GitHub/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-05-08 21:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Separate vpn and root specific struct fields

Browse Source
This commit is contained in:
emanuele-f
2021-12-06 17:53:49 +01:00
parent c079474917
commit a48514db65
4 changed files with 122 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/jni/core/capture_root.c
+9 -9
View File
@@ -128,7 +128,7 @@ static void get_libprog_path(pcapdroid_t *pd, const char *prog_name, char *buf,
return;
}
jstring obj = (*env)->CallObjectMethod(env, pd->vpn_service, mids.getLibprogPath, prog_str);
jstring obj = (*env)->CallObjectMethod(env, pd->capture_service, mids.getLibprogPath, prog_str);
if(!jniCheckException(env)) {
const char *value = (*env)->GetStringUTFChars(env, obj, 0);
@@ -263,7 +263,7 @@ static void remove_connection(pcapdroid_t *pd, pcap_conn_t *conn) {
break;
}
HASH_DELETE(hh, pd->connections, conn);
HASH_DELETE(hh, pd->root.connections, conn);
pd_free(conn);
}
@@ -341,7 +341,7 @@ static void handle_packet(pcapdroid_t *pd, pcapd_hdr_t *hdr, const char *buffer)
pcap_conn_t *conn = NULL;
uint8_t is_tx = (hdr->flags & PCAPD_FLAG_TX); // NOTE: the direction uses an heuristic so it may be wrong
if(zdtun_parse_pkt(pd->tun, buffer, hdr->len, &pkt) != 0) {
if(zdtun_parse_pkt(pd->zdt, buffer, hdr->len, &pkt) != 0) {
log_d("zdtun_parse_pkt failed");
return;
}
@@ -365,14 +365,14 @@ static void handle_packet(pcapdroid_t *pd, pcapd_hdr_t *hdr, const char *buffer)
tupleSwapPeers(&pkt.tuple);
}
HASH_FIND(hh, pd->connections, &pkt.tuple, sizeof(zdtun_5tuple_t), conn);
HASH_FIND(hh, pd->root.connections, &pkt.tuple, sizeof(zdtun_5tuple_t), conn);
if(!conn) {
// is_tx may be wrong, search in the other direction
is_tx = !is_tx;
tupleSwapPeers(&pkt.tuple);
HASH_FIND(hh, pd->connections, &pkt.tuple, sizeof(zdtun_5tuple_t), conn);
HASH_FIND(hh, pd->root.connections, &pkt.tuple, sizeof(zdtun_5tuple_t), conn);
if(!conn) {
if((pkt.flags & ZDTUN_PKT_IS_FRAGMENT) && !(pkt.flags & ZDTUN_PKT_IS_FIRST_FRAGMENT)) {
@@ -400,7 +400,7 @@ static void handle_packet(pcapdroid_t *pd, pcapd_hdr_t *hdr, const char *buffer)
conn->tuple = pkt.tuple;
conn->data = data;
HASH_ADD(hh, pd->connections, tuple, sizeof(zdtun_5tuple_t), conn);
HASH_ADD(hh, pd->root.connections, tuple, sizeof(zdtun_5tuple_t), conn);
switch (conn->tuple.ipproto) {
case IPPROTO_TCP:
@@ -430,7 +430,7 @@ static void handle_packet(pcapdroid_t *pd, pcapd_hdr_t *hdr, const char *buffer)
static void purge_expired_connections(pcapdroid_t *pd, uint8_t purge_all) {
pcap_conn_t *conn, *tmp;
HASH_ITER(hh, pd->connections, conn, tmp) {
HASH_ITER(hh, pd->root.connections, conn, tmp) {
uint64_t timeout = 0;
switch(conn->tuple.ipproto) {
@@ -476,7 +476,7 @@ int run_root(pcapdroid_t *pd) {
u_int64_t next_purge_ms;
zdtun_callbacks_t callbacks = {.send_client = (void*)1};
if((pd->tun = zdtun_init(&callbacks, NULL)) == NULL)
if((pd->zdt = zdtun_init(&callbacks, NULL)) == NULL)
return(-1);
if((sock = connectPcapd(pd)) < 0) {
@@ -540,7 +540,7 @@ int run_root(pcapdroid_t *pd) {
