diff options
| author | cyberta <cyberta@riseup.net> | 2020-01-30 16:14:22 -0600 |
|---|---|---|
| committer | cyberta <cyberta@riseup.net> | 2020-01-30 16:14:22 -0600 |
| commit | 97a117cb3bbc022ee16008dea9896a8dfea7c681 (patch) | |
| tree | 8e3684e0012d3148ed1598ab6f839a562660cd13 /app/src/main/java/se/leap/bitmaskclient/firewall | |
| parent | b9e4195573da146d48e5921c65dc57273d94ccd2 (diff) | |
implement usb tethering
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/firewall')
3 files changed, 88 insertions, 53 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java index 82888668..67cc4625 100644 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/FirewallManager.java @@ -108,7 +108,7 @@ public class FirewallManager implements FirewallCallback, Observer { task.execute(); } - private void stopTethering() { + public void stopTethering() { ShutdownTetheringTask task = new ShutdownTetheringTask(this); task.execute(); } diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java index 49febc24..7abd01a8 100644 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/SetupTetheringTask.java @@ -21,6 +21,7 @@ import android.util.Log; import java.lang.ref.WeakReference; import java.net.NetworkInterface; +import java.util.ArrayList; import java.util.Enumeration; import se.leap.bitmaskclient.tethering.TetheringObservable; @@ -70,20 +71,28 @@ public class SetupTetheringTask extends AsyncTask<Void, Boolean, Boolean> { if (tetheringState.tetherWifiVpn()) { log = new StringBuilder(); success = addWifiTetheringRules(tetheringState, log); + logError(success, log); } else if (!tetheringState.isVpnWifiTetheringAllowed){ success = removeWifiTetheringRules(tetheringState, log); + logError(success, log); } + log = new StringBuilder(); if (tetheringState.tetherUsbVpn()) { success = success && addUsbTetheringRules(tetheringState, log); + logError(success, log); } else if (!tetheringState.isVpnUsbTetheringAllowed) { success = success && removeUsbTetheringRules(tetheringState, log); + logError(success, log); } + log = new StringBuilder(); if (tetheringState.tetherBluetoothVpn()) { success = success && addBluetoothTetheringRules(tetheringState, log); + logError(success, log); } else if (!tetheringState.isVpnBluetoothTetheringAllowed) { success = success && removeBluetoothTetheringRules(tetheringState, log); + logError(success, log); } return success; } catch (Exception e) { @@ -93,22 +102,10 @@ public class SetupTetheringTask extends AsyncTask<Void, Boolean, Boolean> { return false; } - - //TODO: implement the follwing methods -v - private boolean removeBluetoothTetheringRules(TetheringState tetheringState, StringBuilder log) { - return true; - } - - private boolean removeUsbTetheringRules(TetheringState tetheringState, StringBuilder log) { - return true; - } - - private boolean addBluetoothTetheringRules(TetheringState tetheringState, StringBuilder log) { - return true; - } - - private boolean addUsbTetheringRules(TetheringState tetheringState, StringBuilder log) { - return true; + private void logError(boolean success, StringBuilder log) { + if (!success) { + Log.e(TAG, log.toString()); + } } @@ -128,43 +125,76 @@ public class SetupTetheringTask extends AsyncTask<Void, Boolean, Boolean> { private boolean addWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { Log.d(TAG, "add Wifi tethering Rules"); - String[] addRules = new String[] { + String[] addRules = getAdditionRules(state.wifiAddress, state.wifiInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add Wifi tethering Rules"); + String[] removeRules = getDeletionRules(state, state.lastSeenWifiAddress, state.lastSeenWifiInterface); + return runBlockingCmd(removeRules, log) == 0; + } + + private boolean addUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getAdditionRules(state.usbAddress, state.usbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + private boolean removeUsbTetheringRules(TetheringState state, StringBuilder log) throws Exception { + Log.d(TAG, "add usb tethering rules"); + String[] addRules = getDeletionRules(state, state.lastSeenUsbAddress, state.lastSeenUsbInterface); + return runBlockingCmd(addRules, log) == 0; + } + + //TODO: implement the follwing methods -v + private boolean removeBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private boolean addBluetoothTetheringRules(TetheringState state, StringBuilder log) { + return true; + } + + private String[] getAdditionRules(String addressRange, String interfaceName) { + return new String[] { "su", "iptables -t filter --flush " + BITMASK_FORWARD, "iptables -t nat --flush " + BITMASK_POSTROUTING, "iptables -t filter --append " + BITMASK_FORWARD + " --jump ACCEPT", "iptables -t nat --append " + BITMASK_POSTROUTING + " --jump MASQUERADE", - "if [[ ! `ip rule show from "+ state.wifiAddress+" lookup 61` ]]; " + - "then ip rule add from " + state.wifiAddress + " lookup 61; " + + "if [[ ! `ip rule show from "+ addressRange+" lookup 61` ]]; " + + "then ip rule add from " + addressRange + " lookup 61; " + "fi", "if [[ ! `ip route list table 61 | grep 'default dev " + getTunName() + " scope link'` ]]; " + "then