN service has no support for this either.
Therefore managing incoming connections for servers running on your device is not supported.
Wi-Fi or IP calling will not work if your provider uses [IPsec](https://en.wikipedia.org/wiki/IPsec) to encrypt your phone calls, SMS messages and/or MMS messages,
unless there was made an exception in NetGuard for your provider (currently for T-Mobile and Verizon).
I am happy to add exceptions for other providers, but I need the [MCC](https://en.wikipedia.org/wiki/Mobile_country_code) codes, [MNC](https://en.wikipedia.org/wiki/MNC) codes and [IP address](https://en.wikipedia.org/wiki/IP_address) ranges your provider is using.
As an alternative you can enable the option '*Disable on call*', which is available since version 2.113.
<a name="FAQ"></a>
Frequently Asked Questions (FAQ)
--------------------------------
<a name="FAQ0"></a>
[**(0) How do I use NetGuard?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq0)
<a name="FAQ1"></a>
[**(1) Can NetGuard completely protect my privacy?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq1)
<a name="FAQ2"></a>
[**(2) Can I use another VPN application while using NetGuard?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq2)
<a name="FAQ3"></a>
[**(3) Can I use NetGuard on any Android version?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq3)
<a name="FAQ4"></a>
[**(4) Will NetGuard use extra battery power?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq4)
<a name="FAQ6"></a>
[**(6) Will NetGuard send my internet traffic to an external (VPN) server?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq6)
<a name="FAQ7"></a>
[**(7) Why are applications without internet permission shown?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq7)
<a name="FAQ8"></a>
[**(8) What do I need to enable for the Google Play™ store app to work?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq8)
<a name="FAQ9"></a>
[**(9) Why is the VPN service being restarted?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq9)
<a name="FAQ10"></a>
[**(10) Will you provide a Tasker plug-in?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq10)
<a name="FAQ13"></a>
[**(13) How can I remove the ongoing NetGuard entry in the notification screen?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq13)
<a name="FAQ14"></a>
[**(14) Why can't I select OK to approve the VPN connection request?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq14)
<a name="FAQ15"></a>
[**(15) Are F-Droid builds supported?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq15)
<a name="FAQ16"></a>
[**(16) Why are some applications shown dimmed?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq16)
<a name="FAQ17"></a>
[**(17) Why is NetGuard using so much memory?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq17)
<a name="FAQ18"></a>
[**(18) Why can't I find NetGuard in the Google Play™ store app?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq18)
<a name="FAQ19"></a>
[**(19) Why does application XYZ still have internet access?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq19)
<a name="FAQ20"></a>
[**(20) Can I Greenify/hibernate NetGuard?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq20)
<a name="FAQ21"></a>
[**(21) Does doze mode affect NetGuard?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq21)
<a name="FAQ22"></a>
[**(22) Can I tether (use the Android hotspot) / use Wi-Fi calling while using NetGuard?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq22)
<a name="FAQ24"></a>
[**(24) Can you remove the notification from the status bar?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq24)
<a name="FAQ25"></a>
[**(25) Can you add a 'select all'?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq25)
<a name="FAQ27"></a>
[**(27) How do I read the blocked traffic log?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq27)
<a name="FAQ28"></a>
[**(28) Why is Google connectivity services allowed internet access by default?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq28)
<a name="FAQ29"></a>
[**(29) Why do I get 'The item you requested is not available for purchase'?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq29)
<a name="FAQ30"></a>
[**(30) Can I also run AFWall+ on the same device?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq30)
<a name="FAQ31"></a>
[**(31) Why can some applications be configured as a group only?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq31)
<a name="FAQ32"></a>
[**(32) Why is the battery/network usage of NetGuard so high**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq32)
<a name="FAQ33"></a>
[**(33) Can you add profiles?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq33)
<a name="FAQ34"></a>
[**(34) Can you add the condition 'when on foreground'?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq34)
<a name="FAQ35"></a>
[**(35) Why does the VPN not start?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq35)
<a name="FAQ36"></a>
[**(36) Can you add PIN or password protection?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq36)
<a name="FAQ37"></a>
[**(37) Why are the pro features so expensive?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq37)
<a name="FAQ38"></a>
[**(38) Why did NetGuard stop running?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq38)
<a name="FAQ39"></a>
[**(39) How does a VPN based firewall differ from a iptables based firewall?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq39)
<a name="FAQ40"></a>
[**(40) Can you add schedules?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq40)
<a name="FAQ41"></a>
[**(41) Can you add wildcards?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq41)
<a name="FAQ42"></a>
[**(42) Why is permission ... needed?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq42)
<a name="FAQ43"></a>
[**(43) I get 'This app is causing your device to run slowly'**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq43)
<a name="FAQ44"></a>
[**(44) I don't get notifications on access**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq44)
<a name="FAQ45"></a>
[**(45) Does NetGuard handle incoming connections?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq45)
<a name="FAQ46"></a>
[**(46) Can I get a refund?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq46)
<a name="FAQ47"></a>
[**(47) Why are there in application advertisements?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq47)
<a name="FAQ48"></a>
[**(48) Why are some domain names blocked while they are set to be allowed?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq48)
<a name="FAQ49"></a>
[**(49) Does NetGuard encrypt my internet traffic / hide my IP address?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq49)
<a name="FAQ50"></a>
[**(50) Will NetGuard automatically start on boot?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq50)
<a name="FAQ51"></a>
[**(51) NetGuard blocks all internet traffic!**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq51)
<a name="FAQ52"></a>
[**(52) What is lockdown mode?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq52)
<a name="FAQ53"></a>
[**(53) The translation in my language is missing / incorrect / incomplete!**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq53)
<a name="FAQ54"></a>
[**(54) How to tunnel all TCP connections through the Tor network?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq54)
<a name="FAQ55"></a>
[**(55) Why does NetGuard connect to Amazon / ipinfo.io?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq55)
<a name="FAQ56"></a>
[**(56) NetGuard allows all internet traffic!**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq56)
<a name="FAQ57"></a>
[**(57) Why does NetGuard use so much data?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq57)
<a name="FAQ58"></a>
[**(58) Why does loading the application list take a long time?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq58)
<a name="FAQ59"></a>
[**(59) Can you help me restore my purchase?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq59)
<a name="FAQ60"></a>
[**(60) Why does IP (Wi-Fi) calling/SMS/MMS not work?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq60)
<a name="FAQ61"></a>
[**(61) Help, NetGuard crashed!**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq61)
<a name="FAQ62"></a>
[**(62) How can I solve 'There was a problem parsing the package' ?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq62)
<a name="FAQ63"></a>
[**(63) Why is all DNS traffic allowed?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63)
<a name="FAQ64"></a>
[**(64) Can you add DNS over TLS?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq64)
<a name="FAQ65"></a>
[**(65) Why can NetGuard not block itself?**](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq65)
Support
-------
For questions, feature requests and bug reports, please [use this XDA-Developers forum thread](http://forum.xda-developers.com/showthread.php?t=3233012).
There is support on the latest version of NetGuard only.
There is no support on things that are not directly related to NetGuard.
There is no support on building and developing things by yourself.
**NetGuard is supported for phones and tablets only, so not for other device types like on a television or in a car.**
Contributing
------------
*Building*
Building is simple, if you install the right tools:
* [Android Studio](http://developer.android.com/sdk/)
* [Android NDK](http://developer.android.com/tools/sdk/ndk/)
The native code is built as part of the Android Studio project.
It is expected that you can solve build problems yourself, so there is no support on building.
If you cannot build yourself, there are prebuilt versions of NetGuard available [here](https://github.com/M66B/NetGuard/releases).
*Translating*
* Translations to other languages are welcomed
* You can translate online [here](https://crowdin.com/project/netguard/)
* If your language is not listed, please send a message to marcel(plus)netguard(at)faircode(dot)eu
* You can see the status of all translations [here](https://crowdin.com/project/netguard).
Please note that by contributing you agree to the license below, including the copyright, without any additional terms or conditions.
Attribution
-----------
NetGuard uses:
* [Glide](https://bumptech.github.io/glide/)
* [Android Support Library](https://developer.android.com/tools/support-library/)
License
-------
[GNU General Public License version 3](http://www.gnu.org/licenses/gpl.txt)
Copyright (c) 2015-2018 Marcel Bokhorst ([M66B](https://contact.faircode.eu/))
All rights reserved
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your discretion) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/).
Trademarks
----------
*Android is a trademark of Google Inc. Google Play is a trademark of Google Inc*

1
NetGuard/app/.gitignore
View File

@ -1 +0,0 @@
/build

23
NetGuard/app/CMakeLists.txt
View File

@ -1,23 +0,0 @@
cmake_minimum_required(VERSION 3.4.1)
add_library( netguard
SHARED
src/main/jni/netguard/netguard.c
src/main/jni/netguard/session.c
src/main/jni/netguard/ip.c
src/main/jni/netguard/tcp.c
src/main/jni/netguard/udp.c
src/main/jni/netguard/icmp.c
src/main/jni/netguard/dns.c
src/main/jni/netguard/dhcp.c
src/main/jni/netguard/pcap.c
src/main/jni/netguard/util.c )
include_directories( src/main/jni/netguard/ )
find_library( log-lib
log )
target_link_libraries( netguard
${log-lib} )

100
NetGuard/app/build.gradle
View File

@ -1,100 +0,0 @@
apply plugin: 'com.android.application'
def keystorePropertiesFile = rootProject.file("keystore.properties")
def keystoreProperties = new Properties()
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
android {
compileSdkVersion = 31
defaultConfig {
applicationId = "eu.faircode.netguard"
versionName = "2.303"
minSdkVersion 22
targetSdkVersion 31
versionCode = 2022111001
archivesBaseName = "NetGuard-v$versionName"
externalNativeBuild {
cmake {
cppFlags ""
arguments "-DANDROID_PLATFORM=android-22"
// https://developer.android.com/ndk/guides/cmake.html
}
}
//ndkVersion "21.4.7075529"
ndk {
// https://developer.android.com/ndk/guides/abis.html#sa
abiFilters 'armeabi-v7a', 'arm64-v8a', 'x86', 'x86_64'
}
}
signingConfigs {
release {
storeFile file(keystoreProperties['storeFile'])
storePassword keystoreProperties['storePassword']
keyAlias keystoreProperties['keyAlias']
keyPassword keystoreProperties['keyPassword']
}
}
externalNativeBuild {
cmake {
path "CMakeLists.txt"
}
}
buildTypes {
release {
minifyEnabled = true
proguardFiles.add(file('proguard-rules.pro'))
signingConfig signingConfigs.release
buildConfigField "boolean", "PLAY_STORE_RELEASE", "false"
buildConfigField "String", "HOSTS_FILE_URI", "\"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\""
buildConfigField "String", "GITHUB_LATEST_API", "\"https://api.github.com/repos/M66B/NetGuard/releases/latest\""
}
play {
minifyEnabled = true
signingConfig signingConfigs.release
proguardFiles.add(file('proguard-rules.pro'))
buildConfigField "boolean", "PLAY_STORE_RELEASE", "true"
buildConfigField "String", "HOSTS_FILE_URI", "\"\""
buildConfigField "String", "GITHUB_LATEST_API", "\"\""
}
debug {
minifyEnabled = true
proguardFiles.add(file('proguard-rules.pro'))
buildConfigField "boolean", "PLAY_STORE_RELEASE", "false"
buildConfigField "String", "HOSTS_FILE_URI", "\"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\""
buildConfigField "String", "GITHUB_LATEST_API", "\"https://api.github.com/repos/M66B/NetGuard/releases/latest\""
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_7
targetCompatibility JavaVersion.VERSION_1_7
}
lint {
disable 'MissingTranslation'
}
}
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar'])
// https://developer.android.com/jetpack/androidx/releases/
implementation 'androidx.appcompat:appcompat:1.3.1'
implementation 'androidx.swiperefreshlayout:swiperefreshlayout:1.1.0'
implementation 'androidx.recyclerview:recyclerview:1.2.1'
implementation 'androidx.preference:preference:1.1.1'
implementation 'androidx.localbroadcastmanager:localbroadcastmanager:1.0.0'
annotationProcessor 'androidx.annotation:annotation:1.2.0'
// https://bumptech.github.io/glide/
implementation('com.github.bumptech.glide:glide:4.11.0') {
exclude group: "com.android.support"
}
annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
}

62
NetGuard/app/proguard-rules.pro
View File

@ -1,62 +0,0 @@
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in /home/marcel/Android/Sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
#Line numbers
-renamesourcefileattribute SourceFile
-keepattributes SourceFile,LineNumberTable
#NetGuard
-keepnames class eu.faircode.netguard.** { *; }
#JNI
-keepclasseswithmembernames class * {
native <methods>;
}
#JNI callbacks
-keep class eu.faircode.netguard.Allowed { *; }
-keep class eu.faircode.netguard.Packet { *; }
-keep class eu.faircode.netguard.ResourceRecord { *; }
-keep class eu.faircode.netguard.Usage { *; }
-keep class eu.faircode.netguard.ServiceSinkhole {
void nativeExit(java.lang.String);
void nativeError(int, java.lang.String);
void logPacket(eu.faircode.netguard.Packet);
void dnsResolved(eu.faircode.netguard.ResourceRecord);
boolean isDomainBlocked(java.lang.String);
int getUidQ(int, int, java.lang.String, int, java.lang.String, int);
eu.faircode.netguard.Allowed isAddressAllowed(eu.faircode.netguard.Packet);
void accountUsage(eu.faircode.netguard.Usage);
}
#AndroidX
-keep class androidx.appcompat.widget.** { *; }
-keep class androidx.appcompat.app.AppCompatViewInflater { <init>(...); }
-keepclassmembers class * implements android.os.Parcelable { static ** CREATOR; }
#Glide
-keep public class * implements com.bumptech.glide.module.GlideModule
-keep public class * extends com.bumptech.glide.module.AppGlideModule
-keep enum com.bumptech.glide.** {*;}
#-keep public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** {
# **[] $VALUES;
# public *;
#}
#AdMob
-dontwarn com.google.android.gms.internal.**

287
NetGuard/app/src/main/AndroidManifest.xml
View File

@ -1,287 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="eu.faircode.netguard"
android:installLocation="internalOnly">
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
<!-- http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous -->
<!-- https://developer.android.com/preview/privacy/package-visibility -->
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
<!--queries>
<intent>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent>
</queries-->
<permission
android:name="eu.faircode.netguard.permission.ADMIN"
android:description="@string/app_description"
android:label="@string/app_name"
android:protectionLevel="signature" />
<uses-permission android:name="eu.faircode.netguard.permission.ADMIN" />
<uses-feature
android:name="android.hardware.wifi"
android:required="false" />
<uses-feature
android:name="android.hardware.telephony"
android:required="false" />
<uses-feature
android:name="android.software.app_widgets"
android:required="false" />
<uses-feature
android:name="android.hardware.touchscreen"
android:required="false" />
<application
android:name="ApplicationEx"
android:allowBackup="false"
android:appCategory="productivity"
android:description="@string/app_description"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:networkSecurityConfig="@xml/network_security_config"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/AppThemeTeal"
tools:ignore="ManifestResource">
<meta-data
android:name="android.max_aspect"
android:value="2.1" />
<activity
android:name=".ActivityMain"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/app_name"
android:launchMode="singleTop"
android:resizeableActivity="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.MANAGE_NETWORK_USAGE" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
<!-- intent-filter android:label="@string/app_name">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.netguard.me"
android:pathPrefix="/"
android:scheme="https" />
</intent-filter-->
<meta-data
android:name="android.app.shortcuts"
android:resource="@xml/shortcuts" />
</activity>
<activity
android:name=".ActivitySettings"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/menu_settings"
android:parentActivityName=".ActivityMain">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE_PREFERENCES" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.APPLICATION_PREFERENCES" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityLog"
android:configChanges="orientation|screenSize"
android:label="@string/menu_log"
android:parentActivityName=".ActivityMain">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityPro"
android:configChanges="orientation|screenSize"
android:label="@string/title_pro"
android:parentActivityName=".ActivityMain">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivityMain" />
</activity>
<activity
android:name=".ActivityDns"
android:configChanges="orientation|screenSize"
android:label="@string/setting_show_resolved"
android:parentActivityName=".ActivitySettings">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivitySettings" />
</activity>
<activity
android:name=".ActivityForwarding"
android:configChanges="orientation|screenSize"
android:label="@string/setting_forwarding"
android:parentActivityName=".ActivitySettings">
<meta-data
android:name="android.support.PARENT_ACTIVITY"
android:value=".ActivitySettings" />
</activity>
<activity
android:name=".ActivityForwardApproval"
android:configChanges="orientation|screenSize"
android:exported="true"
android:label="@string/app_name"
android:theme="@style/AppDialog">
<intent-filter>
<action android:name="eu.faircode.netguard.START_PORT_FORWARD" />
<action android:name="eu.faircode.netguard.STOP_PORT_FORWARD" />
</intent-filter>
</activity>
<service
android:name=".ServiceSinkhole"
android:exported="true"
android:label="@string/app_name"
android:permission="android.permission.BIND_VPN_SERVICE">
<intent-filter>
<action android:name="android.net.VpnService" />
</intent-filter>
</service>
<service
android:name=".ServiceExternal"
android:exported="true"
android:label="@string/app_name">
<intent-filter>
<action android:name="eu.faircode.netguard.DOWNLOAD_HOSTS_FILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileMain"
android:exported="true"
android:icon="@drawable/ic_security_white_24dp"
android:label="@string/app_name"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileGraph"
android:exported="true"
android:icon="@drawable/ic_equalizer_white_24dp"
android:label="@string/setting_stats_category"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileFilter"
android:exported="true"
android:icon="@drawable/ic_filter_list_white_24dp"
android:label="@string/setting_filter"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<service
android:name=".ServiceTileLockdown"
android:exported="true"
android:icon="@drawable/ic_lock_outline_white_24dp"
android:label="@string/setting_lockdown"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter>
</service>
<receiver
android:name=".ReceiverAutostart"
android:exported="true"
android:label="@string/app_name">
<intent-filter android:priority="999">
<action android:name="android.intent.action.BOOT_COMPLETED" />
<action android:name="android.intent.action.MY_PACKAGE_REPLACED" />
</intent-filter>
</receiver>
<receiver
android:name=".ReceiverPackageRemoved"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.PACKAGE_FULLY_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<receiver
android:name=".WidgetMain"
android:exported="true"
android:label="@string/app_name">
<intent-filter>
<action android:name="android.appwidget.action.APPWIDGET_UPDATE" />
</intent-filter>
<meta-data
android:name="android.appwidget.provider"
android:resource="@xml/widgetmain" />
</receiver>
<receiver
android:name=".WidgetLockdown"
android:exported="true"
android:label="@string/setting_lockdown">
<intent-filter>
<action android:name="android.appwidget.action.APPWIDGET_UPDATE" />
</intent-filter>
<meta-data
android:name="android.appwidget.provider"
android:resource="@xml/widgetlockdown" />
</receiver>
<receiver
android:name=".WidgetAdmin"
android:exported="true"
android:label="@string/app_name"
android:permission="eu.faircode.netguard.permission.ADMIN">
<intent-filter>
<action android:name="eu.faircode.netguard.ON" />
<action android:name="eu.faircode.netguard.OFF" />
<action android:name="eu.faircode.netguard.LOCKDOWN_ON" />
<action android:name="eu.faircode.netguard.LOCKDOWN_OFF" />
</intent-filter>
</receiver>
</application>
</manifest>

144
NetGuard/app/src/main/aidl/com/android/vending/billing/IInAppBillingService.aidl
View File

@ -1,144 +0,0 @@
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.vending.billing;
import android.os.Bundle;
/**
* InAppBillingService is the service that provides in-app billing version 3 and beyond.
* This service provides the following features:
* 1. Provides a new API to get details of in-app items published for the app including
* price, type, title and description.
* 2. The purchase flow is synchronous and purchase information is available immediately
* after it completes.
* 3. Purchase information of in-app purchases is maintained within the Google Play system
* till the purchase is consumed.
* 4. An API to consume a purchase of an inapp item. All purchases of one-time
* in-app items are consumable and thereafter can be purchased again.
* 5. An API to get current purchases of the user immediately. This will not contain any
* consumed purchases.
*
* All calls will give a response code with the following possible values
* RESULT_OK = 0 - success
* RESULT_USER_CANCELED = 1 - user pressed back or canceled a dialog
* RESULT_BILLING_UNAVAILABLE = 3 - this billing API version is not supported for the type requested
* RESULT_ITEM_UNAVAILABLE = 4 - requested SKU is not available for purchase
* RESULT_DEVELOPER_ERROR = 5 - invalid arguments provided to the API
* RESULT_ERROR = 6 - Fatal error during the API action
* RESULT_ITEM_ALREADY_OWNED = 7 - Failure to purchase since item is already owned
* RESULT_ITEM_NOT_OWNED = 8 - Failure to consume since item is not owned
*/
interface IInAppBillingService {
/**
* Checks support for the requested billing API version, package and in-app type.
* Minimum API version supported by this interface is 3.
* @param apiVersion the billing version which the app is using
* @param packageName the package name of the calling app
* @param type type of the in-app item being purchased "inapp" for one-time purchases
* and "subs" for subscription.
* @return RESULT_OK(0) on success, corresponding result code on failures
*/
int isBillingSupported(int apiVersion, String packageName, String type);
/**
* Provides details of a list of SKUs
* Given a list of SKUs of a valid type in the skusBundle, this returns a bundle
* with a list JSON strings containing the productId, price, title and description.
* This API can be called with a maximum of 20 SKUs.
* @param apiVersion billing API version that the Third-party is using
* @param packageName the package name of the calling app
* @param skusBundle bundle containing a StringArrayList of SKUs with key "ITEM_ID_LIST"
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "DETAILS_LIST" with a StringArrayList containing purchase information
* in JSON format similar to:
* '{ "productId" : "exampleSku", "type" : "inapp", "price" : "$5.00",
* "title : "Example Title", "description" : "This is an example description" }'
*/
Bundle getSkuDetails(int apiVersion, String packageName, String type, in Bundle skusBundle);
/**
* Returns a pending intent to launch the purchase flow for an in-app item by providing a SKU,
* the type, a unique purchase token and an optional developer payload.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param sku the SKU of the in-app item as published in the developer console
* @param type the type of the in-app item ("inapp" for one-time purchases
* and "subs" for subscription).
* @param developerPayload optional argument to be sent back with the purchase information
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "BUY_INTENT" - PendingIntent to start the purchase flow
*
* The Pending intent should be launched with startIntentSenderForResult. When purchase flow
* has completed, the onActivityResult() will give a resultCode of OK or CANCELED.
* If the purchase is successful, the result data will contain the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "INAPP_PURCHASE_DATA" - String in JSON format similar to
* '{"orderId":"12999763169054705758.1371079406387615",
* "packageName":"com.example.app",
* "productId":"exampleSku",
* "purchaseTime":1345678900000,
* "purchaseToken" : "122333444455555",
* "developerPayload":"example developer payload" }'
* "INAPP_DATA_SIGNATURE" - String containing the signature of the purchase data that
* was signed with the private key of the developer
* TODO: change this to app-specific keys.
*/
Bundle getBuyIntent(int apiVersion, String packageName, String sku, String type,
String developerPayload);
/**
* Returns the current SKUs owned by the user of the type and package name specified along with
* purchase information and a signature of the data to be validated.
* This will return all SKUs that have been purchased in V3 and managed items purchased using
* V1 and V2 that have not been consumed.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param type the type of the in-app items being requested
* ("inapp" for one-time purchases and "subs" for subscription).
* @param continuationToken to be set as null for the first call, if the number of owned
* skus are too many, a continuationToken is returned in the response bundle.
* This method can be called again with the continuation token to get the next set of
* owned skus.
* @return Bundle containing the following key-value pairs
* "RESPONSE_CODE" with int value, RESULT_OK(0) if success, other response codes on
* failure as listed above.
* "INAPP_PURCHASE_ITEM_LIST" - StringArrayList containing the list of SKUs
* "INAPP_PURCHASE_DATA_LIST" - StringArrayList containing the purchase information
* "INAPP_DATA_SIGNATURE_LIST"- StringArrayList containing the signatures
* of the purchase information
* "INAPP_CONTINUATION_TOKEN" - String containing a continuation token for the
* next set of in-app purchases. Only set if the
* user has more owned skus than the current list.
*/
Bundle getPurchases(int apiVersion, String packageName, String type, String continuationToken);
/**
* Consume the last purchase of the given SKU. This will result in this item being removed
* from all subsequent responses to getPurchases() and allow re-purchase of this item.
* @param apiVersion billing API version that the app is using
* @param packageName package name of the calling app
* @param purchaseToken token in the purchase information JSON that identifies the purchase
* to be consumed
* @return 0 if consumption succeeded. Appropriate error values for failures.
*/
int consumePurchase(int apiVersion, String packageName, String purchaseToken);
}

BIN
NetGuard/app/src/main/ic_launcher-web.png
View File

Side by Side

Before

Width: 512  |  Height: 512  |  Size: 24 KiB

BIN
NetGuard/app/src/main/ic_launcher_foreground.xcf
View File

BIN
NetGuard/app/src/main/ic_launcher_round-web.png
View File

Side by Side

Before

Width: 512  |  Height: 512  |  Size: 42 KiB

256
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityDns.java
View File

@ -1,256 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Intent;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Bundle;
import android.util.Log;
import android.util.Xml;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.widget.ListView;
import android.widget.Toast;
import androidx.appcompat.app.AppCompatActivity;
import org.xmlpull.v1.XmlSerializer;
import java.io.IOException;
import java.io.OutputStream;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
public class ActivityDns extends AppCompatActivity {
private static final String TAG = "NetGuard.DNS";
private static final int REQUEST_EXPORT = 1;
private boolean running;
private AdapterDns adapter = null;
@Override
protected void onCreate(Bundle savedInstanceState) {
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.resolving);
getSupportActionBar().setTitle(R.string.setting_show_resolved);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
ListView lvDns = findViewById(R.id.lvDns);
adapter = new AdapterDns(this, DatabaseHelper.getInstance(this).getDns());
lvDns.setAdapter(adapter);
running = true;
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.dns, menu);
return true;
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
PackageManager pm = getPackageManager();
menu.findItem(R.id.menu_export).setEnabled(getIntentExport().resolveActivity(pm) != null);
return super.onPrepareOptionsMenu(menu);
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case R.id.menu_refresh:
refresh();
return true;
case R.id.menu_cleanup:
cleanup();
return true;
case R.id.menu_clear:
Util.areYouSure(this, R.string.menu_clear, new Util.DoubtListener() {
@Override
public void onSure() {
clear();
}
});
return true;
case R.id.menu_export:
export();
return true;
}
return false;
}
private void refresh() {
updateAdapter();
}
private void cleanup() {
new AsyncTask<Object, Object, Object>() {
@Override
protected Long doInBackground(Object... objects) {
Log.i(TAG, "Cleanup DNS");
DatabaseHelper.getInstance(ActivityDns.this).cleanupDns();
return null;
}
@Override
protected void onPostExecute(Object result) {
ServiceSinkhole.reload("DNS cleanup", ActivityDns.this, false);
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void clear() {
new AsyncTask<Object, Object, Object>() {
@Override
protected Long doInBackground(Object... objects) {
Log.i(TAG, "Clear DNS");
DatabaseHelper.getInstance(ActivityDns.this).clearDns();
return null;
}
@Override
protected void onPostExecute(Object result) {
ServiceSinkhole.reload("DNS clear", ActivityDns.this, false);
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void export() {
startActivityForResult(getIntentExport(), REQUEST_EXPORT);
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
Log.i(TAG, "onActivityResult request=" + requestCode + " result=" + requestCode + " ok=" + (resultCode == RESULT_OK));
if (requestCode == REQUEST_EXPORT) {
if (resultCode == RESULT_OK && data != null)
handleExport(data);
}
}
private Intent getIntentExport() {
Intent intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
intent.addCategory(Intent.CATEGORY_OPENABLE);
intent.setType("*/*"); // text/xml
intent.putExtra(Intent.EXTRA_TITLE, "netguard_dns_" + new SimpleDateFormat("yyyyMMdd").format(new Date().getTime()) + ".xml");
return intent;
}
private void handleExport(final Intent data) {
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
OutputStream out = null;
try {
Uri target = data.getData();
Log.i(TAG, "Writing URI=" + target);
out = getContentResolver().openOutputStream(target);
xmlExport(out);
return null;
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return ex;
} finally {
if (out != null)
try {
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (running) {
if (ex == null)
Toast.makeText(ActivityDns.this, R.string.msg_completed, Toast.LENGTH_LONG).show();
else
Toast.makeText(ActivityDns.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
private void xmlExport(OutputStream out) throws IOException {
XmlSerializer serializer = Xml.newSerializer();
serializer.setOutput(out, "UTF-8");
serializer.startDocument(null, true);
serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
serializer.startTag(null, "netguard");
DateFormat df = new SimpleDateFormat("E, d MMM yyyy HH:mm:ss Z", Locale.US); // RFC 822
try (Cursor cursor = DatabaseHelper.getInstance(this).getDns()) {
int colTime = cursor.getColumnIndex("time");
int colQName = cursor.getColumnIndex("qname");
int colAName = cursor.getColumnIndex("aname");
int colResource = cursor.getColumnIndex("resource");
int colTTL = cursor.getColumnIndex("ttl");
while (cursor.moveToNext()) {
long time = cursor.getLong(colTime);
String qname = cursor.getString(colQName);
String aname = cursor.getString(colAName);
String resource = cursor.getString(colResource);
int ttl = cursor.getInt(colTTL);
serializer.startTag(null, "dns");
serializer.attribute(null, "time", df.format(time));
serializer.attribute(null, "qname", qname);
serializer.attribute(null, "aname", aname);
serializer.attribute(null, "resource", resource);
serializer.attribute(null, "ttl", Integer.toString(ttl));
serializer.endTag(null, "dns");
}
}
serializer.endTag(null, "netguard");
serializer.endDocument();
serializer.flush();
}
private void updateAdapter() {
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(this).getDns());
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
super.onDestroy();
}
}