cleanup:
purge_expired_connections(pd, 1 /* purge_all */);
if(pd->tun) zdtun_finalize(pd->tun);
if(pd->zdt) zdtun_finalize(pd->zdt);
if(sock > 0) close(sock);
return rv;
app/src/main/jni/core/capture_vpn.c
+62 -47
View File
@@ -28,7 +28,7 @@ static void vpn_protect_socket(pcapdroid_t *pd, socket_t sock) {
/* Call VpnService protect */
jboolean isProtected = (*env)->CallBooleanMethod(
env, pd->vpn_service, mids.protect, sock);
env, pd->capture_service, mids.protect, sock);
jniCheckException(env);
if (!isProtected)
@@ -42,7 +42,7 @@ static int resolve_uid(pcapdroid_t *pd, const zdtun_5tuple_t *conn_info) {
jint uid;
zdtun_5tuple2str(conn_info, buf, sizeof(buf));
uid = get_uid(pd->resolver, conn_info);
uid = get_uid(pd->vpn.resolver, conn_info);
if(uid >= 0) {
char appbuf[64];
@@ -57,8 +57,8 @@ static int resolve_uid(pcapdroid_t *pd, const zdtun_5tuple_t *conn_info) {
return(uid);
}
static void protectSocketCallback(zdtun_t *tun, socket_t sock) {
pcapdroid_t *pd = ((pcapdroid_t*)zdtun_userdata(tun));
static void protectSocketCallback(zdtun_t *zdt, socket_t sock) {
pcapdroid_t *pd = ((pcapdroid_t*)zdtun_userdata(zdt));
vpn_protect_socket(pd, sock);
}
@@ -72,7 +72,7 @@ static void add_known_dns_server(pcapdroid_t *pd, const char *ip) {
return;
}
ndpi_ptree_insert(pd->known_dns_servers, &parsed, ndpi_is_ipv6(&parsed) ? 128 : 32, 1);
ndpi_ptree_insert(pd->vpn.known_dns_servers, &parsed, ndpi_is_ipv6(&parsed) ? 128 : 32, 1);
}
/* ******************************************************* */
@@ -93,11 +93,12 @@ static struct timeval* get_pkt_timestamp(pcapdroid_t *pd, struct timeval *tv) {
/* ******************************************************* */
static int net2tun(zdtun_t *tun, zdtun_pkt_t *pkt, const zdtun_conn_t *conn_info) {
static int net2tun(zdtun_t *zdt, zdtun_pkt_t *pkt, const zdtun_conn_t *conn_info) {
if(!running)
// e.g. during zdtun_finalize
return 0;
pcapdroid_t *pd = (pcapdroid_t*) zdtun_userdata(tun);
pcapdroid_t *pd = (pcapdroid_t*) zdtun_userdata(zdt);
pd_conn_t *data = zdtun_conn_get_userdata(conn_info);
struct timeval tv;
@@ -107,7 +108,7 @@ static int net2tun(zdtun_t *tun, zdtun_pkt_t *pkt, const zdtun_conn_t *conn_info
if(data->to_block) // NOTE: blocked_pkts accounted in pd_account_stats
return 0;
int rv = write(pd->tunfd, pkt->buf, pkt->len);
int rv = write(pd->vpn.tunfd, pkt->buf, pkt->len);
if(rv < 0) {
if(errno == ENOBUFS) {
@@ -119,11 +120,11 @@ static int net2tun(zdtun_t *tun, zdtun_pkt_t *pkt, const zdtun_conn_t *conn_info
log_i("Got I/O error (terminating?)");
running = false;
} else {
log_f("tun write (%d) failed [%d]: %s", pkt->len, errno, strerror(errno));
log_f("zdt write (%d) failed [%d]: %s", pkt->len, errno, strerror(errno));
running = false;
}
} else if(rv != pkt->len) {
log_f("partial tun write (%d / %d)", rv, pkt->len);
log_f("partial zdt write (%d / %d)", rv, pkt->len);
rv = -1;
} else
rv = 0;
@@ -153,12 +154,12 @@ static bool check_dns_req_allowed(pcapdroid_t *pd, zdtun_conn_t *conn) {
if(new_dns_server != 0) {
// Reload DNS server
pd->dns_server = new_dns_server;
