diff --git a/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch b/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch deleted file mode 100644 index 51dce9be..00000000 --- a/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 74ef555267f83e6e0e365112749dd8b743ee2b87 Mon Sep 17 00:00:00 2001 -From: n8fr8 -Date: Mon, 19 Sep 2016 16:04:04 -0400 -Subject: [PATCH 1/1] add limits.h to support MAX_SIZE on Android - ---- - src/ext/trunnel/trunnel.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c -index 0ed75aa..dbb9476 100644 ---- a/src/ext/trunnel/trunnel.c -+++ b/src/ext/trunnel/trunnel.c -@@ -13,6 +13,11 @@ - #include - #include - #include "trunnel-impl.h" -+ /* Get SIZE_MAX. */ -+#ifdef __BIONIC__ -+#include -+#endif -+ - - #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ --- -1.9.1 - diff --git a/external/Makefile b/external/Makefile index cc360cca..612f6d24 100644 --- a/external/Makefile +++ b/external/Makefile @@ -252,12 +252,6 @@ tor/configure: ./autogen.sh tor/Makefile: tor/configure -# cp 0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch tor -# cd tor && \ -# git apply 0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch -# cp fix_android_0.2.6.4rc_build.patch tor -# cd tor && \ -# git apply fix_android_0.2.6.4rc_build.patch cp config.sub tor cp config.guess tor cd tor && \ diff --git a/external/fix_android_0.2.6.4rc_build.patch b/external/fix_android_0.2.6.4rc_build.patch deleted file mode 100644 index b7cb1cd3..00000000 --- a/external/fix_android_0.2.6.4rc_build.patch +++ /dev/null @@ -1,77 +0,0 @@ -From ed6a98b39661a204eb0186267bf406469b4e51ba Mon Sep 17 00:00:00 2001 -From: n8fr8 -Date: Wed, 18 Mar 2015 17:07:49 -0400 -Subject: [PATCH 1/2] disable setting of MONOTONIC time on Android (it doesn't - work) - ---- - src/common/compat_pthreads.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c -index f4a6cad..ccacef1 100644 ---- a/src/common/compat_pthreads.c -+++ b/src/common/compat_pthreads.c -@@ -181,6 +181,7 @@ tor_cond_init(tor_cond_t *cond) - return -1; - } - -+#ifndef __ANDROID_API__ - #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) - /* Use monotonic time so when we timedwait() on it, any clock adjustment - * won't affect the timeout value. */ -@@ -188,6 +189,7 @@ tor_cond_init(tor_cond_t *cond) - return -1; - } - #endif -+#endif - if (pthread_cond_init(&cond->cond, &condattr)) { - return -1; - } --- -1.9.1 - - -From 4257a9f1fbbc05413077b7b70215622099f667df Mon Sep 17 00:00:00 2001 -From: n8fr8 -Date: Wed, 18 Mar 2015 17:08:14 -0400 -Subject: [PATCH 2/2] you must explicitly include limits.h on Android - ---- - src/ext/trunnel/trunnel.c | 1 + - src/trunnel/trunnel-local.h | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c -index 7353237..1d4403c 100644 ---- a/src/ext/trunnel/trunnel.c -+++ b/src/ext/trunnel/trunnel.c -@@ -13,6 +13,7 @@ - #include - #include - #include "trunnel-impl.h" -+#include "limits.h" - - #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -diff --git a/src/trunnel/trunnel-local.h b/src/trunnel/trunnel-local.h -index b7c2ab9..e55cf3c 100644 ---- a/src/trunnel/trunnel-local.h -+++ b/src/trunnel/trunnel-local.h -@@ -5,6 +5,7 @@ - #include "util.h" - #include "compat.h" - #include "crypto.h" -+#include "limits.h" - - #define trunnel_malloc tor_malloc - #define trunnel_calloc tor_calloc -@@ -15,4 +16,5 @@ - #define trunnel_assert tor_assert - #define trunnel_memwipe(mem, len) memwipe((mem), 0, (len)) - -+ - #endif --- -1.9.1 - diff --git a/external/patches/UDP-block.patch b/external/patches/UDP-block.patch deleted file mode 100644 index e16a9574..00000000 --- a/external/patches/UDP-block.patch +++ /dev/null @@ -1,243 +0,0 @@ -From c2620d6939713762e30badc3ed5da981e296b742 Mon Sep 17 00:00:00 2001 -From: patch -Date: Mon, 23 Jul 2012 16:12:55 -0400 -Subject: [PATCH] Modified iptables rules for transproxying. UDP is now - blocked. Also removed some redundant rules and reordered - others. I reordered by the idea that its generally easier - to specifically allow traffic before your reject it. - ---- - .../torproject/android/service/TorTransProxy.java | 133 ++++++++++---------- - 1 file changed, 64 insertions(+), 69 deletions(-) - -diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java -index 2571123..c248a9f 100644 ---- a/src/org/torproject/android/service/TorTransProxy.java -+++ b/src/org/torproject/android/service/TorTransProxy.java -@@ -224,6 +224,15 @@ public class TorTransProxy implements TorServiceConstants { - - int torUid = context.getApplicationInfo().uid; - -+ // Allow everything for Tor -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(torUid); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ - //build up array of shell cmds to execute under one root context - for (TorifiedApp tApp:apps) - { -@@ -235,9 +244,9 @@ public class TorTransProxy implements TorServiceConstants { - { - - TorService.logMessage("enabling transproxy for app: " + tApp.getUsername() + "(" + tApp.getUid() + ")"); -- -- // Set up port redirection -- script.append(ipTablesPath); -+ -+ // Set up port redirection -+ script.append(ipTablesPath); - script.append(" -t nat"); - script.append(" -A OUTPUT -p tcp"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost -@@ -251,14 +260,28 @@ public class TorTransProxy implements TorServiceConstants { - // Same for DNS - script.append(ipTablesPath); - script.append(" -t nat"); -- script.append(" -A OUTPUT -p udp -m owner --uid-owner "); -+ script.append(" -A OUTPUT -p udp"); -+ script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); -- -+ -+ // Allow loopback -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(tApp.getUid()); -+ script.append(" -o lo"); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ -+ /* -+ //Outgoing loopback already allowed (23/7/12) -+ - int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP}; - - for (int port : ports) -@@ -276,53 +299,32 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" -j ACCEPT"); - script.append(" || exit\n"); - } -- -- // Allow loopback -+ */ -+ -+ // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -t filter"); - script.append(" -A OUTPUT"); - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -p tcp"); -- script.append(" -o lo"); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- -- // Reject DNS that is not from Tor (order is important - first matched rule counts!) -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(tApp.getUid()); -- script.append(" -p udp"); -- script.append(" --dport "); -- script.append(STANDARD_DNS_PORT); - script.append(" -j REJECT"); - script.append(" || exit\n"); -- -- // Reject all other outbound TCP packets -+ -+ // Reject all other outbound UDP packets - script.append(ipTablesPath); - script.append(" -t filter"); - script.append(" -A OUTPUT"); - script.append(" -m