diff options
author | cyberta <cyberta@riseup.net> | 2021-11-15 15:12:19 +0000 |
---|---|---|
committer | cyberta <cyberta@riseup.net> | 2021-11-15 15:12:19 +0000 |
commit | 9b2b57d8617e60c0b69713e1e5f14dbb8e57c70a (patch) | |
tree | 94e2dfa2f6c4d82a82ef24df6be5ccd219b4e69b /app/src/main | |
parent | 5b4db114cb35c5c9012c744c82656b1071aacda0 (diff) | |
parent | f18a85e4cd95f938c9ed78b31b8d27b2a02994c7 (diff) |
Merge branch 'obfs4_no_udp_no_ipv6' into 'master'
Obfs4: no udp no ipv6
See merge request leap/bitmask_android!142
Diffstat (limited to 'app/src/main')
3 files changed, 65 insertions, 5 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 5b4ab361..4a8bcf99 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -714,6 +714,10 @@ public class ConfigParser { Vector<Vector<String>> connectionBlocks = getAllOption("connection", 1, 1); + if (connectionBlocks == null && np.mConnections.length == 0) { + throw new ConfigParseError("No --remote or <connection> block found."); + } + if (np.mConnections.length > 0 && connectionBlocks != null) { throw new ConfigParseError("Using a <connection> block and --remote is not allowed."); } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index 4248072a..64b51960 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -20,6 +20,7 @@ import android.content.Context; import android.content.res.Resources; import android.os.Build; import android.os.Looper; + import androidx.annotation.NonNull; import androidx.annotation.Nullable; import androidx.annotation.StringRes; @@ -44,10 +45,12 @@ import java.security.interfaces.RSAPrivateKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.Calendar; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import se.leap.bitmaskclient.BuildConfig; -import se.leap.bitmaskclient.providersetup.ProviderAPI; import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.providersetup.ProviderAPI; import static se.leap.bitmaskclient.base.models.Constants.DEFAULT_BITMASK; @@ -62,6 +65,7 @@ public class ConfigHelper { final public static String NG_1024 = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; final public static BigInteger G = new BigInteger("2"); + final public static Pattern IPv4_PATTERN = Pattern.compile("^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$"); public static boolean checkErroneousDownload(String downloadedString) { try { @@ -203,6 +207,8 @@ public class ConfigHelper { (string1 != null && string1.equals(string2)); } + @SuppressWarnings("unused") + // FatWeb Flavor uses that for auto-update public static String getApkFileName() { try { return BuildConfig.update_apk_url.substring(BuildConfig.update_apk_url.lastIndexOf("/")); @@ -211,6 +217,8 @@ public class ConfigHelper { } } + @SuppressWarnings("unused") + // FatWeb Flavor uses that for auto-update public static String getVersionFileName() { try { return BuildConfig.version_file_url.substring(BuildConfig.version_file_url.lastIndexOf("/")); @@ -219,6 +227,8 @@ public class ConfigHelper { } } + @SuppressWarnings("unused") + // FatWeb Flavor uses that for auto-update public static String getSignatureFileName() { try { return BuildConfig.signature_url.substring(BuildConfig.signature_url.lastIndexOf("/")); @@ -227,4 +237,12 @@ public class ConfigHelper { } } + public static boolean isIPv4(String ipv4) { + if (ipv4 == null) { + return false; + } + Matcher matcher = IPv4_PATTERN.matcher(ipv4); + return matcher.matches(); + } + } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java index 6fffb403..d72f0936 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java @@ -29,8 +29,10 @@ import java.util.Iterator; import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.ConfigParser; +import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.connection.Connection; import se.leap.bitmaskclient.base.models.Provider; +import se.leap.bitmaskclient.base.utils.ConfigHelper; import se.leap.bitmaskclient.pluggableTransports.Obfs4Options; import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; @@ -95,7 +97,11 @@ public class VpnConfigGenerator { HashMap<Connection.TransportType, VpnProfile> profiles = new HashMap<>(); profiles.put(OPENVPN, createProfile(OPENVPN)); if (supportsObfs4()) { - profiles.put(OBFS4, createProfile(OBFS4)); + try { + profiles.put(OBFS4, createProfile(OBFS4)); + } catch (ConfigParser.ConfigParseError | NumberFormatException | JSONException | IOException e) { + e.printStackTrace(); + } } return profiles; } @@ -162,16 +168,18 @@ public class VpnConfigGenerator { StringBuilder stringBuilder = new StringBuilder(); try { - String ipAddress = gateway.getString(IP_ADDRESS); + String ipAddress = null; JSONObject capabilities = gateway.getJSONObject(CAPABILITIES); switch (apiVersion) { default: case 1: case 2: + ipAddress = gateway.getString(IP_ADDRESS); gatewayConfigApiv1(stringBuilder, ipAddress, capabilities); break; case 3: case 4: + ipAddress = gateway.optString(IP_ADDRESS); String ipAddress6 = gateway.optString(IP_ADDRESS6); String[] ipAddresses = ipAddress6.isEmpty() ? new String[]{ipAddress} : @@ -189,6 +197,7 @@ public class VpnConfigGenerator { if (remotes.endsWith(newLine)) { remotes = remotes.substring(0, remotes.lastIndexOf(newLine)); } + return remotes; } @@ -247,6 +256,7 @@ public class VpnConfigGenerator { private void obfs4GatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException { JSONObject obfs4Transport = getTransport(transports, OBFS4); + JSONArray protocols = obfs4Transport.getJSONArray(PROTOCOLS); //for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working // https://community.openvpn.net/openvpn/ticket/1161 /*for (String ipAddress : ipAddresses) { @@ -258,10 +268,38 @@ public class VpnConfigGenerator { return; } - String ipAddress = ipAddresses[ipAddresses.length - 1]; + // check if at least one address is IPv4, IPv6 is currently not supported for obfs4 + String ipAddress = null; + for (String address : ipAddresses) { + if (ConfigHelper.isIPv4(address)) { + ipAddress = address; + break; + } + VpnStatus.logWarning("Skipping IP address " + address + " while configuring obfs4."); + } + + if (ipAddress == null) { + VpnStatus.logError("No matching IPv4 address found to configure obfs4."); + return; + } + + // check if at least one protocol is TCP, UDP is currently not supported for obfs4 + boolean hasTcp = false; + for (int i = 0; i < protocols.length(); i++) { + String protocol = protocols.getString(i); + if (protocol.contains("tcp")) { + hasTcp = true; + } + } + + if (!hasTcp) { + VpnStatus.logError("obfs4 currently only allows TCP! Skipping obfs4 config for ip " + ipAddress); + return; + } + String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine; stringBuilder.append(route); - String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " " + obfs4Transport.getJSONArray(PROTOCOLS).getString(0) + newLine; + String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; stringBuilder.append(remote); } |