pd->vpn.dns_server = new_dns_server;
new_dns_server = 0;
zdtun_ip_t ip = {0};
ip.ip4 = pd->dns_server;
zdtun_set_dnat_info(pd->tun, &ip, htons(53), 4);
ip.ip4 = pd->vpn.dns_server;
zdtun_set_dnat_info(pd->zdt, &ip, htons(53), 4);
log_d("Using new DNS server");
}
@@ -166,7 +167,7 @@ static bool check_dns_req_allowed(pcapdroid_t *pd, zdtun_conn_t *conn) {
if(zdtun_conn_get_5tuple(conn)->ipproto == IPPROTO_ICMP)
return true;
bool is_internal_dns = (tuple->ipver == 4) && (tuple->dst_ip.ip4 == pd->vpn_dns);
bool is_internal_dns = (tuple->ipver == 4) && (tuple->dst_ip.ip4 == pd->vpn.internal_dns);
bool is_dns_server = is_internal_dns
|| ((tuple->ipver == 6) && (memcmp(&tuple->dst_ip.ip6, &pd->ipv6.dns_server, 16) == 0));
@@ -180,7 +181,7 @@ static bool check_dns_req_allowed(pcapdroid_t *pd, zdtun_conn_t *conn) {
else
memcpy(&addr.ipv6, &tuple->dst_ip.ip6, 16);
ndpi_ptree_match_addr(pd->known_dns_servers, &addr, &matched);
ndpi_ptree_match_addr(pd->vpn.known_dns_servers, &addr, &matched);
if(matched) {
char ip[INET6_ADDRSTRLEN];
@@ -233,8 +234,8 @@ static bool check_dns_req_allowed(pcapdroid_t *pd, zdtun_conn_t *conn) {
/* ******************************************************* */
static int handle_new_connection(zdtun_t *tun, zdtun_conn_t *conn_info) {
pcapdroid_t *pd = ((pcapdroid_t *) zdtun_userdata(tun));
static int handle_new_connection(zdtun_t *zdt, zdtun_conn_t *conn_info) {
pcapdroid_t *pd = ((pcapdroid_t *) zdtun_userdata(zdt));
const zdtun_5tuple_t *tuple = zdtun_conn_get_5tuple(conn_info);
pd_conn_t *data = pd_new_connection(pd, tuple, resolve_uid(pd, tuple));
@@ -252,8 +253,8 @@ static int handle_new_connection(zdtun_t *tun, zdtun_conn_t *conn_info) {
/* ******************************************************* */
static void destroy_connection(zdtun_t *tun, const zdtun_conn_t *conn_info) {
pcapdroid_t *pd = (pcapdroid_t*) zdtun_userdata(tun);
static void destroy_connection(zdtun_t *zdt, const zdtun_conn_t *conn_info) {
pcapdroid_t *pd = (pcapdroid_t*) zdtun_userdata(zdt);
pd_conn_t *data = zdtun_conn_get_userdata(conn_info);
if(!data) {
@@ -275,8 +276,12 @@ static void destroy_connection(zdtun_t *tun, const zdtun_conn_t *conn_info) {
/* ******************************************************* */
static void on_packet(zdtun_t *tun, const zdtun_pkt_t *pkt, uint8_t from_tun, const zdtun_conn_t *conn_info) {
pcapdroid_t *pd = ((pcapdroid_t*)zdtun_userdata(tun));
static void on_packet(zdtun_t *zdt, const zdtun_pkt_t *pkt, uint8_t from_tun, const zdtun_conn_t *conn_info) {
if(!running)
// e.g. during zdtun_finalize
return;
pcapdroid_t *pd = ((pcapdroid_t*)zdtun_userdata(zdt));
const zdtun_5tuple_t *tuple = zdtun_conn_get_5tuple(conn_info);
pd_conn_t *data = zdtun_conn_get_userdata(conn_info);
@@ -301,18 +306,25 @@ static void on_packet(zdtun_t *tun, const zdtun_pkt_t *pkt, uint8_t from_tun, co
/* ******************************************************* */
int run_vpn(pcapdroid_t *pd) {
zdtun_t *tun;
int run_vpn(pcapdroid_t *pd, int tunfd) {
zdtun_t *zdt;
char buffer[32768];
u_int64_t next_purge_ms;