owner --uid-owner "); - script.append(tApp.getUid()); -- script.append(" -p tcp"); -+ script.append(" -p udp"); - script.append(" -j REJECT"); - script.append(" || exit\n"); -+ - - } - } -- - -- // Allow everything for Tor -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(torUid); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- - String[] cmdAdd = {script.toString()}; - - code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); -@@ -450,8 +452,8 @@ public class TorTransProxy implements TorServiceConstants { - - int torUid = context.getApplicationInfo().uid; - -- // Set up port redirection -- script.append(ipTablesPath); -+ // Set up port redirection -+ script.append(ipTablesPath); - script.append(" -t nat"); - script.append(" -A OUTPUT -p tcp"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost -@@ -465,14 +467,36 @@ public class TorTransProxy implements TorServiceConstants { - // Same for DNS - script.append(ipTablesPath); - script.append(" -t nat"); -- script.append(" -A OUTPUT -p udp -m owner ! --uid-owner "); -+ script.append(" -A OUTPUT -p udp"); -+ script.appent(" -m owner ! --uid-owner "); - script.append(torUid); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); -+ -+ // Allow loopback -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -o lo"); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); - -+ // Allow everything for Tor -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(torUid); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ -+ -+ /* -+ //Outgoing loopback already allowed (23/7/12) -+ - int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP}; - - for (int port : ports) -@@ -490,25 +514,8 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" -j ACCEPT"); - script.append(" || exit\n"); - -- } -- -- // Allow loopback -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -p tcp"); -- script.append(" -o lo"); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -+ } */ - -- // Allow everything for Tor -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(torUid); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); - - if (TorService.ENABLE_DEBUG_LOG) - { -@@ -532,23 +539,11 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" --log-uid"); - script.append(" || exit\n"); - } -- -- // Reject DNS that is not from Tor (order is important - first matched rule counts!) -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -p udp"); -- script.append(" --dport "); -- script.append(STANDARD_DNS_PORT); -- script.append(" -j REJECT"); -- script.append(" || exit\n"); -- -- // Reject all other outbound TCP packets -+ -+ // Reject all other outbound packets by default - script.append(ipTablesPath); - script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -p tcp"); -- script.append(" -j REJECT"); -+ script.append(" -P OUTPUT DROP"); - script.append(" || exit\n"); - - String[] cmdAdd = {script.toString()}; --- -1.7.9.5 - diff --git a/external/patches/orbot-patch-sporkbomb-20110501/Part 1.4 b/external/patches/orbot-patch-sporkbomb-20110501/Part 1.4 deleted file mode 100644 index 002bdb96..00000000 --- a/external/patches/orbot-patch-sporkbomb-20110501/Part 1.4 +++ /dev/null @@ -1,11 +0,0 @@ -_______________________________________________ -Guardian-dev mailing list - -Post: Guardian-dev@lists.mayfirst.org -List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev - -To Unsubscribe - Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org - Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info - -You are subscribed as: nathan@guardianproject.info diff --git a/external/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch b/external/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch deleted file mode 100644 index 60635b48..00000000 --- a/external/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch +++ /dev/null @@ -1,390 +0,0 @@ -Index: src/org/torproject/android/service/TorService.java -=================================================================== ---- src/org/torproject/android/service/TorService.java (revision 24697) -+++ src/org/torproject/android/service/TorService.java (working copy) -@@ -710,10 +710,36 @@ - - if (enableTransparentProxy) - { -- showAlert("Status", "Setting up transparent proxying..."); -- -- //TorTransProxy.setDNSProxying(); -- int code = TorTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this),transProxyAll); -+ //TODO: Find a nice place for the next (commented) line -+ //TorTransProxy.setDNSProxying(); -+ -+ int code = 0; // Default state is "okay" -+ -+ if(transProxyPortFallback) -+ { -+ showAlert("Status", "Setting up port-based transparent proxying..."); -+ StringTokenizer st = new StringTokenizer(portProxyList, ","); -+ int status = code; -+ while (st.hasMoreTokens()) -+ { -+ status = TorTransProxy.setTransparentProxyingByPort(this, Integer.parseInt(st.nextToken())); -+ if(status != 0) -+ code = status; -+ } -+ } -+ else -+ { -+ if(transProxyAll) -+ { -+ showAlert("Status", "Setting up full transparent proxying..."); -+ code = TorTransProxy.setTransparentProxyingAll(this); -+ } -+ else -+ { -+ showAlert("Status", "Setting up app-based transparent proxying..."); -+ code = TorTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this),transProxyAll); -+ } -+ } - - TorService.logMessage ("TorTransProxy resp code: " + code); - -@@ -725,17 +751,7 @@ - { - showAlert("Status", "WARNING: error starting transparent proxying!"); - } -- -- //this is for Androids w/o owner module support as a circumvention only fallback -- if (transProxyPortFallback) -- { -- StringTokenizer st = new StringTokenizer(portProxyList, ","); -- -- while (st.hasMoreTokens()) -- TorTransProxy.setTransparentProxyingByPort(this, Integer.parseInt(st.nextToken())); -- -- } -- -+ - return true; - - } -Index: src/org/torproject/android/service/TorTransProxy.java -=================================================================== ---- src/org/torproject/android/service/TorTransProxy.java (revision 24697) -+++ src/org/torproject/android/service/TorTransProxy.java (working copy) -@@ -136,8 +136,6 @@ - //redirectDNSResolvConf(); //not working yet - - String ipTablesPath = new File(context.getDir("bin", 0),"iptables").getAbsolutePath(); -- -- boolean ipTablesOld = false; - - StringBuilder script = new StringBuilder(); - -@@ -145,14 +143,12 @@ - int code = -1; - - purgeIptables(context); -- -- script = new StringBuilder(); -- -+ - //build up array of shell cmds to execute under one root context - for (int i = 0; i < apps.length; i++) - { - -- if (forceAll || apps[i].isTorified()) //if "Tor Everything" on or app is set to true -+ if (apps[i].isTorified()) //if app is set to true - { - - if (apps[i].getUsername().equals(TorServiceConstants.TOR_APP_USERNAME)) -@@ -170,14 +166,8 @@ - script.append(" -m owner --uid-owner "); - script.append(apps[i].getUid()); - script.append(" -m tcp --syn"); -- -- if (ipTablesOld) -- script.append(" -j DNAT --to 127.0.0.1:"); -- else -- script.append(" -j REDIRECT --to-ports "); -- -+ script.append(" -j REDIRECT --to-ports "); - script.append(TOR_TRANSPROXY_PORT); -- - script.append(" || exit\n"); - - //DNS -@@ -187,57 +177,37 @@ - script.append(apps[i].getUid()); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); -+ script.append(" -j REDIRECT --to-ports "); -+ script.append(TOR_DNS_PORT); -+ script.append(" || exit\n"); - -- if (ipTablesOld) -- script.append(" -j DNAT --to 127.0.0.1:"); -- else -- script.append(" -j REDIRECT --to-ports "); -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT -p tcp"); -+ script.append(" -m owner --uid-owner "); -+ script.append(apps[i].getUid()); -+ script.append(" -m tcp --dport "); -+ script.append(TOR_TRANSPROXY_PORT); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); - -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT -p udp"); -+ script.append(" -m owner --uid-owner "); -+ script.append(apps[i].getUid()); -+ script.append(" -m udp --dport "); - script.append(TOR_DNS_PORT); -- -+ script.append(" -j ACCEPT"); - script.append(" || exit\n"); -+ -+ script.append(ipTablesPath); -+ script.append(" -t filter -A OUTPUT -m owner --uid-owner "); -+ script.append(apps[i].getUid()); -+ script.append(" -j DROP"); //drop all other packets as Tor won't handle them -+ script.append(" || exit\n"); - - -- if (ipTablesOld) //for some reason this doesn't work on iptables 1.3.7 -- { -- script.append(ipTablesPath); -- script.append(" -t nat"); -- script.append(" -A OUTPUT -m owner --uid-owner "); -- script.append(apps[i].getUid()); -- script.append(" -j DROP"); -- script.append(" || exit\n"); -- } -- else -- { -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT -p tcp"); -- script.append(" -m owner --uid-owner "); -- script.append(apps[i].getUid()); -- script.append(" -m tcp --dport "); -- script.append(TOR_TRANSPROXY_PORT); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT -p udp"); -- script.append(" -m owner --uid-owner "); -- script.append(apps[i].getUid()); -- script.append(" -m udp --dport "); -- script.append(TOR_DNS_PORT); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- -- script.append(ipTablesPath); -- script.append(" -t filter -A OUTPUT -m owner --uid-owner "); -- script.append(apps[i].getUid()); -- script.append(" -j DROP"); //drop all other packets as Tor won't handle them -- script.append(" || exit\n"); -- -- } -- -- - } - } - -@@ -260,20 +230,13 @@ - - //String baseDir = context.getDir("bin",0).getAbsolutePath() + '/'; - String ipTablesPath = new File(context.getDir("bin", 0),"iptables").getAbsolutePath(); -- -- boolean ipTablesOld = false; - - StringBuilder script = new StringBuilder(); - - StringBuilder res = new StringBuilder(); - int code = -1; -- -- String[] cmdFlush = {script.toString()}; -- code = TorServiceUtils.doShellCommand(cmdFlush, res, true, true); -- //String msg = res.toString(); //get stdout from command -+ purgeIptables(context); - -- script = new StringBuilder(); -- - //TCP - //iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumbe - -@@ -283,14 +246,8 @@ - script.append(" --dport "); - script.append(port); - //script.append(" -m tcp --syn"); -- -- if (ipTablesOld) -- script.append(" -j DNAT --to 127.0.0.1:"); -- else -- script.append(" -j REDIRECT --to-ports "); -- -+ script.append(" -j REDIRECT --to-ports "); - script.append(TOR_TRANSPROXY_PORT); -- - script.append(" || exit\n"); - - script.append(ipTablesPath); -@@ -298,14 +255,8 @@ - script.append(" -A OUTPUT -p udp"); - script.append(" --dport "); - script.append(port); -- -- if (ipTablesOld) -- script.append(" -j DNAT --to 127.0.0.1:"); -- else -- script.append(" -j REDIRECT --to-ports "); -- -+ script.append(" -j REDIRECT --to-ports "); - script.append(TOR_TRANSPROXY_PORT); -- - script.append(" || exit\n"); - - //DNS -@@ -314,24 +265,134 @@ - script.append(" -A OUTPUT -p udp "); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); -+ script.append(" -j REDIRECT --to-ports "); -+ script.append(TOR_DNS_PORT); -+ script.append(" || exit\n"); - -- if (ipTablesOld) -- script.append(" -j DNAT --to 127.0.0.1:"); -- else -- script.append(" -j REDIRECT --to-ports "); -+ -+ String[] cmdAdd = {script.toString()}; -+ code = TorServiceUtils.doShellCommand(cmdAdd, res, true, true); -+ String msg = res.toString(); -+ TorService.logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg); - -+ return code; -+ } -+ -+ public static int setTransparentProxyingAll(Context context) throws Exception { -+ boolean runRoot = true; -+ boolean waitFor = true; -+ -+ //android.os.Debug.waitForDebugger(); -+ -+ //redirectDNSResolvConf(); //not working yet -+ -+ String ipTablesPath = new File(context.getDir("bin", 0),"iptables").getAbsolutePath(); -+ -+ StringBuilder script = new StringBuilder(); -+ -+ StringBuilder res = new StringBuilder(); -+ int code = -1; -+ -+ purgeIptables(context); -+ -+ int torUid = context.getApplicationInfo().uid; -+ -+ // Set up port redirection -+ script.append(ipTablesPath); -+ script.append(" -t nat"); -+ script.append(" -A OUTPUT -p tcp"); -+ script.append(" -m owner ! --uid-owner "); -+ script.append(torUid); -+ script.append(" -m tcp --syn"); -+ script.append(" -j REDIRECT --to-ports "); -+ script.append(TOR_TRANSPROXY_PORT); -+ script.append(" || exit\n"); -+ -+ // Same for DNS -+ script.append(ipTablesPath); -+ script.append(" -t nat"); -+ script.append(" -A OUTPUT -p udp -m owner ! --uid-owner "); -+ script.append(torUid); -+ script.append(" -m udp --dport "); -+ script.append(STANDARD_DNS_PORT); -+ script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); -+ script.append(" || exit\n"); - -+ // Allow packets to localhost (contains all the port-redirected ones) -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -d 127.0.0.1"); -+ script.append(" -j ACCEPT"); - script.append(" || exit\n"); - -+ // Allow loopback -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -o lo"); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ -+ // Allow everything for Tor -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(torUid); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ -+ //XXX: Comment the following rules for non-debug builds -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p udp"); -+ script.append(" --dport "); -+ script.append(STANDARD_DNS_PORT); -+ script.append(" -j LOG"); -+ script.append(" --log-prefix='ORBOT_DNSLEAK_PROTECTION'"); -+ script.append(" --log-uid"); -+ script.append(" || exit\n"); -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -j LOG"); -+ script.append(" --log-prefix='ORBOT_TCPLEAK_PROTECTION'"); -+ script.append(" --log-uid"); -+ script.append(" || exit\n"); -+ -+ -+ // Reject DNS that is not from Tor (order is important - first matched rule counts!) -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p udp"); -+ script.append(" --dport "); -+ script.append(STANDARD_DNS_PORT); -+ script.append(" -j REJECT"); -+ script.append(" || exit\n"); -+ -+ // Reject all other outbound TCP packets -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -j REJECT"); -+ script.append(" || exit\n"); -+ -+ String[] cmdAdd = {script.toString()}; - -- String[] cmdAdd = {script.toString()}; -- code = TorServiceUtils.doShellCommand(cmdAdd, res, true, true); -+ code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); - String msg = res.toString(); - TorService.logMessage(cmdAdd[0] + ";errCode=" + code + ";resp=" + msg); - -- return code; -- } -+ return code; -+ } - - - } diff --git a/external/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report b/external/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report deleted file mode 100644 index 8f61a1f7..00000000 --- a/external/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report +++ /dev/null @@ -1,110 +0,0 @@ -<4>[ 115.319671] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=9997 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK URGP=0 UID=10035 GID=10035 -<4>[ 115.482788] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=9998 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK URGP=0 UID=10035 GID=10035 -<4>[ 116.037658] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=9999 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK URGP=0 UID=10035 GID=10035 -<4>[ 116.699127] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10000 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10035 GID=10035 -<4>[ 116.724517] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10001 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 UID=10035 GID=10035 -<4>[ 116.922515] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10002 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 117.330810] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10003 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 118.150726] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10004 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 118.903320] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10005 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 119.310729] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10006 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 120.130737] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10007 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 121.770690] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10008 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 122.695465] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10009 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 123.100708] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10010 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 123.920684] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10011 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 125.565673] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10012 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 128.840789] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10013 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 130.366333] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10014 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 130.785339] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10015 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 131.600799] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10016 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 132.835144] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50247 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 133.240753] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10017 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 133.410705] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50248 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 133.443481] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50249 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 134.031341] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50250 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 134.782196] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50251 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 135.360778] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50252 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 136.520782] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10018 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 136.526306] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50253 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 137.334716] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50254 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 137.915832] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50255 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 139.075378] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50256 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 140.435913] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10019 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 140.850799] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10020 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 141.395019] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50257 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 141.675140] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10021 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 142.455352] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50258 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 143.030792] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50259 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 143.310852] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10022 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 144.190734] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50260 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 146.510803] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50261 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 146.590789] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10023 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 151.150726] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50262 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 151.166290] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10024 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 151.570739] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10025 