brianhansonxyz/vpnhotspotmod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support strict mode for system tethering

Browse Source 
TODO: Set up rules when upstream interface not found.
This commit is contained in:
Mygod
2018-09-03 16:37:54 +08:00
parent 0342d97fb0
commit 89c26fe384
6 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mobile/src/main/java/be/mygod/vpnhotspot/App.kt
View File

@@ -49,8 +49,9 @@ class App : Application() {
val result = pref.getString(KEY_OPERATING_CHANNEL, null)?.toIntOrNull() ?: 0 val result = pref.getString(KEY_OPERATING_CHANNEL, null)?.toIntOrNull() ?: 0
return if (result in 1..165) result else 0 return if (result in 1..165) result else 0
} }
val masquerade: Boolean get() = pref.getBoolean("service.masquerade", true) val masquerade get() = pref.getBoolean("service.masquerade", true)
val dhcpWorkaround: Boolean get() = pref.getBoolean("service.dhcpWorkaround", false) val strict get() = app.pref.getBoolean("service.repeater.strict", false)
val dhcpWorkaround get() = pref.getBoolean("service.dhcpWorkaround", false)
val cleanRoutings = Event0() val cleanRoutings = Event0()
} }

2
mobile/src/main/java/be/mygod/vpnhotspot/LocalOnlyInterfaceManager.kt
View File

@@ -42,7 +42,7 @@ class LocalOnlyInterfaceManager(val downstream: String) : UpstreamMonitor.Callba
try { try {
this.dns = dns this.dns = dns
this.routing = Routing(upstream, downstream, owner).apply { this.routing = Routing(upstream, downstream, owner).apply {
val strict = app.pref.getBoolean("service.repeater.strict", false) val strict = app.strict
if (strict && upstream == null) return@apply // in this case, nothing to be done if (strict && upstream == null) return@apply // in this case, nothing to be done
if (app.dhcpWorkaround) dhcpWorkaround() if (app.dhcpWorkaround) dhcpWorkaround()
ipForward() // local only interfaces need to enable ip_forward ipForward() // local only interfaces need to enable ip_forward

2
mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
View File

@@ -55,7 +55,9 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
// system tethering already has working forwarding rules // system tethering already has working forwarding rules
// so it doesn't make sense to add additional forwarding rules // so it doesn't make sense to add additional forwarding rules
rule() rule()
// here we always enforce strict mode as fallback is handled by system which we disable
forward() forward()
if (app.strict) overrideSystemRules()
if (app.masquerade) masquerade() if (app.masquerade) masquerade()
dnsRedirect(dns) dnsRedirect(dns)
if (app.pref.getBoolean("service.disableIpv6", false)) disableIpv6() if (app.pref.getBoolean("service.disableIpv6", false)) disableIpv6()

5
mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
View File

@@ -84,6 +84,11 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
stopScript.addFirst("$IPTABLES -D FORWARD -j vpnhotspot_fwd") stopScript.addFirst("$IPTABLES -D FORWARD -j vpnhotspot_fwd")
} }
fun overrideSystemRules() {
startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -j DROP")
stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -j DROP")
}
fun masquerade(strict: Boolean = true) { fun masquerade(strict: Boolean = true) {
val hostSubnet = "${hostAddress.address.hostAddress}/${hostAddress.networkPrefixLength}" val hostSubnet = "${hostAddress.address.hostAddress}/${hostAddress.networkPrefixLength}"
startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null") startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")

2
mobile/src/main/res/values-zh-rCN/strings.xml
View File

@@ -64,7 +64,7 @@
<string name="settings_service_repeater_oc">Wi\u2011Fi 运行频段 (不稳定)</string> <string name="settings_service_repeater_oc">Wi\u2011Fi 运行频段 (不稳定)</string>
<string name="settings_service_repeater_oc_summary">"自动 (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)"</string> <string name="settings_service_repeater_oc_summary">"自动 (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)"</string>
<string name="settings_service_repeater_strict">严格模式</string> <string name="settings_service_repeater_strict">严格模式</string>
<string name="settings_service_repeater_strict_summary">只允许通过 VPN 隧道的包通过,不适用于系统共享</string> <string name="settings_service_repeater_strict_summary">只允许通过 VPN 隧道的包通过</string>
<string name="settings_service_disable_ipv6">禁用 IPv6 共享</string> <string name="settings_service_disable_ipv6">禁用 IPv6 共享</string>
<string name="settings_service_disable_ipv6_summary">防止 IPv6 VPN 泄漏。</string> <string name="settings_service_disable_ipv6_summary">防止 IPv6 VPN 泄漏。</string>
<string name="settings_service_repeater_start_on_boot">开机自启动中继</string> <string name="settings_service_repeater_start_on_boot">开机自启动中继</string>

3
mobile/src/main/res/values/strings.xml
View File

@@ -69,8 +69,7 @@
<string name="settings_service_repeater_oc">Operating Wi\u2011Fi channel (unstable)</string> <string name="settings_service_repeater_oc">Operating Wi\u2011Fi channel (unstable)</string>
<string name="settings_service_repeater_oc_summary">Auto (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)</string> <string name="settings_service_repeater_oc_summary">Auto (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)</string>
<string name="settings_service_repeater_strict">Strict mode</string> <string name="settings_service_repeater_strict">Strict mode</string>
<string name="settings_service_repeater_strict_summary">Only allow packets that goes through VPN tunnel. Does not <string name="settings_service_repeater_strict_summary">Only allow packets that goes through VPN tunnel.</string>
apply to system tethering.</string>
<string name="settings_service_disable_ipv6">Disable IPv6 tethering</string> <string name="settings_service_disable_ipv6">Disable IPv6 tethering</string>
<string name="settings_service_disable_ipv6_summary">Enabling this option will prevent VPN leaks via IPv6.</string> <string name="settings_service_disable_ipv6_summary">Enabling this option will prevent VPN leaks via IPv6.</string>
<string name="settings_service_repeater_start_on_boot">Start repeater on boot</string> <string name="settings_service_repeater_start_on_boot">Start repeater on boot</string>