int flags = fcntl(pd->tunfd, F_GETFL, 0);
if (flags < 0 || fcntl(pd->tunfd, F_SETFL, flags & ~O_NONBLOCK) < 0) {
int flags = fcntl(pd->vpn.tunfd, F_GETFL, 0);
if (flags < 0 || fcntl(pd->vpn.tunfd, F_SETFL, flags & ~O_NONBLOCK) < 0) {
log_f("fcntl ~O_NONBLOCK error [%d]: %s", errno,
strerror(errno));
return (-1);
}
pd->vpn.tunfd = tunfd;
pd->vpn.internal_ipv4 = getIPv4Pref(pd->env, pd->capture_service, "getVpnIPv4");
pd->vpn.internal_dns = getIPv4Pref(pd->env, pd->capture_service, "getVpnDns");
pd->vpn.dns_server = getIPv4Pref(pd->env, pd->capture_service, "getDnsServer");
pd->vpn.resolver = init_uid_resolver(pd->sdk_ver, pd->env, pd->capture_service);
pd->vpn.known_dns_servers = ndpi_ptree_create();
zdtun_callbacks_t callbacks = {
.send_client = net2tun,
.account_packet = on_packet,
@@ -331,30 +343,30 @@ int run_vpn(pcapdroid_t *pd) {
add_known_dns_server(pd, "2606:4700:4700::64");
add_known_dns_server(pd, "2606:4700:4700::6400");
tun = zdtun_init(&callbacks, pd);
zdt = zdtun_init(&callbacks, pd);
if(tun == NULL) {
if(zdt == NULL) {
log_f("zdtun_init failed");
return(-2);
}
pd->tun = tun;
pd->zdt = zdt;
new_dns_server = 0;
if(pd->socks5.enabled) {
zdtun_ip_t dnatip = {0};
dnatip.ip4 = pd->socks5.proxy_ip;
zdtun_set_socks5_proxy(tun, &dnatip, pd->socks5.proxy_port, 4);
zdtun_set_socks5_proxy(zdt, &dnatip, pd->socks5.proxy_port, 4);
}
zdtun_ip_t ip = {0};
ip.ip4 = pd->dns_server;
zdtun_set_dnat_info(tun, &ip, ntohs(53), 4);
ip.ip4 = pd->vpn.dns_server;
zdtun_set_dnat_info(zdt, &ip, ntohs(53), 4);
pd_refresh_time(pd);
next_purge_ms = pd->now_ms + PERIODIC_PURGE_TIMEOUT_MS;
log_d("Starting packet loop [tunfd=%d]", pd->tunfd);
log_d("Starting packet loop [tunfd=%d]", pd->vpn.tunfd);
while(running) {
int max_fd;
@@ -363,10 +375,10 @@ int run_vpn(pcapdroid_t *pd) {
int size;
struct timeval timeout = {.tv_sec = 0, .tv_usec = SELECT_TIMEOUT_MS * 1000};
zdtun_fds(tun, &max_fd, &fdset, &wrfds);
zdtun_fds(zdt, &max_fd, &fdset, &wrfds);
FD_SET(pd->tunfd, &fdset);
max_fd = max(max_fd, pd->tunfd);
FD_SET(pd->vpn.tunfd, &fdset);
max_fd = max(max_fd, pd->vpn.tunfd);
if(select(max_fd + 1, &fdset, &wrfds, NULL, &timeout) < 0) {
log_e("select failed[%d]: %s", errno, strerror(errno));
@@ -376,14 +388,14 @@ int run_vpn(pcapdroid_t *pd) {
if(!running)
break;
if(FD_ISSET(pd->tunfd, &fdset)) {
if(FD_ISSET(pd->vpn.tunfd, &fdset)) {
/* Packet from VPN */
size = read(pd->tunfd, buffer, sizeof(buffer));
size = read(pd->vpn.tunfd, buffer, sizeof(buffer));
if(size > 0) {
zdtun_pkt_t pkt;
pd_refresh_time(pd);
if(zdtun_parse_pkt(tun, buffer, size, &pkt) != 0) {
if(zdtun_parse_pkt(zdt, buffer, size, &pkt) != 0) {
log_d("zdtun_parse_pkt failed");
goto housekeeping;
}
@@ -409,7 +421,7 @@ int run_vpn(pcapdroid_t *pd) {
uint8_t is_tcp_established = ((pkt.tuple.ipproto == IPPROTO_TCP) &&
(!(pkt.tcp->th_flags & TH_SYN) || (pkt.tcp->th_flags & TH_ACK)));
zdtun_conn_t *conn = zdtun_lookup(tun, &pkt.tuple, !is_tcp_established);
zdtun_conn_t *conn = zdtun_lookup(zdt, &pkt.tuple, !is_tcp_established);
if (!conn) {
if(!is_tcp_established) {
