Refine masquerade rules
This commit is contained in:
Mygod
@@ -6,10 +6,10 @@ import be.mygod.vpnhotspot.net.Routing
|
|||||||
import be.mygod.vpnhotspot.net.UpstreamMonitor
|
import be.mygod.vpnhotspot.net.UpstreamMonitor
|
||||||
import com.crashlytics.android.Crashlytics
|
import com.crashlytics.android.Crashlytics
|
||||||
import java.net.InetAddress
|
import java.net.InetAddress
|
||||||
|
import java.net.InterfaceAddress
|
||||||
import java.net.SocketException
|
import java.net.SocketException
|
||||||
|
|
||||||
class LocalOnlyInterfaceManager(val downstream: String, private val owner: InetAddress? = null) :
|
class LocalOnlyInterfaceManager(val downstream: String) : UpstreamMonitor.Callback {
|
||||||
UpstreamMonitor.Callback {
|
|
||||||
private var routing: Routing? = null
|
private var routing: Routing? = null
|
||||||
private var dns = emptyList<InetAddress>()
|
private var dns = emptyList<InetAddress>()
|
||||||
|
|
||||||
@@ -20,7 +20,7 @@ class LocalOnlyInterfaceManager(val downstream: String, private val owner: InetA
|
|||||||
|
|
||||||
override fun onAvailable(ifname: String, dns: List<InetAddress>) {
|
override fun onAvailable(ifname: String, dns: List<InetAddress>) {
|
||||||
val routing = routing
|
val routing = routing
|
||||||
initRouting(ifname, if (routing == null) owner else {
|
initRouting(ifname, if (routing == null) null else {
|
||||||
routing.stop()
|
routing.stop()
|
||||||
routing.hostAddress
|
routing.hostAddress
|
||||||
}, dns)
|
}, dns)
|
||||||
@@ -37,7 +37,7 @@ class LocalOnlyInterfaceManager(val downstream: String, private val owner: InetA
|
|||||||
initRouting(routing.upstream, routing.hostAddress, dns)
|
initRouting(routing.upstream, routing.hostAddress, dns)
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun initRouting(upstream: String? = null, owner: InetAddress? = this.owner,
|
private fun initRouting(upstream: String? = null, owner: InterfaceAddress? = null,
|
||||||
dns: List<InetAddress> = this.dns) {
|
dns: List<InetAddress> = this.dns) {
|
||||||
try {
|
try {
|
||||||
val routing = Routing(upstream, downstream, owner)
|
val routing = Routing(upstream, downstream, owner)
|
||||||
|
|||||||
@@ -226,15 +226,15 @@ class RepeaterService : Service(), WifiP2pManager.ChannelListener, SharedPrefere
|
|||||||
} else if (routingManager != null) {
|
} else if (routingManager != null) {
|
||||||
this.group = group
|
this.group = group
|
||||||
showNotification(group)
|
showNotification(group)
|
||||||
} else doStart(group, info.groupOwnerAddress)
|
} else doStart(group)
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* startService Step 3
|
* startService Step 3
|
||||||
*/
|
*/
|
||||||
private fun doStart(group: WifiP2pGroup, ownerAddress: InetAddress? = null) {
|
private fun doStart(group: WifiP2pGroup) {
|
||||||
this.group = group
|
this.group = group
|
||||||
check(routingManager == null)
|
check(routingManager == null)
|
||||||
routingManager = LocalOnlyInterfaceManager(group.`interface`!!, ownerAddress)
|
routingManager = LocalOnlyInterfaceManager(group.`interface`!!)
|
||||||
status = Status.ACTIVE
|
status = Status.ACTIVE
|
||||||
showNotification(group)
|
showNotification(group)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,13 +5,10 @@ import be.mygod.vpnhotspot.App.Companion.app
|
|||||||
import be.mygod.vpnhotspot.R
|
import be.mygod.vpnhotspot.R
|
||||||
import be.mygod.vpnhotspot.util.debugLog
|
import be.mygod.vpnhotspot.util.debugLog
|
||||||
import be.mygod.vpnhotspot.util.noisySu
|
import be.mygod.vpnhotspot.util.noisySu
|
||||||
import java.net.Inet4Address
|
import java.net.*
|
||||||
import java.net.InetAddress
|
|
||||||
import java.net.NetworkInterface
|
|
||||||
import java.net.SocketException
|
|
||||||
import java.util.*
|
import java.util.*
|
||||||
|
|
||||||
class Routing(val upstream: String?, private val downstream: String, ownerAddress: InetAddress? = null) {
|
class Routing(val upstream: String?, private val downstream: String, ownerAddress: InterfaceAddress? = null) {
|
||||||
companion object {
|
companion object {
|
||||||
/**
|
/**
|
||||||
* -w <seconds> is not supported on 7.1-.
