From e3f1abbb2200516225ba0f939e4c55282ec17f8c Mon Sep 17 00:00:00 2001 From: Mygod Date: Tue, 4 Sep 2018 17:49:59 +0800 Subject: [PATCH] Fully support strict mode for system tethering --- .../be/mygod/vpnhotspot/TetheringService.kt | 43 ++++++++++--------- .../java/be/mygod/vpnhotspot/net/Routing.kt | 18 ++++---- 2 files changed, 32 insertions(+), 29 deletions(-) diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt index 01cce533..e1f46faf 100644 --- a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt +++ b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt @@ -41,14 +41,31 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac override val activeIfaces get() = synchronized(routings) { routings.keys.toList() } private fun updateRoutingsLocked() { - if (routings.isNotEmpty()) { + if (routings.isEmpty()) { + unregisterReceiver() + ServiceNotification.stopForeground(this) + stopSelf() + } else { + if (!receiverRegistered) { + receiverRegistered = true + registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED)) + app.cleanRoutings[this] = { + synchronized(routings) { + for (iface in routings.keys) routings[iface] = null + updateRoutingsLocked() + } + } + IpNeighbourMonitor.registerCallback(this) + UpstreamMonitor.registerCallback(this) + } val upstream = upstream - if (upstream != null) { + val disableIpv6 = app.pref.getBoolean("service.disableIpv6", false) + if (upstream != null || app.strict || disableIpv6) { var failed = false val iterator = routings.iterator() while (iterator.hasNext()) { val (downstream, value) = iterator.next() - if (value != null && value.upstream == upstream) continue + if (value != null) if (value.upstream == upstream) continue else value.stop() try { routings[downstream] = Routing(upstream, downstream).apply { if (app.dhcpWorkaround) dhcpWorkaround() @@ -59,8 +76,8 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac forward() if (app.strict) overrideSystemRules() if (app.masquerade) masquerade() - dnsRedirect(dns) - if (app.pref.getBoolean("service.disableIpv6", false)) disableIpv6() + if (upstream != null) dnsRedirect(dns) + if (disableIpv6) disableIpv6() if (!start()) failed = true } } catch (e: SocketException) { @@ -71,25 +88,9 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac } } if (failed) SmartSnackbar.make(R.string.noisy_su_failure).show() - } else if (!receiverRegistered) { - registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED)) - app.cleanRoutings[this] = { - synchronized(routings) { - for (iface in routings.keys) routings[iface] = null - updateRoutingsLocked() - } - } - IpNeighbourMonitor.registerCallback(this) - UpstreamMonitor.registerCallback(this) - receiverRegistered = true } updateNotification() } - if (routings.isEmpty()) { - unregisterReceiver() - ServiceNotification.stopForeground(this) - stopSelf() - } app.handler.post { binder.fragment?.adapter?.notifyDataSetChanged() } } diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt index 70c2059e..40437a82 100644 --- a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt +++ b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt @@ -67,11 +67,12 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres fun forward(strict: Boolean = true) { startScript.add("quiet $IPTABLES -N vpnhotspot_fwd 2>/dev/null") if (strict) { - check(upstream != null) - startScript.add("$IPTABLES -A vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT") - startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT") - stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT") - stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT") + if (upstream != null) { + startScript.add("$IPTABLES -A vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT") + startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT") + stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT") + stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT") + } // else nothing needs to be done } else { // for not strict mode, allow downstream packets to be redirected to anywhere // because we don't wanna keep track of default network changes @@ -94,9 +95,10 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null") // note: specifying -i wouldn't work for POSTROUTING if (strict) { - check(upstream != null) - startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE") - stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE") + if (upstream != null) { + startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE") + stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE") + } // else nothing needs to be done } else { startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE") stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")