From 10a9fe6fe4ccf8abc22a42ebdf1b43f376a823e0 Mon Sep 17 00:00:00 2001 From: Guillaume Jacquart Date: Tue, 12 Sep 2023 08:23:31 +0200 Subject: [PATCH 1/2] epic18: Trackers control while Tor enabled --- build.gradle | 24 ++++++++--------- .../android/service/OrbotService.java | 4 +++ .../android/service/vpn/DNSResolver.java | 27 ++++++++++++++++--- .../service/vpn/RequestPacketHandler.java | 9 +++---- 4 files changed, 43 insertions(+), 21 deletions(-) diff --git a/build.gradle b/build.gradle index 92c9bc7..560fe80 100644 --- a/build.gradle +++ b/build.gradle @@ -14,7 +14,7 @@ android { }**/ defaultConfig { - minSdkVersion 16 + minSdkVersion 24 targetSdkVersion 31 } @@ -42,17 +42,17 @@ android { } dependencies { - api libs.guardian_jtorctl + api orbotlibs.guardian_jtorctl implementation( - libs.android_shell, - libs.androidx_core, - libs.androidx_localbroadcast, - libs.ipt_proxy, - libs.guardian_geoip, - libs.guardian_jsocks, - libs.portmapper, - libs.tor_android, - libs.pcap_core, - libs.pcap_factory + orbotlibs.android_shell, + orbotlibs.androidx_core, + orbotlibs.androidx_localbroadcast, + orbotlibs.ipt_proxy, + orbotlibs.guardian_geoip, + orbotlibs.guardian_jsocks, + orbotlibs.portmapper, + orbotlibs.tor_android, + orbotlibs.pcap_core, + orbotlibs.pcap_factory ) } diff --git a/src/main/java/org/torproject/android/service/OrbotService.java b/src/main/java/org/torproject/android/service/OrbotService.java index fb160a8..26bd133 100644 --- a/src/main/java/org/torproject/android/service/OrbotService.java +++ b/src/main/java/org/torproject/android/service/OrbotService.java @@ -33,6 +33,7 @@ import android.widget.Toast; import net.freehaven.tor.control.TorControlCommands; import net.freehaven.tor.control.TorControlConnection; +import org.pcap4j.packet.DnsPacket; import org.torproject.android.service.util.CustomTorResourceInstaller; import org.torproject.android.service.util.Prefs; import org.torproject.android.service.util.Utils; @@ -61,6 +62,7 @@ import java.util.StringTokenizer; import java.util.UUID; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; +import java.util.function.Function; import IPtProxy.IPtProxy; import androidx.annotation.ChecksSdkIntAtLeast; @@ -73,6 +75,8 @@ public class OrbotService extends VpnService implements OrbotConstants { public final static String BINARY_TOR_VERSION = TorService.VERSION_NAME; + public static Function shouldBlock = null; + static final int NOTIFY_ID = 1; private static final int ERROR_NOTIFY_ID = 3; private static final Uri V3_ONION_SERVICES_CONTENT_URI = Uri.parse("content://org.torproject.android.ui.v3onionservice/v3"); diff --git a/src/main/java/org/torproject/android/service/vpn/DNSResolver.java b/src/main/java/org/torproject/android/service/vpn/DNSResolver.java index 6478b28..23569c6 100644 --- a/src/main/java/org/torproject/android/service/vpn/DNSResolver.java +++ b/src/main/java/org/torproject/android/service/vpn/DNSResolver.java @@ -1,5 +1,11 @@ package org.torproject.android.service.vpn; +import android.util.Log; + +import org.pcap4j.packet.DnsPacket; +import org.pcap4j.packet.IllegalRawDataException; +import org.torproject.android.service.OrbotService; + import java.io.IOException; import java.net.DatagramPacket; import java.net.DatagramSocket; @@ -14,11 +20,18 @@ public class DNSResolver { mPort = localPort; } - public byte[] processDNS(byte[] payload) throws IOException { + public DnsPacket processDNS(DnsPacket dnsRequest) throws IOException { if (mLocalhost == null) mLocalhost = InetAddress.getLocalHost(); + if (OrbotService.shouldBlock != null) { + DnsPacket blockedResponse = OrbotService.shouldBlock.apply(dnsRequest); + if (blockedResponse != null) + return blockedResponse; + } + + byte[] payload = dnsRequest.getRawData(); DatagramPacket packet = new DatagramPacket( payload, payload.length, mLocalhost, mPort ); @@ -30,7 +43,15 @@ public class DNSResolver { packet = new DatagramPacket(buf, buf.length); datagramSocket.receive(packet); - return packet.getData(); + byte[] dnsResp = packet.getData(); + DnsPacket dnsResponse = null; + if (dnsResp != null) { + try { + dnsResponse = DnsPacket.newPacket(dnsResp, 0, dnsResp.length); + } catch (IllegalRawDataException e) { + Log.e("DNSResolver", "Can't parse DNS response", e); + } + } + return dnsResponse; } - } diff --git a/src/main/java/org/torproject/android/service/vpn/RequestPacketHandler.java b/src/main/java/org/torproject/android/service/vpn/RequestPacketHandler.java index 95b7b58..d733bb4 100644 --- a/src/main/java/org/torproject/android/service/vpn/RequestPacketHandler.java +++ b/src/main/java/org/torproject/android/service/vpn/RequestPacketHandler.java @@ -29,14 +29,11 @@ public class RequestPacketHandler implements Runnable { public void run() { try { UdpPacket udpPacket = (UdpPacket) packet.getPayload(); + DnsPacket dnsRequest = (DnsPacket) udpPacket.getPayload(); - byte[] dnsResp = mDnsResolver.processDNS(udpPacket.getPayload().getRawData()); - - if (dnsResp != null) { - - DnsPacket dnsRequest = (DnsPacket) udpPacket.getPayload(); - DnsPacket dnsResponse = DnsPacket.newPacket(dnsResp, 0, dnsResp.length); + DnsPacket dnsResponse = mDnsResolver.processDNS(dnsRequest); + if (dnsResponse != null) { DnsPacket.Builder dnsBuilder = new DnsPacket.Builder(); dnsBuilder.questions(dnsRequest.getHeader().getQuestions()); dnsBuilder.id(dnsRequest.getHeader().getId()); -- GitLab From 37df52004c0fe64e1f38aea89c81b0f4e81f3a08 Mon Sep 17 00:00:00 2001 From: Guillaume Jacquart Date: Wed, 11 Oct 2023 18:57:06 +0200 Subject: [PATCH 2/2] review fixes --- .../java/org/torproject/android/service/vpn/DNSResolver.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/torproject/android/service/vpn/DNSResolver.java b/src/main/java/org/torproject/android/service/vpn/DNSResolver.java index 23569c6..8ceb4a7 100644 --- a/src/main/java/org/torproject/android/service/vpn/DNSResolver.java +++ b/src/main/java/org/torproject/android/service/vpn/DNSResolver.java @@ -27,8 +27,9 @@ public class DNSResolver { if (OrbotService.shouldBlock != null) { DnsPacket blockedResponse = OrbotService.shouldBlock.apply(dnsRequest); - if (blockedResponse != null) + if (blockedResponse != null) { return blockedResponse; + } } byte[] payload = dnsRequest.getRawData(); -- GitLab