Fully support strict mode for system tethering
This commit is contained in:
Mygod
@@ -41,14 +41,31 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
|
|||||||
override val activeIfaces get() = synchronized(routings) { routings.keys.toList() }
|
override val activeIfaces get() = synchronized(routings) { routings.keys.toList() }
|
||||||
|
|
||||||
private fun updateRoutingsLocked() {
|
private fun updateRoutingsLocked() {
|
||||||
if (routings.isNotEmpty()) {
|
if (routings.isEmpty()) {
|
||||||
|
unregisterReceiver()
|
||||||
|
ServiceNotification.stopForeground(this)
|
||||||
|
stopSelf()
|
||||||
|
} else {
|
||||||
|
if (!receiverRegistered) {
|
||||||
|
receiverRegistered = true
|
||||||
|
registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED))
|
||||||
|
app.cleanRoutings[this] = {
|
||||||
|
synchronized(routings) {
|
||||||
|
for (iface in routings.keys) routings[iface] = null
|
||||||
|
updateRoutingsLocked()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
IpNeighbourMonitor.registerCallback(this)
|
||||||
|
UpstreamMonitor.registerCallback(this)
|
||||||
|
}
|
||||||
val upstream = upstream
|
val upstream = upstream
|
||||||
if (upstream != null) {
|
val disableIpv6 = app.pref.getBoolean("service.disableIpv6", false)
|
||||||
|
if (upstream != null || app.strict || disableIpv6) {
|
||||||
var failed = false
|
var failed = false
|
||||||
val iterator = routings.iterator()
|
val iterator = routings.iterator()
|
||||||
while (iterator.hasNext()) {
|
while (iterator.hasNext()) {
|
||||||
val (downstream, value) = iterator.next()
|
val (downstream, value) = iterator.next()
|
||||||
if (value != null && value.upstream == upstream) continue
|
if (value != null) if (value.upstream == upstream) continue else value.stop()
|
||||||
try {
|
try {
|
||||||
routings[downstream] = Routing(upstream, downstream).apply {
|
routings[downstream] = Routing(upstream, downstream).apply {
|
||||||
if (app.dhcpWorkaround) dhcpWorkaround()
|
if (app.dhcpWorkaround) dhcpWorkaround()
|
||||||
@@ -59,8 +76,8 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
|
|||||||
forward()
|
forward()
|
||||||
if (app.strict) overrideSystemRules()
|
if (app.strict) overrideSystemRules()
|
||||||
if (app.masquerade) masquerade()
|
if (app.masquerade) masquerade()
|
||||||
dnsRedirect(dns)
|
if (upstream != null) dnsRedirect(dns)
|
||||||
if (app.pref.getBoolean("service.disableIpv6", false)) disableIpv6()
|
if (disableIpv6) disableIpv6()
|
||||||
if (!start()) failed = true
|
if (!start()) failed = true
|
||||||
}
|
}
|
||||||
} catch (e: SocketException) {
|
} catch (e: SocketException) {
|
||||||
@@ -71,25 +88,9 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (failed) SmartSnackbar.make(R.string.noisy_su_failure).show()
|
if (failed) SmartSnackbar.make(R.string.noisy_su_failure).show()
|
||||||
} else if (!receiverRegistered) {
|
|
||||||
registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED))
|
|
||||||
app.cleanRoutings[this] = {
|
|
||||||
synchronized(routings) {
|
|
||||||
for (iface in routings.keys) routings[iface] = null
|
|
||||||
updateRoutingsLocked()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
IpNeighbourMonitor.registerCallback(this)
|
|
||||||
UpstreamMonitor.registerCallback(this)
|
|
||||||
receiverRegistered = true
|
|
||||||
}
|
}
|
||||||
updateNotification()
|
updateNotification()
|
||||||
}
|
}
|
||||||
if (routings.isEmpty()) {
|
|
||||||
unregisterReceiver()
|
|
||||||
ServiceNotification.stopForeground(this)
|
|
||||||
stopSelf()
|
|
||||||
}
|
|
||||||
app.handler.post { binder.fragment?.adapter?.notifyDataSetChanged() }
|
app.handler.post { binder.fragment?.adapter?.notifyDataSetChanged() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -67,11 +67,12 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
|
|||||||
fun forward(strict: Boolean = true) {
|
fun forward(strict: Boolean = true) {
|
||||||
startScript.add("quiet $IPTABLES -N vpnhotspot_fwd 2>/dev/null")
|
startScript.add("quiet $IPTABLES -N vpnhotspot_fwd 2>/dev/null")
|
||||||
if (strict) {
|
if (strict) {
|
||||||
check(upstream != null)
|
if (upstream != null) {
|
||||||
startScript.add("$IPTABLES -A vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
|
startScript.add("$IPTABLES -A vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
|
||||||
startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
|
startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
|
||||||
stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
|
stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
|
||||||
stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
|
stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
|
||||||
|
} // else nothing needs to be done
|
||||||
} else {
|
} else {
|
||||||
// for not strict mode, allow downstream packets to be redirected to anywhere
|
// for not strict mode, allow downstream packets to be redirected to anywhere
|
||||||
// because we don't wanna keep track of default network changes
|
// because we don't wanna keep track of default network changes
|
||||||
@@ -94,9 +95,10 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
|
|||||||
startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")
|
startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")
|
||||||
// note: specifying -i wouldn't work for POSTROUTING
|
// note: specifying -i wouldn't work for POSTROUTING
|
||||||
if (strict) {
|
if (strict) {
|
||||||
check(upstream != null)
|
if (upstream != null) {
|
||||||
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
||||||
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
|
||||||
|
} // else nothing needs to be done
|
||||||
} else {
|
} else {
|
||||||
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
||||||
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
|
||||||
|
|||||||
Reference in New Issue
Block a user