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 152.390686] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10026 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 152.694427] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50263 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 153.270721] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50264 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 154.030731] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10027 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 154.430694] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50265 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 156.750701] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50266 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 157.310699] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10028 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 160.383117] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10029 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 160.790832] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10030 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 161.390716] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50267 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 161.610717] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10031 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 163.250701] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10032 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 166.531494] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10033 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 170.670715] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50268 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 170.842285] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10034 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 171.250732] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10035 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 172.070800] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10036 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 173.309783] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50269 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 173.710784] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10037 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 173.880828] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50270 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 175.040710] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50271 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 176.990692] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10038 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 177.360687] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50272 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 181.682952] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10039 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 182.000701] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50273 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 182.090698] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10040 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 182.910797] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10041 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 184.550689] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10042 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 187.830749] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10043 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 191.280700] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50274 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 193.917053] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10044 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 194.330749] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10045 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 195.150695] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10046 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 196.790679] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10047 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 200.070709] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10048 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 201.567718] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10049 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 201.970703] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10050 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 202.790771] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10051 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 204.430816] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10052 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 207.710693] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10053 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 209.840789] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50275 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 212.362884] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10054 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 212.770812] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10055 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 213.590698] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10056 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 215.235809] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10057 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 217.285766] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=261 TOS=0x00 PREC=0x00 TTL=64 ID=50276 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 217.860687] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50277 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 218.510803] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10058 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 219.020721] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50278 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 220.840667] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.101 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=40218 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 -<4>[ 220.842559] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.101 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=40218 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 -<4>[ 220.844512] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.101 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=40218 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 -<4>[ 221.340820] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50279 