fixed double adding of iptables rules, and proper clearing

This commit is contained in:
n8fr8 2012-10-22 13:43:13 +05:30
parent b90483f65b
commit 2b3164ef6c
2 changed files with 87 additions and 118 deletions

View File

@ -58,7 +58,7 @@ import android.util.Log;
public class TorService extends Service implements TorServiceConstants, TorConstants, Runnable, EventHandler public class TorService extends Service implements TorServiceConstants, TorConstants, Runnable, EventHandler
{ {
public static boolean ENABLE_DEBUG_LOG = true; public static boolean ENABLE_DEBUG_LOG = false;
private static int currentStatus = STATUS_OFF; private static int currentStatus = STATUS_OFF;
@ -89,7 +89,6 @@ public class TorService extends Service implements TorServiceConstants, TorConst
private File fileObfsProxy; private File fileObfsProxy;
private TorTransProxy mTransProxy; private TorTransProxy mTransProxy;
private boolean mTransProxyAll = false;
public static void logMessage(String msg) public static void logMessage(String msg)
{ {
@ -313,6 +312,10 @@ public class TorService extends Service implements TorServiceConstants, TorConst
{ {
currentStatus = STATUS_OFF; currentStatus = STATUS_OFF;
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
try try
{ {
killTorProcess (); killTorProcess ();
@ -326,7 +329,8 @@ public class TorService extends Service implements TorServiceConstants, TorConst
sendCallbackStatusMessage(getString(R.string.status_disabled)); sendCallbackStatusMessage(getString(R.string.status_disabled));
disableTransparentProxy(); if (hasRoot)
disableTransparentProxy();
} }
catch (Exception e) catch (Exception e)
{ {
@ -582,6 +586,12 @@ public class TorService extends Service implements TorServiceConstants, TorConst
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this); SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
ENABLE_DEBUG_LOG = prefs.getBoolean("pref_enable_logging",false); ENABLE_DEBUG_LOG = prefs.getBoolean("pref_enable_logging",false);
Log.i(TAG,"debug logging:" + ENABLE_DEBUG_LOG); Log.i(TAG,"debug logging:" + ENABLE_DEBUG_LOG);
boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
boolean transProxyAll = prefs.getBoolean("pref_transparent_all", false);
boolean transProxyTethering = prefs.getBoolean("pref_transparent_tethering", false);
currentStatus = STATUS_CONNECTING; currentStatus = STATUS_CONNECTING;
@ -593,9 +603,11 @@ public class TorService extends Service implements TorServiceConstants, TorConst
try { try {
enableTransparentProxy();
runTorShellCmd(); runTorShellCmd();
runPrivoxyShellCmd(); runPrivoxyShellCmd();
if (hasRoot && enableTransparentProxy)
enableTransparentProxy(transProxyAll, transProxyTethering);
} catch (Exception e) { } catch (Exception e) {
logException("Unable to start Tor: " + e.getMessage(),e); logException("Unable to start Tor: " + e.getMessage(),e);
@ -611,85 +623,54 @@ public class TorService extends Service implements TorServiceConstants, TorConst
* *
* the idea is that if Tor is off then transproxy is off * the idea is that if Tor is off then transproxy is off
*/ */
private boolean enableTransparentProxy () throws Exception private boolean enableTransparentProxy (boolean proxyAll, boolean enableTether) throws Exception
{ {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
if (mTransProxy == null) if (mTransProxy == null)
mTransProxy = new TorTransProxy(); mTransProxy = new TorTransProxy();
if (hasRoot && enableTransparentProxy)
{
mTransProxyAll = prefs.getBoolean("pref_transparent_all", false); TorService.logMessage ("Transparent Proxying: enabling...");
boolean transProxyTethering = prefs.getBoolean("pref_transparent_tethering", false);
//TODO: Find a nice place for the next (commented) line
TorService.logMessage ("Transparent Proxying: " + enableTransparentProxy); //TorTransProxy.setDNSProxying();
//String portProxyList = prefs.getString("pref_port_list", ""); int code = 0; // Default state is "okay"
if(proxyAll)
//TODO: Find a nice place for the next (commented) line {
//TorTransProxy.setDNSProxying(); showToolbarNotification(getString(R.string.setting_up_full_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
code = mTransProxy.setTransparentProxyingAll(this);
}
else
{
showToolbarNotification(getString(R.string.setting_up_app_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
code = mTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this));
}
int code = 0; // Default state is "okay"
/* TorService.logMessage ("TorTransProxy resp code: " + code);
if(transProxyPortFallback)
{
showToolbarNotification(getString(R.string.setting_up_port_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
StringTokenizer st = new StringTokenizer(portProxyList, ",");
int status = code;
while (st.hasMoreTokens())
{
status = mTransProxy.setTransparentProxyingByPort(this, Integer.parseInt(st.nextToken()));
if(status != 0)
code = status;
}
}
else
{*/
if(mTransProxyAll)
{
showToolbarNotification(getString(R.string.setting_up_full_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
code = mTransProxy.setTransparentProxyingAll(this);
}
else
{
showToolbarNotification(getString(R.string.setting_up_app_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
code = mTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this));
}
//}
TorService.logMessage ("TorTransProxy resp code: " + code); if (code == 0)
{
if (code == 0) showToolbarNotification(getString(R.string.transparent_proxying_enabled), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
if (enableTether)
{ {
showToolbarNotification(getString(R.string.transparent_proxying_enabled), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1); showToolbarNotification(getString(R.string.transproxy_enabled_for_tethering_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
if (transProxyTethering) mTransProxy.enableTetheringRules(this);
{
showToolbarNotification(getString(R.string.transproxy_enabled_for_tethering_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
mTransProxy.enableTetheringRules(this);
}
} }
else }
{ else
showToolbarNotification(getString(R.string.warning_error_starting_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1); {
showToolbarNotification(getString(R.string.warning_error_starting_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
} }
return true; return true;
}
else
return false;
} }
/* /*
@ -700,31 +681,23 @@ public class TorService extends Service implements TorServiceConstants, TorConst
*/ */
private boolean disableTransparentProxy () throws Exception private boolean disableTransparentProxy () throws Exception
{ {
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false); TorService.logMessage ("Transparent Proxying: disabling...");
boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
if (mTransProxy == null)
mTransProxy = new TorTransProxy();
if (hasRoot && enableTransparentProxy) // if (transProxyAll)
{ mTransProxy.clearTransparentProxyingAll(this);
// else
TorService.logMessage ("Clearing TransProxy rules"); mTransProxy.clearTransparentProxyingByApp(this,AppManager.getApps(this));
if (mTransProxy == null)
mTransProxy = new TorTransProxy();
//showToolbarNotification(getString(R.string.transproxy_rules_cleared), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
if (mTransProxyAll) clearNotifications();
mTransProxy.clearTransparentProxyingAll(this);
else return true;
mTransProxy.clearTransparentProxyingByApp(this,AppManager.getApps(this));
showToolbarNotification(getString(R.string.transproxy_rules_cleared), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
return true;
}
else
return false;
} }
private void runTorShellCmd() throws Exception private void runTorShellCmd() throws Exception
@ -1271,20 +1244,7 @@ public class TorService extends Service implements TorServiceConstants, TorConst
updateTorConfiguration(); updateTorConfiguration();
if (currentStatus == STATUS_ON)
{
//reset iptables rules in active mode
try
{
disableTransparentProxy();
enableTransparentProxy();
}
catch (Exception e)
{
logException("unable to setup transproxy",e);
}
}
} catch (RemoteException e) { } catch (RemoteException e) {