130
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityForwardApproval.java
View File

@ -1,130 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.Activity;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;
import java.net.InetAddress;
public class ActivityForwardApproval extends Activity {
private static final String TAG = "NetGuard.Forward";
private static final String ACTION_START_PORT_FORWARD = "eu.faircode.netguard.START_PORT_FORWARD";
private static final String ACTION_STOP_PORT_FORWARD = "eu.faircode.netguard.STOP_PORT_FORWARD";
static {
try {
System.loadLibrary("netguard");
} catch (UnsatisfiedLinkError ignored) {
System.exit(1);
}
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.forwardapproval);
final int protocol = getIntent().getIntExtra("protocol", 0);
final int dport = getIntent().getIntExtra("dport", 0);
String addr = getIntent().getStringExtra("raddr");
final int rport = getIntent().getIntExtra("rport", 0);
final int ruid = getIntent().getIntExtra("ruid", 0);
final String raddr = (addr == null ? "127.0.0.1" : addr);
try {
InetAddress iraddr = InetAddress.getByName(raddr);
if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
finish();
}
String pname;
if (protocol == 6)
pname = getString(R.string.menu_protocol_tcp);
else if (protocol == 17)
pname = getString(R.string.menu_protocol_udp);
else
pname = Integer.toString(protocol);
TextView tvForward = findViewById(R.id.tvForward);
if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction()))
tvForward.setText(getString(R.string.msg_start_forward,
pname, dport, raddr, rport,
TextUtils.join(", ", Util.getApplicationNames(ruid, this))));
else
tvForward.setText(getString(R.string.msg_stop_forward, pname, dport));
Button btnOk = findViewById(R.id.btnOk);
Button btnCancel = findViewById(R.id.btnCancel);
btnOk.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
if (ACTION_START_PORT_FORWARD.equals(getIntent().getAction())) {
/*
am start -a eu.faircode.netguard.START_PORT_FORWARD \
-n eu.faircode.netguard/eu.faircode.netguard.ActivityForwardApproval \
--ei protocol 17 \
--ei dport 53 \
--es raddr 8.8.4.4 \
--ei rport 53 \
--ei ruid 9999 \
--user 0
*/
Log.i(TAG, "Start forwarding protocol " + protocol + " port " + dport + " to " + raddr + "/" + rport + " uid " + ruid);
DatabaseHelper dh = DatabaseHelper.getInstance(ActivityForwardApproval.this);
dh.deleteForward(protocol, dport);
dh.addForward(protocol, dport, raddr, rport, ruid);
} else if (ACTION_STOP_PORT_FORWARD.equals(getIntent().getAction())) {
/*
am start -a eu.faircode.netguard.STOP_PORT_FORWARD \
-n eu.faircode.netguard/eu.faircode.netguard.ActivityForwardApproval \
--ei protocol 17 \
--ei dport 53 \
--user 0
*/
Log.i(TAG, "Stop forwarding protocol " + protocol + " port " + dport);
DatabaseHelper.getInstance(ActivityForwardApproval.this).deleteForward(protocol, dport);
}
ServiceSinkhole.reload("forwarding", ActivityForwardApproval.this, false);
finish();
}
});
btnCancel.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
finish();
}
});
}
}

251
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityForwarding.java
View File

@ -1,251 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.DialogInterface;
import android.database.Cursor;
import android.os.AsyncTask;
import android.os.Bundle;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.widget.AdapterView;
import android.widget.ArrayAdapter;
import android.widget.EditText;
import android.widget.ListView;
import android.widget.PopupMenu;
import android.widget.ProgressBar;
import android.widget.Spinner;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import java.net.InetAddress;
import java.util.List;
public class ActivityForwarding extends AppCompatActivity {
private boolean running;
private ListView lvForwarding;
private AdapterForwarding adapter;
private AlertDialog dialog = null;
private DatabaseHelper.ForwardChangedListener listener = new DatabaseHelper.ForwardChangedListener() {
@Override
public void onChanged() {
runOnUiThread(new Runnable() {
@Override
public void run() {
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
}
});
}
};
@Override
protected void onCreate(Bundle savedInstanceState) {
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.forwarding);
running = true;
getSupportActionBar().setTitle(R.string.setting_forwarding);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
lvForwarding = findViewById(R.id.lvForwarding);
adapter = new AdapterForwarding(this, DatabaseHelper.getInstance(this).getForwarding());
lvForwarding.setAdapter(adapter);
lvForwarding.setOnItemClickListener(new AdapterView.OnItemClickListener() {
@Override
public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
Cursor cursor = (Cursor) adapter.getItem(position);
final int protocol = cursor.getInt(cursor.getColumnIndex("protocol"));
final int dport = cursor.getInt(cursor.getColumnIndex("dport"));
final String raddr = cursor.getString(cursor.getColumnIndex("raddr"));
final int rport = cursor.getInt(cursor.getColumnIndex("rport"));
PopupMenu popup = new PopupMenu(ActivityForwarding.this, view);
popup.inflate(R.menu.forward);
popup.getMenu().findItem(R.id.menu_port).setTitle(
Util.getProtocolName(protocol, 0, false) + " " +
dport + " > " + raddr + "/" + rport);
popup.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() {
@Override
public boolean onMenuItemClick(MenuItem menuItem) {
if (menuItem.getItemId() == R.id.menu_delete) {
DatabaseHelper.getInstance(ActivityForwarding.this).deleteForward(protocol, dport);
ServiceSinkhole.reload("forwarding", ActivityForwarding.this, false);
adapter = new AdapterForwarding(ActivityForwarding.this,
DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
lvForwarding.setAdapter(adapter);
}
return false;
}
});
popup.show();
}
});
}
@Override
protected void onResume() {
super.onResume();
DatabaseHelper.getInstance(this).addForwardChangedListener(listener);
if (adapter != null)
adapter.changeCursor(DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
}
@Override
protected void onPause() {
super.onPause();
DatabaseHelper.getInstance(this).removeForwardChangedListener(listener);
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
if (dialog != null) {
dialog.dismiss();
dialog = null;
}
super.onDestroy();
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.forwarding, menu);
return true;
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case R.id.menu_add:
LayoutInflater inflater = LayoutInflater.from(this);
View view = inflater.inflate(R.layout.forwardadd, null, false);
final Spinner spProtocol = view.findViewById(R.id.spProtocol);
final EditText etDPort = view.findViewById(R.id.etDPort);
final EditText etRAddr = view.findViewById(R.id.etRAddr);
final EditText etRPort = view.findViewById(R.id.etRPort);
final ProgressBar pbRuid = view.findViewById(R.id.pbRUid);
final Spinner spRuid = view.findViewById(R.id.spRUid);
final AsyncTask task = new AsyncTask<Object, Object, List<Rule>>() {
@Override
protected void onPreExecute() {
pbRuid.setVisibility(View.VISIBLE);
spRuid.setVisibility(View.GONE);
}
@Override
protected List<Rule> doInBackground(Object... objects) {
return Rule.getRules(true, ActivityForwarding.this);
}
@Override
protected void onPostExecute(List<Rule> rules) {
ArrayAdapter spinnerArrayAdapter =
new ArrayAdapter(ActivityForwarding.this,
android.R.layout.simple_spinner_item, rules);
spRuid.setAdapter(spinnerArrayAdapter);
pbRuid.setVisibility(View.GONE);
spRuid.setVisibility(View.VISIBLE);
}
};
task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
dialog = new AlertDialog.Builder(this)
.setView(view)
.setCancelable(true)
.setPositiveButton(android.R.string.yes, new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
try {
int pos = spProtocol.getSelectedItemPosition();
String[] values = getResources().getStringArray(R.array.protocolValues);
final int protocol = Integer.valueOf(values[pos]);
final int dport = Integer.parseInt(etDPort.getText().toString());
final String raddr = etRAddr.getText().toString();
final int rport = Integer.parseInt(etRPort.getText().toString());
final int ruid = ((Rule) spRuid.getSelectedItem()).uid;
InetAddress iraddr = InetAddress.getByName(raddr);
if (rport < 1024 && (iraddr.isLoopbackAddress() || iraddr.isAnyLocalAddress()))
throw new IllegalArgumentException("Port forwarding to privileged port on local address not possible");
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
try {
DatabaseHelper.getInstance(ActivityForwarding.this)
.addForward(protocol, dport, raddr, rport, ruid);
return null;
} catch (Throwable ex) {
return ex;
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (running)
if (ex == null) {
ServiceSinkhole.reload("forwarding", ActivityForwarding.this, false);
adapter = new AdapterForwarding(ActivityForwarding.this,
DatabaseHelper.getInstance(ActivityForwarding.this).getForwarding());
lvForwarding.setAdapter(adapter);
} else
Toast.makeText(ActivityForwarding.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
} catch (Throwable ex) {
Toast.makeText(ActivityForwarding.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}
})
.setNegativeButton(android.R.string.no, new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
task.cancel(false);
dialog.dismiss();
}
})
.setOnDismissListener(new DialogInterface.OnDismissListener() {
@Override
public void onDismiss(DialogInterface dialogInterface) {
dialog = null;
}
})
.create();
dialog.show();
return true;
default:
return super.onOptionsItemSelected(item);
}
}
}

643
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityLog.java
View File

@ -1,643 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.ClipData;
import android.content.ClipboardManager;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.widget.AdapterView;
import android.widget.CompoundButton;
import android.widget.FilterQueryProvider;
import android.widget.ListView;
import android.widget.PopupMenu;
import android.widget.TextView;
import android.widget.Toast;
import androidx.appcompat.app.AppCompatActivity;
import androidx.appcompat.widget.SearchView;
import androidx.appcompat.widget.SwitchCompat;
import androidx.core.app.NavUtils;
import androidx.preference.PreferenceManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ActivityLog extends AppCompatActivity implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.Log";
private boolean running = false;
private ListView lvLog;
private AdapterLog adapter;
private MenuItem menuSearch = null;
private boolean live;
private boolean resolve;
private boolean organization;
private InetAddress vpn4 = null;
private InetAddress vpn6 = null;
private static final int REQUEST_PCAP = 1;
private DatabaseHelper.LogChangedListener listener = new DatabaseHelper.LogChangedListener() {
@Override
public void onChanged() {
runOnUiThread(new Runnable() {
@Override
public void run() {
updateAdapter();
}
});
}
};
@Override
protected void onCreate(Bundle savedInstanceState) {
if (!IAB.isPurchased(ActivityPro.SKU_LOG, this)) {
startActivity(new Intent(this, ActivityPro.class));
finish();
}
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.logging);
running = true;
// Action bar
View actionView = getLayoutInflater().inflate(R.layout.actionlog, null, false);
SwitchCompat swEnabled = actionView.findViewById(R.id.swEnabled);
getSupportActionBar().setDisplayShowCustomEnabled(true);
getSupportActionBar().setCustomView(actionView);
getSupportActionBar().setTitle(R.string.menu_log);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
// Get settings
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
resolve = prefs.getBoolean("resolve", false);
organization = prefs.getBoolean("organization", false);
boolean log = prefs.getBoolean("log", false);
// Show disabled message
TextView tvDisabled = findViewById(R.id.tvDisabled);
tvDisabled.setVisibility(log ? View.GONE : View.VISIBLE);
// Set enabled switch
swEnabled.setChecked(log);
swEnabled.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
prefs.edit().putBoolean("log", isChecked).apply();
}
});
// Listen for preference changes
prefs.registerOnSharedPreferenceChangeListener(this);
lvLog = findViewById(R.id.lvLog);
boolean udp = prefs.getBoolean("proto_udp", true);
boolean tcp = prefs.getBoolean("proto_tcp", true);
boolean other = prefs.getBoolean("proto_other", true);
boolean allowed = prefs.getBoolean("traffic_allowed", true);
boolean blocked = prefs.getBoolean("traffic_blocked", true);
adapter = new AdapterLog(this, DatabaseHelper.getInstance(this).getLog(udp, tcp, other, allowed, blocked), resolve, organization);
adapter.setFilterQueryProvider(new FilterQueryProvider() {
public Cursor runQuery(CharSequence constraint) {
return DatabaseHelper.getInstance(ActivityLog.this).searchLog(constraint.toString());
}
});
lvLog.setAdapter(adapter);
try {
vpn4 = InetAddress.getByName(prefs.getString("vpn4", "10.1.10.1"));
vpn6 = InetAddress.getByName(prefs.getString("vpn6", "fd00:1:fd00:1:fd00:1:fd00:1"));
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
lvLog.setOnItemClickListener(new AdapterView.OnItemClickListener() {
@Override
public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
PackageManager pm = getPackageManager();
Cursor cursor = (Cursor) adapter.getItem(position);
long time = cursor.getLong(cursor.getColumnIndex("time"));
int version = cursor.getInt(cursor.getColumnIndex("version"));
int protocol = cursor.getInt(cursor.getColumnIndex("protocol"));
final String saddr = cursor.getString(cursor.getColumnIndex("saddr"));
final int sport = (cursor.isNull(cursor.getColumnIndex("sport")) ? -1 : cursor.getInt(cursor.getColumnIndex("sport")));
final String daddr = cursor.getString(cursor.getColumnIndex("daddr"));
final int dport = (cursor.isNull(cursor.getColumnIndex("dport")) ? -1 : cursor.getInt(cursor.getColumnIndex("dport")));
final String dname = cursor.getString(cursor.getColumnIndex("dname"));
final int uid = (cursor.isNull(cursor.getColumnIndex("uid")) ? -1 : cursor.getInt(cursor.getColumnIndex("uid")));
int allowed = (cursor.isNull(cursor.getColumnIndex("allowed")) ? -1 : cursor.getInt(cursor.getColumnIndex("allowed")));
// Get external address
InetAddress addr = null;
try {
addr = InetAddress.getByName(daddr);
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
String ip;
int port;
if (addr.equals(vpn4) || addr.equals(vpn6)) {
ip = saddr;
port = sport;
} else {
ip = daddr;
port = dport;
}
// Build popup menu
PopupMenu popup = new PopupMenu(ActivityLog.this, findViewById(R.id.vwPopupAnchor));
popup.inflate(R.menu.log);
// Application name
if (uid >= 0)
popup.getMenu().findItem(R.id.menu_application).setTitle(TextUtils.join(", ", Util.getApplicationNames(uid, ActivityLog.this)));
else
popup.getMenu().removeItem(R.id.menu_application);
// Destination IP
popup.getMenu().findItem(R.id.menu_protocol).setTitle(Util.getProtocolName(protocol, version, false));
// Whois
final Intent lookupIP = new Intent(Intent.ACTION_VIEW, Uri.parse("https://www.dnslytics.com/whois-lookup/" + ip));
if (pm.resolveActivity(lookupIP, 0) == null)
popup.getMenu().removeItem(R.id.menu_whois);
else
popup.getMenu().findItem(R.id.menu_whois).setTitle(getString(R.string.title_log_whois, ip));
// Lookup port
final Intent lookupPort = new Intent(Intent.ACTION_VIEW, Uri.parse("https://www.speedguide.net/port.php?port=" + port));
if (port <= 0 || pm.resolveActivity(lookupPort, 0) == null)
popup.getMenu().removeItem(R.id.menu_port);
else
popup.getMenu().findItem(R.id.menu_port).setTitle(getString(R.string.title_log_port, port));
if (prefs.getBoolean("filter", false)) {
if (uid <= 0) {
popup.getMenu().removeItem(R.id.menu_allow);
popup.getMenu().removeItem(R.id.menu_block);
}
} else {
popup.getMenu().removeItem(R.id.menu_allow);
popup.getMenu().removeItem(R.id.menu_block);
}
final Packet packet = new Packet();
packet.version = version;
packet.protocol = protocol;
packet.daddr = daddr;
packet.dport = dport;
packet.time = time;
packet.uid = uid;
packet.allowed = (allowed > 0);
// Time
popup.getMenu().findItem(R.id.menu_time).setTitle(SimpleDateFormat.getDateTimeInstance().format(time));
// Handle click
popup.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() {
@Override
public boolean onMenuItemClick(MenuItem menuItem) {
switch (menuItem.getItemId()) {
case R.id.menu_application: {
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
return true;
}
case R.id.menu_whois:
startActivity(lookupIP);
return true;
case R.id.menu_port:
startActivity(lookupPort);
return true;
case R.id.menu_allow:
if (IAB.isPurchased(ActivityPro.SKU_FILTER, ActivityLog.this)) {
DatabaseHelper.getInstance(ActivityLog.this).updateAccess(packet, dname, 0);
ServiceSinkhole.reload("allow host", ActivityLog.this, false);
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
} else
startActivity(new Intent(ActivityLog.this, ActivityPro.class));
return true;
case R.id.menu_block:
if (IAB.isPurchased(ActivityPro.SKU_FILTER, ActivityLog.this)) {
DatabaseHelper.getInstance(ActivityLog.this).updateAccess(packet, dname, 1);
ServiceSinkhole.reload("block host", ActivityLog.this, false);
Intent main = new Intent(ActivityLog.this, ActivityMain.class);
main.putExtra(ActivityMain.EXTRA_SEARCH, Integer.toString(uid));
startActivity(main);
} else
startActivity(new Intent(ActivityLog.this, ActivityPro.class));
return true;
case R.id.menu_copy:
ClipboardManager clipboard = (ClipboardManager) getSystemService(CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText("netguard", dname == null ? daddr : dname);
clipboard.setPrimaryClip(clip);
return true;
default:
return false;
}
}
});
// Show
popup.show();
}
});
live = true;
}
@Override
protected void onResume() {
super.onResume();
if (live) {
DatabaseHelper.getInstance(this).addLogChangedListener(listener);
updateAdapter();
}
}
@Override
protected void onPause() {
super.onPause();
if (live)
DatabaseHelper.getInstance(this).removeLogChangedListener(listener);
}
@Override
protected void onDestroy() {
running = false;
adapter = null;
PreferenceManager.getDefaultSharedPreferences(this).unregisterOnSharedPreferenceChangeListener(this);
super.onDestroy();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String name) {
Log.i(TAG, "Preference " + name + "=" + prefs.getAll().get(name));
if ("log".equals(name)) {
// Get enabled
boolean log = prefs.getBoolean(name, false);
// Display disabled warning
TextView tvDisabled = findViewById(R.id.tvDisabled);
tvDisabled.setVisibility(log ? View.GONE : View.VISIBLE);
// Check switch state
SwitchCompat swEnabled = getSupportActionBar().getCustomView().findViewById(R.id.swEnabled);
if (swEnabled.isChecked() != log)
swEnabled.setChecked(log);
ServiceSinkhole.reload("changed " + name, ActivityLog.this, false);
}
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.logging, menu);
menuSearch = menu.findItem(R.id.menu_search);
SearchView searchView = (SearchView) menuSearch.getActionView();
searchView.setOnQueryTextListener(new SearchView.OnQueryTextListener() {
@Override
public boolean onQueryTextSubmit(String query) {
if (adapter != null)
adapter.getFilter().filter(getUidForName(query));
return true;
}
@Override
public boolean onQueryTextChange(String newText) {
if (adapter != null)
adapter.getFilter().filter(getUidForName(newText));
return true;
}
});
searchView.setOnCloseListener(new SearchView.OnCloseListener() {
@Override
public boolean onClose() {
if (adapter != null)
adapter.getFilter().filter(null);
return true;
}
});
return true;
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
// https://gist.github.com/granoeste/5574148
File pcap_file = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
boolean export = (getPackageManager().resolveActivity(getIntentPCAPDocument(), 0) != null);
menu.findItem(R.id.menu_protocol_udp).setChecked(prefs.getBoolean("proto_udp", true));
menu.findItem(R.id.menu_protocol_tcp).setChecked(prefs.getBoolean("proto_tcp", true));
menu.findItem(R.id.menu_protocol_other).setChecked(prefs.getBoolean("proto_other", true));
menu.findItem(R.id.menu_traffic_allowed).setEnabled(prefs.getBoolean("filter", false));
menu.findItem(R.id.menu_traffic_allowed).setChecked(prefs.getBoolean("traffic_allowed", true));
menu.findItem(R.id.menu_traffic_blocked).setChecked(prefs.getBoolean("traffic_blocked", true));
menu.findItem(R.id.menu_refresh).setEnabled(!menu.findItem(R.id.menu_log_live).isChecked());
menu.findItem(R.id.menu_log_resolve).setChecked(prefs.getBoolean("resolve", false));
menu.findItem(R.id.menu_log_organization).setChecked(prefs.getBoolean("organization", false));
menu.findItem(R.id.menu_pcap_enabled).setChecked(prefs.getBoolean("pcap", false));
menu.findItem(R.id.menu_pcap_export).setEnabled(pcap_file.exists() && export);
return super.onPrepareOptionsMenu(menu);
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
final File pcap_file = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
switch (item.getItemId()) {
case android.R.id.home:
Log.i(TAG, "Up");
NavUtils.navigateUpFromSameTask(this);
return true;
case R.id.menu_protocol_udp:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_udp", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_protocol_tcp:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_tcp", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_protocol_other:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("proto_other", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_traffic_allowed:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("traffic_allowed", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_traffic_blocked:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("traffic_blocked", item.isChecked()).apply();
updateAdapter();
return true;
case R.id.menu_log_live:
item.setChecked(!item.isChecked());
live = item.isChecked();
if (live) {
DatabaseHelper.getInstance(this).addLogChangedListener(listener);
updateAdapter();
} else
DatabaseHelper.getInstance(this).removeLogChangedListener(listener);
return true;
case R.id.menu_refresh:
updateAdapter();
return true;
case R.id.menu_log_resolve:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("resolve", item.isChecked()).apply();
adapter.setResolve(item.isChecked());
adapter.notifyDataSetChanged();
return true;
case R.id.menu_log_organization:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("organization", item.isChecked()).apply();
adapter.setOrganization(item.isChecked());
adapter.notifyDataSetChanged();
return true;
case R.id.menu_pcap_enabled:
item.setChecked(!item.isChecked());
prefs.edit().putBoolean("pcap", item.isChecked()).apply();
ServiceSinkhole.setPcap(item.isChecked(), ActivityLog.this);
return true;
case R.id.menu_pcap_export:
startActivityForResult(getIntentPCAPDocument(), REQUEST_PCAP);
return true;
case R.id.menu_log_clear:
new AsyncTask<Object, Object, Object>() {
@Override
protected Object doInBackground(Object... objects) {
DatabaseHelper.getInstance(ActivityLog.this).clearLog(-1);
if (prefs.getBoolean("pcap", false)) {
ServiceSinkhole.setPcap(false, ActivityLog.this);
if (pcap_file.exists() && !pcap_file.delete())
Log.w(TAG, "Delete PCAP failed");
ServiceSinkhole.setPcap(true, ActivityLog.this);
} else {
if (pcap_file.exists() && !pcap_file.delete())
Log.w(TAG, "Delete PCAP failed");
}
return null;
}
@Override
protected void onPostExecute(Object result) {
if (running)
updateAdapter();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
return true;
case R.id.menu_log_support:
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq27"));
if (getPackageManager().resolveActivity(intent, 0) != null)
startActivity(intent);
return true;
default:
return super.onOptionsItemSelected(item);
}
}
private void updateAdapter() {
if (adapter != null) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean udp = prefs.getBoolean("proto_udp", true);
boolean tcp = prefs.getBoolean("proto_tcp", true);
boolean other = prefs.getBoolean("proto_other", true);
boolean allowed = prefs.getBoolean("traffic_allowed", true);
boolean blocked = prefs.getBoolean("traffic_blocked", true);
adapter.changeCursor(DatabaseHelper.getInstance(this).getLog(udp, tcp, other, allowed, blocked));
if (menuSearch != null && menuSearch.isActionViewExpanded()) {
SearchView searchView = (SearchView) menuSearch.getActionView();
adapter.getFilter().filter(getUidForName(searchView.getQuery().toString()));
}
}
}
private String getUidForName(String query) {
if (query != null && query.length() > 0) {
for (Rule rule : Rule.getRules(true, ActivityLog.this))
if (rule.name != null && rule.name.toLowerCase().contains(query.toLowerCase())) {
String newQuery = Integer.toString(rule.uid);
Log.i(TAG, "Search " + query + " found " + rule.name + " new " + newQuery);
return newQuery;
}
Log.i(TAG, "Search " + query + " not found");
}
return query;
}
private Intent getIntentPCAPDocument() {
Intent intent;
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
if (Util.isPackageInstalled("org.openintents.filemanager", this)) {
intent = new Intent("org.openintents.action.PICK_DIRECTORY");
} else {
intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("https://play.google.com/store/apps/details?id=org.openintents.filemanager"));
}
} else {
intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
intent.addCategory(Intent.CATEGORY_OPENABLE);
intent.setType("application/octet-stream");
intent.putExtra(Intent.EXTRA_TITLE, "netguard_" + new SimpleDateFormat("yyyyMMdd").format(new Date().getTime()) + ".pcap");
}
return intent;
}
@Override
protected void onActivityResult(int requestCode, int resultCode, final Intent data) {
Log.i(TAG, "onActivityResult request=" + requestCode + " result=" + requestCode + " ok=" + (resultCode == RESULT_OK));
if (requestCode == REQUEST_PCAP) {
if (resultCode == RESULT_OK && data != null)
handleExportPCAP(data);
} else {
Log.w(TAG, "Unknown activity result request=" + requestCode);
super.onActivityResult(requestCode, resultCode, data);
}
}
private void handleExportPCAP(final Intent data) {
new AsyncTask<Object, Object, Throwable>() {
@Override
protected Throwable doInBackground(Object... objects) {
OutputStream out = null;
FileInputStream in = null;
try {
// Stop capture
ServiceSinkhole.setPcap(false, ActivityLog.this);
Uri target = data.getData();
if (data.hasExtra("org.openintents.extra.DIR_PATH"))
target = Uri.parse(target + "/netguard.pcap");
Log.i(TAG, "Export PCAP URI=" + target);
out = getContentResolver().openOutputStream(target);
File pcap = new File(getDir("data", MODE_PRIVATE), "netguard.pcap");
in = new FileInputStream(pcap);
int len;
long total = 0;
byte[] buf = new byte[4096];
while ((len = in.read(buf)) > 0) {
out.write(buf, 0, len);
total += len;
}
Log.i(TAG, "Copied bytes=" + total);
return null;
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return ex;
} finally {
if (out != null)
try {
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (in != null)
try {
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Resume capture
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(ActivityLog.this);
if (prefs.getBoolean("pcap", false))
ServiceSinkhole.setPcap(true, ActivityLog.this);
}
}
@Override
protected void onPostExecute(Throwable ex) {
if (ex == null)
Toast.makeText(ActivityLog.this, R.string.msg_completed, Toast.LENGTH_LONG).show();
else
Toast.makeText(ActivityLog.this, ex.toString(), Toast.LENGTH_LONG).show();
}
}.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR);
}
}

1304
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityMain.java
File diff suppressed because it is too large
View File

