From 6a42e7d988f16390bb4c76ef18c9ce778f6cb849 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 23 Apr 2023 18:30:09 +0200 Subject: [PATCH] Log private DNS mode in build info --- .../remote_capture/CaptureService.java | 15 ++++++---- .../com/emanuelef/remote_capture/Utils.java | 24 +++++++++++++++ .../activities/AboutActivity.java | 29 +++++++++++++++++-- app/src/main/jni/core/capture_vpn.c | 3 +- 4 files changed, 62 insertions(+), 9 deletions(-) diff --git a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java index 1516f8ed..75f8daa0 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java +++ b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java @@ -157,6 +157,7 @@ public class CaptureService extends VpnService implements Runnable { private static final MutableLiveData serviceStatus = new MutableLiveData<>(); private boolean mLowMemory; private BroadcastReceiver mNewAppsInstallReceiver; + private Utils.PrivateDnsMode mPrivateDnsMode; /* The maximum connections to log into the ConnectionsRegister. Older connections are dropped. * Max estimated memory usage: less than 4 MB (+8 MB with payload mode minimal). */ @@ -777,12 +778,12 @@ public class CaptureService extends VpnService implements Runnable { return; if(android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.P) { - boolean strict_mode = (linkProperties.getPrivateDnsServerName() != null); - boolean opportunistic_mode = !strict_mode && linkProperties.isPrivateDnsActive(); + mPrivateDnsMode = Utils.getPrivateDnsMode(linkProperties); + Log.i(TAG, "Private DNS: " + mPrivateDnsMode); - Log.i(TAG, "Private DNS: " + (strict_mode ? "strict" : (opportunistic_mode ? "opportunistic" : "off"))); if(!mSettings.root_capture && mSettings.auto_block_private_dns) { - mDnsEncrypted = strict_mode; + mDnsEncrypted = mPrivateDnsMode.equals(Utils.PrivateDnsMode.STRICT); + boolean opportunistic_mode = mPrivateDnsMode.equals(Utils.PrivateDnsMode.OPPORTUNISTIC); /* Private DNS can be in one of these modes: * 1. Off @@ -796,7 +797,7 @@ public class CaptureService extends VpnService implements Runnable { } } else { // in root capture we don't block private DNS requests in opportunistic mode - mDnsEncrypted = strict_mode || opportunistic_mode; + mDnsEncrypted = !mPrivateDnsMode.equals(Utils.PrivateDnsMode.DISABLED); setPrivateDnsBlocked(false); } @@ -1491,6 +1492,10 @@ public class CaptureService extends VpnService implements Runnable { Log.d(TAG, "waitForCaptureStop done " + Thread.currentThread().getName()); } + public static @Nullable Utils.PrivateDnsMode getPrivateDnsMode() { + return isServiceActive() ? INSTANCE.mPrivateDnsMode : null; + } + public static native int initLogger(String path, int level); public static native int writeLog(int logger, int lvl, String message); private static native void initPlatformInfo(String appver, String device, String os); diff --git a/app/src/main/java/com/emanuelef/remote_capture/Utils.java b/app/src/main/java/com/emanuelef/remote_capture/Utils.java index b74a369b..6cbf7066 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/Utils.java +++ b/app/src/main/java/com/emanuelef/remote_capture/Utils.java @@ -77,7 +77,9 @@ import android.widget.TextView; import android.widget.Toast; import androidx.activity.result.ActivityResultLauncher; +import androidx.annotation.NonNull; import androidx.annotation.Nullable; +import androidx.annotation.RequiresApi; import androidx.appcompat.app.AlertDialog; import androidx.appcompat.app.AppCompatDelegate; import androidx.appcompat.widget.SearchView; @@ -157,6 +159,18 @@ public class Utils { PLAYSTORE, // Google play release } + public enum PrivateDnsMode { + DISABLED, + OPPORTUNISTIC, + STRICT; + + @NonNull + @Override + public String toString() { + return super.toString().toLowerCase(); + } + } + public static String[] list2array(List l) { return l.toArray(new String[0]); } @@ -1573,4 +1587,14 @@ public class Utils { return null; } } + + @RequiresApi(api = Build.VERSION_CODES.P) + public static PrivateDnsMode getPrivateDnsMode(@NonNull LinkProperties linkProperties) { + if(linkProperties.getPrivateDnsServerName() != null) + return PrivateDnsMode.STRICT; + else if(linkProperties.isPrivateDnsActive()) + return PrivateDnsMode.OPPORTUNISTIC; + else + return PrivateDnsMode.DISABLED; + } } diff --git a/app/src/main/java/com/emanuelef/remote_capture/activities/AboutActivity.java b/app/src/main/java/com/emanuelef/remote_capture/activities/AboutActivity.java index fc3c7e66..2001bc00 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/activities/AboutActivity.java +++ b/app/src/main/java/com/emanuelef/remote_capture/activities/AboutActivity.java @@ -19,11 +19,16 @@ package com.emanuelef.remote_capture.activities; +import android.app.Service; import android.content.Intent; import android.content.res.Resources; import android.graphics.Bitmap; import android.graphics.Point; +import android.net.ConnectivityManager; +import android.net.LinkProperties; +import android.net.Network; import android.net.Uri; +import android.os.Build; import android.os.Bundle; import android.os.Handler; import android.os.Looper; @@ -52,6 +57,7 @@ import androidx.core.text.HtmlCompat; import androidx.core.view.MenuProvider; import com.emanuelef.remote_capture.Billing; +import com.emanuelef.remote_capture.CaptureService; import com.emanuelef.remote_capture.Log; import com.emanuelef.remote_capture.R; import com.emanuelef.remote_capture.Utils; @@ -142,18 +148,37 @@ public class AboutActivity extends BaseActivity implements MenuProvider { startActivity(intent); return true; } else if(id == R.id.build_info) { - final String deviceInfo = Utils.getBuildInfo(this) + "\n\n" + Prefs.asString(this); + String deviceInfo = Utils.getBuildInfo(this) + "\n\n" + + Prefs.asString(this); + + Utils.PrivateDnsMode dns_mode = CaptureService.getPrivateDnsMode(); + if(dns_mode == null) { + if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { + ConnectivityManager cm = (ConnectivityManager) getSystemService(Service.CONNECTIVITY_SERVICE); + Network net = cm.getActiveNetwork(); + + if(net != null) { + LinkProperties lp = cm.getLinkProperties(net); + if (lp != null) + dns_mode = Utils.getPrivateDnsMode(lp); + } + } + } + + if(dns_mode != null) + deviceInfo += "\n" + "PrivateDnsMode: " + dns_mode; LayoutInflater inflater = LayoutInflater.from(this); View view = inflater.inflate(R.layout.scrollable_dialog, null); ((TextView)view.findViewById(R.id.text)).setText(deviceInfo); + final String deviceInfoStr = deviceInfo; new AlertDialog.Builder(this) .setTitle(R.string.build_info) .setView(view) .setPositiveButton(R.string.ok, (dialogInterface, i) -> {}) .setNeutralButton(R.string.copy_to_clipboard, (dialogInterface, i) -> - Utils.copyToClipboard(this, deviceInfo)).show(); + Utils.copyToClipboard(this, deviceInfoStr)).show(); return true; } diff --git a/app/src/main/jni/core/capture_vpn.c b/app/src/main/jni/core/capture_vpn.c index 0b8934db..7d8b0d2d 100644 --- a/app/src/main/jni/core/capture_vpn.c +++ b/app/src/main/jni/core/capture_vpn.c @@ -188,7 +188,6 @@ static bool check_dns_req_allowed(pcapdroid_t *pd, zdtun_conn_t *conn, pkt_conte if((dns_data->flags & DNS_FLAGS_MASK) != DNS_TYPE_REQUEST) return(true); - log_d("Detected DNS query[%u]", dns_length); pd->num_dns_requests++; if(is_internal_dns) { @@ -382,7 +381,7 @@ void vpn_process_ndpi(pcapdroid_t *pd, const zdtun_5tuple_t *tuple, pd_conn_t *d if(block_private_dns && !data->to_block && (data->l7proto == NDPI_PROTOCOL_TLS) && data->info && blacklist_match_domain(pd->vpn.known_dns_servers, data->info)) { - log_d("blocking connection to private DNS server"); + log_d("blocking connection to private DNS server %s", data->info); data->blacklisted_internal = true; data->to_block = true; }