Fully support strict mode for system tethering

2018-09-04 17:49:59 +08:00
parent 09f85cac6b
commit e3f1abbb22
2 changed files with 32 additions and 29 deletions
--- a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
+++ b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
@@ -41,14 +41,31 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
    override val activeIfaces get() = synchronized(routings) { routings.keys.toList() }

    private fun updateRoutingsLocked() {
-        if (routings.isNotEmpty()) {
+        if (routings.isEmpty()) {
+            unregisterReceiver()
+            ServiceNotification.stopForeground(this)
+            stopSelf()
+        } else {
+            if (!receiverRegistered) {
+                receiverRegistered = true
+                registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED))
+                app.cleanRoutings[this] = {
+                    synchronized(routings) {
+                        for (iface in routings.keys) routings[iface] = null
+                        updateRoutingsLocked()
+                    }
+                }
+                IpNeighbourMonitor.registerCallback(this)
+                UpstreamMonitor.registerCallback(this)
+            }
            val upstream = upstream
-            if (upstream != null) {
+            val disableIpv6 = app.pref.getBoolean("service.disableIpv6", false)
+            if (upstream != null || app.strict || disableIpv6) {
                var failed = false
                val iterator = routings.iterator()
                while (iterator.hasNext()) {
                    val (downstream, value) = iterator.next()
-                    if (value != null && value.upstream == upstream) continue
+                    if (value != null) if (value.upstream == upstream) continue else value.stop()
                    try {
                        routings[downstream] = Routing(upstream, downstream).apply {
                            if (app.dhcpWorkaround) dhcpWorkaround()
@@ -59,8 +76,8 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
                            forward()
                            if (app.strict) overrideSystemRules()
                            if (app.masquerade) masquerade()
-                            dnsRedirect(dns)
-                            if (app.pref.getBoolean("service.disableIpv6", false)) disableIpv6()
+                            if (upstream != null) dnsRedirect(dns)
+                            if (disableIpv6) disableIpv6()
                            if (!start()) failed = true
                        }
                    } catch (e: SocketException) {
@@ -71,25 +88,9 @@ class TetheringService : IpNeighbourMonitoringService(), UpstreamMonitor.Callbac
                    }
                }
                if (failed) SmartSnackbar.make(R.string.noisy_su_failure).show()
-            } else if (!receiverRegistered) {
-                registerReceiver(receiver, IntentFilter(TetheringManager.ACTION_TETHER_STATE_CHANGED))
-                app.cleanRoutings[this] = {
-                    synchronized(routings) {
-                        for (iface in routings.keys) routings[iface] = null
-                        updateRoutingsLocked()
-                    }
-                }
-                IpNeighbourMonitor.registerCallback(this)
-                UpstreamMonitor.registerCallback(this)
-                receiverRegistered = true
            }
            updateNotification()
        }
-        if (routings.isEmpty()) {
-            unregisterReceiver()
-            ServiceNotification.stopForeground(this)
-            stopSelf()
-        }
        app.handler.post { binder.fragment?.adapter?.notifyDataSetChanged() }
    }

--- a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
+++ b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
@@ -67,11 +67,12 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
    fun forward(strict: Boolean = true) {
        startScript.add("quiet $IPTABLES -N vpnhotspot_fwd 2>/dev/null")
        if (strict) {
-            check(upstream != null)
+            if (upstream != null) {
                startScript.add("$IPTABLES -A vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
                startScript.add("$IPTABLES -A vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
                stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $upstream -o $downstream -m state --state ESTABLISHED,RELATED -j ACCEPT")
                stopScript.addFirst("$IPTABLES -D vpnhotspot_fwd -i $downstream -o $upstream -j ACCEPT")
+            }   // else nothing needs to be done
        } else {
            // for not strict mode, allow downstream packets to be redirected to anywhere
            // because we don't wanna keep track of default network changes
@@ -94,9 +95,10 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
        startScript.add("quiet $IPTABLES -t nat -N vpnhotspot_masquerade 2>/dev/null")
        // note: specifying -i wouldn't work for POSTROUTING
        if (strict) {
-            check(upstream != null)
+            if (upstream != null) {
                startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
                stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -o $upstream -j MASQUERADE")
+            }   // else nothing needs to be done
        } else {
            startScript.add("$IPTABLES -t nat -A vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")
            stopScript.addFirst("$IPTABLES -t nat -D vpnhotspot_masquerade -s $hostSubnet -j MASQUERADE")