447
NetGuard/app/src/main/java/eu/faircode/netguard/ActivityPro.java
View File

@ -1,447 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.content.ClipData;
import android.content.ClipboardManager;
import android.content.Context;
import android.content.Intent;
import android.graphics.Paint;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.provider.Settings;
import android.text.Editable;
import android.text.TextWatcher;
import android.util.Log;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.MenuItem;
import android.view.View;
import android.view.WindowManager;
import android.widget.Button;
import android.widget.EditText;
import android.widget.ImageButton;
import android.widget.TextView;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import androidx.core.app.NavUtils;
import static android.content.ClipDescription.MIMETYPE_TEXT_PLAIN;
public class ActivityPro extends AppCompatActivity {
private static final String TAG = "NetGuard.Pro";
private IAB iab;
// adb shell pm clear com.android.vending
// android.test.purchased
private static final int SKU_LOG_ID = 1;
private static final int SKU_FILTER_ID = 2;
private static final int SKU_NOTIFY_ID = 3;
private static final int SKU_SPEED_ID = 4;
private static final int SKU_THEME_ID = 5;
private static final int SKU_PRO1_ID = 6;
private static final int SKU_SUPPORT1_ID = 7;
private static final int SKU_SUPPORT2_ID = 8;
public static final String SKU_LOG = "log";
public static final String SKU_FILTER = "filter";
public static final String SKU_NOTIFY = "notify";
public static final String SKU_SPEED = "speed";
public static final String SKU_THEME = "theme";
public static final String SKU_PRO1 = "pro1";
public static final String SKU_SUPPORT1 = "support1";
public static final String SKU_SUPPORT2 = "support2";
public static final String SKU_DONATION = "donation";
@Override
protected void onCreate(Bundle savedInstanceState) {
Log.i(TAG, "Create");
Util.setTheme(this);
super.onCreate(savedInstanceState);
setContentView(R.layout.pro);
getSupportActionBar().setTitle(R.string.title_pro);
getSupportActionBar().setDisplayHomeAsUpEnabled(true);
getWindow().setSoftInputMode(WindowManager.LayoutParams.SOFT_INPUT_STATE_HIDDEN);
// Initial state
updateState();
TextView tvLogTitle = findViewById(R.id.tvLogTitle);
TextView tvFilterTitle = findViewById(R.id.tvFilterTitle);
TextView tvNotifyTitle = findViewById(R.id.tvNotifyTitle);
TextView tvSpeedTitle = findViewById(R.id.tvSpeedTitle);
TextView tvThemeTitle = findViewById(R.id.tvThemeTitle);
TextView tvAllTitle = findViewById(R.id.tvAllTitle);
TextView tvDev1Title = findViewById(R.id.tvDev1Title);
TextView tvDev2Title = findViewById(R.id.tvDev2Title);
tvLogTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvFilterTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvNotifyTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvSpeedTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvThemeTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvAllTitle.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvDev1Title.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
tvDev2Title.setPaintFlags(tvLogTitle.getPaintFlags() | Paint.UNDERLINE_TEXT_FLAG);
View.OnClickListener listener = new View.OnClickListener() {
@Override
public void onClick(View view) {
String sku;
switch (view.getId()) {
case R.id.tvLogTitle:
sku = SKU_LOG;
break;
case R.id.tvFilterTitle:
sku = SKU_FILTER;
break;
case R.id.tvNotifyTitle:
sku = SKU_NOTIFY;
break;
case R.id.tvSpeedTitle:
sku = SKU_SPEED;
break;
case R.id.tvThemeTitle:
sku = SKU_THEME;
break;
case R.id.tvAllTitle:
sku = SKU_PRO1;
break;
case R.id.tvDev1Title:
sku = SKU_SUPPORT1;
break;
case R.id.tvDev2Title:
sku = SKU_SUPPORT2;
break;
default:
sku = SKU_PRO1;
break;
}
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setData(Uri.parse("http://www.netguard.me/#" + sku));
if (intent.resolveActivity(getPackageManager()) != null)
startActivity(intent);
}
};
tvLogTitle.setOnClickListener(listener);
tvFilterTitle.setOnClickListener(listener);
tvNotifyTitle.setOnClickListener(listener);
tvSpeedTitle.setOnClickListener(listener);
tvThemeTitle.setOnClickListener(listener);
tvAllTitle.setOnClickListener(listener);
tvDev1Title.setOnClickListener(listener);
tvDev2Title.setOnClickListener(listener);
try {
iab = new IAB(new IAB.Delegate() {
@Override
public void onReady(final IAB iab) {
Log.i(TAG, "IAB ready");
try {
iab.updatePurchases();
updateState();
final Button btnLog = findViewById(R.id.btnLog);
final Button btnFilter = findViewById(R.id.btnFilter);
final Button btnNotify = findViewById(R.id.btnNotify);
final Button btnSpeed = findViewById(R.id.btnSpeed);
final Button btnTheme = findViewById(R.id.btnTheme);
final Button btnAll = findViewById(R.id.btnAll);
final Button btnDev1 = findViewById(R.id.btnDev1);
final Button btnDev2 = findViewById(R.id.btnDev2);
View.OnClickListener listener = new View.OnClickListener() {
@Override
public void onClick(View view) {
try {
int id = 0;
PendingIntent pi = null;
if (view == btnLog) {
id = SKU_LOG_ID;
pi = iab.getBuyIntent(SKU_LOG, false);
} else if (view == btnFilter) {
id = SKU_FILTER_ID;
pi = iab.getBuyIntent(SKU_FILTER, false);
} else if (view == btnNotify) {
id = SKU_NOTIFY_ID;
pi = iab.getBuyIntent(SKU_NOTIFY, false);
} else if (view == btnSpeed) {
id = SKU_SPEED_ID;
pi = iab.getBuyIntent(SKU_SPEED, false);
} else if (view == btnTheme) {
id = SKU_THEME_ID;
pi = iab.getBuyIntent(SKU_THEME, false);
} else if (view == btnAll) {
id = SKU_PRO1_ID;
pi = iab.getBuyIntent(SKU_PRO1, false);
} else if (view == btnDev1) {
id = SKU_SUPPORT1_ID;
pi = iab.getBuyIntent(SKU_SUPPORT1, true);
} else if (view == btnDev2) {
id = SKU_SUPPORT2_ID;
pi = iab.getBuyIntent(SKU_SUPPORT2, true);
}
if (id > 0 && pi != null)
startIntentSenderForResult(pi.getIntentSender(), id, new Intent(), 0, 0, 0);
} catch (Throwable ex) {
Log.i(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
};
btnLog.setOnClickListener(listener);
btnFilter.setOnClickListener(listener);
btnNotify.setOnClickListener(listener);
btnSpeed.setOnClickListener(listener);
btnTheme.setOnClickListener(listener);
btnAll.setOnClickListener(listener);
btnDev1.setOnClickListener(listener);
btnDev2.setOnClickListener(listener);
btnLog.setEnabled(true);
btnFilter.setEnabled(true);
btnNotify.setEnabled(true);
btnSpeed.setEnabled(true);
btnTheme.setEnabled(true);
btnAll.setEnabled(true);
btnDev1.setEnabled(true);
btnDev2.setEnabled(true);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}, this);
iab.bind();
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
@Override
protected void onDestroy() {
Log.i(TAG, "Destroy");
iab.unbind();
iab = null;
super.onDestroy();
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
MenuInflater inflater = getMenuInflater();
inflater.inflate(R.menu.pro, menu);
return true;
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
case android.R.id.home:
Log.i(TAG, "Up");
NavUtils.navigateUpFromSameTask(this);
return true;
case R.id.menu_challenge:
menu_challenge();
return true;
default:
return super.onOptionsItemSelected(item);
}
}
@Override
public boolean onPrepareOptionsMenu(Menu menu) {
if (IAB.isPurchased(SKU_DONATION, this) || Util.isPlayStoreInstall(this))
menu.removeItem(R.id.menu_challenge);
return super.onPrepareOptionsMenu(menu);
}
private void menu_challenge() {
LayoutInflater inflater = LayoutInflater.from(this);
View view = inflater.inflate(R.layout.challenge, null, false);
final AlertDialog dialog = new AlertDialog.Builder(this)
.setView(view)
.setCancelable(true)
.create();
String android_id = Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);
final String challenge = (Build.VERSION.SDK_INT < Build.VERSION_CODES.O ? Build.SERIAL : "O3" + android_id);
String seed = (Build.VERSION.SDK_INT < Build.VERSION_CODES.O ? "NetGuard2" : "NetGuard3");
// Challenge
TextView tvChallenge = view.findViewById(R.id.tvChallenge);
tvChallenge.setText(challenge);
ImageButton ibCopy = view.findViewById(R.id.ibCopy);
ibCopy.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
ClipboardManager clipboard = (ClipboardManager) getSystemService(Context.CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText(getString(R.string.title_pro_challenge), challenge);
clipboard.setPrimaryClip(clip);
Toast.makeText(ActivityPro.this, android.R.string.copy, Toast.LENGTH_LONG).show();
}
});
// Response
final EditText etResponse = view.findViewById(R.id.etResponse);
try {
final String response = Util.md5(challenge, seed);
etResponse.addTextChangedListener(new TextWatcher() {
@Override
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
// Do nothing
}
@Override
public void onTextChanged(CharSequence s, int start, int before, int count) {
// Do nothing
}
@Override
public void afterTextChanged(Editable editable) {
if (response.equals(editable.toString().toUpperCase())) {
IAB.setBought(SKU_DONATION, ActivityPro.this);
dialog.dismiss();
invalidateOptionsMenu();
updateState();
}
}
});
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
ImageButton ibPaste = view.findViewById(R.id.ibPaste);
ibPaste.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
ClipboardManager clipboard = (ClipboardManager) getSystemService(Context.CLIPBOARD_SERVICE);
if (clipboard != null &&
clipboard.hasPrimaryClip() &&
clipboard.getPrimaryClipDescription().hasMimeType(MIMETYPE_TEXT_PLAIN)) {
ClipData.Item item = clipboard.getPrimaryClip().getItemAt(0);
etResponse.setText(item.getText().toString());
}
}
});
dialog.show();
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (resultCode == RESULT_OK) {
switch (requestCode) {
case SKU_LOG_ID:
IAB.setBought(SKU_LOG, this);
updateState();
break;
case SKU_FILTER_ID:
IAB.setBought(SKU_FILTER, this);
updateState();
break;
case SKU_NOTIFY_ID:
IAB.setBought(SKU_NOTIFY, this);
updateState();
break;
case SKU_SPEED_ID:
IAB.setBought(SKU_SPEED, this);
updateState();
break;
case SKU_THEME_ID:
IAB.setBought(SKU_THEME, this);
updateState();
break;
case SKU_PRO1_ID:
IAB.setBought(SKU_PRO1, this);
updateState();
break;
case SKU_SUPPORT1_ID:
IAB.setBought(SKU_SUPPORT1, this);
updateState();
break;
case SKU_SUPPORT2_ID:
IAB.setBought(SKU_SUPPORT2, this);
updateState();
break;
}
}
}
private void updateState() {
Button btnLog = findViewById(R.id.btnLog);
Button btnFilter = findViewById(R.id.btnFilter);
Button btnNotify = findViewById(R.id.btnNotify);
Button btnSpeed = findViewById(R.id.btnSpeed);
Button btnTheme = findViewById(R.id.btnTheme);
Button btnAll = findViewById(R.id.btnAll);
Button btnDev1 = findViewById(R.id.btnDev1);
Button btnDev2 = findViewById(R.id.btnDev2);
TextView tvLog = findViewById(R.id.tvLog);
TextView tvFilter = findViewById(R.id.tvFilter);
TextView tvNotify = findViewById(R.id.tvNotify);
TextView tvSpeed = findViewById(R.id.tvSpeed);
TextView tvTheme = findViewById(R.id.tvTheme);
TextView tvAll = findViewById(R.id.tvAll);
TextView tvDev1 = findViewById(R.id.tvDev1);
TextView tvDev2 = findViewById(R.id.tvDev2);
TextView tvLogUnavailable = findViewById(R.id.tvLogUnavailable);
TextView tvFilterUnavailable = findViewById(R.id.tvFilterUnavailable);
boolean can = Util.canFilter(this);
btnLog.setVisibility(IAB.isPurchased(SKU_LOG, this) || !can ? View.GONE : View.VISIBLE);
btnFilter.setVisibility(IAB.isPurchased(SKU_FILTER, this) || !can ? View.GONE : View.VISIBLE);
btnNotify.setVisibility(IAB.isPurchased(SKU_NOTIFY, this) ? View.GONE : View.VISIBLE);
btnSpeed.setVisibility(IAB.isPurchased(SKU_SPEED, this) ? View.GONE : View.VISIBLE);
btnTheme.setVisibility(IAB.isPurchased(SKU_THEME, this) ? View.GONE : View.VISIBLE);
btnAll.setVisibility(IAB.isPurchased(SKU_PRO1, this) ? View.GONE : View.VISIBLE);
btnDev1.setVisibility(IAB.isPurchased(SKU_SUPPORT1, this) ? View.GONE : View.VISIBLE);
btnDev2.setVisibility(IAB.isPurchased(SKU_SUPPORT2, this) ? View.GONE : View.VISIBLE);
tvLog.setVisibility(IAB.isPurchased(SKU_LOG, this) && can ? View.VISIBLE : View.GONE);
tvFilter.setVisibility(IAB.isPurchased(SKU_FILTER, this) && can ? View.VISIBLE : View.GONE);
tvNotify.setVisibility(IAB.isPurchased(SKU_NOTIFY, this) ? View.VISIBLE : View.GONE);
tvSpeed.setVisibility(IAB.isPurchased(SKU_SPEED, this) ? View.VISIBLE : View.GONE);
tvTheme.setVisibility(IAB.isPurchased(SKU_THEME, this) ? View.VISIBLE : View.GONE);
tvAll.setVisibility(IAB.isPurchased(SKU_PRO1, this) ? View.VISIBLE : View.GONE);
tvDev1.setVisibility(IAB.isPurchased(SKU_SUPPORT1, this) ? View.VISIBLE : View.GONE);
tvDev2.setVisibility(IAB.isPurchased(SKU_SUPPORT2, this) ? View.VISIBLE : View.GONE);
tvLogUnavailable.setVisibility(can ? View.GONE : View.VISIBLE);
tvFilterUnavailable.setVisibility(can ? View.GONE : View.VISIBLE);
}
}

1466
NetGuard/app/src/main/java/eu/faircode/netguard/ActivitySettings.java
File diff suppressed because it is too large
View File

186
NetGuard/app/src/main/java/eu/faircode/netguard/AdapterAccess.java
View File

@ -1,186 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.res.TypedArray;
import android.database.Cursor;
import android.graphics.drawable.Drawable;
import android.os.AsyncTask;
import android.os.Build;
import android.text.SpannableString;
import android.text.style.UnderlineSpan;
import android.util.TypedValue;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.TextView;
import androidx.core.graphics.drawable.DrawableCompat;
import androidx.core.view.ViewCompat;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
public class AdapterAccess extends CursorAdapter {
private int colVersion;
private int colProtocol;
private int colDaddr;
private int colDPort;
private int colTime;
private int colAllowed;
private int colBlock;
private int colCount;
private int colSent;
private int colReceived;
private int colConnections;
private int colorText;
private int colorOn;
private int colorOff;
public AdapterAccess(Context context, Cursor cursor) {
super(context, cursor, 0);
colVersion = cursor.getColumnIndex("version");
colProtocol = cursor.getColumnIndex("protocol");
colDaddr = cursor.getColumnIndex("daddr");
colDPort = cursor.getColumnIndex("dport");
colTime = cursor.getColumnIndex("time");
colAllowed = cursor.getColumnIndex("allowed");
colBlock = cursor.getColumnIndex("block");
colCount = cursor.getColumnIndex("count");
colSent = cursor.getColumnIndex("sent");
colReceived = cursor.getColumnIndex("received");
colConnections = cursor.getColumnIndex("connections");
TypedArray ta = context.getTheme().obtainStyledAttributes(new int[]{android.R.attr.textColorSecondary});
try {
colorText = ta.getColor(0, 0);
} finally {
ta.recycle();
}
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOn, tv, true);
colorOn = tv.data;
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
colorOff = tv.data;
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.access, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
final int version = cursor.getInt(colVersion);
final int protocol = cursor.getInt(colProtocol);
final String daddr = cursor.getString(colDaddr);
final int dport = cursor.getInt(colDPort);
long time = cursor.getLong(colTime);
int allowed = cursor.getInt(colAllowed);
int block = cursor.getInt(colBlock);
int count = cursor.getInt(colCount);
long sent = cursor.isNull(colSent) ? -1 : cursor.getLong(colSent);
long received = cursor.isNull(colReceived) ? -1 : cursor.getLong(colReceived);
int connections = cursor.isNull(colConnections) ? -1 : cursor.getInt(colConnections);
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
ImageView ivBlock = view.findViewById(R.id.ivBlock);
final TextView tvDest = view.findViewById(R.id.tvDest);
LinearLayout llTraffic = view.findViewById(R.id.llTraffic);
TextView tvConnections = view.findViewById(R.id.tvConnections);
TextView tvTraffic = view.findViewById(R.id.tvTraffic);
// Set values
tvTime.setText(new SimpleDateFormat("dd HH:mm").format(time));
if (block < 0)
ivBlock.setImageDrawable(null);
else {
ivBlock.setImageResource(block > 0 ? R.drawable.host_blocked : R.drawable.host_allowed);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivBlock.getDrawable());
DrawableCompat.setTint(wrap, block > 0 ? colorOff : colorOn);
}
}
String dest = Util.getProtocolName(protocol, version, true) +
" " + daddr + (dport > 0 ? "/" + dport : "") + (count > 1 ? " ?" + count : "");
SpannableString span = new SpannableString(dest);
span.setSpan(new UnderlineSpan(), 0, dest.length(), 0);
tvDest.setText(span);
if (Util.isNumericAddress(daddr))
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvDest, true);
}
@Override
protected String doInBackground(String... args) {
try {
return InetAddress.getByName(args[0]).getHostName();
} catch (UnknownHostException ignored) {
return args[0];
}
}
@Override
protected void onPostExecute(String addr) {
tvDest.setText(
Util.getProtocolName(protocol, version, true) +
" >" + addr + (dport > 0 ? "/" + dport : ""));
ViewCompat.setHasTransientState(tvDest, false);
}
}.execute(daddr);
if (allowed < 0)
tvDest.setTextColor(colorText);
else if (allowed > 0)
tvDest.setTextColor(colorOn);
else
tvDest.setTextColor(colorOff);
llTraffic.setVisibility(connections > 0 || sent > 0 || received > 0 ? View.VISIBLE : View.GONE);
if (connections > 0)
tvConnections.setText(context.getString(R.string.msg_count, connections));
if (sent > 1024 * 1204 * 1024L || received > 1024 * 1024 * 1024L)
tvTraffic.setText(context.getString(R.string.msg_gb,
(sent > 0 ? sent / (1024 * 1024 * 1024f) : 0),
(received > 0 ? received / (1024 * 1024 * 1024f) : 0)));
else if (sent > 1204 * 1024L || received > 1024 * 1024L)
tvTraffic.setText(context.getString(R.string.msg_mb,
(sent > 0 ? sent / (1024 * 1024f) : 0),
(received > 0 ? received / (1024 * 1024f) : 0)));
else
tvTraffic.setText(context.getString(R.string.msg_kb,
(sent > 0 ? sent / 1024f : 0),
(received > 0 ? received / 1024f : 0)));
}
}

95
NetGuard/app/src/main/java/eu/faircode/netguard/AdapterDns.java
View File

@ -1,95 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.database.Cursor;
import android.graphics.Color;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.TextView;
import androidx.preference.PreferenceManager;
import java.text.SimpleDateFormat;
import java.util.Date;
public class AdapterDns extends CursorAdapter {
private int colorExpired;
private int colTime;
private int colQName;
private int colAName;
private int colResource;
private int colTTL;
public AdapterDns(Context context, Cursor cursor) {
super(context, cursor, 0);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
if (prefs.getBoolean("dark_theme", false))
colorExpired = Color.argb(128, Color.red(Color.DKGRAY), Color.green(Color.DKGRAY), Color.blue(Color.DKGRAY));
else
colorExpired = Color.argb(128, Color.red(Color.LTGRAY), Color.green(Color.LTGRAY), Color.blue(Color.LTGRAY));
colTime = cursor.getColumnIndex("time");
colQName = cursor.getColumnIndex("qname");
colAName = cursor.getColumnIndex("aname");
colResource = cursor.getColumnIndex("resource");
colTTL = cursor.getColumnIndex("ttl");
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.dns, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
long time = cursor.getLong(colTime);
String qname = cursor.getString(colQName);
String aname = cursor.getString(colAName);
String resource = cursor.getString(colResource);
int ttl = cursor.getInt(colTTL);
long now = new Date().getTime();
boolean expired = (time + ttl < now);
view.setBackgroundColor(expired ? colorExpired : Color.TRANSPARENT);
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
TextView tvQName = view.findViewById(R.id.tvQName);
TextView tvAName = view.findViewById(R.id.tvAName);
TextView tvResource = view.findViewById(R.id.tvResource);
TextView tvTTL = view.findViewById(R.id.tvTTL);
// Set values
tvTime.setText(new SimpleDateFormat("dd HH:mm").format(time));
tvQName.setText(qname);
tvAName.setText(aname);
tvResource.setText(resource);
tvTTL.setText("+" + Integer.toString(ttl / 1000));
}
}

74
NetGuard/app/src/main/java/eu/faircode/netguard/AdapterForwarding.java
View File

@ -1,74 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.database.Cursor;
import android.text.TextUtils;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.TextView;
public class AdapterForwarding extends CursorAdapter {
private int colProtocol;
private int colDPort;
private int colRAddr;
private int colRPort;
private int colRUid;
public AdapterForwarding(Context context, Cursor cursor) {
super(context, cursor, 0);
colProtocol = cursor.getColumnIndex("protocol");
colDPort = cursor.getColumnIndex("dport");
colRAddr = cursor.getColumnIndex("raddr");
colRPort = cursor.getColumnIndex("rport");
colRUid = cursor.getColumnIndex("ruid");
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.forward, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
int protocol = cursor.getInt(colProtocol);
int dport = cursor.getInt(colDPort);
String raddr = cursor.getString(colRAddr);
int rport = cursor.getInt(colRPort);
int ruid = cursor.getInt(colRUid);
// Get views
TextView tvProtocol = view.findViewById(R.id.tvProtocol);
TextView tvDPort = view.findViewById(R.id.tvDPort);
TextView tvRAddr = view.findViewById(R.id.tvRAddr);
TextView tvRPort = view.findViewById(R.id.tvRPort);
TextView tvRUid = view.findViewById(R.id.tvRUid);
tvProtocol.setText(Util.getProtocolName(protocol, 0, false));
tvDPort.setText(Integer.toString(dport));
tvRAddr.setText(raddr);
tvRPort.setText(Integer.toString(rport));
tvRUid.setText(TextUtils.join(", ", Util.getApplicationNames(ruid, context)));
}
}

370
NetGuard/app/src/main/java/eu/faircode/netguard/AdapterLog.java
View File

@ -1,370 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.database.Cursor;
import android.graphics.drawable.Drawable;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Build;
import android.text.TextUtils;
import android.util.Log;
import android.util.TypedValue;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CursorAdapter;
import android.widget.ImageView;
import android.widget.TextView;
import androidx.core.graphics.drawable.DrawableCompat;
import androidx.core.view.ViewCompat;
import androidx.preference.PreferenceManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.util.List;
public class AdapterLog extends CursorAdapter {
private static String TAG = "NetGuard.Log";
private boolean resolve;
private boolean organization;
private int colTime;
private int colVersion;
private int colProtocol;
private int colFlags;
private int colSAddr;
private int colSPort;
private int colDAddr;
private int colDPort;
private int colDName;
private int colUid;
private int colData;
private int colAllowed;
private int colConnection;
private int colInteractive;
private int colorOn;
private int colorOff;
private int iconSize;
private InetAddress dns1 = null;
private InetAddress dns2 = null;
private InetAddress vpn4 = null;
private InetAddress vpn6 = null;
public AdapterLog(Context context, Cursor cursor, boolean resolve, boolean organization) {
super(context, cursor, 0);
this.resolve = resolve;
this.organization = organization;
colTime = cursor.getColumnIndex("time");
colVersion = cursor.getColumnIndex("version");
colProtocol = cursor.getColumnIndex("protocol");
colFlags = cursor.getColumnIndex("flags");
colSAddr = cursor.getColumnIndex("saddr");
colSPort = cursor.getColumnIndex("sport");
colDAddr = cursor.getColumnIndex("daddr");
colDPort = cursor.getColumnIndex("dport");
colDName = cursor.getColumnIndex("dname");
colUid = cursor.getColumnIndex("uid");
colData = cursor.getColumnIndex("data");
colAllowed = cursor.getColumnIndex("allowed");
colConnection = cursor.getColumnIndex("connection");
colInteractive = cursor.getColumnIndex("interactive");
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOn, tv, true);
colorOn = tv.data;
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
colorOff = tv.data;
iconSize = Util.dips2pixels(24, context);
try {
List<InetAddress> lstDns = ServiceSinkhole.getDns(context);
dns1 = (lstDns.size() > 0 ? lstDns.get(0) : null);
dns2 = (lstDns.size() > 1 ? lstDns.get(1) : null);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
vpn4 = InetAddress.getByName(prefs.getString("vpn4", "10.1.10.1"));
vpn6 = InetAddress.getByName(prefs.getString("vpn6", "fd00:1:fd00:1:fd00:1:fd00:1"));
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public void setResolve(boolean resolve) {
this.resolve = resolve;
}
public void setOrganization(boolean organization) {
this.organization = organization;
}
@Override
public View newView(Context context, Cursor cursor, ViewGroup parent) {
return LayoutInflater.from(context).inflate(R.layout.log, parent, false);
}
@Override
public void bindView(final View view, final Context context, final Cursor cursor) {
// Get values
long time = cursor.getLong(colTime);
int version = (cursor.isNull(colVersion) ? -1 : cursor.getInt(colVersion));
int protocol = (cursor.isNull(colProtocol) ? -1 : cursor.getInt(colProtocol));
String flags = cursor.getString(colFlags);
String saddr = cursor.getString(colSAddr);
int sport = (cursor.isNull(colSPort) ? -1 : cursor.getInt(colSPort));
String daddr = cursor.getString(colDAddr);
int dport = (cursor.isNull(colDPort) ? -1 : cursor.getInt(colDPort));
String dname = (cursor.isNull(colDName) ? null : cursor.getString(colDName));
int uid = (cursor.isNull(colUid) ? -1 : cursor.getInt(colUid));
String data = cursor.getString(colData);
int allowed = (cursor.isNull(colAllowed) ? -1 : cursor.getInt(colAllowed));
int connection = (cursor.isNull(colConnection) ? -1 : cursor.getInt(colConnection));
int interactive = (cursor.isNull(colInteractive) ? -1 : cursor.getInt(colInteractive));
// Get views
TextView tvTime = view.findViewById(R.id.tvTime);
TextView tvProtocol = view.findViewById(R.id.tvProtocol);
TextView tvFlags = view.findViewById(R.id.tvFlags);
TextView tvSAddr = view.findViewById(R.id.tvSAddr);
TextView tvSPort = view.findViewById(R.id.tvSPort);
final TextView tvDaddr = view.findViewById(R.id.tvDAddr);
TextView tvDPort = view.findViewById(R.id.tvDPort);
final TextView tvOrganization = view.findViewById(R.id.tvOrganization);
final ImageView ivIcon = view.findViewById(R.id.ivIcon);
TextView tvUid = view.findViewById(R.id.tvUid);
TextView tvData = view.findViewById(R.id.tvData);
ImageView ivConnection = view.findViewById(R.id.ivConnection);
ImageView ivInteractive = view.findViewById(R.id.ivInteractive);
// Show time
tvTime.setText(new SimpleDateFormat("HH:mm:ss").format(time));
// Show connection type
if (connection <= 0)
ivConnection.setImageResource(allowed > 0 ? R.drawable.host_allowed : R.drawable.host_blocked);
else {
if (allowed > 0)
ivConnection.setImageResource(connection == 1 ? R.drawable.wifi_on : R.drawable.other_on);
else
ivConnection.setImageResource(connection == 1 ? R.drawable.wifi_off : R.drawable.other_off);
}
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivConnection.getDrawable());
DrawableCompat.setTint(wrap, allowed > 0 ? colorOn : colorOff);
}
// Show if screen on
if (interactive <= 0)
ivInteractive.setImageDrawable(null);
else {
ivInteractive.setImageResource(R.drawable.screen_on);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Drawable wrap = DrawableCompat.wrap(ivInteractive.getDrawable());
DrawableCompat.setTint(wrap, colorOn);
}
}
// Show protocol name
tvProtocol.setText(Util.getProtocolName(protocol, version, false));
// SHow TCP flags
tvFlags.setText(flags);
tvFlags.setVisibility(TextUtils.isEmpty(flags) ? View.GONE : View.VISIBLE);
// Show source and destination port
if (protocol == 6 || protocol == 17) {
tvSPort.setText(sport < 0 ? "" : getKnownPort(sport));
tvDPort.setText(dport < 0 ? "" : getKnownPort(dport));
} else {
tvSPort.setText(sport < 0 ? "" : Integer.toString(sport));
tvDPort.setText(dport < 0 ? "" : Integer.toString(dport));
}
// Application icon
ApplicationInfo info = null;
PackageManager pm = context.getPackageManager();
String[] pkg = pm.getPackagesForUid(uid);
if (pkg != null && pkg.length > 0)
try {
info = pm.getApplicationInfo(pkg[0], 0);
} catch (PackageManager.NameNotFoundException ignored) {
}
if (info == null)
ivIcon.setImageDrawable(null);
else {
if (info.icon <= 0)
ivIcon.setImageResource(android.R.drawable.sym_def_app_icon);
else {
Uri uri = Uri.parse("android.resource://" + info.packageName + "/" + info.icon);
GlideApp.with(context)
.load(uri)
//.diskCacheStrategy(DiskCacheStrategy.NONE)
//.skipMemoryCache(true)
.override(iconSize, iconSize)
.into(ivIcon);
}
}
boolean we = (android.os.Process.myUid() == uid);
// https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h
uid = uid % 100000; // strip off user ID
if (uid == -1)
tvUid.setText("");
else if (uid == 0)
tvUid.setText(context.getString(R.string.title_root));
else if (uid == 9999)
tvUid.setText("-"); // nobody
else
tvUid.setText(Integer.toString(uid));
// Show source address
tvSAddr.setText(getKnownAddress(saddr));
// Show destination address
if (!we && resolve && !isKnownAddress(daddr))
if (dname == null) {
tvDaddr.setText(daddr);
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvDaddr, true);
}
@Override
protected String doInBackground(String... args) {
try {
return InetAddress.getByName(args[0]).getHostName();
} catch (UnknownHostException ignored) {
return args[0];
}
}
@Override
protected void onPostExecute(String name) {
tvDaddr.setText(">" + name);
ViewCompat.setHasTransientState(tvDaddr, false);
}
}.execute(daddr);
} else
tvDaddr.setText(dname);
else
tvDaddr.setText(getKnownAddress(daddr));
// Show organization
tvOrganization.setVisibility(View.GONE);
if (!we && organization) {
if (!isKnownAddress(daddr))
new AsyncTask<String, Object, String>() {
@Override
protected void onPreExecute() {
ViewCompat.setHasTransientState(tvOrganization, true);
}
@Override
protected String doInBackground(String... args) {
try {
return Util.getOrganization(args[0]);
} catch (Throwable ex) {
Log.w(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
return null;
}
}
@Override
protected void onPostExecute(String organization) {
if (organization != null) {
tvOrganization.setText(organization);
tvOrganization.setVisibility(View.VISIBLE);
}
ViewCompat.setHasTransientState(tvOrganization, false);
}
}.execute(daddr);
}
// Show extra data
if (TextUtils.isEmpty(data)) {
tvData.setText("");
tvData.setVisibility(View.GONE);
} else {
tvData.setText(data);
tvData.setVisibility(View.VISIBLE);
}
}
public boolean isKnownAddress(String addr) {
try {
InetAddress a = InetAddress.getByName(addr);
if (a.equals(dns1) || a.equals(dns2) || a.equals(vpn4) || a.equals(vpn6))
return true;
} catch (UnknownHostException ignored) {
}
return false;
}
private String getKnownAddress(String addr) {
try {
InetAddress a = InetAddress.getByName(addr);
if (a.equals(dns1))
return "dns1";
if (a.equals(dns2))
return "dns2";
if (a.equals(vpn4) || a.equals(vpn6))
return "vpn";
} catch (UnknownHostException ignored) {
}
return addr;
}
private String getKnownPort(int port) {
// https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports
switch (port) {
case 7:
return "echo";
case 25:
return "smtp";
case 53:
return "dns";
case 80:
return "http";
case 110:
return "pop3";
case 143:
return "imap";
case 443:
return "https";
case 465:
return "smtps";
case 993:
return "imaps";
case 995:
return "pop3s";
default:
return Integer.toString(port);
}
}
}