char buf[512];
@@ -438,14 +450,14 @@ int run_vpn(pcapdroid_t *pd) {
if(pd->socks5.enabled)
check_socks5_redirection(pd, &pkt, conn);
if(zdtun_forward(tun, &pkt, conn) != 0) {
if(zdtun_forward(zdt, &pkt, conn) != 0) {
char buf[512];
log_e("zdtun_forward failed: %s",
zdtun_5tuple2str(&pkt.tuple, buf, sizeof(buf)));
pd->num_dropped_connections++;
zdtun_destroy_conn(tun, conn);
zdtun_destroy_conn(zdt, conn);
goto housekeeping;
}
} else {
@@ -456,19 +468,22 @@ int run_vpn(pcapdroid_t *pd) {
}
} else {
pd_refresh_time(pd);
zdtun_handle_fd(tun, &fdset, &wrfds);
zdtun_handle_fd(zdt, &fdset, &wrfds);
}
housekeeping:
pd_housekeeping(pd);
if(pd->now_ms >= next_purge_ms) {
zdtun_purge_expired(tun);
next_purge_ms = pd->now_ms + PERIODIC_PURGE_TIMEOUT_MS;
}
if(pd->now_ms >= next_purge_ms) {
zdtun_purge_expired(zdt);
next_purge_ms = pd->now_ms + PERIODIC_PURGE_TIMEOUT_MS;
}
}
zdtun_finalize(tun);
zdtun_finalize(zdt);
destroy_uid_resolver(pd->vpn.resolver);
ndpi_ptree_destroy(pd->vpn.known_dns_servers);
return(0);
}
app/src/main/jni/core/pcapdroid.c
+19 -27
View File
@@ -27,7 +27,7 @@
// Minimum length (e.g. of "GET") to avoid reporting non-requests
#define MIN_REQ_PLAINTEXT_CHARS 3
extern int run_vpn(pcapdroid_t *pd);
extern int run_vpn(pcapdroid_t *pd, int tunfd);
extern int run_root(pcapdroid_t *pd);
/* ******************************************************* */
@@ -146,7 +146,7 @@ char* getStringPref(pcapdroid_t *pd, const char *key, char *buf, int bufsize) {
JNIEnv *env = pd->env;
jmethodID midMethod = jniGetMethodID(env, cls.vpn_service, key, "()Ljava/lang/String;");
jstring obj = (*env)->CallObjectMethod(env, pd->vpn_service, midMethod);
jstring obj = (*env)->CallObjectMethod(env, pd->capture_service, midMethod);
char *rv = NULL;
if(!jniCheckException(env)) {
@@ -231,7 +231,7 @@ static void getApplicationByUidJava(pcapdroid_t *pd, jint uid, char *buf, int bu
JNIEnv *env = pd->env;
const char *value = NULL;
jstring obj = (*env)->CallObjectMethod(env, pd->vpn_service, mids.getApplicationByUid, uid);
jstring obj = (*env)->CallObjectMethod(env, pd->capture_service, mids.getApplicationByUid, uid);
jniCheckException(env);
if(obj)
@@ -372,7 +372,7 @@ pd_conn_t* pd_new_connection(pcapdroid_t *pd, const zdtun_5tuple_t *tuple, int u
}
data->uid = uid;
data->incr_id = pd->incr_id++;
data->incr_id = pd->new_conn_id++;
// Try to resolve host name via the LRU cache
const zdtun_ip_t dst_ip = tuple->dst_ip;
@@ -696,7 +696,7 @@ static void javaPcapDump(pcapdroid_t *pd) {
return;
(*env)->SetByteArrayRegion(env, barray, 0, pd->pcap_dump.buffer_idx, pd->pcap_dump.buffer);
(*env)->CallVoidMethod(env, pd->vpn_service, mids.dumpPcapData, barray);
(*env)->CallVoidMethod(env, pd->capture_service, mids.dumpPcapData, barray);
jniCheckException(env);
pd->pcap_dump.buffer_idx = 0;
@@ -872,7 +872,7 @@ static void sendConnectionsDump(pcapdroid_t *pd) {
//log_d("avg cpu_time_used per update: %f sec", cpu_time_used / pd->conns_updates.cur_items);
/* Send the dump */
(*env)->CallVoidMethod(env, pd->vpn_service, mids.updateConnections, new_conns, conns_updates);
