commit 68495c31184202c44ef34cbcf84efdb48ee21860
Author: Nathan Freitas <nat...@freitas.net>
Date: Thu Aug 21 09:47:01 2014 -0400
make delete iptables rules process match add for specific behavior
no more drop all output tables, etc
---
.../torproject/android/service/TorTransProxy.java | 65 ++++++++++++--------
1 file changed, 39 insertions(+), 26 deletions(-)
diff --git a/src/org/torproject/android/service/TorTransProxy.java
b/src/org/torproject/android/service/TorTransProxy.java
index f0117e1..b1e2133 100644
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@@ -29,8 +29,7 @@ public class TorTransProxy implements TorServiceConstants {
public TorTransProxy (TorService torService, File fileXTables)
{
mTorService = torService;
- mFileXtables = fileXTables;
-
+ mFileXtables = fileXTables;
}
public void setTransProxyPort (int transProxyPort)
@@ -373,7 +372,7 @@ public class TorTransProxy implements TorServiceConstants {
logMessage("enabling transproxy for app: " +
tApp.getUsername() + " (" + tApp.getUid() + ")");
- dropAllIPv6Traffic(context, tApp.getUid());
+ dropAllIPv6Traffic(context,
tApp.getUid(),enableRule);
script = new StringBuilder();
@@ -532,9 +531,15 @@ public class TorTransProxy implements TorServiceConstants {
}
- public int dropAllIPv6Traffic (Context context, int appUid) throws
Exception
+ public int dropAllIPv6Traffic (Context context, int appUid, boolean
enableDrop) throws Exception
{
+ String action = " -A ";
+ String chain = "OUTPUT";
+
+ if (!enableDrop)
+ action = " -D ";
+
String ip6tablesPath = getIp6TablesPath(context);
Shell shell = Shell.startRootShell();
@@ -543,7 +548,8 @@ public class TorTransProxy implements TorServiceConstants {
script = new StringBuilder();
script.append(ip6tablesPath);
- script.append(" -A OUTPUT");
+ script.append(action);
+ script.append(chain);
if (appUid != -1)
{
@@ -560,13 +566,13 @@ public class TorTransProxy implements TorServiceConstants
{
return lastExit;
}
+ /*
public int clearAllIPv6Filters (Context context) throws Exception
{
String ip6tablesPath = getIp6TablesPath(context);
Shell shell = Shell.startRootShell();
-
StringBuilder script;
script = new StringBuilder();
@@ -578,6 +584,29 @@ public class TorTransProxy implements TorServiceConstants {
shell.close();
return lastExit;
+ }*/
+
+ public int flushTransproxyRules (Context context) throws Exception
+ {
+ int exit = -1;
+ String ipTablesPath = getIpTablesPath(context);
+
+ StringBuilder script = new StringBuilder();
+ script.append(ipTablesPath);
+ script.append(" -t nat");
+ script.append(" -F ");
+
+ Shell shell = Shell.startRootShell();
+ executeCommand (shell, script.toString());
+
+ script = new StringBuilder();
+ script.append(ipTablesPath);
+ script.append(" -t filter");
+ script.append(" -F ");
+
+ dropAllIPv6Traffic(context,-1,false);
+
+ return exit;
}
public int setTransparentProxyingAll(Context context, boolean enable)
throws Exception
@@ -589,10 +618,7 @@ public class TorTransProxy implements TorServiceConstants {
if (!enable)
action = " -D ";
- if (enable)
- dropAllIPv6Traffic(context,-1);
- else
- clearAllIPv6Filters(context);
+ dropAllIPv6Traffic(context,-1,enable);
String ipTablesPath = getIpTablesPath(context);
@@ -698,13 +724,13 @@ public class TorTransProxy implements TorServiceConstants
{
executeCommand (shell, script.toString());
script = new StringBuilder();
- //allow access to local SOCKS port
+ //allow access to local HTTP port
script.append(ipTablesPath);
script.append(" -t filter");
script.append(action).append(srcChainName);
script.append(" -p tcp");
script.append(" -m tcp");
- script.append(" --dport ").append(PORT_SOCKS_DEFAULT);
+ script.append(" --dport ").append(mTorService.getHTTPPort());
script.append(" -j ACCEPT");
executeCommand (shell, script.toString());
@@ -716,19 +742,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(action).append(srcChainName);
script.append(" -p tcp");
script.append(" -m tcp");
- script.append(" --dport ").append(PORT_HTTP);
- script.append(" -j ACCEPT");
-
- executeCommand (shell, script.toString());
- script = new StringBuilder();
-
- //allow access to local DNS port
- script.append(ipTablesPath);
- script.append(" -t filter");
- script.append(action).append(srcChainName);
- script.append(" -p udp");
- script.append(" -m udp");
- script.append(" --dport ").append(mDNSPort);
+ script.append(" --dport ").append(mTorService.getSOCKSPort());
script.append(" -j ACCEPT");
executeCommand (shell, script.toString());
@@ -746,7 +760,6 @@ public class TorTransProxy implements TorServiceConstants {
executeCommand (shell, script.toString());
script = new StringBuilder();
-
// Reject all other packets
script.append(ipTablesPath);
script.append(" -t filter");
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