1033
NetGuard/app/src/main/java/eu/faircode/netguard/AdapterRule.java
File diff suppressed because it is too large
View File

35
NetGuard/app/src/main/java/eu/faircode/netguard/Allowed.java
View File

@ -1,35 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Allowed {
public String raddr;
public int rport;
public Allowed() {
this.raddr = null;
this.rport = 0;
}
public Allowed(String raddr, int rport) {
this.raddr = raddr;
this.rport = rport;
}
}

78
NetGuard/app/src/main/java/eu/faircode/netguard/ApplicationEx.java
View File

@ -1,78 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.app.Application;
import android.app.Notification;
import android.app.NotificationChannel;
import android.app.NotificationManager;
import android.content.Context;
import android.os.Build;
import android.util.Log;
public class ApplicationEx extends Application {
private static final String TAG = "NetGuard.App";
private Thread.UncaughtExceptionHandler mPrevHandler;
@Override
public void onCreate() {
super.onCreate();
Log.i(TAG, "Create version=" + Util.getSelfVersionName(this) + "/" + Util.getSelfVersionCode(this));
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O)
createNotificationChannels();
mPrevHandler = Thread.getDefaultUncaughtExceptionHandler();
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread thread, Throwable ex) {
if (Util.ownFault(ApplicationEx.this, ex)
&& Util.isPlayStoreInstall(ApplicationEx.this)) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
mPrevHandler.uncaughtException(thread, ex);
} else {
Log.w(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
System.exit(1);
}
}
});
}
@TargetApi(Build.VERSION_CODES.O)
private void createNotificationChannels() {
NotificationManager nm = (NotificationManager) getSystemService(Context.NOTIFICATION_SERVICE);
NotificationChannel foreground = new NotificationChannel("foreground", getString(R.string.channel_foreground), NotificationManager.IMPORTANCE_MIN);
foreground.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
nm.createNotificationChannel(foreground);
NotificationChannel notify = new NotificationChannel("notify", getString(R.string.channel_notify), NotificationManager.IMPORTANCE_DEFAULT);
notify.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
notify.setBypassDnd(true);
nm.createNotificationChannel(notify);
NotificationChannel access = new NotificationChannel("access", getString(R.string.channel_access), NotificationManager.IMPORTANCE_DEFAULT);
access.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT);
access.setBypassDnd(true);
nm.createNotificationChannel(access);
}
}

1164
NetGuard/app/src/main/java/eu/faircode/netguard/DatabaseHelper.java
File diff suppressed because it is too large
View File

181
NetGuard/app/src/main/java/eu/faircode/netguard/DownloadTask.java
View File

@ -1,181 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.Activity;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Build;
import android.os.PowerManager;
import android.util.Log;
import android.util.TypedValue;
import android.widget.Toast;
import androidx.core.app.NotificationCompat;
import androidx.core.app.NotificationManagerCompat;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
public class DownloadTask extends AsyncTask<Object, Integer, Object> {
private static final String TAG = "NetGuard.Download";
private Context context;
private URL url;
private File file;
private Listener listener;
private PowerManager.WakeLock wakeLock;
public interface Listener {
void onCompleted();
void onCancelled();
void onException(Throwable ex);
}
public DownloadTask(Activity context, URL url, File file, Listener listener) {
this.context = context;
this.url = url;
this.file = file;
this.listener = listener;
}
@Override
protected void onPreExecute() {
PowerManager pm = (PowerManager) context.getSystemService(Context.POWER_SERVICE);
wakeLock = pm.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, getClass().getName());
wakeLock.acquire();
showNotification(0);
Toast.makeText(context, context.getString(R.string.msg_downloading, url.toString()), Toast.LENGTH_SHORT).show();
}
@Override
protected Object doInBackground(Object... args) {
Log.i(TAG, "Downloading " + url + " into " + file);
InputStream in = null;
OutputStream out = null;
URLConnection connection = null;
try {
connection = url.openConnection();
connection.connect();
if (connection instanceof HttpURLConnection) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK)
throw new IOException(httpConnection.getResponseCode() + " " + httpConnection.getResponseMessage());
}
int contentLength = connection.getContentLength();
Log.i(TAG, "Content length=" + contentLength);
in = connection.getInputStream();
out = new FileOutputStream(file);
long size = 0;
byte buffer[] = new byte[4096];
int bytes;
while (!isCancelled() && (bytes = in.read(buffer)) != -1) {
out.write(buffer, 0, bytes);
size += bytes;
if (contentLength > 0)
publishProgress((int) (size * 100 / contentLength));
}
Log.i(TAG, "Downloaded size=" + size);
return null;
} catch (Throwable ex) {
return ex;
} finally {
try {
if (out != null)
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
try {
if (in != null)
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (connection instanceof HttpURLConnection)
((HttpURLConnection) connection).disconnect();
}
}
@Override
protected void onProgressUpdate(Integer... progress) {
super.onProgressUpdate(progress);
showNotification(progress[0]);
}
@Override
protected void onCancelled() {
super.onCancelled();
Log.i(TAG, "Cancelled");
listener.onCancelled();
}
@Override
protected void onPostExecute(Object result) {
wakeLock.release();
NotificationManagerCompat.from(context).cancel(ServiceSinkhole.NOTIFY_DOWNLOAD);
if (result instanceof Throwable) {
Log.e(TAG, result.toString() + "\n" + Log.getStackTraceString((Throwable) result));
listener.onException((Throwable) result);
} else
listener.onCompleted();
}
private void showNotification(int progress) {
Intent main = new Intent(context, ActivitySettings.class);
PendingIntent pi = PendingIntent.getActivity(context, ServiceSinkhole.NOTIFY_DOWNLOAD, main, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
TypedValue tv = new TypedValue();
context.getTheme().resolveAttribute(R.attr.colorOff, tv, true);
NotificationCompat.Builder builder = new NotificationCompat.Builder(context, "notify");
builder.setSmallIcon(R.drawable.ic_file_download_white_24dp)
.setContentTitle(context.getString(R.string.app_name))
.setContentText(context.getString(R.string.msg_downloading, url.toString()))
.setContentIntent(pi)
.setProgress(100, progress, false)
.setColor(tv.data)
.setOngoing(true)
.setAutoCancel(false);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP)
builder.setCategory(NotificationCompat.CATEGORY_STATUS)
.setVisibility(NotificationCompat.VISIBILITY_SECRET);
NotificationManagerCompat.from(context).notify(ServiceSinkhole.NOTIFY_DOWNLOAD, builder.build());
}
}

45
NetGuard/app/src/main/java/eu/faircode/netguard/ExpandedListView.java
View File

@ -1,45 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.util.AttributeSet;
import android.widget.ListView;
// This requires list view items with equal heights
public class ExpandedListView extends ListView {
public ExpandedListView(Context context) {
super(context);
}
public ExpandedListView(Context context, AttributeSet attrs) {
super(context, attrs);
}
public ExpandedListView(Context context, AttributeSet attrs, int defStyleAttr) {
super(context, attrs, defStyleAttr);
}
@Override
protected void onMeasure(int widthMeasureSpec, int heightMeasureSpec) {
super.onMeasure(widthMeasureSpec, MeasureSpec.makeMeasureSpec(Integer.MAX_VALUE >> 4, MeasureSpec.AT_MOST));
}
}

33
NetGuard/app/src/main/java/eu/faircode/netguard/Forward.java
View File

@ -1,33 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Forward {
public int protocol;
public int dport;
public String raddr;
public int rport;
public int ruid;
@Override
public String toString() {
return "protocol=" + protocol + " port " + dport + " to " + raddr + "/" + rport + " uid " + ruid;
}
}

32
NetGuard/app/src/main/java/eu/faircode/netguard/FragmentSettings.java
View File

@ -1,32 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.os.Bundle;
import android.preference.PreferenceFragment;
public class FragmentSettings extends PreferenceFragment {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
addPreferencesFromResource(R.xml.preferences);
}
}

8
NetGuard/app/src/main/java/eu/faircode/netguard/GlideHelper.java
View File

@ -1,8 +0,0 @@
package eu.faircode.netguard;
import com.bumptech.glide.annotation.GlideModule;
import com.bumptech.glide.module.AppGlideModule;
@GlideModule
public final class GlideHelper extends AppGlideModule {
}

240
NetGuard/app/src/main/java/eu/faircode/netguard/IAB.java
View File

@ -1,240 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.os.IBinder;
import android.os.RemoteException;
import android.util.Log;
import androidx.preference.PreferenceManager;
import com.android.vending.billing.IInAppBillingService;
import org.json.JSONException;
import org.json.JSONObject;
import java.util.ArrayList;
import java.util.List;
public class IAB implements ServiceConnection {
private static final String TAG = "NetGuard.IAB";
private Context context;
private Delegate delegate;
private IInAppBillingService service = null;
private static final int IAB_VERSION = 3;
public interface Delegate {
void onReady(IAB iab);
}
public IAB(Delegate delegate, Context context) {
this.context = context.getApplicationContext();
this.delegate = delegate;
}
public void bind() {
Log.i(TAG, "Bind");
Intent serviceIntent = new Intent("com.android.vending.billing.InAppBillingService.BIND");
serviceIntent.setPackage("com.android.vending");
context.bindService(serviceIntent, this, Context.BIND_AUTO_CREATE);
}
public void unbind() {
if (service != null) {
Log.i(TAG, "Unbind");
context.unbindService(this);
service = null;
}
}
@Override
public void onServiceConnected(ComponentName name, IBinder binder) {
Log.i(TAG, "Connected");
service = IInAppBillingService.Stub.asInterface(binder);
delegate.onReady(this);
}
@Override
public void onServiceDisconnected(ComponentName name) {
Log.i(TAG, "Disconnected");
service = null;
}
public boolean isAvailable(String sku) throws RemoteException, JSONException {
// Get available SKUs
ArrayList<String> skuList = new ArrayList<>();
skuList.add(sku);
Bundle query = new Bundle();
query.putStringArrayList("ITEM_ID_LIST", skuList);
Bundle bundle = service.getSkuDetails(IAB_VERSION, context.getPackageName(), "inapp", query);
Log.i(TAG, "getSkuDetails");
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
// Check available SKUs
boolean found = false;
ArrayList<String> details = bundle.getStringArrayList("DETAILS_LIST");
if (details != null)
for (String item : details) {
JSONObject object = new JSONObject(item);
if (sku.equals(object.getString("productId"))) {
found = true;
break;
}
}
Log.i(TAG, sku + "=" + found);
return found;
}
public void updatePurchases() throws RemoteException {
// Get purchases
List<String> skus = new ArrayList<>();
skus.addAll(getPurchases("inapp"));
skus.addAll(getPurchases("subs"));
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
SharedPreferences.Editor editor = prefs.edit();
for (String product : prefs.getAll().keySet())
if (!ActivityPro.SKU_DONATION.equals(product)) {
Log.i(TAG, "removing SKU=" + product);
editor.remove(product);
}
for (String sku : skus) {
Log.i(TAG, "adding SKU=" + sku);
editor.putBoolean(sku, true);
}
editor.apply();
}
public boolean isPurchased(String sku, String type) throws RemoteException {
return getPurchases(type).contains(sku);
}
public List<String> getPurchases(String type) throws RemoteException {
// Get purchases
Bundle bundle = service.getPurchases(IAB_VERSION, context.getPackageName(), type, null);
Log.i(TAG, "getPurchases");
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
ArrayList<String> details = bundle.getStringArrayList("INAPP_PURCHASE_ITEM_LIST");
return (details == null ? new ArrayList<String>() : details);
}
public PendingIntent getBuyIntent(String sku, boolean subscription) throws RemoteException {
if (service == null)
return null;
Bundle bundle = service.getBuyIntent(IAB_VERSION, context.getPackageName(), sku, subscription ? "subs" : "inapp", "netguard");
Log.i(TAG, "getBuyIntent sku=" + sku + " subscription=" + subscription);
Util.logBundle(bundle);
int response = (bundle == null ? -1 : bundle.getInt("RESPONSE_CODE", -1));
Log.i(TAG, "Response=" + getResult(response));
if (response != 0)
throw new IllegalArgumentException(getResult(response));
if (!bundle.containsKey("BUY_INTENT"))
throw new IllegalArgumentException("BUY_INTENT missing");
return bundle.getParcelable("BUY_INTENT");
}
public static void setBought(String sku, Context context) {
Log.i(TAG, "Bought " + sku);
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
prefs.edit().putBoolean(sku, true).apply();
}
public static boolean isPurchased(String sku, Context context) {
try {
if (Util.isDebuggable(context)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
return !prefs.getBoolean("debug_iab", false);
}
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
if (ActivityPro.SKU_SUPPORT1.equals(sku) || ActivityPro.SKU_SUPPORT2.equals(sku))
return prefs.getBoolean(sku, false);
return (prefs.getBoolean(sku, false) ||
prefs.getBoolean(ActivityPro.SKU_PRO1, false) ||
prefs.getBoolean(ActivityPro.SKU_SUPPORT1, false) ||
prefs.getBoolean(ActivityPro.SKU_SUPPORT2, false) ||
prefs.getBoolean(ActivityPro.SKU_DONATION, false));
} catch (SecurityException ignored) {
return false;
}
}
public static boolean isPurchasedAny(Context context) {
try {
if (Util.isDebuggable(context)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
return !(prefs.getBoolean("debug_iab", false));
}
SharedPreferences prefs = context.getSharedPreferences("IAB", Context.MODE_PRIVATE);
for (String key : prefs.getAll().keySet())
if (prefs.getBoolean(key, false))
return true;
return false;
} catch (SecurityException ignored) {
return false;
}
}
public static String getResult(int responseCode) {
switch (responseCode) {
case 0:
return "OK";
case 1:
return "USER_CANCELED";
case 2:
return "SERVICE_UNAVAILABLE";
case 3:
return "BILLING_UNAVAILABLE";
case 4:
return "ITEM_UNAVAILABLE";
case 5:
return "DEVELOPER_ERROR";
case 6:
return "ERROR";
case 7:
return "ITEM_ALREADY_OWNED";
case 8:
return "ITEM_NOT_OWNED";
default:
return Integer.toString(responseCode);
}
}
}

140
NetGuard/app/src/main/java/eu/faircode/netguard/IPUtil.java
View File

@ -1,140 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.util.Log;
import androidx.annotation.NonNull;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
public class IPUtil {
private static final String TAG = "NetGuard.IPUtil";
public static List<CIDR> toCIDR(String start, String end) throws UnknownHostException {
return toCIDR(InetAddress.getByName(start), InetAddress.getByName(end));
}
public static List<CIDR> toCIDR(InetAddress start, InetAddress end) throws UnknownHostException {
List<CIDR> listResult = new ArrayList<>();
Log.i(TAG, "toCIDR(" + start.getHostAddress() + "," + end.getHostAddress() + ")");
long from = inet2long(start);
long to = inet2long(end);
while (to >= from) {
byte prefix = 32;
while (prefix > 0) {
long mask = prefix2mask(prefix - 1);
if ((from & mask) != from)
break;
prefix--;
}
byte max = (byte) (32 - Math.floor(Math.log(to - from + 1) / Math.log(2)));
if (prefix < max)
prefix = max;
listResult.add(new CIDR(long2inet(from), prefix));
from += Math.pow(2, (32 - prefix));
}
for (CIDR cidr : listResult)
Log.i(TAG, cidr.toString());
return listResult;
}
private static long prefix2mask(int bits) {
return (0xFFFFFFFF00000000L >> bits) & 0xFFFFFFFFL;
}
private static long inet2long(InetAddress addr) {
long result = 0;
if (addr != null)
for (byte b : addr.getAddress())
result = result << 8 | (b & 0xFF);
return result;
}
private static InetAddress long2inet(long addr) {
try {
byte[] b = new byte[4];
for (int i = b.length - 1; i >= 0; i--) {
b[i] = (byte) (addr & 0xFF);
addr = addr >> 8;
}
return InetAddress.getByAddress(b);
} catch (UnknownHostException ignore) {
return null;
}
}
public static InetAddress minus1(InetAddress addr) {
return long2inet(inet2long(addr) - 1);
}
public static InetAddress plus1(InetAddress addr) {
return long2inet(inet2long(addr) + 1);
}
public static class CIDR implements Comparable<CIDR> {
public InetAddress address;
public int prefix;
public CIDR(InetAddress address, int prefix) {
this.address = address;
this.prefix = prefix;
}
public CIDR(String ip, int prefix) {
try {
this.address = InetAddress.getByName(ip);
this.prefix = prefix;
} catch (UnknownHostException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public InetAddress getStart() {
return long2inet(inet2long(this.address) & prefix2mask(this.prefix));
}
public InetAddress getEnd() {
return long2inet((inet2long(this.address) & prefix2mask(this.prefix)) + (1L << (32 - this.prefix)) - 1);
}
@Override
public String toString() {
return address.getHostAddress() + "/" + prefix + "=" + getStart().getHostAddress() + "..." + getEnd().getHostAddress();
}
@Override
public int compareTo(@NonNull CIDR other) {
Long lcidr = IPUtil.inet2long(this.address);
Long lother = IPUtil.inet2long(other.address);
return lcidr.compareTo(lother);
}
}
}

42
NetGuard/app/src/main/java/eu/faircode/netguard/Packet.java
View File

@ -1,42 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Packet {
public long time;
public int version;
public int protocol;
public String flags;
public String saddr;
public int sport;
public String daddr;
public int dport;
public String data;
public int uid;
public boolean allowed;
public Packet() {
}
@Override
public String toString() {
return "uid=" + uid + " v" + version + " p" + protocol + " " + daddr + "/" + dport;
}
}

132
NetGuard/app/src/main/java/eu/faircode/netguard/ReceiverAutostart.java
View File

@ -1,132 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Map;
public class ReceiverAutostart extends BroadcastReceiver {
private static final String TAG = "NetGuard.Receiver";
@Override
public void onReceive(final Context context, Intent intent) {
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
String action = (intent == null ? null : intent.getAction());
if (Intent.ACTION_BOOT_COMPLETED.equals(action) || Intent.ACTION_MY_PACKAGE_REPLACED.equals(action))
try {
// Upgrade settings
upgrade(true, context);
// Start service
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
if (prefs.getBoolean("enabled", false))
ServiceSinkhole.start("receiver", context);
else if (prefs.getBoolean("show_stats", false))
ServiceSinkhole.run("receiver", context);
if (Util.isInteractive(context))
ServiceSinkhole.reloadStats("receiver", context);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void upgrade(boolean initialized, Context context) {
synchronized (context.getApplicationContext()) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
int oldVersion = prefs.getInt("version", -1);
int newVersion = Util.getSelfVersionCode(context);
if (oldVersion == newVersion)
return;
Log.i(TAG, "Upgrading from version " + oldVersion + " to " + newVersion);
SharedPreferences.Editor editor = prefs.edit();
if (initialized) {
if (oldVersion < 38) {
Log.i(TAG, "Converting screen wifi/mobile");
editor.putBoolean("screen_wifi", prefs.getBoolean("unused", false));
editor.putBoolean("screen_other", prefs.getBoolean("unused", false));
editor.remove("unused");
SharedPreferences unused = context.getSharedPreferences("unused", Context.MODE_PRIVATE);
SharedPreferences screen_wifi = context.getSharedPreferences("screen_wifi", Context.MODE_PRIVATE);
SharedPreferences screen_other = context.getSharedPreferences("screen_other", Context.MODE_PRIVATE);
Map<String, ?> punused = unused.getAll();
SharedPreferences.Editor edit_screen_wifi = screen_wifi.edit();
SharedPreferences.Editor edit_screen_other = screen_other.edit();
for (String key : punused.keySet()) {
edit_screen_wifi.putBoolean(key, (Boolean) punused.get(key));
edit_screen_other.putBoolean(key, (Boolean) punused.get(key));
}
edit_screen_wifi.apply();
edit_screen_other.apply();
} else if (oldVersion <= 2017032112)
editor.remove("ip6");
} else {
Log.i(TAG, "Initializing sdk=" + Build.VERSION.SDK_INT);
editor.putBoolean("filter_udp", true);
editor.putBoolean("whitelist_wifi", false);
editor.putBoolean("whitelist_other", false);
if (Build.VERSION.SDK_INT == Build.VERSION_CODES.LOLLIPOP)
editor.putBoolean("filter", true); // Optional
}
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP)
editor.putBoolean("filter", true); // Mandatory
if (!Util.canFilter(context)) {
editor.putBoolean("log_app", false);
editor.putBoolean("filter", false);
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
editor.remove("show_top");
if ("data".equals(prefs.getString("sort", "name")))
editor.remove("sort");
}
if (Util.isPlayStoreInstall(context)) {
editor.remove("update_check");
editor.remove("use_hosts");
editor.remove("hosts_url");
}
if (!Util.isDebuggable(context))
editor.remove("loglevel");
editor.putInt("version", newVersion);
editor.apply();
}
}
}

50
NetGuard/app/src/main/java/eu/faircode/netguard/ReceiverPackageRemoved.java
View File

@ -1,50 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
import androidx.core.app.NotificationManagerCompat;
public class ReceiverPackageRemoved extends BroadcastReceiver {
private static final String TAG = "NetGuard.Receiver";
@Override
public void onReceive(final Context context, Intent intent) {
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
String action = (intent == null ? null : intent.getAction());
if (Intent.ACTION_PACKAGE_FULLY_REMOVED.equals(action)) {
int uid = intent.getIntExtra(Intent.EXTRA_UID, 0);
if (uid > 0) {
DatabaseHelper dh = DatabaseHelper.getInstance(context);
dh.clearLog(uid);
dh.clearAccess(uid, false);
NotificationManagerCompat.from(context).cancel(uid); // installed notification
NotificationManagerCompat.from(context).cancel(uid + 10000); // access notification
}
}
}
}

47
NetGuard/app/src/main/java/eu/faircode/netguard/ResourceRecord.java
View File

@ -1,47 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ResourceRecord {
public long Time;
public String QName;
public String AName;
public String Resource;
public int TTL;
private static DateFormat formatter = SimpleDateFormat.getDateTimeInstance();
public ResourceRecord() {
}
@Override
public String toString() {
return formatter.format(new Date(Time).getTime()) +
" Q " + QName +
" A " + AName +
" R " + Resource +
" TTL " + TTL +
" " + formatter.format(new Date(Time + TTL * 1000L).getTime());
}
}