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 221.478881] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=10059 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 221.890777] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10060 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 221.898010] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.101 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=40218 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 -<4>[ 222.710754] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10061 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 224.350677] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10062 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 225.617523] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.101 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=40218 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 -<4>[ 225.980743] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=87.238.52.70 LEN=249 TOS=0x00 PREC=0x00 TTL=64 ID=50280 DF PROTO=TCP SPT=53939 DPT=993 WINDOW=32044 RES=0x00 ACK PSH URGP=0 UID=10053 GID=10053 -<4>[ 227.630798] ORBOT_TCPLEAK_PROTECTIONIN= OUT=eth0 SRC=192.168.0.14 DST=74.125.39.139 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=10063 DF PROTO=TCP SPT=53388 DPT=443 WINDOW=32044 RES=0x00 ACK PSH FIN URGP=0 -<4>[ 241.522155] ORBOT_TCPLEAK_PROTECTIONIN= OUT=rmnet0 SRC=46.206.239.134 DST=84.22.122.5 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=20341 DF PROTO=TCP SPT=49138 DPT=9001 WINDOW=32044 RES=0x00 ACK URGP=0 -<4>[ 241.792358] ORBOT_TCPLEAK_PROTECTIONIN= OUT=rmnet0 SRC=46.206.239.134 DST=84.22.122.5 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=49138 DPT=9001 WINDOW=32044 RES=0x00 ACK URGP=0 -<4>[ 242.362335] ORBOT_TCPLEAK_PROTECTIONIN= OUT=rmnet0 SRC=46.206.239.134 DST=84.22.122.5 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=49138 DPT=9001 WINDOW=32044 RES=0x00 ACK URGP=0 -<4>[ 243.452331] ORBOT_TCPLEAK_PROTECTIONIN= OUT=rmnet0 SRC=46.206.239.134 DST=84.22.122.5 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=49138 DPT=9001 WINDOW=32044 RES=0x00 ACK URGP=0 diff --git a/external/patches/transproxy.patch b/external/patches/transproxy.patch deleted file mode 100644 index e69de29b..00000000 diff --git a/external/patches/udptransproxyfinal.patch b/external/patches/udptransproxyfinal.patch deleted file mode 100644 index 32cc0e2f..00000000 --- a/external/patches/udptransproxyfinal.patch +++ /dev/null @@ -1,247 +0,0 @@ -From a81741afe06ac2309b4306dedbd5a0ebf755b7e1 Mon Sep 17 00:00:00 2001 -From: patch -Date: Fri, 31 Aug 2012 17:25:52 -0400 -Subject: [PATCH] Addendum to the last commit on UDP transproxy rules. Trying - to simplfy the iptables rules didn't work out so this is a - minimal change from the original TorTransProxy.java file. - UDP is blocked and tested as working. - ---- - .../torproject/android/service/TorTransProxy.java | 144 ++++++++++++-------- - 1 file changed, 84 insertions(+), 60 deletions(-) - -diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java -index c248a9f..90bdc34 100644 ---- a/src/org/torproject/android/service/TorTransProxy.java -+++ b/src/org/torproject/android/service/TorTransProxy.java -@@ -224,15 +224,6 @@ public class TorTransProxy implements TorServiceConstants { - - int torUid = context.getApplicationInfo().uid; - -- // Allow everything for Tor -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(torUid); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- - //build up array of shell cmds to execute under one root context - for (TorifiedApp tApp:apps) - { -@@ -244,9 +235,9 @@ public class TorTransProxy implements TorServiceConstants { - { - - TorService.logMessage("enabling transproxy for app: " + tApp.getUsername() + "(" + tApp.getUid() + ")"); -- -- // Set up port redirection -- script.append(ipTablesPath); -+ -+ // Set up port redirection -+ script.append(ipTablesPath); - script.append(" -t nat"); - script.append(" -A OUTPUT -p tcp"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost -@@ -260,28 +251,14 @@ public class TorTransProxy implements TorServiceConstants { - // Same for DNS - script.append(ipTablesPath); - script.append(" -t nat"); -- script.append(" -A OUTPUT -p udp"); -- script.append(" -m owner --uid-owner "); -+ script.append(" -A OUTPUT -p udp -m owner --uid-owner "); - script.append(tApp.getUid()); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); -- -- // Allow loopback -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(tApp.getUid()); -- script.append(" -o lo"); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- -- /* -- //Outgoing loopback already allowed (23/7/12) -- -+ - int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP}; - - for (int port : ports) -@@ -299,8 +276,30 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" -j ACCEPT"); - script.append(" || exit\n"); - } -- */ -- -+ -+ // Allow loopback -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(tApp.getUid()); -+ script.append(" -p tcp"); -+ script.append(" -o lo"); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ -+ // Reject DNS that is not from Tor (order is important - first matched rule counts!) -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(tApp.getUid()); -+ script.append(" -p udp"); -+ script.append(" --dport "); -+ script.append(STANDARD_DNS_PORT); -+ script.append(" -j REJECT"); -+ script.append(" || exit\n"); -+ - // Reject all other outbound TCP packets - script.append(ipTablesPath); - script.append(" -t filter"); -@@ -321,10 +320,19 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" -j REJECT"); - script.append(" || exit\n"); - -- - } - } -+ - -+ // Allow everything for Tor -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(torUid); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); -+ - String[] cmdAdd = {script.toString()}; - - code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); -@@ -452,8 +460,8 @@ public class TorTransProxy implements TorServiceConstants { - - int torUid = context.getApplicationInfo().uid; - -- // Set up port redirection -- script.append(ipTablesPath); -+ // Set up port redirection -+ script.append(ipTablesPath); - script.append(" -t nat"); - script.append(" -A OUTPUT -p tcp"); - script.append(" ! -d 127.0.0.1"); //allow access to localhost -@@ -467,36 +475,14 @@ public class TorTransProxy implements TorServiceConstants { - // Same for DNS - script.append(ipTablesPath); - script.append(" -t nat"); -- script.append(" -A OUTPUT -p udp"); -- script.appent(" -m owner ! --uid-owner "); -+ script.append(" -A OUTPUT -p udp -m owner ! --uid-owner "); - script.append(torUid); - script.append(" -m udp --dport "); - script.append(STANDARD_DNS_PORT); - script.append(" -j REDIRECT --to-ports "); - script.append(TOR_DNS_PORT); - script.append(" || exit\n"); -- -- // Allow loopback -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -o lo"); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); - -- // Allow everything for Tor -- script.append(ipTablesPath); -- script.append(" -t filter"); -- script.append(" -A OUTPUT"); -- script.append(" -m owner --uid-owner "); -- script.append(torUid); -- script.append(" -j ACCEPT"); -- script.append(" || exit\n"); -- -- -- /* -- //Outgoing loopback already allowed (23/7/12) -- - int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP}; - - for (int port : ports) -@@ -514,8 +500,25 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" -j ACCEPT"); - script.append(" || exit\n"); - -- } */ -+ } -+ -+ // Allow loopback -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -o lo"); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); - -+ // Allow everything for Tor -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -m owner --uid-owner "); -+ script.append(torUid); -+ script.append(" -j ACCEPT"); -+ script.append(" || exit\n"); - - if (TorService.ENABLE_DEBUG_LOG) - { -@@ -539,13 +542,34 @@ public class TorTransProxy implements TorServiceConstants { - script.append(" --log-uid"); - script.append(" || exit\n"); - } -- -- // Reject all other outbound packets by default -+ -+ // Reject DNS that is not from Tor (order is important - first matched rule counts!) - script.append(ipTablesPath); - script.append(" -t filter"); -- script.append(" -P OUTPUT DROP"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p udp"); -+ script.append(" --dport "); -+ script.append(STANDARD_DNS_PORT); -+ script.append(" -j REJECT"); - script.append(" || exit\n"); - -+ // Reject all other outbound TCP packets -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p tcp"); -+ script.append(" -j REJECT"); -+ script.append(" || exit\n"); -+ -+ // Reject all other outbound UDP packets -+ script.append(ipTablesPath); -+ script.append(" -t filter"); -+ script.append(" -A OUTPUT"); -+ script.append(" -p udp"); -+ script.append(" -j REJECT"); -+ script.append(" || exit\n"); -+ -+ - String[] cmdAdd = {script.toString()}; - - code = TorServiceUtils.doShellCommand(cmdAdd, res, runRoot, waitFor); --- -1.7.9.5 - diff --git a/external/patches/update_GibberBot_info/ic_launcher_gibberbot.png b/external/patches/update_GibberBot_info/ic_launcher_gibberbot.png deleted file mode 100644 index e4099106..00000000 Binary files a/external/patches/update_GibberBot_info/ic_launcher_gibberbot.png and /dev/null differ diff --git a/external/patches/update_GibberBot_info/update_GibberBot_info.diff b/external/patches/update_GibberBot_info/update_GibberBot_info.diff deleted file mode 100644 index 404b5240..00000000 --- a/external/patches/update_GibberBot_info/update_GibberBot_info.diff +++ /dev/null @@ -1,285 +0,0 @@ -Index: res/values-ca/strings.xml -=================================================================== ---- res/values-ca/strings.xml (revision 24406) -+++ res/values-ca/strings.xml (working copy) -@@ -97,7 +97,7 @@ - - Aplicacions per a usar-se amb Orbot - T\'animem a descarregar-te & utilitza aplicacions que sàpiguen com connectar-se directament a Orbot. Fes clic als botons de sota per instal·lar. -- OTRCHAT - Client de missatgeria instantània segura per a Android -+ GibberBot - Client de missatgeria instantània segura per a Android - ORWEB (Només Android 1.x) - Navegador dissenyat per la privacitat & per a Orbot - Coniguració de Proxy - Aprèn a configurar aplicacions per a què funcionin amb Orbot - -@@ -115,7 +115,7 @@ - Orbot és a punt! - Centenars de milers de persones arreu del món utilitzen Tor per un gran ventall de raons: periodistes i blocaires, treballadors pels drets humans, agents de l\'autoritat, soldats, corporacions, ciutadans de règims opressors, i ciutadans qualssevol... I ara tu també ho pots fer! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/drawable/icon_otrchat.png -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: res/drawable/ic_launcher_gibberbot.png -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream - -Property changes on: res/drawable/ic_launcher_gibberbot.png -___________________________________________________________________ -Added: svn:mime-type - + application/octet-stream - -Index: res/values-fa/strings.xml -=================================================================== ---- res/values-fa/strings.xml (revision 24406) -+++ res/values-fa/strings.xml (working copy) -@@ -95,7 +95,7 @@ - - اپلیکیشن هایی که برای اوربات تنظیم شده اند - توصیه می کنیم داون لود و فعال کنید؛ اپلیکیشن هایی را استفاده کنید که مستقیم به اوربات وصل می شوند. دکمه های زیر را فشار دهید تا نصب شود. -- OTRCHAT - کاربر ایمن انتقال پیام فوری برای آندروید -+ GibberBot - کاربر ایمن انتقال پیام فوری برای آندروید - ORWEB (فقط آندروید 1.x) - مرورگر طراحی شده برای حفظ حریم خصوصی و افزونساز اوربات - تنظیمات پروکسی - یادگیری تنظیم اپلیکیشن ها برای کار با اوربات - -@@ -105,7 +105,7 @@ - اوربات آماده استفاده میباشد! - صدها هزار نفر در سراسر جهان به دلایل گوناگون از Tor استفاده می کنند: روزنامه نویسها و بلاگرها، کارکنان حقوق بشر، ماموران انتظامی، سربازان، شرکتها، شهروندان دولتهای سرکوبگر، و شهروندان عادی، و حالا شما نیز آماده استفاده از آن هستید! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-ru/strings.xml -=================================================================== ---- res/values-ru/strings.xml (revision 24406) -+++ res/values-ru/strings.xml (working copy) -@@ -95,7 +95,7 @@ - - Orbot-задействованные приложения - Мы советуем вам скачать и использовать приложения, которые умеют работать напрямую через Orbot. Нажмите на кнопки ниже, чтобы запустить процесс установки. -- OTRCHAT - Обезопасте обмен мгновенными сообщениями для клиентов в Android -+ GibberBot - Обезопасте обмен мгновенными сообщениями для клиентов в Android - ORWEB (Только для версии Android 1.x) - Браузер, разработанный для обеспечения безопасности и для Orbot - Настройки прокси - узнайте как настроить приложения для работы с Orbot - -@@ -109,7 +109,7 @@ - Программа Orbot готова к использованию! - Сотни тысяч людей по всему миру используют Tor по различным причинам: журналисты и блоггеры, активисты организаций, выступающих в защиту прав человека, судебные исполнители, солдаты, корпорации, граждане стран с репрессивным режимом, и простые люди... а теперь готовы и вы! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-de/strings.xml -=================================================================== ---- res/values-de/strings.xml (revision 24406) -+++ res/values-de/strings.xml (working copy) -@@ -97,7 +97,7 @@ - - Programme, für die Orbot aktiviert ist - Wir raten Ihnen Programme herunterzuladen & zu nutzen, die wissen, wie sie sich direkt mit Orbot verbinden. Klicken Sie zum Installieren auf den Knopf unten. -- OTRCHAT - Ein sicheres Instant-Messaging-Programm für Android -+ GibberBot - Ein sicheres Instant-Messaging-Programm für Android - ORWEB (Nur Android 1.x) - Ein für Privatsphäre & Orbot entworfener Browser - Proxy-Einstellungen - Lernen Sie Anwendungen so zu konfigurieren, dass sie mit Orbot zusammenarbeiten. - -@@ -115,7 +115,7 @@ - Orbot ist bereit! - Hunderttausende Menschen auf der ganzen Welt nutzen Tor aus einer Vielzahl von Gründen: Journalisten und Blogger, Menschenrechtsaktivisten, Strafverfolgungsbehörden, Soldaten, Unternehmen, Bürger repressiver Regime und ganz normale Menschen... und sind Sie ebenfalls bereit! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values/strings.xml -=================================================================== ---- res/values/strings.xml (revision 24406) -+++ res/values/strings.xml (working copy) -@@ -94,7 +94,7 @@ - - Orbot-enabled Apps - We encourage you to download & use apps that know how to connect directly to Orbot. Click on the buttons below to install. -- OTRCHAT - Secure instant messaging client for Android -+ Gibberbot - Secure instant messaging client for Android - ORWEB (Android 1.x Only) - Browser designed for privacy & for Orbot - Proxy Settings - Learn how to configure apps to work with Orbot - -@@ -108,7 +108,7 @@ - Orbot is ready! - Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens... and now you are ready to, as well! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-ar/strings.xml -=================================================================== ---- res/values-ar/strings.xml (revision 24406) -+++ res/values-ar/strings.xml (working copy) -@@ -97,7 +97,7 @@ - - تطبيقات مهيئة لأوربوت - نشجعكم على تحميل واستخدام التطبيقات التي تعرف كيفية الاتصال مباشرة بأوربوت. اضغط على الأزرار في الأسفل للتثبيت. -- OTRCHAT - عميل التراسل الفوري الآمن للأندرويد -+ GibberBot - عميل التراسل الفوري الآمن للأندرويد - ORWEB (أندرويد 1.x فقط) - متصفح مصمّم للخصوصية لأوربوت - إعدادات الوكيل - تعلم كيفية تكوين التطبيقات لتعمل مع أوربوت - -@@ -115,7 +115,7 @@ - أوربوت جاهز! - مئات الآلاف من الناس في جميع أنحاء العالم يستخدمون تور لأسباب عديدة: الصحفيين والمدونين، والعاملين في مجال حقوق الإنسان، والجنود والشركات والمواطنين من الأنظمة القمعية، والمواطنين العاديين ... والآن أنت مستعد لأن تستخدمه كذلك! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-es/strings.xml -=================================================================== ---- res/values-es/strings.xml (revision 24406) -+++ res/values-es/strings.xml (working copy) -@@ -97,7 +97,7 @@ - - Aplicaciones activas en Orbot - Le invitamos a descargar y utilizar aplicaciones que saben cómo conectarse directamente a Orbot. Haga clic en los botones a continuación para Instalar. -- OTRCHAT - Cliente de mensajería instantánea seguro para Android -+ GibberBot - Cliente de mensajería instantánea seguro para Android - ORWEB (Sólo Android 1.x) - Navegador diseñado para la privacidad y para Orbot - Configuraciones Proxy - Aprenda cómo configurar aplicaciones para que trabajen con Orbot - -@@ -115,7 +115,7 @@ - ¡Orbot está listo! - Cientos de miles de personas alrededor del mundo usan Tor por una amplia variedad de razones: periodistas y bloggers, trabajadores de los derechos humanos, oficiales de policía, soldados, corporaciones, ciudadanos de regímenes represivos y ciudadanos ordinarios... ¡y ahora también lo estás! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-mk/strings.xml -=================================================================== ---- res/values-mk/strings.xml (revision 24406) -+++ res/values-mk/strings.xml (working copy) -@@ -95,7 +95,7 @@ - - Орбот-вклучени апликации - Ви препорачуваме да презимате и користите апликации кои што знаат како директно да се поврзат со Орбот. Притиснете на копчињата подолу за инсталирање. -- OTRCHAT - Безбеден клиент за инстант-пораки за Андроид -+ GibberBot - Безбеден клиент за инстант-пораки за Андроид - ORWEB (само Андроид 1.x) - Браусер дизајниран за приватност и за Орбот - Подесувања на прокси - Научете како да ги конфигурирате апликациите да работат со Орбот - -@@ -109,7 +109,7 @@ - Орбот е спремен! - Стотици илјади луѓе низ целиот Свет го користат Тор од многу различни причини: новинари и блогери, борци за човекови права, полицајци, војници, корпорации, граѓани на репресивни режими, и обични граѓани... а сега и Вие сте спремин да го користите! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-nl/strings.xml -=================================================================== ---- res/values-nl/strings.xml (revision 24406) -+++ res/values-nl/strings.xml (working copy) -@@ -97,7 +97,7 @@ - - Orbot-beschikbare Apps - We raden u aan om te apps te downloaden welke zich zich automatisch verbinden met Orbot. Klik op de buttons hier beneden om te installeren. -- OTRCHAT - Veilige instant message programma voor Android -+ GibberBot - Veilige instant message programma voor Android - ORWEB (Alleen Android 1.x) - Browser gemaakt voor privacy & voor Orbot - Proxy Instellingen - Leer hoe u uw apps kunt configureren voor Orbot - -@@ -114,7 +114,7 @@ - Orbot is klaar! - Honderdduizenden verschillende mensen over de wereld gebruiken Tor, zoals: journalisten, bloggers, mensen rechten medewerkers, soldaten, bedrijven, burgers met onderdrukte religies, en natuurlijk normale mensen... En nu bent u ook klaar om te gaan! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/values-pl/strings.xml -=================================================================== ---- res/values-pl/strings.xml (revision 24406) -+++ res/values-pl/strings.xml (working copy) -@@ -95,7 +95,7 @@ - - Aplikacje skonfigurowane dla Orbota - Zachęcamy do pobierania i używania aplikacji, które wiedzą, jak łączyć się bezpośrednio z Orbotem. Kliknij na poniższe przyciski, by zainstalować. -- OTRCHAT - Bezpieczny klieny rozmów dla Androida -+ GibberBot - Bezpieczny klieny rozmów dla Androida - ORWEB (tylko Android 1.x) - Przeglądarka zaprojektowana do prywatności i dla Orbota - Ustawienia Proxy - NDowiedz się, jak konfiguroać aplikacje do współpracy z Orbotem - -@@ -109,7 +109,7 @@ - Orbot jest gotowy! - Setki tysięcy ludzi na całym świecie używają Tora z różnych powodów: dziennikarze i blogerzy, działacze na rzecz praw człowieka, stróże prawa, żołnierze, korporacje, obywatele represyjnych reżimów i zwykli obywatele... teraz Ty też możesz! - -- https://guardianproject.info/getgibber -+ market://search?q=pname:info.guardianproject.otr.app.im - https://guardianproject.info/getorweb - - -Index: res/layout/layout_wizard_tips.xml -=================================================================== ---- res/layout/layout_wizard_tips.xml (revision 24406) -+++ res/layout/layout_wizard_tips.xml (working copy) -@@ -17,7 +17,7 @@ - - - --