dan
/
tor-android
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

with transproxy allow localport access for proxies 

when transproxy all is on, or when app by app proxying is on,
access to the localhost transproxy, SOCKS, HTTP, tor DNS and
other localhost ports should be allowed for apps that want
to speak directly to tor regardless of transproxy being enabled
This commit is contained in:
Nathan Freitas 2012-01-13 10:58:51 -05:00
parent 2962f58447
commit 8906c31dd6
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/org/torproject/android/service/TorTransProxy.java
View File

@ -246,6 +246,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t nat");
script.append(" -A OUTPUT -p tcp");
script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m tcp --syn");
@ -267,6 +268,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t filter");
script.append(" -A OUTPUT -p tcp");
script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m tcp --dport ");
@ -425,6 +427,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t nat");
script.append(" -A OUTPUT -p tcp");
script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner ! --uid-owner ");
script.append(torUid);
script.append(" -m tcp --syn");
@ -443,15 +446,23 @@ public class TorTransProxy implements TorServiceConstants {
script.append(TOR_DNS_PORT);
script.append(" || exit\n");
int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP};
for (int port : ports)
{
// Allow packets to localhost (contains all the port-redirected ones)
script.append(ipTablesPath);
script.append(" -t filter");
script.append(" -A OUTPUT");
script.append(" -p tcp");
script.append(" -d 127.0.0.1");
script.append(" --dport ");
script.append(port);
script.append(" -j ACCEPT");
script.append(" || exit\n");
}
// Allow loopback
script.append(ipTablesPath);
script.append(" -t filter");