453
NetGuard/app/src/main/java/eu/faircode/netguard/Rule.java
View File

@ -1,453 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.res.XmlResourceParser;
import android.database.Cursor;
import android.os.Build;
import android.os.Process;
import android.util.Log;
import androidx.preference.PreferenceManager;
import org.xmlpull.v1.XmlPullParser;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
public class Rule {
private static final String TAG = "NetGuard.Rule";
public int uid;
public String packageName;
public int icon;
public String name;
public String version;
public boolean system;
public boolean internet;
public boolean enabled;
public boolean pkg = true;
public boolean wifi_default = false;
public boolean other_default = false;
public boolean screen_wifi_default = false;
public boolean screen_other_default = false;
public boolean roaming_default = false;
public boolean wifi_blocked = false;
public boolean other_blocked = false;
public boolean screen_wifi = false;
public boolean screen_other = false;
public boolean roaming = false;
public boolean lockdown = false;
public boolean apply = true;
public boolean notify = true;
public boolean relateduids = false;
public String[] related = null;
public long hosts;
public boolean changed;
public boolean expanded = false;
private static List<PackageInfo> cachePackageInfo = null;
private static Map<PackageInfo, String> cacheLabel = new HashMap<>();
private static Map<String, Boolean> cacheSystem = new HashMap<>();
private static Map<String, Boolean> cacheInternet = new HashMap<>();
private static Map<PackageInfo, Boolean> cacheEnabled = new HashMap<>();
private static List<PackageInfo> getPackages(Context context) {
if (cachePackageInfo == null) {
PackageManager pm = context.getPackageManager();
cachePackageInfo = pm.getInstalledPackages(0);
}
return new ArrayList<>(cachePackageInfo);
}
private static String getLabel(PackageInfo info, Context context) {
if (!cacheLabel.containsKey(info)) {
PackageManager pm = context.getPackageManager();
cacheLabel.put(info, info.applicationInfo.loadLabel(pm).toString());
}
return cacheLabel.get(info);
}
private static boolean isSystem(String packageName, Context context) {
if (!cacheSystem.containsKey(packageName))
cacheSystem.put(packageName, Util.isSystem(packageName, context));
return cacheSystem.get(packageName);
}
private static boolean hasInternet(String packageName, Context context) {
if (!cacheInternet.containsKey(packageName))
cacheInternet.put(packageName, Util.hasInternet(packageName, context));
return cacheInternet.get(packageName);
}
private static boolean isEnabled(PackageInfo info, Context context) {
if (!cacheEnabled.containsKey(info))
cacheEnabled.put(info, Util.isEnabled(info, context));
return cacheEnabled.get(info);
}
public static void clearCache(Context context) {
Log.i(TAG, "Clearing cache");
synchronized (context.getApplicationContext()) {
cachePackageInfo = null;
cacheLabel.clear();
cacheSystem.clear();
cacheInternet.clear();
cacheEnabled.clear();
}
DatabaseHelper dh = DatabaseHelper.getInstance(context);
dh.clearApps();
}
private Rule(DatabaseHelper dh, PackageInfo info, Context context) {
this.uid = info.applicationInfo.uid;
this.packageName = info.packageName;
this.icon = info.applicationInfo.icon;
this.version = info.versionName;
if (info.applicationInfo.uid == 0) {
this.name = context.getString(R.string.title_root);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1013) {
this.name = context.getString(R.string.title_mediaserver);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1020) {
this.name = "MulticastDNSResponder";
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1021) {
this.name = context.getString(R.string.title_gpsdaemon);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 1051) {
this.name = context.getString(R.string.title_dnsdaemon);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else if (info.applicationInfo.uid == 9999) {
this.name = context.getString(R.string.title_nobody);
this.system = true;
this.internet = true;
this.enabled = true;
this.pkg = false;
} else {
Cursor cursor = null;
try {
cursor = dh.getApp(this.packageName);
if (cursor.moveToNext()) {
this.name = cursor.getString(cursor.getColumnIndex("label"));
this.system = cursor.getInt(cursor.getColumnIndex("system")) > 0;
this.internet = cursor.getInt(cursor.getColumnIndex("internet")) > 0;
this.enabled = cursor.getInt(cursor.getColumnIndex("enabled")) > 0;
} else {
this.name = getLabel(info, context);
this.system = isSystem(info.packageName, context);
this.internet = hasInternet(info.packageName, context);
this.enabled = isEnabled(info, context);
dh.addApp(this.packageName, this.name, this.system, this.internet, this.enabled);
}
} finally {
if (cursor != null)
cursor.close();
}
}
}
public static List<Rule> getRules(final boolean all, Context context) {
synchronized (context.getApplicationContext()) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
SharedPreferences wifi = context.getSharedPreferences("wifi", Context.MODE_PRIVATE);
SharedPreferences other = context.getSharedPreferences("other", Context.MODE_PRIVATE);
SharedPreferences screen_wifi = context.getSharedPreferences("screen_wifi", Context.MODE_PRIVATE);
SharedPreferences screen_other = context.getSharedPreferences("screen_other", Context.MODE_PRIVATE);
SharedPreferences roaming = context.getSharedPreferences("roaming", Context.MODE_PRIVATE);
SharedPreferences lockdown = context.getSharedPreferences("lockdown", Context.MODE_PRIVATE);
SharedPreferences apply = context.getSharedPreferences("apply", Context.MODE_PRIVATE);
SharedPreferences notify = context.getSharedPreferences("notify", Context.MODE_PRIVATE);
// Get settings
boolean default_wifi = prefs.getBoolean("whitelist_wifi", true);
boolean default_other = prefs.getBoolean("whitelist_other", true);
boolean default_screen_wifi = prefs.getBoolean("screen_wifi", false);
boolean default_screen_other = prefs.getBoolean("screen_other", false);
boolean default_roaming = prefs.getBoolean("whitelist_roaming", true);
boolean manage_system = prefs.getBoolean("manage_system", false);
boolean screen_on = prefs.getBoolean("screen_on", true);
boolean show_user = prefs.getBoolean("show_user", true);
boolean show_system = prefs.getBoolean("show_system", false);
boolean show_nointernet = prefs.getBoolean("show_nointernet", true);
boolean show_disabled = prefs.getBoolean("show_disabled", true);
default_screen_wifi = default_screen_wifi && screen_on;
default_screen_other = default_screen_other && screen_on;
// Get predefined rules
Map<String, Boolean> pre_wifi_blocked = new HashMap<>();
Map<String, Boolean> pre_other_blocked = new HashMap<>();
Map<String, Boolean> pre_roaming = new HashMap<>();
Map<String, String[]> pre_related = new HashMap<>();
Map<String, Boolean> pre_system = new HashMap<>();
try {
XmlResourceParser xml = context.getResources().getXml(R.xml.predefined);
int eventType = xml.getEventType();
while (eventType != XmlPullParser.END_DOCUMENT) {
if (eventType == XmlPullParser.START_TAG)
if ("wifi".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean pblocked = xml.getAttributeBooleanValue(null, "blocked", false);
pre_wifi_blocked.put(pkg, pblocked);
} else if ("other".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean pblocked = xml.getAttributeBooleanValue(null, "blocked", false);
boolean proaming = xml.getAttributeBooleanValue(null, "roaming", default_roaming);
pre_other_blocked.put(pkg, pblocked);
pre_roaming.put(pkg, proaming);
} else if ("relation".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
String[] rel = xml.getAttributeValue(null, "related").split(",");
pre_related.put(pkg, rel);
} else if ("type".equals(xml.getName())) {
String pkg = xml.getAttributeValue(null, "package");
boolean system = xml.getAttributeBooleanValue(null, "system", true);
pre_system.put(pkg, system);
}
eventType = xml.next();
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Build rule list
List<Rule> listRules = new ArrayList<>();
List<PackageInfo> listPI = getPackages(context);
int userId = Process.myUid() / 100000;
// Add root
PackageInfo root = new PackageInfo();
root.packageName = "root";
root.versionCode = Build.VERSION.SDK_INT;
root.versionName = Build.VERSION.RELEASE;
root.applicationInfo = new ApplicationInfo();
root.applicationInfo.uid = 0;
root.applicationInfo.icon = 0;
listPI.add(root);
// Add mediaserver
PackageInfo media = new PackageInfo();
media.packageName = "android.media";
media.versionCode = Build.VERSION.SDK_INT;
media.versionName = Build.VERSION.RELEASE;
media.applicationInfo = new ApplicationInfo();
media.applicationInfo.uid = 1013 + userId * 100000;
media.applicationInfo.icon = 0;
listPI.add(media);
// MulticastDNSResponder
PackageInfo mdr = new PackageInfo();
mdr.packageName = "android.multicast";
mdr.versionCode = Build.VERSION.SDK_INT;
mdr.versionName = Build.VERSION.RELEASE;
mdr.applicationInfo = new ApplicationInfo();
mdr.applicationInfo.uid = 1020 + userId * 100000;
mdr.applicationInfo.icon = 0;
listPI.add(mdr);
// Add GPS daemon
PackageInfo gps = new PackageInfo();
gps.packageName = "android.gps";
gps.versionCode = Build.VERSION.SDK_INT;
gps.versionName = Build.VERSION.RELEASE;
gps.applicationInfo = new ApplicationInfo();
gps.applicationInfo.uid = 1021 + userId * 100000;
gps.applicationInfo.icon = 0;
listPI.add(gps);
// Add DNS daemon
PackageInfo dns = new PackageInfo();
dns.packageName = "android.dns";
dns.versionCode = Build.VERSION.SDK_INT;
dns.versionName = Build.VERSION.RELEASE;
dns.applicationInfo = new ApplicationInfo();
dns.applicationInfo.uid = 1051 + userId * 100000;
dns.applicationInfo.icon = 0;
listPI.add(dns);
// Add nobody
PackageInfo nobody = new PackageInfo();
nobody.packageName = "nobody";
nobody.versionCode = Build.VERSION.SDK_INT;
nobody.versionName = Build.VERSION.RELEASE;
nobody.applicationInfo = new ApplicationInfo();
nobody.applicationInfo.uid = 9999;
nobody.applicationInfo.icon = 0;
listPI.add(nobody);
DatabaseHelper dh = DatabaseHelper.getInstance(context);
for (PackageInfo info : listPI)
try {
// Skip self
if (info.applicationInfo.uid == Process.myUid())
continue;
Rule rule = new Rule(dh, info, context);
if (pre_system.containsKey(info.packageName))
rule.system = pre_system.get(info.packageName);
if (info.applicationInfo.uid == Process.myUid())
rule.system = true;
if (all ||
((rule.system ? show_system : show_user) &&
(show_nointernet || rule.internet) &&
(show_disabled || rule.enabled))) {
rule.wifi_default = (pre_wifi_blocked.containsKey(info.packageName) ? pre_wifi_blocked.get(info.packageName) : default_wifi);
rule.other_default = (pre_other_blocked.containsKey(info.packageName) ? pre_other_blocked.get(info.packageName) : default_other);
rule.screen_wifi_default = default_screen_wifi;
rule.screen_other_default = default_screen_other;
rule.roaming_default = (pre_roaming.containsKey(info.packageName) ? pre_roaming.get(info.packageName) : default_roaming);
rule.wifi_blocked = (!(rule.system && !manage_system) && wifi.getBoolean(info.packageName, rule.wifi_default));
rule.other_blocked = (!(rule.system && !manage_system) && other.getBoolean(info.packageName, rule.other_default));
rule.screen_wifi = screen_wifi.getBoolean(info.packageName, rule.screen_wifi_default) && screen_on;
rule.screen_other = screen_other.getBoolean(info.packageName, rule.screen_other_default) && screen_on;
rule.roaming = roaming.getBoolean(info.packageName, rule.roaming_default);
rule.lockdown = lockdown.getBoolean(info.packageName, false);
rule.apply = apply.getBoolean(info.packageName, true);
rule.notify = notify.getBoolean(info.packageName, true);
// Related packages
List<String> listPkg = new ArrayList<>();
if (pre_related.containsKey(info.packageName))
listPkg.addAll(Arrays.asList(pre_related.get(info.packageName)));
for (PackageInfo pi : listPI)
if (pi.applicationInfo.uid == rule.uid && !pi.packageName.equals(rule.packageName)) {
rule.relateduids = true;
listPkg.add(pi.packageName);
}
rule.related = listPkg.toArray(new String[0]);
rule.hosts = dh.getHostCount(rule.uid, true);
rule.updateChanged(default_wifi, default_other, default_roaming);
listRules.add(rule);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
// Sort rule list
final Collator collator = Collator.getInstance(Locale.getDefault());
collator.setStrength(Collator.SECONDARY); // Case insensitive, process accents etc
String sort = prefs.getString("sort", "name");
if ("uid".equals(sort))
Collections.sort(listRules, new Comparator<Rule>() {
@Override
public int compare(Rule rule, Rule other) {
if (rule.uid < other.uid)
return -1;
else if (rule.uid > other.uid)
return 1;
else {
int i = collator.compare(rule.name, other.name);
return (i == 0 ? rule.packageName.compareTo(other.packageName) : i);
}
}
});
else
Collections.sort(listRules, new Comparator<Rule>() {
@Override
public int compare(Rule rule, Rule other) {
if (all || rule.changed == other.changed) {
int i = collator.compare(rule.name, other.name);
return (i == 0 ? rule.packageName.compareTo(other.packageName) : i);
}
return (rule.changed ? -1 : 1);
}
});
return listRules;
}
}
private void updateChanged(boolean default_wifi, boolean default_other, boolean default_roaming) {
changed = (wifi_blocked != default_wifi ||
(other_blocked != default_other) ||
(wifi_blocked && screen_wifi != screen_wifi_default) ||
(other_blocked && screen_other != screen_other_default) ||
((!other_blocked || screen_other) && roaming != default_roaming) ||
hosts > 0 || lockdown || !apply);
}
public void updateChanged(Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean screen_on = prefs.getBoolean("screen_on", false);
boolean default_wifi = prefs.getBoolean("whitelist_wifi", true) && screen_on;
boolean default_other = prefs.getBoolean("whitelist_other", true) && screen_on;
boolean default_roaming = prefs.getBoolean("whitelist_roaming", true);
updateChanged(default_wifi, default_other, default_roaming);
}
@Override
public String toString() {
// This is used in the port forwarding dialog application selector
return this.name;
}
}

146
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceExternal.java
View File

@ -1,146 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.IntentService;
import android.app.Notification;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import androidx.core.app.NotificationCompat;
import androidx.preference.PreferenceManager;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.text.SimpleDateFormat;
import java.util.Date;
public class ServiceExternal extends IntentService {
private static final String TAG = "NetGuard.External";
private static final String ACTION_DOWNLOAD_HOSTS_FILE = "eu.faircode.netguard.DOWNLOAD_HOSTS_FILE";
// am startservice -a eu.faircode.netguard.DOWNLOAD_HOSTS_FILE
public ServiceExternal() {
super(TAG);
}
@Override
protected void onHandleIntent(Intent intent) {
try {
startForeground(ServiceSinkhole.NOTIFY_EXTERNAL, getForegroundNotification(this));
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
if (ACTION_DOWNLOAD_HOSTS_FILE.equals(intent.getAction())) {
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
String hosts_url = prefs.getString("hosts_url", null);
if ("https://www.netguard.me/hosts".equals(hosts_url))
hosts_url = BuildConfig.HOSTS_FILE_URI;
File tmp = new File(getFilesDir(), "hosts.tmp");
File hosts = new File(getFilesDir(), "hosts.txt");
InputStream in = null;
OutputStream out = null;
URLConnection connection = null;
try {
URL url = new URL(hosts_url);
connection = url.openConnection();
connection.connect();
if (connection instanceof HttpURLConnection) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK)
throw new IOException(httpConnection.getResponseCode() + " " + httpConnection.getResponseMessage());
}
int contentLength = connection.getContentLength();
Log.i(TAG, "Content length=" + contentLength);
in = connection.getInputStream();
out = new FileOutputStream(tmp);
long size = 0;
byte buffer[] = new byte[4096];
int bytes;
while ((bytes = in.read(buffer)) != -1) {
out.write(buffer, 0, bytes);
size += bytes;
}
Log.i(TAG, "Downloaded size=" + size);
if (hosts.exists())
hosts.delete();
tmp.renameTo(hosts);
String last = SimpleDateFormat.getDateTimeInstance().format(new Date().getTime());
prefs.edit().putString("hosts_last_download", last).apply();
ServiceSinkhole.reload("hosts file download", this, false);
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
if (tmp.exists())
tmp.delete();
} finally {
try {
if (out != null)
out.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
try {
if (in != null)
in.close();
} catch (IOException ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
if (connection instanceof HttpURLConnection)
((HttpURLConnection) connection).disconnect();
}
}
} finally {
stopForeground(true);
}
}
private static Notification getForegroundNotification(Context context) {
NotificationCompat.Builder builder = new NotificationCompat.Builder(context, "foreground");
builder.setSmallIcon(R.drawable.ic_hourglass_empty_white_24dp);
builder.setPriority(NotificationCompat.PRIORITY_MIN);
builder.setCategory(NotificationCompat.CATEGORY_STATUS);
builder.setVisibility(NotificationCompat.VISIBILITY_PUBLIC);
builder.setContentTitle(context.getString(R.string.app_name));
return builder.build();
}
}

3331
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java
File diff suppressed because it is too large
View File

81
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileFilter.java
View File

@ -1,81 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import android.widget.Toast;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileFilter extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileFilter";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("filter".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean filter = prefs.getBoolean("filter", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(filter ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, filter ? R.drawable.ic_filter_list_white_24dp : R.drawable.ic_filter_list_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
if (Util.canFilter(this)) {
if (IAB.isPurchased(ActivityPro.SKU_FILTER, this)) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.edit().putBoolean("filter", !prefs.getBoolean("filter", false)).apply();
ServiceSinkhole.reload("tile", this, false);
} else
Toast.makeText(this, R.string.title_pro_feature, Toast.LENGTH_SHORT).show();
} else
Toast.makeText(this, R.string.msg_unavailable, Toast.LENGTH_SHORT).show();
}
}

80
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileGraph.java
View File

@ -1,80 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import android.widget.Toast;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileGraph extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileGraph";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("show_stats".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean stats = prefs.getBoolean("show_stats", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(stats ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, stats ? R.drawable.ic_equalizer_white_24dp : R.drawable.ic_equalizer_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
// Check state
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean stats = !prefs.getBoolean("show_stats", false);
if (stats && !IAB.isPurchased(ActivityPro.SKU_SPEED, this))
Toast.makeText(this, R.string.title_pro_feature, Toast.LENGTH_SHORT).show();
else
prefs.edit().putBoolean("show_stats", stats).apply();
ServiceSinkhole.reloadStats("tile", this);
}
}

75
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileLockdown.java
View File

@ -1,75 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import androidx.preference.PreferenceManager;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileLockdown extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileLockdown";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("lockdown".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean lockdown = prefs.getBoolean("lockdown", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(lockdown ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, lockdown ? R.drawable.ic_lock_outline_white_24dp : R.drawable.ic_lock_outline_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.edit().putBoolean("lockdown", !prefs.getBoolean("lockdown", false)).apply();
ServiceSinkhole.reload("tile", this, false);
WidgetLockdown.updateWidgets(this);
}
}

103
NetGuard/app/src/main/java/eu/faircode/netguard/ServiceTileMain.java
View File

@ -1,103 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.annotation.TargetApi;
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.graphics.drawable.Icon;
import android.os.Build;
import android.service.quicksettings.Tile;
import android.service.quicksettings.TileService;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Date;
@TargetApi(Build.VERSION_CODES.N)
public class ServiceTileMain extends TileService implements SharedPreferences.OnSharedPreferenceChangeListener {
private static final String TAG = "NetGuard.TileMain";
public void onStartListening() {
Log.i(TAG, "Start listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.registerOnSharedPreferenceChangeListener(this);
update();
}
@Override
public void onSharedPreferenceChanged(SharedPreferences prefs, String key) {
if ("enabled".equals(key))
update();
}
private void update() {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean enabled = prefs.getBoolean("enabled", false);
Tile tile = getQsTile();
if (tile != null) {
tile.setState(enabled ? Tile.STATE_ACTIVE : Tile.STATE_INACTIVE);
tile.setIcon(Icon.createWithResource(this, enabled ? R.drawable.ic_security_white_24dp : R.drawable.ic_security_white_24dp_60));
tile.updateTile();
}
}
public void onStopListening() {
Log.i(TAG, "Stop listening");
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.unregisterOnSharedPreferenceChangeListener(this);
}
public void onClick() {
Log.i(TAG, "Click");
// Cancel set alarm
AlarmManager am = (AlarmManager) getSystemService(Context.ALARM_SERVICE);
Intent intent = new Intent(WidgetAdmin.INTENT_ON);
intent.setPackage(getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(this, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
am.cancel(pi);
// Check state
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean enabled = !prefs.getBoolean("enabled", false);
prefs.edit().putBoolean("enabled", enabled).apply();
if (enabled)
ServiceSinkhole.start("tile", this);
else {
ServiceSinkhole.stop("tile", this, false);
// Auto enable
int auto = Integer.parseInt(prefs.getString("auto_enable", "0"));
if (auto > 0) {
Log.i(TAG, "Scheduling enabled after minutes=" + auto);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
am.set(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
else
am.setAndAllowWhileIdle(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
}
}
}
}

39
NetGuard/app/src/main/java/eu/faircode/netguard/SwitchPreference.java
View File

@ -1,39 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.content.Context;
import android.util.AttributeSet;
// https://code.google.com/p/android/issues/detail?id=26194
public class SwitchPreference extends android.preference.SwitchPreference {
public SwitchPreference(Context context) {
this(context, null);
}
public SwitchPreference(Context context, AttributeSet attrs) {
this(context, attrs, android.R.attr.switchPreferenceStyle);
}
public SwitchPreference(Context context, AttributeSet attrs, int defStyle) {
super(context, attrs, defStyle);
}
}

46
NetGuard/app/src/main/java/eu/faircode/netguard/Usage.java
View File

@ -1,46 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
public class Usage {
public long Time;
public int Version;
public int Protocol;
public String DAddr;
public int DPort;
public int Uid;
public long Sent;
public long Received;
private static DateFormat formatter = SimpleDateFormat.getDateTimeInstance();
@Override
public String toString() {
return formatter.format(new Date(Time).getTime()) +
" v" + Version + " p" + Protocol +
" " + DAddr + "/" + DPort +
" uid " + Uid +
" out " + Sent + " in " + Received;
}
}

1075
NetGuard/app/src/main/java/eu/faircode/netguard/Util.java
File diff suppressed because it is too large
View File

50
NetGuard/app/src/main/java/eu/faircode/netguard/Version.java
View File

@ -1,50 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
public class Version implements Comparable<Version> {
private String version;
public Version(String version) {
this.version = version.replace("-beta", "");
}
@Override
public int compareTo(Version other) {
String[] lhs = this.version.split("\\.");
String[] rhs = other.version.split("\\.");
int length = Math.max(lhs.length, rhs.length);
for (int i = 0; i < length; i++) {
int vLhs = (i < lhs.length ? Integer.parseInt(lhs[i]) : 0);
int vRhs = (i < rhs.length ? Integer.parseInt(rhs[i]) : 0);
if (vLhs < vRhs)
return -1;
if (vLhs > vRhs)
return 1;
}
return 0;
}
@Override
public String toString() {
return version;
}
}

99
NetGuard/app/src/main/java/eu/faircode/netguard/WidgetAdmin.java
View File

@ -1,99 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.AlarmManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.VibrationEffect;
import android.os.Vibrator;
import android.util.Log;
import androidx.preference.PreferenceManager;
import java.util.Date;
public class WidgetAdmin extends ReceiverAutostart {
private static final String TAG = "NetGuard.Widget";
public static final String INTENT_ON = "eu.faircode.netguard.ON";
public static final String INTENT_OFF = "eu.faircode.netguard.OFF";
public static final String INTENT_LOCKDOWN_ON = "eu.faircode.netguard.LOCKDOWN_ON";
public static final String INTENT_LOCKDOWN_OFF = "eu.faircode.netguard.LOCKDOWN_OFF";
@Override
public void onReceive(Context context, Intent intent) {
super.onReceive(context, intent);
Log.i(TAG, "Received " + intent);
Util.logExtras(intent);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
// Cancel set alarm
AlarmManager am = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
Intent i = new Intent(INTENT_ON);
i.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, i, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
if (INTENT_ON.equals(intent.getAction()) || INTENT_OFF.equals(intent.getAction()))
am.cancel(pi);
// Vibrate
Vibrator vs = (Vibrator) context.getSystemService(Context.VIBRATOR_SERVICE);
if (vs.hasVibrator())
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O)
vs.vibrate(VibrationEffect.createOneShot(50, VibrationEffect.DEFAULT_AMPLITUDE));
else
vs.vibrate(50);
try {
if (INTENT_ON.equals(intent.getAction()) || INTENT_OFF.equals(intent.getAction())) {
boolean enabled = INTENT_ON.equals(intent.getAction());
prefs.edit().putBoolean("enabled", enabled).apply();
if (enabled)
ServiceSinkhole.start("widget", context);
else
ServiceSinkhole.stop("widget", context, false);
// Auto enable
int auto = Integer.parseInt(prefs.getString("auto_enable", "0"));
if (!enabled && auto > 0) {
Log.i(TAG, "Scheduling enabled after minutes=" + auto);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M)
am.set(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
else
am.setAndAllowWhileIdle(AlarmManager.RTC_WAKEUP, new Date().getTime() + auto * 60 * 1000L, pi);
}
} else if (INTENT_LOCKDOWN_ON.equals(intent.getAction()) || INTENT_LOCKDOWN_OFF.equals(intent.getAction())) {
boolean lockdown = INTENT_LOCKDOWN_ON.equals(intent.getAction());
prefs.edit().putBoolean("lockdown", lockdown).apply();
ServiceSinkhole.reload("widget", context, false);
WidgetLockdown.updateWidgets(context);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
}

70
NetGuard/app/src/main/java/eu/faircode/netguard/WidgetLockdown.java
View File

@ -1,70 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.appwidget.AppWidgetManager;
import android.appwidget.AppWidgetProvider;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import android.widget.RemoteViews;
import androidx.preference.PreferenceManager;
public class WidgetLockdown extends AppWidgetProvider {
private static final String TAG = "NetGuard.WidgetLock";
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
update(appWidgetIds, appWidgetManager, context);
}
private static void update(int[] appWidgetIds, AppWidgetManager appWidgetManager, Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean lockdown = prefs.getBoolean("lockdown", false);
try {
try {
Intent intent = new Intent(lockdown ? WidgetAdmin.INTENT_LOCKDOWN_OFF : WidgetAdmin.INTENT_LOCKDOWN_ON);
intent.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
for (int id : appWidgetIds) {
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.widgetlockdown);
views.setOnClickPendingIntent(R.id.ivEnabled, pi);
views.setImageViewResource(R.id.ivEnabled, lockdown ? R.drawable.ic_lock_outline_white_24dp : R.drawable.ic_lock_open_white_24dp);
appWidgetManager.updateAppWidget(id, views);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void updateWidgets(Context context) {
AppWidgetManager appWidgetManager = AppWidgetManager.getInstance(context);
int appWidgetIds[] = AppWidgetManager.getInstance(context).getAppWidgetIds(new ComponentName(context, WidgetLockdown.class));
update(appWidgetIds, appWidgetManager, context);
}
}

70
NetGuard/app/src/main/java/eu/faircode/netguard/WidgetMain.java
View File

@ -1,70 +0,0 @@
package eu.faircode.netguard;
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
import android.app.PendingIntent;
import android.appwidget.AppWidgetManager;
import android.appwidget.AppWidgetProvider;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.util.Log;
import android.widget.RemoteViews;
import androidx.preference.PreferenceManager;
public class WidgetMain extends AppWidgetProvider {
private static final String TAG = "NetGuard.Widget";
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
update(appWidgetIds, appWidgetManager, context);
}
private static void update(int[] appWidgetIds, AppWidgetManager appWidgetManager, Context context) {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean enabled = prefs.getBoolean("enabled", false);
try {
try {
Intent intent = new Intent(enabled ? WidgetAdmin.INTENT_OFF : WidgetAdmin.INTENT_ON);
intent.setPackage(context.getPackageName());
PendingIntent pi = PendingIntent.getBroadcast(context, 0, intent, PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE);
for (int id : appWidgetIds) {
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.widgetmain);
views.setOnClickPendingIntent(R.id.ivEnabled, pi);
views.setImageViewResource(R.id.ivEnabled, enabled ? R.drawable.ic_security_color_24dp : R.drawable.ic_security_white_24dp_60);
appWidgetManager.updateAppWidget(id, views);
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
} catch (Throwable ex) {
Log.e(TAG, ex.toString() + "\n" + Log.getStackTraceString(ex));
}
}
public static void updateWidgets(Context context) {
AppWidgetManager appWidgetManager = AppWidgetManager.getInstance(context);
int appWidgetIds[] = AppWidgetManager.getInstance(context).getAppWidgetIds(new ComponentName(context, WidgetMain.class));
update(appWidgetIds, appWidgetManager, context);
}
}

143
NetGuard/app/src/main/jni/netguard/dhcp.c
View File

@ -1,143 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int check_dhcp(const struct arguments *args, const struct udp_session *u,
const uint8_t *data, const size_t datalen) {
// This is untested
// Android routing of DHCP is erroneous
log_android(ANDROID_LOG_WARN, "DHCP check");
if (datalen < sizeof(struct dhcp_packet)) {
log_android(ANDROID_LOG_WARN, "DHCP packet size %d", datalen);
return -1;
}
const struct dhcp_packet *request = (struct dhcp_packet *) data;
if (ntohl(request->option_format) != DHCP_OPTION_MAGIC_NUMBER) {
log_android(ANDROID_LOG_WARN, "DHCP invalid magic %x", request->option_format);
return -1;
}
if (request->htype != 1 || request->hlen != 6) {
log_android(ANDROID_LOG_WARN, "DHCP unknown hardware htype %d hlen %d",
request->htype, request->hlen);
return -1;
}
log_android(ANDROID_LOG_WARN, "DHCP opcode", request->opcode);
// Discover: source 0.0.0.0:68 destination 255.255.255.255:67
// Offer: source 10.1.10.1:67 destination 255.255.255.255:68
// Request: source 0.0.0.0:68 destination 255.255.255.255:67
// Ack: source: 10.1.10.1 destination: 255.255.255.255
if (request->opcode == 1) { // Discover/request
struct dhcp_packet *response = ng_calloc(500, 1, "dhcp");
// Hack
inet_pton(AF_INET, "10.1.10.1", (void *) &u->saddr);
/*
Discover:
DHCP option 53: DHCP Discover
DHCP option 50: 192.168.1.100 requested
DHCP option 55: Parameter Request List:
Request Subnet Mask (1), Router (3), Domain Name (15), Domain Name Server (6)
Request
DHCP option 53: DHCP Request
DHCP option 50: 192.168.1.100 requested
DHCP option 54: 192.168.1.1 DHCP server.
*/
memcpy(response, request, sizeof(struct dhcp_packet));
response->opcode = (uint8_t) (request->siaddr == 0 ? 2 /* Offer */ : /* Ack */ 4);
response->secs = 0;
response->flags = 0;
memset(&response->ciaddr, 0, sizeof(response->ciaddr));
inet_pton(AF_INET, "10.1.10.2", &response->yiaddr);
inet_pton(AF_INET, "10.1.10.1", &response->siaddr);
memset(&response->giaddr, 0, sizeof(response->giaddr));
// https://tools.ietf.org/html/rfc2132
uint8_t *options = (uint8_t *) (response + sizeof(struct dhcp_packet));
int idx = 0;
*(options + idx++) = 53; // Message type
*(options + idx++) = 1;
*(options + idx++) = (uint8_t) (request->siaddr == 0 ? 2 : 5);
/*
1 DHCPDISCOVER
2 DHCPOFFER
3 DHCPREQUEST
4 DHCPDECLINE
5 DHCPACK
6 DHCPNAK
7 DHCPRELEASE
8 DHCPINFORM
*/
*(options + idx++) = 1; // subnet mask
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "255.255.255.0", options + idx);
idx += 4;
*(options + idx++) = 3; // gateway
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "10.1.10.1", options + idx);
idx += 4;
*(options + idx++) = 51; // lease time
*(options + idx++) = 4; // quad
*((uint32_t *) (options + idx)) = 3600;
idx += 4;
*(options + idx++) = 54; // DHCP
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "10.1.10.1", options + idx);
idx += 4;
*(options + idx++) = 6; // DNS
*(options + idx++) = 4; // IP4 length
inet_pton(AF_INET, "8.8.8.8", options + idx);
idx += 4;
*(options + idx++) = 255; // End
/*
DHCP option 53: DHCP Offer
DHCP option 1: 255.255.255.0 subnet mask
DHCP option 3: 192.168.1.1 router
DHCP option 51: 86400s (1 day) IP address lease time
DHCP option 54: 192.168.1.1 DHCP server
DHCP option 6: DNS servers 9.7.10.15
*/
write_udp(args, u, (uint8_t *) response, 500);
ng_free(response, __FILE__, __LINE__);
}
return 0;
}