ip route add default dev " + getTunName() + " scope link table 61; " + "fi", - "if [[ ! `ip route list table 61 | grep '"+ state.wifiAddress+" dev "+ state.wifiInterface+" scope link'` ]]; " + - "then ip route add " + state.wifiAddress + " dev " + state.wifiInterface + " scope link table 61; " + + "if [[ ! `ip route list table 61 | grep '"+ addressRange +" dev "+ interfaceName +" scope link'` ]]; " + + "then ip route add " + addressRange + " dev " + interfaceName + " scope link table 61; " + "fi", - "if [[ ! `ip route list table 61 | grep 'broadcast 255.255.255.255 dev " + state.wifiInterface + " scope link'` ]]; " + - "then ip route add broadcast 255.255.255.255 dev " + state.wifiInterface + " scope link table 61; " + + "if [[ ! `ip route list table 61 | grep 'broadcast 255.255.255.255 dev " + interfaceName + " scope link'` ]]; " + + "then ip route add broadcast 255.255.255.255 dev " + interfaceName + " scope link table 61; " + "fi" }; - - return runBlockingCmd(addRules, log) == 0; } - private boolean removeWifiTetheringRules(TetheringState state, StringBuilder log) throws Exception { - Log.d(TAG, "add Wifi tethering Rules"); - String[] removeRules = new String[] { - "su", - "ip route delete broadcast 255.255.255.255 dev " + state.wifiInterface +" scope link table 61", - "ip route delete " + state.lastWifiAddress + " dev " + state.wifiInterface +" scope link table 61", - "ip route delete default dev " + getTunName() + " scope link table 61", - "if [[ `ip rule show from " + state.lastWifiAddress+ " lookup 61` ]]; " + - "then ip rule del from " + state.lastWifiAddress + " lookup 61; " + - "fi", - }; - return runBlockingCmd(removeRules, log) == 0; + private String[] getDeletionRules(TetheringState state, String addressRange, String interfaceName) { + ArrayList<String> list = new ArrayList<>(); + list.add("su"); + list.add("ip route delete broadcast 255.255.255.255 dev " + addressRange +" scope link table 61"); + list.add("ip route delete " + addressRange + " dev " + interfaceName +" scope link table 61"); + if (!state.hasAnyVpnTetheringAllowed() || !state.hasAnyDeviceTetheringEnabled()) { + list.add("ip route delete default dev " + getTunName() + " scope link table 61"); + } + list.add("if [[ `ip rule show from " + addressRange + " lookup 61` ]]; " + + "then ip rule del from " + addressRange + " lookup 61; " + + "fi"); + + return list.toArray(new String[0]); } + + private String getTunName() { try { for (Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces(); en.hasMoreElements(); ) { diff --git a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java index 6c15c3e3..dcb3ccba 100644 --- a/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java +++ b/app/src/main/java/se/leap/bitmaskclient/firewall/ShutdownTetheringTask.java @@ -20,6 +20,7 @@ import android.os.AsyncTask; import android.util.Log; import java.lang.ref.WeakReference; +import java.util.ArrayList; import se.leap.bitmaskclient.tethering.TetheringObservable; import se.leap.bitmaskclient.tethering.TetheringState; @@ -50,26 +51,30 @@ public class ShutdownTetheringTask extends AsyncTask<Void, Boolean, Boolean> { boolean hasBitmaskChain = runBlockingCmd(bitmaskChain, log) == 0; boolean allowSu = log.toString().contains("uid=0"); callbackWeakReference.get().onSuRequested(allowSu); - if (!allowSu || !hasBitmaskChain) { + if (!allowSu) { return false; } log = new StringBuilder(); - String[] removeChains = new String[] { - "su", - "ip route flush table 61", - "if [[ `ip rule show from " + tetheringState.wifiAddress+ " lookup 61` ]]; " + - "then ip rule del from " + tetheringState.wifiAddress + " lookup 61; " + - "fi", - "iptables -t filter --delete FORWARD --jump " + BITMASK_FORWARD, - "iptables -t nat --delete POSTROUTING --jump " + BITMASK_POSTROUTING, - "iptables -t filter --flush " + BITMASK_FORWARD, - "iptables -t nat --flush " + BITMASK_POSTROUTING, - "iptables -t filter --delete-chain " + BITMASK_FORWARD, - "iptables -t nat --delete-chain " + BITMASK_POSTROUTING, - }; - return runBlockingCmd(removeChains, log) == 0; + ArrayList<String> removeChains = new ArrayList<>(); + removeChains.add("su"); + removeChains.add("ip route flush table 61"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenWifiAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenWifiAddress + " lookup 61; " + + "fi"); + removeChains.add("if [[ `ip rule show from " + tetheringState.lastSeenUsbAddress+ " lookup 61` ]]; " + + "then ip rule del from " + tetheringState.lastSeenUsbAddress + " lookup 61; " + + "fi"); + if (hasBitmaskChain) { + removeChains.add("iptables -t filter --delete FORWARD --jump " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete POSTROUTING --jump " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --flush " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --flush " + BITMASK_POSTROUTING); + removeChains.add("iptables -t filter --delete-chain " + BITMASK_FORWARD); + removeChains.add("iptables -t nat --delete-chain " + BITMASK_POSTROUTING); + } + return runBlockingCmd(removeChains.toArray(new String[0]), log) == 0; } catch (Exception e) { e.printStackTrace(); |