View File

@ -194,8 +194,16 @@ public class TorTransProxy implements TorServiceConstants {
// Allow everything for Tor // Allow everything for Tor
script.append(ipTablesPath); script.append(ipTablesPath);
script.append(" -t filter");
script.append(" -A OUTPUT"); script.append(" -A OUTPUT");
script.append(" -t filter");
script.append(" -m owner --uid-owner ");
script.append(torUid);
script.append(" -j ACCEPT");
script.append(" || exit\n");
script.append(ipTablesPath);
script.append(" -D OUTPUT");
script.append(" -t filter");
script.append(" -m owner --uid-owner "); script.append(" -m owner --uid-owner ");
script.append(torUid); script.append(torUid);
script.append(" -j ACCEPT"); script.append(" -j ACCEPT");
@ -497,7 +505,16 @@ public class TorTransProxy implements TorServiceConstants {
//flushIptables(context); //flushIptables(context);
int torUid = context.getApplicationInfo().uid; int torUid = context.getApplicationInfo().uid;
// Allow everything for Tor
script.append(ipTablesPath);
script.append(" -" + cmd + " OUTPUT");
script.append(" -t filter");
script.append(" -m owner --uid-owner ");
script.append(torUid);
script.append(" -j ACCEPT");
script.append(" || exit\n");
// Set up port redirection // Set up port redirection
script.append(ipTablesPath); script.append(ipTablesPath);
script.append(" -" + cmd + " OUTPUT"); script.append(" -" + cmd + " OUTPUT");
@ -551,14 +568,6 @@ public class TorTransProxy implements TorServiceConstants {
script.append(" -j ACCEPT"); script.append(" -j ACCEPT");
script.append(" || exit\n"); script.append(" || exit\n");
// Allow everything for Tor
script.append(ipTablesPath);
script.append(" -" + cmd + " OUTPUT");
script.append(" -t filter");
script.append(" -m owner --uid-owner ");
script.append(torUid);
script.append(" -j ACCEPT");
script.append(" || exit\n");
if (TorService.ENABLE_DEBUG_LOG) if (TorService.ENABLE_DEBUG_LOG)
{ {