239
NetGuard/app/src/main/jni/netguard/dns.c
View File

@ -1,239 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname) {
*qname = 0;
if (off >= datalen)
return -1;
uint16_t c = 0;
uint8_t noff = 0;
uint16_t ptr = off;
uint8_t len = *(data + ptr);
uint8_t count = 0;
while (len) {
if (count++ > 25)
break;
if (ptr + 1 < datalen && (len & 0xC0)) {
uint16_t jump = (uint16_t) ((len & 0x3F) * 256 + *(data + ptr + 1));
if (jump >= datalen) {
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
break;
}
ptr = jump;
len = *(data + ptr);
log_android(ANDROID_LOG_DEBUG, "DNS qname compression ptr %d len %d", ptr, len);
if (!c) {
c = 1;
off += 2;
}
} else if (ptr + 1 + len < datalen && noff + len <= DNS_QNAME_MAX) {
memcpy(qname + noff, data + ptr + 1, len);
*(qname + noff + len) = '.';
noff += (len + 1);
uint16_t jump = (uint16_t) (ptr + 1 + len);
if (jump >= datalen) {
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
break;
}
ptr = jump;
len = *(data + ptr);
} else
break;
}
ptr++;
if (len > 0 || noff == 0) {
log_android(ANDROID_LOG_ERROR, "DNS qname invalid len %d noff %d", len, noff);
return -1;
}
*(qname + noff - 1) = 0;
log_android(ANDROID_LOG_DEBUG, "qname %s", qname);
return (c ? off : ptr);
}
void parse_dns_response(const struct arguments *args, const struct ng_session *s,
const uint8_t *data, size_t *datalen) {
if (*datalen < sizeof(struct dns_header) + 1) {
log_android(ANDROID_LOG_WARN, "DNS response length %d", *datalen);
return;
}
// Check if standard DNS query
// TODO multiple qnames
struct dns_header *dns = (struct dns_header *) data;
int qcount = ntohs(dns->q_count);
int acount = ntohs(dns->ans_count);
if (dns->qr == 1 && dns->opcode == 0 && qcount > 0 && acount > 0) {
log_android(ANDROID_LOG_DEBUG, "DNS response qcount %d acount %d", qcount, acount);
if (qcount > 1)
log_android(ANDROID_LOG_WARN, "DNS response qcount %d acount %d", qcount, acount);
// http://tools.ietf.org/html/rfc1035
char name[DNS_QNAME_MAX + 1];
int32_t off = sizeof(struct dns_header);
uint16_t qtype;
uint16_t qclass;
char qname[DNS_QNAME_MAX + 1];
for (int q = 0; q < 1; q++) {
off = get_qname(data, *datalen, (uint16_t) off, name);
if (off > 0 && off + 4 <= *datalen) {
// TODO multiple qnames?
if (q == 0) {
strcpy(qname, name);
qtype = ntohs(*((uint16_t *) (data + off)));
qclass = ntohs(*((uint16_t *) (data + off + 2)));
log_android(ANDROID_LOG_DEBUG,
"DNS question %d qtype %d qclass %d qname %s",
q, qtype, qclass, qname);
}
off += 4;
} else {
log_android(ANDROID_LOG_WARN,
"DNS response Q invalid off %d datalen %d", off, *datalen);
return;
}
}
short svcb = 0;
int32_t aoff = off;
for (int a = 0; a < acount; a++) {
off = get_qname(data, *datalen, (uint16_t) off, name);
if (off > 0 && off + 10 <= *datalen) {
uint16_t qtype = ntohs(*((uint16_t *) (data + off)));
uint16_t qclass = ntohs(*((uint16_t *) (data + off + 2)));
uint32_t ttl = ntohl(*((uint32_t *) (data + off + 4)));
uint16_t rdlength = ntohs(*((uint16_t *) (data + off + 8)));
off += 10;
if (off + rdlength <= *datalen) {
if (qclass == DNS_QCLASS_IN &&
(qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA)) {
char rd[INET6_ADDRSTRLEN + 1];
if (qtype == DNS_QTYPE_A) {
if (off + sizeof(__be32) <= *datalen)
inet_ntop(AF_INET, data + off, rd, sizeof(rd));
else
return;
} else if (qclass == DNS_QCLASS_IN && qtype == DNS_QTYPE_AAAA) {
if (off + sizeof(struct in6_addr) <= *datalen)
inet_ntop(AF_INET6, data + off, rd, sizeof(rd));
else
return;
}
dns_resolved(args, qname, name, rd, ttl);
log_android(ANDROID_LOG_DEBUG,
"DNS answer %d qname %s qtype %d ttl %d data %s",
a, name, qtype, ttl, rd);
} else if (qclass == DNS_QCLASS_IN &&
(qtype == DNS_SVCB || qtype == DNS_HTTPS)) {
// https://tools.ietf.org/id/draft-ietf-dnsop-svcb-https-01.html
svcb = 1;
log_android(ANDROID_LOG_WARN,
"SVCB answer %d qname %s qtype %d", a, name, qtype);
} else
log_android(ANDROID_LOG_DEBUG,
"DNS answer %d qname %s qclass %d qtype %d ttl %d length %d",
a, name, qclass, qtype, ttl, rdlength);
off += rdlength;
} else {
log_android(ANDROID_LOG_WARN,
"DNS response A invalid off %d rdlength %d datalen %d",
off, rdlength, *datalen);
return;
}
} else {
log_android(ANDROID_LOG_WARN,
"DNS response A invalid off %d datalen %d", off, *datalen);
return;
}
}
if (qcount > 0 &&
(svcb || is_domain_blocked(args, qname))) {
dns->qr = 1;
dns->aa = 0;
dns->tc = 0;
dns->rd = 0;
dns->ra = 0;
dns->z = 0;
dns->ad = 0;
dns->cd = 0;
dns->rcode = (uint16_t) args->rcode;
dns->ans_count = 0;
dns->auth_count = 0;
dns->add_count = 0;
*datalen = aoff;
int version;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
uint16_t sport;
uint16_t dport;
if (s->protocol == IPPROTO_UDP) {
version = s->udp.version;
sport = ntohs(s->udp.source);
dport = ntohs(s->udp.dest);
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
} else {
version = s->tcp.version;
sport = ntohs(s->tcp.source);
dport = ntohs(s->tcp.dest);
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
}
// Log qname
char name[DNS_QNAME_MAX + 40 + 1];
sprintf(name, "qtype %d qname %s rcode %d", qtype, qname, dns->rcode);
jobject objPacket = create_packet(
args, version, s->protocol, "",
source, sport, dest, dport,
name, 0, 0);
log_packet(args, objPacket);
}
} else if (acount > 0)
log_android(ANDROID_LOG_WARN,
"DNS response qr %d opcode %d qcount %d acount %d",
dns->qr, dns->opcode, qcount, acount);
}

374
NetGuard/app/src/main/jni/netguard/icmp.c
View File

@ -1,374 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern FILE *pcap_file;
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions) {
int timeout = ICMP_TIMEOUT;
int scale = 100 - sessions * 100 / maxsessions;
timeout = timeout * scale / 100;
return timeout;
}
int check_icmp_session(const struct arguments *args, struct ng_session *s,
int sessions, int maxsessions) {
time_t now = time(NULL);
int timeout = get_icmp_timeout(&s->icmp, sessions, maxsessions);
if (s->icmp.stop || s->icmp.time + timeout < now) {
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (s->icmp.version == 4) {
inet_ntop(AF_INET, &s->icmp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->icmp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
}
log_android(ANDROID_LOG_WARN, "ICMP idle %d/%d sec stop %d from %s to %s",
now - s->icmp.time, timeout, s->icmp.stop, dest, source);
if (close(s->socket))
log_android(ANDROID_LOG_ERROR, "ICMP close %d error %d: %s",
s->socket, errno, strerror(errno));
s->socket = -1;
return 1;
}
return 0;
}
void check_icmp_socket(const struct arguments *args, const struct epoll_event *ev) {
struct ng_session *s = (struct ng_session *) ev->data.ptr;
// Check socket error
if (ev->events & EPOLLERR) {
s->icmp.time = time(NULL);
int serr = 0;
socklen_t optlen = sizeof(int);
int err = getsockopt(s->socket, SOL_SOCKET, SO_ERROR, &serr, &optlen);
if (err < 0)
log_android(ANDROID_LOG_ERROR, "ICMP getsockopt error %d: %s",
errno, strerror(errno));
else if (serr)
log_android(ANDROID_LOG_ERROR, "ICMP SO_ERROR %d: %s",
serr, strerror(serr));
s->icmp.stop = 1;
} else {
// Check socket read
if (ev->events & EPOLLIN) {
s->icmp.time = time(NULL);
uint16_t blen = (uint16_t) (s->icmp.version == 4 ? ICMP4_MAXMSG : ICMP6_MAXMSG);
uint8_t *buffer = ng_malloc(blen, "icmp socket");
ssize_t bytes = recv(s->socket, buffer, blen, 0);
if (bytes < 0) {
// Socket error
log_android(ANDROID_LOG_WARN, "ICMP recv error %d: %s",
errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN)
s->icmp.stop = 1;
} else if (bytes == 0) {
log_android(ANDROID_LOG_WARN, "ICMP recv eof");
s->icmp.stop = 1;
} else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->icmp.version == 4)
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
else
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
// cur->id should be equal to icmp->icmp_id
// but for some unexplained reason this is not the case
// some bits seems to be set extra
struct icmp *icmp = (struct icmp *) buffer;
log_android(
s->icmp.id == icmp->icmp_id ? ANDROID_LOG_INFO : ANDROID_LOG_WARN,
"ICMP recv bytes %d from %s for tun type %d code %d id %x/%x seq %d",
bytes, dest,
icmp->icmp_type, icmp->icmp_code,
s->icmp.id, icmp->icmp_id, icmp->icmp_seq);
// restore original ID
icmp->icmp_id = s->icmp.id;
uint16_t csum = 0;
if (s->icmp.version == 6) {
// Untested
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &s->icmp.daddr.ip6, 16);
memcpy(&pseudo.ip6ph_dst, &s->icmp.saddr.ip6, 16);
pseudo.ip6ph_len = bytes - sizeof(struct ip6_hdr);
pseudo.ip6ph_nxt = IPPROTO_ICMPV6;
csum = calc_checksum(
0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
icmp->icmp_cksum = 0;
icmp->icmp_cksum = ~calc_checksum(csum, buffer, (size_t) bytes);
// Forward to tun
if (write_icmp(args, &s->icmp, buffer, (size_t) bytes) < 0)
s->icmp.stop = 1;
}
ng_free(buffer, __FILE__, __LINE__);
}
}
}
jboolean handle_icmp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid,
const int epoll_fd) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
struct icmp *icmp = (struct icmp *) payload;
size_t icmplen = length - (payload - pkt);
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
if (icmp->icmp_type != ICMP_ECHO) {
log_android(ANDROID_LOG_WARN, "ICMP type %d code %d from %s to %s not supported",
icmp->icmp_type, icmp->icmp_code, source, dest);
return 0;
}
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!((cur->protocol == IPPROTO_ICMP || cur->protocol == IPPROTO_ICMPV6) &&
!cur->icmp.stop && cur->icmp.version == version &&
(version == 4 ? cur->icmp.saddr.ip4 == ip4->saddr &&
cur->icmp.daddr.ip4 == ip4->daddr
: memcmp(&cur->icmp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->icmp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
// Create new session if needed
if (cur == NULL) {
log_android(ANDROID_LOG_INFO, "ICMP new session from %s to %s", source, dest);
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "icmp session");
s->protocol = (uint8_t) (version == 4 ? IPPROTO_ICMP : IPPROTO_ICMPV6);
s->icmp.time = time(NULL);
s->icmp.uid = uid;
s->icmp.version = version;
if (version == 4) {
s->icmp.saddr.ip4 = (__be32) ip4->saddr;
s->icmp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->icmp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->icmp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->icmp.id = icmp->icmp_id; // store original ID
s->icmp.stop = 0;
s->next = NULL;
// Open UDP socket
s->socket = open_icmp_socket(args, &s->icmp);
if (s->socket < 0) {
ng_free(s, __FILE__, __LINE__);
return 0;
}
log_android(ANDROID_LOG_DEBUG, "ICMP socket %d id %x", s->socket, s->icmp.id);
// Monitor events
memset(&s->ev, 0, sizeof(struct epoll_event));
s->ev.events = EPOLLIN | EPOLLERR;
s->ev.data.ptr = s;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, s->socket, &s->ev))
log_android(ANDROID_LOG_ERROR, "epoll add icmp error %d: %s", errno, strerror(errno));
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
cur = s;
}
// Modify ID
// http://lwn.net/Articles/443051/
icmp->icmp_id = ~icmp->icmp_id;
uint16_t csum = 0;
if (version == 6) {
// Untested
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &ip6->ip6_dst, 16);
memcpy(&pseudo.ip6ph_dst, &ip6->ip6_src, 16);
pseudo.ip6ph_len = ip6->ip6_ctlun.ip6_un1.ip6_un1_plen;
pseudo.ip6ph_nxt = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
icmp->icmp_cksum = 0;
icmp->icmp_cksum = ~calc_checksum(csum, (uint8_t *) icmp, icmplen);
log_android(ANDROID_LOG_INFO,
"ICMP forward from tun %s to %s type %d code %d id %x seq %d data %d",
source, dest,
icmp->icmp_type, icmp->icmp_code, icmp->icmp_id, icmp->icmp_seq, icmplen);
cur->icmp.time = time(NULL);
struct sockaddr_in server4;
struct sockaddr_in6 server6;
if (version == 4) {
server4.sin_family = AF_INET;
server4.sin_addr.s_addr = (__be32) ip4->daddr;
server4.sin_port = 0;
} else {
server6.sin6_family = AF_INET6;
memcpy(&server6.sin6_addr, &ip6->ip6_dst, 16);
server6.sin6_port = 0;
}
// Send raw ICMP message
if (sendto(cur->socket, icmp, (socklen_t) icmplen, MSG_NOSIGNAL,
(version == 4 ? (const struct sockaddr *) &server4
: (const struct sockaddr *) &server6),
(socklen_t) (version == 4 ? sizeof(server4) : sizeof(server6))) != icmplen) {
log_android(ANDROID_LOG_ERROR, "ICMP sendto error %d: %s", errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN) {
cur->icmp.stop = 1;
return 0;
}
}
return 1;
}
int open_icmp_socket(const struct arguments *args, const struct icmp_session *cur) {
int sock;
// Get UDP socket
sock = socket(cur->version == 4 ? PF_INET : PF_INET6, SOCK_DGRAM, IPPROTO_ICMP);
if (sock < 0) {
log_android(ANDROID_LOG_ERROR, "ICMP socket error %d: %s", errno, strerror(errno));
return -1;
}
// Protect socket
if (protect_socket(args, sock) < 0)
return -1;
return sock;
}
ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
uint8_t *data, size_t datalen) {
size_t len;
u_int8_t *buffer;
struct icmp *icmp = (struct icmp *) data;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
// Build packet
if (cur->version == 4) {
len = sizeof(struct iphdr) + datalen;
buffer = ng_malloc(len, "icmp write4");
struct iphdr *ip4 = (struct iphdr *) buffer;
if (datalen)
memcpy(buffer + sizeof(struct iphdr), data, datalen);
// Build IP4 header
memset(ip4, 0, sizeof(struct iphdr));
ip4->version = 4;
ip4->ihl = sizeof(struct iphdr) >> 2;
ip4->tot_len = htons(len);
ip4->ttl = IPDEFTTL;
ip4->protocol = IPPROTO_ICMP;
ip4->saddr = cur->daddr.ip4;
ip4->daddr = cur->saddr.ip4;
// Calculate IP4 checksum
ip4->check = ~calc_checksum(0, (uint8_t *) ip4, sizeof(struct iphdr));
} else {
len = sizeof(struct ip6_hdr) + datalen;
buffer = ng_malloc(len, "icmp write6");
struct ip6_hdr *ip6 = (struct ip6_hdr *) buffer;
if (datalen)
memcpy(buffer + sizeof(struct ip6_hdr), data, datalen);
// Build IP6 header
memset(ip6, 0, sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = 0;
ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(len - sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = IPPROTO_ICMPV6;
ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = IPDEFTTL;
ip6->ip6_ctlun.ip6_un2_vfc = IPV6_VERSION;
memcpy(&(ip6->ip6_src), &cur->daddr.ip6, 16);
memcpy(&(ip6->ip6_dst), &cur->saddr.ip6, 16);
}
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
cur->version == 4 ? (const void *) &cur->saddr.ip4 : (const void *) &cur->saddr.ip6,
source, sizeof(source));
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
cur->version == 4 ? (const void *) &cur->daddr.ip4 : (const void *) &cur->daddr.ip6,
dest, sizeof(dest));
// Send raw ICMP message
log_android(ANDROID_LOG_WARN,
"ICMP sending to tun %d from %s to %s data %u type %d code %d id %x seq %d",
args->tun, dest, source, datalen,
icmp->icmp_type, icmp->icmp_code, icmp->icmp_id, icmp->icmp_seq);
ssize_t res = write(args->tun, buffer, len);
// Write PCAP record
if (res >= 0) {
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) res);
} else
log_android(ANDROID_LOG_WARN, "ICMP write error %d: %s", errno, strerror(errno));
ng_free(buffer, __FILE__, __LINE__);
if (res != len) {
log_android(ANDROID_LOG_ERROR, "write %d/%d", res, len);
return -1;
}
return res;
}

513
NetGuard/app/src/main/jni/netguard/ip.c
View File

@ -1,513 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
int max_tun_msg = 0;
extern int loglevel;
extern FILE *pcap_file;
uint16_t get_mtu() {
return 10000;
}
uint16_t get_default_mss(int version) {
if (version == 4)
return (uint16_t) (get_mtu() - sizeof(struct iphdr) - sizeof(struct tcphdr));
else
return (uint16_t) (get_mtu() - sizeof(struct ip6_hdr) - sizeof(struct tcphdr));
}
int check_tun(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd,
int sessions, int maxsessions) {
// Check tun error
if (ev->events & EPOLLERR) {
log_android(ANDROID_LOG_ERROR, "tun %d exception", args->tun);
if (fcntl(args->tun, F_GETFL) < 0) {
log_android(ANDROID_LOG_ERROR, "fcntl tun %d F_GETFL error %d: %s",
args->tun, errno, strerror(errno));
report_exit(args, "fcntl tun %d F_GETFL error %d: %s",
args->tun, errno, strerror(errno));
} else
report_exit(args, "tun %d exception", args->tun);
return -1;
}
// Check tun read
if (ev->events & EPOLLIN) {
uint8_t *buffer = ng_malloc(get_mtu(), "tun read");
ssize_t length = read(args->tun, buffer, get_mtu());
if (length < 0) {
ng_free(buffer, __FILE__, __LINE__);
log_android(ANDROID_LOG_ERROR, "tun %d read error %d: %s",
args->tun, errno, strerror(errno));
if (errno == EINTR || errno == EAGAIN)
// Retry later
return 0;
else {
report_exit(args, "tun %d read error %d: %s",
args->tun, errno, strerror(errno));
return -1;
}
} else if (length > 0) {
// Write pcap record
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) length);
if (length > max_tun_msg) {
max_tun_msg = length;
log_android(ANDROID_LOG_WARN, "Maximum tun msg length %d", max_tun_msg);
}
// Handle IP from tun
handle_ip(args, buffer, (size_t) length, epoll_fd, sessions, maxsessions);
ng_free(buffer, __FILE__, __LINE__);
} else {
// tun eof
ng_free(buffer, __FILE__, __LINE__);
log_android(ANDROID_LOG_ERROR, "tun %d empty read", args->tun);
report_exit(args, "tun %d empty read", args->tun);
return -1;
}
}
return 0;
}
// https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers
// http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
int is_lower_layer(int protocol) {
// No next header = 59
return (protocol == 0 || // Hop-by-Hop Options
protocol == 60 || // Destination Options (before routing header)
protocol == 43 || // Routing
protocol == 44 || // Fragment
protocol == 51 || // Authentication Header (AH)
protocol == 50 || // Encapsulating Security Payload (ESP)
protocol == 60 || // Destination Options (before upper-layer header)
protocol == 135); // Mobility
}
int is_upper_layer(int protocol) {
return (protocol == IPPROTO_TCP ||
protocol == IPPROTO_UDP ||
protocol == IPPROTO_ICMP ||
protocol == IPPROTO_ICMPV6);
}
void handle_ip(const struct arguments *args,
const uint8_t *pkt, const size_t length,
const int epoll_fd,
int sessions, int maxsessions) {
uint8_t protocol;
void *saddr;
void *daddr;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
char flags[10];
char data[16];
int flen = 0;
uint8_t *payload;
// Get protocol, addresses & payload
uint8_t version = (*pkt) >> 4;
if (version == 4) {
if (length < sizeof(struct iphdr)) {
log_android(ANDROID_LOG_WARN, "IP4 packet too short length %d", length);
return;
}
struct iphdr *ip4hdr = (struct iphdr *) pkt;
protocol = ip4hdr->protocol;
saddr = &ip4hdr->saddr;
daddr = &ip4hdr->daddr;
if (ip4hdr->frag_off & IP_MF) {
log_android(ANDROID_LOG_ERROR, "IP fragment offset %u",
(ip4hdr->frag_off & IP_OFFMASK) * 8);
return;
}
uint8_t ipoptlen = (uint8_t) ((ip4hdr->ihl - 5) * 4);
payload = (uint8_t *) (pkt + sizeof(struct iphdr) + ipoptlen);
if (ntohs(ip4hdr->tot_len) != length) {
log_android(ANDROID_LOG_ERROR, "Invalid length %u header length %u",
length, ntohs(ip4hdr->tot_len));
return;
}
if (loglevel < ANDROID_LOG_WARN) {
if (!calc_checksum(0, (uint8_t *) ip4hdr, sizeof(struct iphdr))) {
log_android(ANDROID_LOG_ERROR, "Invalid IP checksum");
return;
}
}
} else if (version == 6) {
if (length < sizeof(struct ip6_hdr)) {
log_android(ANDROID_LOG_WARN, "IP6 packet too short length %d", length);
return;
}
struct ip6_hdr *ip6hdr = (struct ip6_hdr *) pkt;
// Skip extension headers
uint16_t off = 0;
protocol = ip6hdr->ip6_nxt;
if (!is_upper_layer(protocol)) {
log_android(ANDROID_LOG_WARN, "IP6 extension %d", protocol);
off = sizeof(struct ip6_hdr);
struct ip6_ext *ext = (struct ip6_ext *) (pkt + off);
while (is_lower_layer(ext->ip6e_nxt) && !is_upper_layer(protocol)) {
protocol = ext->ip6e_nxt;
log_android(ANDROID_LOG_WARN, "IP6 extension %d", protocol);
off += (8 + ext->ip6e_len);
ext = (struct ip6_ext *) (pkt + off);
}
if (!is_upper_layer(protocol)) {
off = 0;
protocol = ip6hdr->ip6_nxt;
log_android(ANDROID_LOG_WARN, "IP6 final extension %d", protocol);
}
}
saddr = &ip6hdr->ip6_src;
daddr = &ip6hdr->ip6_dst;
payload = (uint8_t *) (pkt + sizeof(struct ip6_hdr) + off);
// TODO checksum
} else {
log_android(ANDROID_LOG_ERROR, "Unknown version %d", version);
return;
}
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source));
inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
// Get ports & flags
int syn = 0;
uint16_t sport = 0;
uint16_t dport = 0;
*data = 0;
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) {
if (length - (payload - pkt) < ICMP_MINLEN) {
log_android(ANDROID_LOG_WARN, "ICMP packet too short");
return;
}
struct icmp *icmp = (struct icmp *) payload;
sprintf(data, "type %d/%d", icmp->icmp_type, icmp->icmp_code);
// http://lwn.net/Articles/443051/
sport = ntohs(icmp->icmp_id);
dport = ntohs(icmp->icmp_id);
} else if (protocol == IPPROTO_UDP) {
if (length - (payload - pkt) < sizeof(struct udphdr)) {
log_android(ANDROID_LOG_WARN, "UDP packet too short");
return;
}
struct udphdr *udp = (struct udphdr *) payload;
sport = ntohs(udp->source);
dport = ntohs(udp->dest);
// TODO checksum (IPv6)
} else if (protocol == IPPROTO_TCP) {
if (length - (payload - pkt) < sizeof(struct tcphdr)) {
log_android(ANDROID_LOG_WARN, "TCP packet too short");
return;
}
struct tcphdr *tcp = (struct tcphdr *) payload;
sport = ntohs(tcp->source);
dport = ntohs(tcp->dest);
if (tcp->syn) {
syn = 1;
flags[flen++] = 'S';
}
if (tcp->ack)
flags[flen++] = 'A';
if (tcp->psh)
flags[flen++] = 'P';
if (tcp->fin)
flags[flen++] = 'F';
if (tcp->rst)
flags[flen++] = 'R';
// TODO checksum
} else if (protocol != IPPROTO_HOPOPTS && protocol != IPPROTO_IGMP && protocol != IPPROTO_ESP)
log_android(ANDROID_LOG_WARN, "Unknown protocol %d", protocol);
flags[flen] = 0;
// Limit number of sessions
if (sessions >= maxsessions) {
if ((protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) ||
(protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) ||
(protocol == IPPROTO_TCP && syn)) {
log_android(ANDROID_LOG_ERROR,
"%d of max %d sessions, dropping version %d protocol %d",
sessions, maxsessions, protocol, version);
return;
}
}
// Get uid
jint uid = -1;
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6 ||
(protocol == IPPROTO_UDP && !has_udp_session(args, pkt, payload)) ||
(protocol == IPPROTO_TCP && syn)) {
if (args->ctx->sdk <= 28) // Android 9 Pie
uid = get_uid(version, protocol, saddr, sport, daddr, dport);
else
uid = get_uid_q(args, version, protocol, source, sport, dest, dport);
}
log_android(ANDROID_LOG_DEBUG,
"Packet v%d %s/%u > %s/%u proto %d flags %s uid %d",
version, source, sport, dest, dport, protocol, flags, uid);
// Check if allowed
int allowed = 0;
struct allowed *redirect = NULL;
if (protocol == IPPROTO_UDP && has_udp_session(args, pkt, payload))
allowed = 1; // could be a lingering/blocked session
else if (protocol == IPPROTO_TCP && (!syn || (uid == 0 && dport == 53)))
allowed = 1; // assume existing session
else {
jobject objPacket = create_packet(
args, version, protocol, flags, source, sport, dest, dport, data, uid, 0);
redirect = is_address_allowed(args, objPacket);
allowed = (redirect != NULL);
if (redirect != NULL && (*redirect->raddr == 0 || redirect->rport == 0))
redirect = NULL;
}
// Handle allowed traffic
if (allowed) {
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6)
handle_icmp(args, pkt, length, payload, uid, epoll_fd);
else if (protocol == IPPROTO_UDP)
handle_udp(args, pkt, length, payload, uid, redirect, epoll_fd);
else if (protocol == IPPROTO_TCP)
handle_tcp(args, pkt, length, payload, uid, allowed, redirect, epoll_fd);
} else {
if (protocol == IPPROTO_UDP)
block_udp(args, pkt, length, payload, uid);
log_android(ANDROID_LOG_WARN, "Address v%d p%d %s/%u syn %d not allowed",
version, protocol, dest, dport, syn);
}
}
jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport) {
jint uid = -1;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
inet_ntop(version == 4 ? AF_INET : AF_INET6, saddr, source, sizeof(source));
inet_ntop(version == 4 ? AF_INET : AF_INET6, daddr, dest, sizeof(dest));
struct timeval time;
gettimeofday(&time, NULL);
long now = (time.tv_sec * 1000) + (time.tv_usec / 1000);
// Check IPv6 table first
if (version == 4) {
int8_t saddr128[16];
memset(saddr128, 0, 10);
saddr128[10] = (uint8_t) 0xFF;
saddr128[11] = (uint8_t) 0xFF;
memcpy(saddr128 + 12, saddr, 4);
int8_t daddr128[16];
memset(daddr128, 0, 10);
daddr128[10] = (uint8_t) 0xFF;
daddr128[11] = (uint8_t) 0xFF;
memcpy(daddr128 + 12, daddr, 4);
uid = get_uid_sub(6, protocol, saddr128, sport, daddr128, dport, source, dest, now);
log_android(ANDROID_LOG_DEBUG, "uid v%d p%d %s/%u > %s/%u => %d as inet6",
version, protocol, source, sport, dest, dport, uid);
}
if (uid == -1) {
uid = get_uid_sub(version, protocol, saddr, sport, daddr, dport, source, dest, now);
log_android(ANDROID_LOG_DEBUG, "uid v%d p%d %s/%u > %s/%u => %d fallback",
version, protocol, source, sport, dest, dport, uid);
}
if (uid == -1)
log_android(ANDROID_LOG_WARN, "uid v%d p%d %s/%u > %s/%u => not found",
version, protocol, source, sport, dest, dport);
else if (uid >= 0)
log_android(ANDROID_LOG_INFO, "uid v%d p%d %s/%u > %s/%u => %d",
version, protocol, source, sport, dest, dport, uid);
return uid;
}
int uid_cache_size = 0;
struct uid_cache_entry *uid_cache = NULL;
jint get_uid_sub(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
const char *source, const char *dest,
long now) {
// NETLINK is not available on Android due to SELinux policies :-(
// http://stackoverflow.com/questions/27148536/netlink-implementation-for-the-android-ndk
// https://android.googlesource.com/platform/system/sepolicy/+/master/private/app.te (netlink_tcpdiag_socket)
static uint8_t zero[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
int ws = (version == 4 ? 1 : 4);
// Check cache
for (int i = 0; i < uid_cache_size; i++)
if (now - uid_cache[i].time <= UID_MAX_AGE &&
uid_cache[i].version == version &&
uid_cache[i].protocol == protocol &&
uid_cache[i].sport == sport &&
(uid_cache[i].dport == dport || uid_cache[i].dport == 0) &&
(memcmp(uid_cache[i].saddr, saddr, (size_t) (ws * 4)) == 0 ||
memcmp(uid_cache[i].saddr, zero, (size_t) (ws * 4)) == 0) &&
(memcmp(uid_cache[i].daddr, daddr, (size_t) (ws * 4)) == 0 ||
memcmp(uid_cache[i].daddr, zero, (size_t) (ws * 4)) == 0)) {
log_android(ANDROID_LOG_INFO, "uid v%d p%d %s/%u > %s/%u => %d (from cache)",
version, protocol, source, sport, dest, dport, uid_cache[i].uid);
return uid_cache[i].uid;
}
// Get proc file name
char *fn = NULL;
if (protocol == IPPROTO_ICMP && version == 4)
fn = "/proc/net/icmp";
else if (protocol == IPPROTO_ICMPV6 && version == 6)
fn = "/proc/net/icmp6";
else if (protocol == IPPROTO_TCP)
fn = (version == 4 ? "/proc/net/tcp" : "/proc/net/tcp6");
else if (protocol == IPPROTO_UDP)
fn = (version == 4 ? "/proc/net/udp" : "/proc/net/udp6");
else
return -1;
// Open proc file
FILE *fd = fopen(fn, "r");
if (fd == NULL) {
log_android(ANDROID_LOG_ERROR, "fopen %s error %d: %s", fn, errno, strerror(errno));
return -2;
}
jint uid = -1;
char line[250];
int fields;
char shex[16 * 2 + 1];
uint8_t _saddr[16];
int _sport;
char dhex[16 * 2 + 1];
uint8_t _daddr[16];
int _dport;
jint _uid;
// Scan proc file
int l = 0;
*line = 0;
int c = 0;
const char *fmt = (version == 4
? "%*d: %8s:%X %8s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld"
: "%*d: %32s:%X %32s:%X %*X %*lX:%*lX %*X:%*X %*X %d %*d %*ld");
while (fgets(line, sizeof(line), fd) != NULL) {
if (!l++)
continue;
fields = sscanf(line, fmt, shex, &_sport, dhex, &_dport, &_uid);
if (fields == 5 && strlen(shex) == ws * 8 && strlen(dhex) == ws * 8) {
hex2bytes(shex, _saddr);
hex2bytes(dhex, _daddr);
for (int w = 0; w < ws; w++)
((uint32_t *) _saddr)[w] = htonl(((uint32_t *) _saddr)[w]);
for (int w = 0; w < ws; w++)
((uint32_t *) _daddr)[w] = htonl(((uint32_t *) _daddr)[w]);
if (_sport == sport &&
(_dport == dport || _dport == 0) &&
(memcmp(_saddr, saddr, (size_t) (ws * 4)) == 0 ||
memcmp(_saddr, zero, (size_t) (ws * 4)) == 0) &&
(memcmp(_daddr, daddr, (size_t) (ws * 4)) == 0 ||
memcmp(_daddr, zero, (size_t) (ws * 4)) == 0))
uid = _uid;
for (; c < uid_cache_size; c++)
if (now - uid_cache[c].time > UID_MAX_AGE)
break;
if (c >= uid_cache_size) {
if (uid_cache_size == 0)
uid_cache = ng_malloc(sizeof(struct uid_cache_entry), "uid_cache init");
else
uid_cache = ng_realloc(uid_cache,
sizeof(struct uid_cache_entry) *
(uid_cache_size + 1), "uid_cache extend");
c = uid_cache_size;
uid_cache_size++;
}
uid_cache[c].version = (uint8_t) version;
uid_cache[c].protocol = (uint8_t) protocol;
memcpy(uid_cache[c].saddr, _saddr, (size_t) (ws * 4));
uid_cache[c].sport = (uint16_t) _sport;
memcpy(uid_cache[c].daddr, _daddr, (size_t) (ws * 4));
uid_cache[c].dport = (uint16_t) _dport;
uid_cache[c].uid = _uid;
uid_cache[c].time = now;
} else {
log_android(ANDROID_LOG_ERROR, "Invalid field #%d: %s", fields, line);
return -2;
}
}
if (fclose(fd))
log_android(ANDROID_LOG_ERROR, "fclose %s error %d: %s", fn, errno, strerror(errno));
return uid;
}