(*env)->CallVoidMethod(env, pd->capture_service, mids.updateConnections, new_conns, conns_updates);
jniCheckException(env);
cleanup:
@@ -939,7 +939,7 @@ static void sendStatsDump(const pcapdroid_t *pd) {
pd->num_dns_requests);
if(!jniCheckException(env)) {
(*env)->CallVoidMethod(env, pd->vpn_service, mids.sendStatsDump, stats_obj);
(*env)->CallVoidMethod(env, pd->capture_service, mids.sendStatsDump, stats_obj);
jniCheckException(env);
}
@@ -955,7 +955,7 @@ static void notifyServiceStatus(pcapdroid_t *pd, const char *status) {
status_str = (*env)->NewStringUTF(env, status);
(*env)->CallVoidMethod(env, pd->vpn_service, mids.sendServiceStatus, status_str);
(*env)->CallVoidMethod(env, pd->capture_service, mids.sendServiceStatus, status_str);
jniCheckException(env);
(*env)->DeleteLocalRef(env, status_str);
@@ -1024,7 +1024,7 @@ static void use_new_blacklists(pcapdroid_t *pd) {
}
}
}
(*pd->env)->CallVoidMethod(pd->env, pd->vpn_service, mids.notifyBlacklistsLoaded, status_obj);
(*pd->env)->CallVoidMethod(pd->env, pd->capture_service, mids.notifyBlacklistsLoaded, status_obj);
cleanup:
if(status_arr != NULL) {
@@ -1043,7 +1043,7 @@ cleanup:
int load_blacklists_info(pcapdroid_t *pd) {
int rv = 0;
JNIEnv *env = pd->env;
jobjectArray *arr = (*env)->CallObjectMethod(env, pd->vpn_service, mids.getBlacklistsInfo);
jobjectArray *arr = (*env)->CallObjectMethod(env, pd->capture_service, mids.getBlacklistsInfo);
pd->malware_detection.bls_info = NULL;
pd->malware_detection.num_bls = 0;
@@ -1153,7 +1153,7 @@ static void* load_new_blacklists(void *data) {
/* ******************************************************* */
static int check_blocked_conn_cb(zdtun_t *tun, const zdtun_conn_t *conn_info, void *userdata) {
static int check_blocked_conn_cb(zdtun_t *zdt, const zdtun_conn_t *conn_info, void *userdata) {
pcapdroid_t *pd = (pcapdroid_t*) userdata;
pd_conn_t *data = zdtun_conn_get_userdata(conn_info);
const zdtun_5tuple_t *tuple = zdtun_conn_get_5tuple(conn_info);
@@ -1190,7 +1190,7 @@ void pd_housekeeping(pcapdroid_t *pd) {
dump_capture_stats_now = false;
if(!pd->root_capture)
zdtun_get_stats(pd->tun, &pd->stats);
zdtun_get_stats(pd->zdt, &pd->stats);
sendStatsDump(pd);
@@ -1230,8 +1230,8 @@ void pd_housekeeping(pcapdroid_t *pd) {
pd->firewall.bl = pd->firewall.new_bl;
pd->firewall.new_bl = NULL;
if(pd->tun)
zdtun_iter_connections(pd->tun, check_blocked_conn_cb, pd);
if(pd->zdt)
zdtun_iter_connections(pd->zdt, check_blocked_conn_cb, pd);
}
// avoid using freed data
@@ -1267,7 +1267,7 @@ static void log_callback(int lvl, const char *line) {
if((jniCheckException(pd->env) != 0) || (info_string == NULL))
return;
(*pd->env)->CallVoidMethod(pd->env, pd->vpn_service, mids.reportError, info_string);
(*pd->env)->CallVoidMethod(pd->env, pd->capture_service, mids.reportError, info_string);
jniCheckException(pd->env);
(*pd->env)->DeleteLocalRef(pd->env, info_string);
@@ -1412,19 +1412,13 @@ static int run_tun(JNIEnv *env, jclass vpn, int tunfd, jint sdk) {