|
* -w <seconds> is not supported on 7.1-.
|
||||||
@@ -37,8 +34,8 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
|
|||||||
override val message: String get() = app.getString(R.string.exception_interface_not_found)
|
override val message: String get() = app.getString(R.string.exception_interface_not_found)
|
||||||
}
|
}
|
||||||
|
|
||||||
val hostAddress = ownerAddress ?: NetworkInterface.getByName(downstream)?.inetAddresses?.asSequence()
|
val hostAddress = ownerAddress ?: NetworkInterface.getByName(downstream)?.interfaceAddresses?.asSequence()
|
||||||
?.singleOrNull { it is Inet4Address } ?: throw InterfaceNotFoundException()
|
?.singleOrNull { it.address is Inet4Address } ?: throw InterfaceNotFoundException()
|
||||||
private val startScript = LinkedList<String>()
|
private val startScript = LinkedList<String>()
|
||||||
private val stopScript = LinkedList<String>()
|
private val stopScript = LinkedList<String>()
|
||||||
var started = false
|
var started = false
|
||||||
@@ -91,15 +88,16 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
|
|||||||
}
|
}
|
||||||
|
|
||||||
fun masquerade(strict: Boolean = true): Routing {
|
fun masquerade(strict: Boolean = true): Routing {
|
||||||
|
val hostSubnet = "${hostAddress.address.hostAddress}/${hostAddress.networkPrefixLength}"
|
||||||
startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")
|
startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")
|
||||||
// note: specifying -i wouldn't work for POSTROUTING
|
// note: specifying -i wouldn't work for POSTROUTING
|
||||||
if (strict) {
|
if (strict) {
|
||||||
check(upstream != null)
|
check(upstream != null)
|
||||||
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -o $upstream -j MASQUERADE")
|
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
||||||
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -o $upstream -j MASQUERADE")
|
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
||||||
} else {
|
} else {
|
||||||
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -j MASQUERADE")
|
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
||||||
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -j MASQUERADE")
|
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
||||||
}
|
}
|
||||||
startScript.add("$IPTABLES -t nat -I POSTROUTING -j vpnhotspot_masquerade")
|
startScript.add("$IPTABLES -t nat -I POSTROUTING -j vpnhotspot_masquerade")
|
||||||
stopScript.addFirst("$IPTABLES -t nat -D POSTROUTING -j vpnhotspot_masquerade")
|
stopScript.addFirst("$IPTABLES -t nat -D POSTROUTING -j vpnhotspot_masquerade")
|
||||||
@@ -107,7 +105,7 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
|
|||||||
}
|
}
|
||||||
|
|
||||||
fun dnsRedirect(dnses: List<InetAddress>): Routing {
|
fun dnsRedirect(dnses: List<InetAddress>): Routing {
|
||||||
val hostAddress = hostAddress.hostAddress
|
val hostAddress = hostAddress.address.hostAddress
|
||||||
val dns = dnses.firstOrNull { it is Inet4Address }?.hostAddress ?: app.dns
|
val dns = dnses.firstOrNull { it is Inet4Address }?.hostAddress ?: app.dns
|
||||||
debugLog("Routing", "Using $dns from ($dnses)")
|
debugLog("Routing", "Using $dns from ($dnses)")
|
||||||
startScript.add("$IPTABLES -t nat -A PREROUTING -i $downstream -p tcp -d $hostAddress --dport 53 -j DNAT --to-destination $dns")
|
startScript.add("$IPTABLES -t nat -A PREROUTING -i $downstream -p tcp -d $hostAddress --dport 53 -j DNAT --to-destination $dns")
|
||||||
|
|||||||
Reference in New Issue
Block a user