1113
NetGuard/app/src/main/jni/netguard/netguard.c
File diff suppressed because it is too large
View File

571
NetGuard/app/src/main/jni/netguard/netguard.h
View File

@ -1,571 +0,0 @@
#include <jni.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <time.h>
#include <unistd.h>
#include <pthread.h>
#include <setjmp.h>
#include <errno.h>
#include <fcntl.h>
#include <dirent.h>
#include <poll.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/epoll.h>
#include <dlfcn.h>
#include <sys/stat.h>
#include <sys/resource.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/in6.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <netinet/icmp6.h>
#include <android/log.h>
#include <sys/system_properties.h>
#define TAG "NetGuard.JNI"
// #define PROFILE_JNI 5
// #define PROFILE_MEMORY
#define EPOLL_TIMEOUT 3600 // seconds
#define EPOLL_EVENTS 20
#define EPOLL_MIN_CHECK 100 // milliseconds
#define TUN_YIELD 10 // packets
#define ICMP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
#define ICMP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
#define UDP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
#define UDP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
#define ICMP_TIMEOUT 5 // seconds
#define UDP_TIMEOUT_53 15 // seconds
#define UDP_TIMEOUT_ANY 300 // seconds
#define UDP_KEEP_TIMEOUT 60 // seconds
#define UDP_YIELD 10 // packets
#define TCP_INIT_TIMEOUT 20 // seconds ~net.inet.tcp.keepinit
#define TCP_IDLE_TIMEOUT 3600 // seconds ~net.inet.tcp.keepidle
#define TCP_CLOSE_TIMEOUT 20 // seconds
#define TCP_KEEP_TIMEOUT 300 // seconds
// https://en.wikipedia.org/wiki/Maximum_segment_lifetime
#define SESSION_LIMIT 40 // percent
#define SESSION_MAX (1024 * SESSION_LIMIT / 100) // number
#define SEND_BUF_DEFAULT 163840 // bytes
#define UID_MAX_AGE 30000 // milliseconds
#define SOCKS5_NONE 1
#define SOCKS5_HELLO 2
#define SOCKS5_AUTH 3
#define SOCKS5_CONNECT 4
#define SOCKS5_CONNECTED 5
struct context {
pthread_mutex_t lock;
int pipefds[2];
int stopping;
int sdk;
struct ng_session *ng_session;
};
struct arguments {
JNIEnv *env;
jobject instance;
int tun;
jboolean fwd53;
jint rcode;
struct context *ctx;
};
struct allowed {
char raddr[INET6_ADDRSTRLEN + 1];
uint16_t rport; // host notation
};
struct segment {
uint32_t seq;
uint16_t len;
uint16_t sent;
int psh;
uint8_t *data;
struct segment *next;
};
struct icmp_session {
time_t time;
jint uid;
int version;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
uint16_t id;
uint8_t stop;
};
#define UDP_ACTIVE 0
#define UDP_FINISHING 1
#define UDP_CLOSED 2
#define UDP_BLOCKED 3
struct udp_session {
time_t time;
jint uid;
int version;
uint16_t mss;
uint64_t sent;
uint64_t received;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
__be16 source; // network notation
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
__be16 dest; // network notation
uint8_t state;
};
struct tcp_session {
jint uid;
time_t time;
int version;
uint16_t mss;
uint8_t recv_scale;
uint8_t send_scale;
uint32_t recv_window; // host notation, scaled
uint32_t send_window; // host notation, scaled
uint16_t unconfirmed; // packets
uint32_t remote_seq; // confirmed bytes received, host notation
uint32_t local_seq; // confirmed bytes sent, host notation
uint32_t remote_start;
uint32_t local_start;
uint32_t acked; // host notation
long long last_keep_alive;
uint64_t sent;
uint64_t received;
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} saddr;
__be16 source; // network notation
union {
__be32 ip4; // network notation
struct in6_addr ip6;
} daddr;
__be16 dest; // network notation
uint8_t state;
uint8_t socks5;
struct segment *forward;
};
struct ng_session {
uint8_t protocol;
union {
struct icmp_session icmp;
struct udp_session udp;
struct tcp_session tcp;
};
jint socket;
struct epoll_event ev;
struct ng_session *next;
};
struct uid_cache_entry {
uint8_t version;
uint8_t protocol;
uint8_t saddr[16];
uint16_t sport;
uint8_t daddr[16];
uint16_t dport;
jint uid;
long time;
};
// IPv6
struct ip6_hdr_pseudo {
struct in6_addr ip6ph_src;
struct in6_addr ip6ph_dst;
u_int32_t ip6ph_len;
u_int8_t ip6ph_zero[3];
u_int8_t ip6ph_nxt;
} __packed;
// PCAP
// https://wiki.wireshark.org/Development/LibpcapFileFormat
typedef uint16_t guint16_t;
typedef uint32_t guint32_t;
typedef int32_t gint32_t;
typedef struct pcap_hdr_s {
guint32_t magic_number;
guint16_t version_major;
guint16_t version_minor;
gint32_t thiszone;
guint32_t sigfigs;
guint32_t snaplen;
guint32_t network;
} __packed pcap_hdr_s;
typedef struct pcaprec_hdr_s {
guint32_t ts_sec;
guint32_t ts_usec;
guint32_t incl_len;
guint32_t orig_len;
} __packed pcaprec_hdr_s;
#define LINKTYPE_RAW 101
// DNS
#define DNS_QCLASS_IN 1
#define DNS_QTYPE_A 1 // IPv4
#define DNS_QTYPE_AAAA 28 // IPv6
#define DNS_SVCB 64
#define DNS_HTTPS 65
#define DNS_QNAME_MAX 255
#define DNS_TTL (10 * 60) // seconds
struct dns_header {
uint16_t id; // identification number
# if __BYTE_ORDER == __LITTLE_ENDIAN
uint16_t rd :1; // recursion desired
uint16_t tc :1; // truncated message
uint16_t aa :1; // authoritive answer
uint16_t opcode :4; // purpose of message
uint16_t qr :1; // query/response flag
uint16_t rcode :4; // response code
uint16_t cd :1; // checking disabled
uint16_t ad :1; // authenticated data
uint16_t z :1; // its z! reserved
uint16_t ra :1; // recursion available
#elif __BYTE_ORDER == __BIG_ENDIAN
uint16_t qr :1; // query/response flag
uint16_t opcode :4; // purpose of message
uint16_t aa :1; // authoritive answer
uint16_t tc :1; // truncated message
uint16_t rd :1; // recursion desired
uint16_t ra :1; // recursion available
uint16_t z :1; // its z! reserved
uint16_t ad :1; // authenticated data
uint16_t cd :1; // checking disabled
uint16_t rcode :4; // response code
# else
# error "Adjust your <bits/endian.h> defines"
#endif
uint16_t q_count; // number of question entries
uint16_t ans_count; // number of answer entries
uint16_t auth_count; // number of authority entries
uint16_t add_count; // number of resource entries
} __packed;
typedef struct dns_rr {
__be16 qname_ptr;
__be16 qtype;
__be16 qclass;
__be32 ttl;
__be16 rdlength;
} __packed dns_rr;
// DHCP
#define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
typedef struct dhcp_packet {
uint8_t opcode;
uint8_t htype;
uint8_t hlen;
uint8_t hops;
uint32_t xid;
uint16_t secs;
uint16_t flags;
uint32_t ciaddr;
uint32_t yiaddr;
uint32_t siaddr;
uint32_t giaddr;
uint8_t chaddr[16];
uint8_t sname[64];
uint8_t file[128];
uint32_t option_format;
} __packed dhcp_packet;
typedef struct dhcp_option {
uint8_t code;
uint8_t length;
} __packed dhcp_option;
// Prototypes
void handle_signal(int sig, siginfo_t *info, void *context);
void *handle_events(void *a);
void report_exit(const struct arguments *args, const char *fmt, ...);
void report_error(const struct arguments *args, jint error, const char *fmt, ...);
void check_allowed(const struct arguments *args);
void clear(struct context *ctx);
int check_icmp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int check_udp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int check_tcp_session(const struct arguments *args,
struct ng_session *s,
int sessions, int maxsessions);
int monitor_tcp_session(const struct arguments *args, struct ng_session *s, int epoll_fd);
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions);
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions);
int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions);
uint16_t get_mtu();
uint16_t get_default_mss(int version);
int check_tun(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd,
int sessions, int maxsessions);
void check_icmp_socket(const struct arguments *args, const struct epoll_event *ev);
void check_udp_socket(const struct arguments *args, const struct epoll_event *ev);
int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname);
void parse_dns_response(const struct arguments *args, const struct ng_session *session,
const uint8_t *data, size_t *datalen);
uint32_t get_send_window(const struct tcp_session *cur);
uint32_t get_receive_buffer(const struct ng_session *cur);
uint32_t get_receive_window(const struct ng_session *cur);
void check_tcp_socket(const struct arguments *args,
const struct epoll_event *ev,
const int epoll_fd);
int is_lower_layer(int protocol);
int is_upper_layer(int protocol);
void handle_ip(const struct arguments *args,
const uint8_t *buffer, size_t length,
const int epoll_fd,
int sessions, int maxsessions);
jboolean handle_icmp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid,
const int epoll_fd);
int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload);
void block_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid);
jboolean handle_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
const int epoll_fd);
int check_dhcp(const struct arguments *args, const struct udp_session *u,
const uint8_t *data, const size_t datalen);
void clear_tcp_data(struct tcp_session *cur);
jboolean handle_tcp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, int allowed, struct allowed *redirect,
const int epoll_fd);
void queue_tcp(const struct arguments *args,
const struct tcphdr *tcphdr,
const char *session, struct tcp_session *cur,
const uint8_t *data, uint16_t datalen);
int open_icmp_socket(const struct arguments *args, const struct icmp_session *cur);
int open_udp_socket(const struct arguments *args,
const struct udp_session *cur, const struct allowed *redirect);
int open_tcp_socket(const struct arguments *args,
const struct tcp_session *cur, const struct allowed *redirect);
int32_t get_local_port(const int sock);
int write_syn_ack(const struct arguments *args, struct tcp_session *cur);
int write_ack(const struct arguments *args, struct tcp_session *cur);
int write_data(const struct arguments *args, struct tcp_session *cur,
const uint8_t *buffer, size_t length);
int write_fin_ack(const struct arguments *args, struct tcp_session *cur);
void write_rst(const struct arguments *args, struct tcp_session *cur);
void write_rst_ack(const struct arguments *args, struct tcp_session *cur);
ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
uint8_t *data, size_t datalen);
ssize_t write_udp(const struct arguments *args, const struct udp_session *cur,
uint8_t *data, size_t datalen);
ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
const uint8_t *data, size_t datalen,
int syn, int ack, int fin, int rst);
uint8_t char2nible(const char c);
void hex2bytes(const char *hex, uint8_t *buffer);
jint get_uid(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport);
jint get_uid_sub(const int version, const int protocol,
const void *saddr, const uint16_t sport,
const void *daddr, const uint16_t dport,
const char *source, const char *dest,
long now);
int protect_socket(const struct arguments *args, int socket);
uint16_t calc_checksum(uint16_t start, const uint8_t *buffer, size_t length);
jobject jniGlobalRef(JNIEnv *env, jobject cls);
jclass jniFindClass(JNIEnv *env, const char *name);
jmethodID jniGetMethodID(JNIEnv *env, jclass cls, const char *name, const char *signature);
jfieldID jniGetFieldID(JNIEnv *env, jclass cls, const char *name, const char *type);
jobject jniNewObject(JNIEnv *env, jclass cls, jmethodID constructor, const char *name);
int jniCheckException(JNIEnv *env);
int sdk_int(JNIEnv *env);
void log_android(int prio, const char *fmt, ...);
void log_packet(const struct arguments *args, jobject jpacket);
void dns_resolved(const struct arguments *args,
const char *qname, const char *aname, const char *resource, int ttl);
jboolean is_domain_blocked(const struct arguments *args, const char *name);
jint get_uid_q(const struct arguments *args,
jint version,
jint protocol,
const char *source,
jint sport,
const char *dest,
jint dport);
struct allowed *is_address_allowed(const struct arguments *args, jobject objPacket);
jobject create_packet(const struct arguments *args,
jint version,
jint protocol,
const char *flags,
const char *source,
jint sport,
const char *dest,
jint dport,
const char *data,
jint uid,
jboolean allowed);
void account_usage(const struct arguments *args, jint version, jint protocol,
const char *daddr, jint dport, jint uid, jlong sent, jlong received);
void write_pcap_hdr();
void write_pcap_rec(const uint8_t *buffer, size_t len);
void write_pcap(const void *ptr, size_t len);
int compare_u32(uint32_t seq1, uint32_t seq2);
const char *strstate(const int state);
char *hex(const u_int8_t *data, const size_t len);
int is_readable(int fd);
int is_writable(int fd);
long long get_ms();
void ng_add_alloc(void *ptr, const char *tag);
void ng_delete_alloc(void *ptr, const char *file, int line);
void *ng_malloc(size_t __byte_count, const char *tag);
void *ng_calloc(size_t __item_count, size_t __item_size, const char *tag);
void *ng_realloc(void *__ptr, size_t __byte_count, const char *tag);
void ng_free(void *__ptr, const char *file, int line);
void ng_dump();

78
NetGuard/app/src/main/jni/netguard/pcap.c
View File

@ -1,78 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
FILE *pcap_file = NULL;
size_t pcap_record_size = 64;
long pcap_file_size = 2 * 1024 * 1024;
void write_pcap_hdr() {
struct pcap_hdr_s pcap_hdr;
pcap_hdr.magic_number = 0xa1b2c3d4;
pcap_hdr.version_major = 2;
pcap_hdr.version_minor = 4;
pcap_hdr.thiszone = 0;
pcap_hdr.sigfigs = 0;
pcap_hdr.snaplen = pcap_record_size;
pcap_hdr.network = LINKTYPE_RAW;
write_pcap(&pcap_hdr, sizeof(struct pcap_hdr_s));
}
void write_pcap_rec(const uint8_t *buffer, size_t length) {
struct timespec ts;
if (clock_gettime(CLOCK_REALTIME, &ts))
log_android(ANDROID_LOG_ERROR, "clock_gettime error %d: %s", errno, strerror(errno));
size_t plen = (length < pcap_record_size ? length : pcap_record_size);
size_t rlen = sizeof(struct pcaprec_hdr_s) + plen;
struct pcaprec_hdr_s *pcap_rec = ng_malloc(rlen, "pcap");
pcap_rec->ts_sec = (guint32_t) ts.tv_sec;
pcap_rec->ts_usec = (guint32_t) (ts.tv_nsec / 1000);
pcap_rec->incl_len = (guint32_t) plen;
pcap_rec->orig_len = (guint32_t) length;
memcpy(((uint8_t *) pcap_rec) + sizeof(struct pcaprec_hdr_s), buffer, plen);
write_pcap(pcap_rec, rlen);
ng_free(pcap_rec, __FILE__, __LINE__);
}
void write_pcap(const void *ptr, size_t len) {
if (fwrite(ptr, len, 1, pcap_file) < 1)
log_android(ANDROID_LOG_ERROR, "PCAP fwrite error %d: %s", errno, strerror(errno));
else {
long fsize = ftell(pcap_file);
log_android(ANDROID_LOG_VERBOSE, "PCAP wrote %d @%ld", len, fsize);
if (fsize > pcap_file_size) {
log_android(ANDROID_LOG_WARN, "PCAP truncate @%ld", fsize);
if (ftruncate(fileno(pcap_file), sizeof(struct pcap_hdr_s)))
log_android(ANDROID_LOG_ERROR, "PCAP ftruncate error %d: %s",
errno, strerror(errno));
else {
if (!lseek(fileno(pcap_file), sizeof(struct pcap_hdr_s), SEEK_SET))
log_android(ANDROID_LOG_ERROR, "PCAP ftruncate error %d: %s",
errno, strerror(errno));
}
}
}
}

370
NetGuard/app/src/main/jni/netguard/session.c
View File

@ -1,370 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
void clear(struct context *ctx) {
struct ng_session *s = ctx->ng_session;
while (s != NULL) {
if (s->socket >= 0 && close(s->socket))
log_android(ANDROID_LOG_ERROR, "close %d error %d: %s",
s->socket, errno, strerror(errno));
if (s->protocol == IPPROTO_TCP)
clear_tcp_data(&s->tcp);
struct ng_session *p = s;
s = s->next;
ng_free(p, __FILE__, __LINE__);
}
ctx->ng_session = NULL;
}
void *handle_events(void *a) {
struct arguments *args = (struct arguments *) a;
log_android(ANDROID_LOG_WARN, "Start events tun=%d", args->tun);
// Get max number of sessions
int maxsessions = SESSION_MAX;
struct rlimit rlim;
if (getrlimit(RLIMIT_NOFILE, &rlim))
log_android(ANDROID_LOG_WARN, "getrlimit error %d: %s", errno, strerror(errno));
else {
maxsessions = (int) (rlim.rlim_cur * SESSION_LIMIT / 100);
if (maxsessions > SESSION_MAX)
maxsessions = SESSION_MAX;
log_android(ANDROID_LOG_WARN, "getrlimit soft %d hard %d max sessions %d",
rlim.rlim_cur, rlim.rlim_max, maxsessions);
}
// Terminate existing sessions not allowed anymore
check_allowed(args);
// Open epoll file
int epoll_fd = epoll_create(1);
if (epoll_fd < 0) {
log_android(ANDROID_LOG_ERROR, "epoll create error %d: %s", errno, strerror(errno));
report_exit(args, "epoll create error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Monitor stop events
struct epoll_event ev_pipe;
memset(&ev_pipe, 0, sizeof(struct epoll_event));
ev_pipe.events = EPOLLIN | EPOLLERR;
ev_pipe.data.ptr = &ev_pipe;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, args->ctx->pipefds[0], &ev_pipe)) {
log_android(ANDROID_LOG_ERROR, "epoll add pipe error %d: %s", errno, strerror(errno));
report_exit(args, "epoll add pipe error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Monitor tun events
struct epoll_event ev_tun;
memset(&ev_tun, 0, sizeof(struct epoll_event));
ev_tun.events = EPOLLIN | EPOLLERR;
ev_tun.data.ptr = NULL;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, args->tun, &ev_tun)) {
log_android(ANDROID_LOG_ERROR, "epoll add tun error %d: %s", errno, strerror(errno));
report_exit(args, "epoll add tun error %d: %s", errno, strerror(errno));
args->ctx->stopping = 1;
}
// Loop
long long last_check = 0;
while (!args->ctx->stopping) {
log_android(ANDROID_LOG_DEBUG, "Loop");
int recheck = 0;
int timeout = EPOLL_TIMEOUT;
// Count sessions
int isessions = 0;
int usessions = 0;
int tsessions = 0;
struct ng_session *s = args->ctx->ng_session;
while (s != NULL) {
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
if (!s->icmp.stop)
isessions++;
} else if (s->protocol == IPPROTO_UDP) {
if (s->udp.state == UDP_ACTIVE)
usessions++;
} else if (s->protocol == IPPROTO_TCP) {
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE)
tsessions++;
if (s->socket >= 0)
recheck = recheck | monitor_tcp_session(args, s, epoll_fd);
}
s = s->next;
}
int sessions = isessions + usessions + tsessions;
// Check sessions
long long ms = get_ms();
if (ms - last_check > EPOLL_MIN_CHECK) {
last_check = ms;
time_t now = time(NULL);
struct ng_session *sl = NULL;
s = args->ctx->ng_session;
while (s != NULL) {
int del = 0;
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
del = check_icmp_session(args, s, sessions, maxsessions);
if (!s->icmp.stop && !del) {
int stimeout = s->icmp.time +
get_icmp_timeout(&s->icmp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
} else if (s->protocol == IPPROTO_UDP) {
del = check_udp_session(args, s, sessions, maxsessions);
if (s->udp.state == UDP_ACTIVE && !del) {
int stimeout = s->udp.time +
get_udp_timeout(&s->udp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
} else if (s->protocol == IPPROTO_TCP) {
del = check_tcp_session(args, s, sessions, maxsessions);
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE && !del) {
int stimeout = s->tcp.time +
get_tcp_timeout(&s->tcp, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout)
timeout = stimeout;
}
}
if (del) {
if (sl == NULL)
args->ctx->ng_session = s->next;
else
sl->next = s->next;
struct ng_session *c = s;
s = s->next;
if (c->protocol == IPPROTO_TCP)
clear_tcp_data(&c->tcp);
ng_free(c, __FILE__, __LINE__);
} else {
sl = s;
s = s->next;
}
}
} else {
recheck = 1;
log_android(ANDROID_LOG_DEBUG, "Skipped session checks");
}
log_android(ANDROID_LOG_DEBUG,
"sessions ICMP %d UDP %d TCP %d max %d/%d timeout %d recheck %d",
isessions, usessions, tsessions, sessions, maxsessions, timeout, recheck);
// Poll
struct epoll_event ev[EPOLL_EVENTS];
int ready = epoll_wait(epoll_fd, ev, EPOLL_EVENTS,
recheck ? EPOLL_MIN_CHECK : timeout * 1000);
if (ready < 0) {
if (errno == EINTR) {
log_android(ANDROID_LOG_DEBUG, "epoll interrupted tun %d", args->tun);
continue;
} else {
log_android(ANDROID_LOG_ERROR,
"epoll tun %d error %d: %s",
args->tun, errno, strerror(errno));
report_exit(args, "epoll tun %d error %d: %s",
args->tun, errno, strerror(errno));
break;
}
}
if (ready == 0)
log_android(ANDROID_LOG_DEBUG, "epoll timeout");
else {
if (pthread_mutex_lock(&args->ctx->lock))
log_android(ANDROID_LOG_ERROR, "pthread_mutex_lock failed");
int error = 0;
for (int i = 0; i < ready; i++) {
if (ev[i].data.ptr == &ev_pipe) {
// Check pipe
uint8_t buffer[1];
if (read(args->ctx->pipefds[0], buffer, 1) < 0)
log_android(ANDROID_LOG_WARN, "Read pipe error %d: %s",
errno, strerror(errno));
else
log_android(ANDROID_LOG_WARN, "Read pipe");
} else if (ev[i].data.ptr == NULL) {
// Check upstream
log_android(ANDROID_LOG_DEBUG, "epoll ready %d/%d in %d out %d err %d hup %d",
i, ready,
(ev[i].events & EPOLLIN) != 0,
(ev[i].events & EPOLLOUT) != 0,
(ev[i].events & EPOLLERR) != 0,
(ev[i].events & EPOLLHUP) != 0);
int count = 0;
while (count < TUN_YIELD && !error && !args->ctx->stopping &&
is_readable(args->tun)) {
count++;
if (check_tun(args, &ev[i], epoll_fd, sessions, maxsessions) < 0)
error = 1;
}
} else {
// Check downstream
log_android(ANDROID_LOG_DEBUG,
"epoll ready %d/%d in %d out %d err %d hup %d prot %d sock %d",
i, ready,
(ev[i].events & EPOLLIN) != 0,
(ev[i].events & EPOLLOUT) != 0,
(ev[i].events & EPOLLERR) != 0,
(ev[i].events & EPOLLHUP) != 0,
((struct ng_session *) ev[i].data.ptr)->protocol,
((struct ng_session *) ev[i].data.ptr)->socket);
struct ng_session *session = (struct ng_session *) ev[i].data.ptr;
if (session->protocol == IPPROTO_ICMP ||
session->protocol == IPPROTO_ICMPV6)
check_icmp_socket(args, &ev[i]);
else if (session->protocol == IPPROTO_UDP) {
int count = 0;
while (count < UDP_YIELD && !args->ctx->stopping &&
!(ev[i].events & EPOLLERR) && (ev[i].events & EPOLLIN) &&
is_readable(session->socket)) {
count++;
check_udp_socket(args, &ev[i]);
}
} else if (session->protocol == IPPROTO_TCP)
check_tcp_socket(args, &ev[i], epoll_fd);
}
if (error)
break;
}
if (pthread_mutex_unlock(&args->ctx->lock))
log_android(ANDROID_LOG_ERROR, "pthread_mutex_unlock failed");
if (error)
break;
}
}
// Close epoll file
if (epoll_fd >= 0 && close(epoll_fd))
log_android(ANDROID_LOG_ERROR,
"epoll close error %d: %s", errno, strerror(errno));
// Cleanup
ng_free(args, __FILE__, __LINE__);
log_android(ANDROID_LOG_WARN, "Stopped events tun=%d", args->tun);
return NULL;
}
void check_allowed(const struct arguments *args) {
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
struct ng_session *l = NULL;
struct ng_session *s = args->ctx->ng_session;
while (s != NULL) {
if (s->protocol == IPPROTO_ICMP || s->protocol == IPPROTO_ICMPV6) {
if (!s->icmp.stop) {
if (s->icmp.version == 4) {
inet_ntop(AF_INET, &s->icmp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->icmp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->icmp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->icmp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->icmp.version, IPPROTO_ICMP, "",
source, 0, dest, 0, "", s->icmp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
s->icmp.stop = 1;
log_android(ANDROID_LOG_WARN, "ICMP terminate %d uid %d",
s->socket, s->icmp.uid);
}
}
} else if (s->protocol == IPPROTO_UDP) {
if (s->udp.state == UDP_ACTIVE) {
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->udp.version, IPPROTO_UDP, "",
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest), "", s->udp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
s->udp.state = UDP_FINISHING;
log_android(ANDROID_LOG_WARN, "UDP terminate session socket %d uid %d",
s->socket, s->udp.uid);
}
} else if (s->udp.state == UDP_BLOCKED) {
log_android(ANDROID_LOG_WARN, "UDP remove blocked session uid %d", s->udp.uid);
if (l == NULL)
args->ctx->ng_session = s->next;
else
l->next = s->next;
struct ng_session *c = s;
s = s->next;
ng_free(c, __FILE__, __LINE__);
continue;
}
} else if (s->protocol == IPPROTO_TCP) {
if (s->tcp.state != TCP_CLOSING && s->tcp.state != TCP_CLOSE) {
if (s->tcp.version == 4) {
inet_ntop(AF_INET, &s->tcp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->tcp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->tcp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->tcp.daddr.ip6, dest, sizeof(dest));
}
jobject objPacket = create_packet(
args, s->tcp.version, IPPROTO_TCP, "",
source, ntohs(s->tcp.source), dest, ntohs(s->tcp.dest), "", s->tcp.uid, 0);
if (is_address_allowed(args, objPacket) == NULL) {
write_rst(args, &s->tcp);
log_android(ANDROID_LOG_WARN, "TCP terminate socket %d uid %d",
s->socket, s->tcp.uid);
}
}
}
l = s;
s = s->next;
}
}