fields.bldescr_type = jniFieldID(env, cls.blacklist_descriptor, "type", "Lcom/emanuelef/remote_capture/model/BlacklistDescriptor$Type;");
pcapdroid_t pd = {
.tunfd = tunfd,
.sdk = sdk,
.sdk_ver = sdk,
.env = env,
.vpn_service = vpn,
.resolver = init_uid_resolver(sdk, env, vpn),
.known_dns_servers = ndpi_ptree_create(),
.capture_service = vpn,
.ip_to_host = ip_lru_init(MAX_HOST_LRU_SIZE),
.vpn_ipv4 = getIPv4Pref(env, vpn, "getVpnIPv4"),
.vpn_dns = getIPv4Pref(env, vpn, "getVpnDns"),
.dns_server = getIPv4Pref(env, vpn, "getDnsServer"),
.app_filter = getIntPref(env, vpn, "getAppFilterUid"),
.root_capture = (bool) getIntPref(env, vpn, "isRootCapture"),
.incr_id = 0,
.new_conn_id = 0,
.pcap_dump = {
.enabled = (bool) getIntPref(env, vpn, "pcapDumpEnabled"),
},
@@ -1501,7 +1495,7 @@ static int run_tun(JNIEnv *env, jclass vpn, int tunfd, jint sdk) {
notifyServiceStatus(&pd, "started");
// Run the capture
int rv = pd.root_capture ? run_root(&pd) : run_vpn(&pd);
int rv = pd.root_capture ? run_root(&pd) : run_vpn(&pd, tunfd);
log_d("Stopped packet loop");
@@ -1543,8 +1537,6 @@ static int run_tun(JNIEnv *env, jclass vpn, int tunfd, jint sdk) {
}
notifyServiceStatus(&pd, "stopped");
destroy_uid_resolver(pd.resolver);
ndpi_ptree_destroy(pd.known_dns_servers);
log_d("Host LRU cache size: %d", ip_lru_size(pd.ip_to_host));
log_d("Discarded fragments: %ld", pd.num_discarded_fragments);
app/src/main/jni/core/pcapdroid.h
+32 -22
View File
@@ -121,36 +121,48 @@ typedef struct {
typedef struct pcap_conn pcap_conn_t;
typedef struct {
int tunfd;
int incr_id;
jint sdk;
JNIEnv *env;
jobject vpn_service;
jint app_filter;
u_int32_t vpn_dns;
u_int32_t dns_server;
u_int32_t vpn_ipv4;
jobject capture_service;
jint sdk_ver;
pkt_processing_phase_t pkt_phase;
int new_conn_id;
uint64_t now_ms; // Monotonic timestamp, see pd_refresh_time
struct ndpi_detection_module_struct *ndpi;
ndpi_ptree_t *known_dns_servers;
uid_resolver_t *resolver;
zdtun_t *zdt;
ip_lru_t *ip_to_host;
conn_array_t new_conns;
conn_array_t conns_updates;
uid_to_app_t *uid2app;
char cachedir[PATH_MAX];
char filesdir[PATH_MAX];
int cachedir_len;
int filesdir_len;
uint64_t now_ms; // Monotonic timestamp, see pd_refresh_time
// config
jint app_filter;
bool root_capture;
// stats
u_int num_dropped_pkts;
long num_discarded_fragments;
u_int32_t num_dropped_connections;
u_int32_t num_dns_requests;
conn_array_t new_conns;
conn_array_t conns_updates;
zdtun_t *tun;
bool root_capture;
uint32_t num_dropped_connections;
uint32_t num_dns_requests;
zdtun_statistics_t stats;
uid_to_app_t *uid2app;
pcap_conn_t *connections; // root only
pkt_processing_phase_t pkt_phase;
capture_stats_t capture_stats;
union {
struct {
int tunfd;
uint32_t dns_server;
uint32_t internal_dns;
uint32_t internal_ipv4;
ndpi_ptree_t *known_dns_servers;
uid_resolver_t *resolver;
} vpn;
struct {
pcap_conn_t *connections;
} root;
};
// populated via pd_set_current_packet
struct {
@@ -196,8 +208,6 @@ typedef struct {
blacklist_t *bl;
blacklist_t *new_bl;
} firewall;
capture_stats_t capture_stats;
} pcapdroid_t;
/* ******************************************************* */