1327
NetGuard/app/src/main/jni/netguard/tcp.c
File diff suppressed because it is too large
View File

549
NetGuard/app/src/main/jni/netguard/udp.c
View File

@ -1,549 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern FILE *pcap_file;
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions) {
int timeout = (ntohs(u->dest) == 53 ? UDP_TIMEOUT_53 : UDP_TIMEOUT_ANY);
int scale = 100 - sessions * 100 / maxsessions;
timeout = timeout * scale / 100;
return timeout;
}
int check_udp_session(const struct arguments *args, struct ng_session *s,
int sessions, int maxsessions) {
time_t now = time(NULL);
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (s->udp.version == 4) {
inet_ntop(AF_INET, &s->udp.saddr.ip4, source, sizeof(source));
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &s->udp.saddr.ip6, source, sizeof(source));
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
}
// Check session timeout
int timeout = get_udp_timeout(&s->udp, sessions, maxsessions);
if (s->udp.state == UDP_ACTIVE && s->udp.time + timeout < now) {
log_android(ANDROID_LOG_WARN, "UDP idle %d/%d sec state %d from %s/%u to %s/%u",
now - s->udp.time, timeout, s->udp.state,
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest));
s->udp.state = UDP_FINISHING;
}
// Check finished sessions
if (s->udp.state == UDP_FINISHING) {
log_android(ANDROID_LOG_INFO, "UDP close from %s/%u to %s/%u socket %d",
source, ntohs(s->udp.source), dest, ntohs(s->udp.dest), s->socket);
if (close(s->socket))
log_android(ANDROID_LOG_ERROR, "UDP close %d error %d: %s",
s->socket, errno, strerror(errno));
s->socket = -1;
s->udp.time = time(NULL);
s->udp.state = UDP_CLOSED;
}
if (s->udp.state == UDP_CLOSED && (s->udp.sent || s->udp.received)) {
account_usage(args, s->udp.version, IPPROTO_UDP,
dest, ntohs(s->udp.dest), s->udp.uid, s->udp.sent, s->udp.received);
s->udp.sent = 0;
s->udp.received = 0;
}
// Cleanup lingering sessions
if ((s->udp.state == UDP_CLOSED || s->udp.state == UDP_BLOCKED) &&
s->udp.time + UDP_KEEP_TIMEOUT < now)
return 1;
return 0;
}
void check_udp_socket(const struct arguments *args, const struct epoll_event *ev) {
struct ng_session *s = (struct ng_session *) ev->data.ptr;
// Check socket error
if (ev->events & EPOLLERR) {
s->udp.time = time(NULL);
int serr = 0;
socklen_t optlen = sizeof(int);
int err = getsockopt(s->socket, SOL_SOCKET, SO_ERROR, &serr, &optlen);
if (err < 0)
log_android(ANDROID_LOG_ERROR, "UDP getsockopt error %d: %s",
errno, strerror(errno));
else if (serr)
log_android(ANDROID_LOG_ERROR, "UDP SO_ERROR %d: %s", serr, strerror(serr));
s->udp.state = UDP_FINISHING;
} else {
// Check socket read
if (ev->events & EPOLLIN) {
s->udp.time = time(NULL);
uint8_t *buffer = ng_malloc(s->udp.mss, "udp recv");
ssize_t bytes = recv(s->socket, buffer, s->udp.mss, 0);
if (bytes < 0) {
// Socket error
log_android(ANDROID_LOG_WARN, "UDP recv error %d: %s",
errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN)
s->udp.state = UDP_FINISHING;
} else if (bytes == 0) {
log_android(ANDROID_LOG_WARN, "UDP recv eof");
s->udp.state = UDP_FINISHING;
} else {
// Socket read data
char dest[INET6_ADDRSTRLEN + 1];
if (s->udp.version == 4)
inet_ntop(AF_INET, &s->udp.daddr.ip4, dest, sizeof(dest));
else
inet_ntop(AF_INET6, &s->udp.daddr.ip6, dest, sizeof(dest));
log_android(ANDROID_LOG_INFO, "UDP recv bytes %d from %s/%u for tun",
bytes, dest, ntohs(s->udp.dest));
s->udp.received += bytes;
// Process DNS response
if (ntohs(s->udp.dest) == 53)
parse_dns_response(args, s, buffer, (size_t *) &bytes);
// Forward to tun
if (write_udp(args, &s->udp, buffer, (size_t) bytes) < 0)
s->udp.state = UDP_FINISHING;
else {
// Prevent too many open files
if (ntohs(s->udp.dest) == 53)
s->udp.state = UDP_FINISHING;
}
}
ng_free(buffer, __FILE__, __LINE__);
}
}
}
int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
if (ntohs(udphdr->dest) == 53 && !args->fwd53)
return 1;
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!(cur->protocol == IPPROTO_UDP &&
cur->udp.version == version &&
cur->udp.source == udphdr->source && cur->udp.dest == udphdr->dest &&
(version == 4 ? cur->udp.saddr.ip4 == ip4->saddr &&
cur->udp.daddr.ip4 == ip4->daddr
: memcmp(&cur->udp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->udp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
return (cur != NULL);
}
void block_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
log_android(ANDROID_LOG_INFO, "UDP blocked session from %s/%u to %s/%u",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest));
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "udp session block");
s->protocol = IPPROTO_UDP;
s->udp.time = time(NULL);
s->udp.uid = uid;
s->udp.version = version;
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->udp.source = udphdr->source;
s->udp.dest = udphdr->dest;
s->udp.state = UDP_BLOCKED;
s->socket = -1;
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
}
jboolean handle_udp(const struct arguments *args,
const uint8_t *pkt, size_t length,
const uint8_t *payload,
int uid, struct allowed *redirect,
const int epoll_fd) {
// Get headers
const uint8_t version = (*pkt) >> 4;
const struct iphdr *ip4 = (struct iphdr *) pkt;
const struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
const struct udphdr *udphdr = (struct udphdr *) payload;
const uint8_t *data = payload + sizeof(struct udphdr);
const size_t datalen = length - (data - pkt);
// Search session
struct ng_session *cur = args->ctx->ng_session;
while (cur != NULL &&
!(cur->protocol == IPPROTO_UDP &&
cur->udp.version == version &&
cur->udp.source == udphdr->source && cur->udp.dest == udphdr->dest &&
(version == 4 ? cur->udp.saddr.ip4 == ip4->saddr &&
cur->udp.daddr.ip4 == ip4->daddr
: memcmp(&cur->udp.saddr.ip6, &ip6->ip6_src, 16) == 0 &&
memcmp(&cur->udp.daddr.ip6, &ip6->ip6_dst, 16) == 0)))
cur = cur->next;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
if (version == 4) {
inet_ntop(AF_INET, &ip4->saddr, source, sizeof(source));
inet_ntop(AF_INET, &ip4->daddr, dest, sizeof(dest));
} else {
inet_ntop(AF_INET6, &ip6->ip6_src, source, sizeof(source));
inet_ntop(AF_INET6, &ip6->ip6_dst, dest, sizeof(dest));
}
if (cur != NULL && cur->udp.state != UDP_ACTIVE) {
log_android(ANDROID_LOG_INFO, "UDP ignore session from %s/%u to %s/%u state %d",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest), cur->udp.state);
return 0;
}
// Create new session if needed
if (cur == NULL) {
log_android(ANDROID_LOG_INFO, "UDP new session from %s/%u to %s/%u",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest));
// Register session
struct ng_session *s = ng_malloc(sizeof(struct ng_session), "udp session");
s->protocol = IPPROTO_UDP;
s->udp.time = time(NULL);
s->udp.uid = uid;
s->udp.version = version;
int rversion;
if (redirect == NULL)
rversion = s->udp.version;
else
rversion = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
s->udp.mss = (uint16_t) (rversion == 4 ? UDP4_MAXMSG : UDP6_MAXMSG);
s->udp.sent = 0;
s->udp.received = 0;
if (version == 4) {
s->udp.saddr.ip4 = (__be32) ip4->saddr;
s->udp.daddr.ip4 = (__be32) ip4->daddr;
} else {
memcpy(&s->udp.saddr.ip6, &ip6->ip6_src, 16);
memcpy(&s->udp.daddr.ip6, &ip6->ip6_dst, 16);
}
s->udp.source = udphdr->source;
s->udp.dest = udphdr->dest;
s->udp.state = UDP_ACTIVE;
s->next = NULL;
// Open UDP socket
s->socket = open_udp_socket(args, &s->udp, redirect);
if (s->socket < 0) {
ng_free(s, __FILE__, __LINE__);
return 0;
}
log_android(ANDROID_LOG_DEBUG, "UDP socket %d", s->socket);
// Monitor events
memset(&s->ev, 0, sizeof(struct epoll_event));
s->ev.events = EPOLLIN | EPOLLERR;
s->ev.data.ptr = s;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, s->socket, &s->ev))
log_android(ANDROID_LOG_ERROR, "epoll add udp error %d: %s", errno, strerror(errno));
s->next = args->ctx->ng_session;
args->ctx->ng_session = s;
cur = s;
}
// Check for DHCP (tethering)
if (ntohs(udphdr->source) == 68 || ntohs(udphdr->dest) == 67) {
if (check_dhcp(args, &cur->udp, data, datalen) >= 0)
return 1;
}
log_android(ANDROID_LOG_INFO, "UDP forward from tun %s/%u to %s/%u data %d",
source, ntohs(udphdr->source), dest, ntohs(udphdr->dest), datalen);
cur->udp.time = time(NULL);
int rversion;
struct sockaddr_in addr4;
struct sockaddr_in6 addr6;
if (redirect == NULL) {
rversion = cur->udp.version;
if (cur->udp.version == 4) {
addr4.sin_family = AF_INET;
addr4.sin_addr.s_addr = (__be32) cur->udp.daddr.ip4;
addr4.sin_port = cur->udp.dest;
} else {
addr6.sin6_family = AF_INET6;
memcpy(&addr6.sin6_addr, &cur->udp.daddr.ip6, 16);
addr6.sin6_port = cur->udp.dest;
}
} else {
rversion = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
log_android(ANDROID_LOG_WARN, "UDP%d redirect to %s/%u",
rversion, redirect->raddr, redirect->rport);
if (rversion == 4) {
addr4.sin_family = AF_INET;
inet_pton(AF_INET, redirect->raddr, &addr4.sin_addr);
addr4.sin_port = htons(redirect->rport);
} else {
addr6.sin6_family = AF_INET6;
inet_pton(AF_INET6, redirect->raddr, &addr6.sin6_addr);
addr6.sin6_port = htons(redirect->rport);
}
}
if (sendto(cur->socket, data, (socklen_t) datalen, MSG_NOSIGNAL,
(rversion == 4 ? (const struct sockaddr *) &addr4
: (const struct sockaddr *) &addr6),
(socklen_t) (rversion == 4 ? sizeof(addr4) : sizeof(addr6))) != datalen) {
log_android(ANDROID_LOG_ERROR, "UDP sendto error %d: %s", errno, strerror(errno));
if (errno != EINTR && errno != EAGAIN) {
cur->udp.state = UDP_FINISHING;
return 0;
}
} else
cur->udp.sent += datalen;
return 1;
}
int open_udp_socket(const struct arguments *args,
const struct udp_session *cur, const struct allowed *redirect) {
int sock;
int version;
if (redirect == NULL)
version = cur->version;
else
version = (strstr(redirect->raddr, ":") == NULL ? 4 : 6);
// Get UDP socket
sock = socket(version == 4 ? PF_INET : PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (sock < 0) {
log_android(ANDROID_LOG_ERROR, "UDP socket error %d: %s", errno, strerror(errno));
return -1;
}
// Protect socket
if (protect_socket(args, sock) < 0)
return -1;
// Check for broadcast/multicast
if (cur->version == 4) {
uint32_t broadcast4 = INADDR_BROADCAST;
if (memcmp(&cur->daddr.ip4, &broadcast4, sizeof(broadcast4)) == 0) {
log_android(ANDROID_LOG_WARN, "UDP4 broadcast");
int on = 1;
if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)))
log_android(ANDROID_LOG_ERROR, "UDP setsockopt SO_BROADCAST error %d: %s",
errno, strerror(errno));
}
} else {
// http://man7.org/linux/man-pages/man7/ipv6.7.html
if (*((uint8_t *) &cur->daddr.ip6) == 0xFF) {
log_android(ANDROID_LOG_WARN, "UDP6 broadcast");
int loop = 1; // true
if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop, sizeof(loop)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_MULTICAST_LOOP error %d: %s",
errno, strerror(errno));
int ttl = -1; // route default
if (setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_MULTICAST_HOPS error %d: %s",
errno, strerror(errno));
struct ipv6_mreq mreq6;
memcpy(&mreq6.ipv6mr_multiaddr, &cur->daddr.ip6, sizeof(struct in6_addr));
mreq6.ipv6mr_interface = INADDR_ANY;
if (setsockopt(sock, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq6, sizeof(mreq6)))
log_android(ANDROID_LOG_ERROR,
"UDP setsockopt IPV6_ADD_MEMBERSHIP error %d: %s",
errno, strerror(errno));
}
}
return sock;
}
ssize_t write_udp(const struct arguments *args, const struct udp_session *cur,
uint8_t *data, size_t datalen) {
size_t len;
u_int8_t *buffer;
struct udphdr *udp;
uint16_t csum;
char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1];
// Build packet
if (cur->version == 4) {
len = sizeof(struct iphdr) + sizeof(struct udphdr) + datalen;
buffer = ng_malloc(len, "udp write4");
struct iphdr *ip4 = (struct iphdr *) buffer;
udp = (struct udphdr *) (buffer + sizeof(struct iphdr));
if (datalen)
memcpy(buffer + sizeof(struct iphdr) + sizeof(struct udphdr), data, datalen);
// Build IP4 header
memset(ip4, 0, sizeof(struct iphdr));
ip4->version = 4;
ip4->ihl = sizeof(struct iphdr) >> 2;
ip4->tot_len = htons(len);
ip4->ttl = IPDEFTTL;
ip4->protocol = IPPROTO_UDP;
ip4->saddr = cur->daddr.ip4;
ip4->daddr = cur->saddr.ip4;
// Calculate IP4 checksum
ip4->check = ~calc_checksum(0, (uint8_t *) ip4, sizeof(struct iphdr));
// Calculate UDP4 checksum
struct ippseudo pseudo;
memset(&pseudo, 0, sizeof(struct ippseudo));
pseudo.ippseudo_src.s_addr = (__be32) ip4->saddr;
pseudo.ippseudo_dst.s_addr = (__be32) ip4->daddr;
pseudo.ippseudo_p = ip4->protocol;
pseudo.ippseudo_len = htons(sizeof(struct udphdr) + datalen);
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ippseudo));
} else {
len = sizeof(struct ip6_hdr) + sizeof(struct udphdr) + datalen;
buffer = ng_malloc(len, "udp write6");
struct ip6_hdr *ip6 = (struct ip6_hdr *) buffer;
udp = (struct udphdr *) (buffer + sizeof(struct ip6_hdr));
if (datalen)
memcpy(buffer + sizeof(struct ip6_hdr) + sizeof(struct udphdr), data, datalen);
// Build IP6 header
memset(ip6, 0, sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = 0;
ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = htons(len - sizeof(struct ip6_hdr));
ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = IPPROTO_UDP;
ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = IPDEFTTL;
ip6->ip6_ctlun.ip6_un2_vfc = IPV6_VERSION;
memcpy(&(ip6->ip6_src), &cur->daddr.ip6, 16);
memcpy(&(ip6->ip6_dst), &cur->saddr.ip6, 16);
// Calculate UDP6 checksum
struct ip6_hdr_pseudo pseudo;
memset(&pseudo, 0, sizeof(struct ip6_hdr_pseudo));
memcpy(&pseudo.ip6ph_src, &ip6->ip6_dst, 16);
memcpy(&pseudo.ip6ph_dst, &ip6->ip6_src, 16);
pseudo.ip6ph_len = ip6->ip6_ctlun.ip6_un1.ip6_un1_plen;
pseudo.ip6ph_nxt = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
csum = calc_checksum(0, (uint8_t *) &pseudo, sizeof(struct ip6_hdr_pseudo));
}
// Build UDP header
memset(udp, 0, sizeof(struct udphdr));
udp->source = cur->dest;
udp->dest = cur->source;
udp->len = htons(sizeof(struct udphdr) + datalen);
// Continue checksum
csum = calc_checksum(csum, (uint8_t *) udp, sizeof(struct udphdr));
csum = calc_checksum(csum, data, datalen);
udp->check = ~csum;
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
(cur->version == 4 ? (const void *) &cur->saddr.ip4 : (const void *) &cur->saddr.ip6),
source,
sizeof(source));
inet_ntop(cur->version == 4 ? AF_INET : AF_INET6,
(cur->version == 4 ? (const void *) &cur->daddr.ip4 : (const void *) &cur->daddr.ip6),
dest,
sizeof(dest));
// Send packet
log_android(ANDROID_LOG_DEBUG,
"UDP sending to tun %d from %s/%u to %s/%u data %u",
args->tun, dest, ntohs(cur->dest), source, ntohs(cur->source), len);
ssize_t res = write(args->tun, buffer, len);
// Write PCAP record
if (res >= 0) {
if (pcap_file != NULL)
write_pcap_rec(buffer, (size_t) res);
} else
log_android(ANDROID_LOG_WARN, "UDP write error %d: %s", errno, strerror(errno));
ng_free(buffer, __FILE__, __LINE__);
if (res != len) {
log_android(ANDROID_LOG_ERROR, "write %d/%d", res, len);
return -1;
}
return res;
}

182
NetGuard/app/src/main/jni/netguard/util.c
View File

@ -1,182 +0,0 @@
/*
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see <http://www.gnu.org/licenses/>.
Copyright 2015-2019 by Marcel Bokhorst (M66B)
*/
#include "netguard.h"
extern int loglevel;
uint16_t calc_checksum(uint16_t start, const uint8_t *buffer, size_t length) {
register uint32_t sum = start;
register uint16_t *buf = (uint16_t *) buffer;
register size_t len = length;
while (len > 1) {
sum += *buf++;
len -= 2;
}
if (len > 0)
sum += *((uint8_t *) buf);
while (sum >> 16)
sum = (sum & 0xFFFF) + (sum >> 16);
return (uint16_t) sum;
}
int compare_u32(uint32_t s1, uint32_t s2) {
// https://tools.ietf.org/html/rfc1982
if (s1 == s2)
return 0;
uint32_t i1 = s1;
uint32_t i2 = s2;
if ((i1 < i2 && i2 - i1 < 0x7FFFFFFF) ||
(i1 > i2 && i1 - i2 > 0x7FFFFFFF))
return -1;
else
return 1;
}
int sdk_int(JNIEnv *env) {
jclass clsVersion = jniFindClass(env, "android/os/Build$VERSION");
jfieldID fid = (*env)->GetStaticFieldID(env, clsVersion, "SDK_INT", "I");
return (*env)->GetStaticIntField(env, clsVersion, fid);
}
void log_android(int prio, const char *fmt, ...) {
if (prio >= loglevel) {
char line[1024];
va_list argptr;
va_start(argptr, fmt);
vsprintf(line, fmt, argptr);
__android_log_print(prio, TAG, "%s", line);
va_end(argptr);
}
}
uint8_t char2nible(const char c) {
if (c >= '0' && c <= '9') return (uint8_t) (c - '0');
if (c >= 'a' && c <= 'f') return (uint8_t) ((c - 'a') + 10);
if (c >= 'A' && c <= 'F') return (uint8_t) ((c - 'A') + 10);
return 255;
}
void hex2bytes(const char *hex, uint8_t *buffer) {
size_t len = strlen(hex);
for (int i = 0; i < len; i += 2)
buffer[i / 2] = (char2nible(hex[i]) << 4) | char2nible(hex[i + 1]);
}
char *trim(char *str) {
while (isspace(*str))
str++;
if (*str == 0)
return str;
char *end = str + strlen(str) - 1;
while (end > str && isspace(*end))
end--;
*(end + 1) = 0;
return str;
}
const char *strstate(const int state) {
switch (state) {
case TCP_ESTABLISHED:
return "ESTABLISHED";
case TCP_SYN_SENT:
return "SYN_SENT";
case TCP_SYN_RECV:
return "SYN_RECV";
case TCP_FIN_WAIT1:
return "FIN_WAIT1";
case TCP_FIN_WAIT2:
return "FIN_WAIT2";
case TCP_TIME_WAIT:
return "TIME_WAIT";
case TCP_CLOSE:
return "CLOSE";
case TCP_CLOSE_WAIT:
return "CLOSE_WAIT";
case TCP_LAST_ACK:
return "LAST_ACK";
case TCP_LISTEN:
return "LISTEN";
case TCP_CLOSING:
return "CLOSING";
default:
return "UNKNOWN";
}
}
char *hex(const u_int8_t *data, const size_t len) {
char hex_str[] = "0123456789ABCDEF";
char *hexout;
hexout = (char *) ng_malloc(len * 3 + 1, "hex"); // TODO free
for (size_t i = 0; i < len; i++) {
hexout[i * 3 + 0] = hex_str[(data[i] >> 4) & 0x0F];
hexout[i * 3 + 1] = hex_str[(data[i]) & 0x0F];
hexout[i * 3 + 2] = ' ';
}
hexout[len * 3] = 0;
return hexout;
}
int32_t get_local_port(const int sock) {
struct sockaddr_in sin;
socklen_t len = sizeof(sin);
if (getsockname(sock, (struct sockaddr *) &sin, &len) < 0) {
log_android(ANDROID_LOG_ERROR, "getsockname error %d: %s", errno, strerror(errno));
return -1;
} else
return ntohs(sin.sin_port);
}
int is_event(int fd, short event) {
struct pollfd p;
p.fd = fd;
p.events = event;
p.revents = 0;
int r = poll(&p, 1, 0);
if (r < 0) {
log_android(ANDROID_LOG_ERROR, "poll readable error %d: %s", errno, strerror(errno));
return 0;
} else if (r == 0)
return 0;
else
return (p.revents & event);
}
int is_readable(int fd) {
return is_event(fd, POLLIN);
}
int is_writable(int fd) {
return is_event(fd, POLLOUT);
}
long long get_ms() {
struct timespec ts;
clock_gettime(CLOCK_MONOTONIC, &ts);
return ts.tv_sec * 1000LL + ts.tv_nsec / 1e6;
}

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_add_circle_outline_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 487 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_attach_money_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 395 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_attach_money_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 397 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_check_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 181 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_close_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 221 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_cloud_upload_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 345 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_delete_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 155 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_delete_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 161 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_equalizer_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 106 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_equalizer_white_24dp_60.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 178 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_error_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 324 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_expand_less_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 149 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_expand_less_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 156 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_expand_more_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 151 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_expand_more_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 159 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_file_download_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 163 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 111 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_filter_list_white_24dp_60.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 196 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_hourglass_empty_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 154 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_hourglass_empty_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 159 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_launch_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 250 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_launch_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 253 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_lock_open_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 306 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_lock_outline_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 303 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_lock_outline_white_24dp_60.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 463 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_pause_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 102 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_pause_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 105 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_perm_data_setting_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 363 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_perm_data_setting_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 386 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_perm_identity_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 365 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_play_arrow_black_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 194 B

BIN
NetGuard/app/src/main/res/drawable-hdpi/ic_play_arrow_white_24dp.png
View File

Side by Side

Before

Width: 36  |  Height: 36  |  Size: 195 B

Some files were not shown because too many files changed in this diff

Write Preview
Loading…
Cancel
Save