Add allowed connections filter

This commit is contained in:
emanuele-f 2022-06-22 16:13:24 +02:00
parent 5aadd5fe0a
commit 7a7bf81049
6 changed files with 71 additions and 23 deletions

View File

@ -39,6 +39,7 @@ import com.emanuelef.remote_capture.PCAPdroid;
import com.emanuelef.remote_capture.R;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.Status;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.DecryptionStatus;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.FilteringStatus;
import com.emanuelef.remote_capture.model.FilterDescriptor;
import com.emanuelef.remote_capture.model.ListInfo;
import com.emanuelef.remote_capture.model.MatchList;
@ -54,8 +55,8 @@ public class EditFilterActivity extends BaseActivity {
private static final String TAG = "FilterEditActivity";
private FilterDescriptor mFilter;
private CheckBox mHideMasked;
private CheckBox mOnlyBlocked;
private CheckBox mOnlyBlacklisted;
private ArrayList<Pair<FilteringStatus, Chip>> mFirewallChips;
private ArrayList<Pair<Status, Chip>> mStatusChips;
private ArrayList<Pair<DecryptionStatus, Chip>> mDecChips;
private ChipGroup mInterfaceGroup;
@ -82,7 +83,6 @@ public class EditFilterActivity extends BaseActivity {
mFilter = new FilterDescriptor();
mHideMasked = findViewById(R.id.not_hidden);
mOnlyBlocked = findViewById(R.id.only_blocked);
mOnlyBlacklisted = findViewById(R.id.only_blacklisted);
mInterfaceGroup = findViewById(R.id.interfaces);
@ -92,6 +92,11 @@ public class EditFilterActivity extends BaseActivity {
startActivity(editIntent);
});
mFirewallChips = new ArrayList<>(Arrays.asList(
new Pair<>(FilteringStatus.BLOCKED, findViewById(R.id.status_blocked)),
new Pair<>(FilteringStatus.ALLOWED, findViewById(R.id.status_allowed))
));
mStatusChips = new ArrayList<>(Arrays.asList(
new Pair<>(Status.STATUS_ACTIVE, findViewById(R.id.status_active)),
new Pair<>(Status.STATUS_CLOSED, findViewById(R.id.status_closed)),
@ -116,8 +121,10 @@ public class EditFilterActivity extends BaseActivity {
if(!Prefs.isMalwareDetectionEnabled(this, prefs))
mOnlyBlacklisted.setVisibility(View.GONE);
if(!billing.isFirewallVisible())
mOnlyBlocked.setVisibility(View.GONE);
if(billing.isFirewallVisible()) {
findViewById(R.id.firewall_label).setVisibility(View.VISIBLE);
findViewById(R.id.firewall_group).setVisibility(View.VISIBLE);
}
ConnectionsRegister reg = CaptureService.getConnsRegister();
if((reg != null) && (reg.hasSeenMultipleInterfaces())) {
@ -165,11 +172,11 @@ public class EditFilterActivity extends BaseActivity {
private void model2view() {
mHideMasked.setChecked(!mFilter.showMasked);
mOnlyBlocked.setChecked(mFilter.onlyBLocked);
mOnlyBlacklisted.setChecked(mFilter.onlyBlacklisted);
setCheckedChip(mStatusChips, mFilter.status);
setCheckedChip(mDecChips, mFilter.decStatus);
setCheckedChip(mFirewallChips, mFilter.filteringStatus);
if(mFilter.iface != null) {
int num_chips = mInterfaceGroup.getChildCount();
@ -185,11 +192,11 @@ public class EditFilterActivity extends BaseActivity {
private void view2model() {
mFilter.showMasked = !mHideMasked.isChecked();
mFilter.onlyBLocked = mOnlyBlocked.isChecked();
mFilter.onlyBlacklisted = mOnlyBlacklisted.isChecked();
mFilter.status = getCheckedChip(mStatusChips, Status.STATUS_INVALID);
mFilter.decStatus = getCheckedChip(mDecChips, DecryptionStatus.INVALID);
mFilter.filteringStatus = getCheckedChip(mFirewallChips, FilteringStatus.INVALID);
int num_chips = mInterfaceGroup.getChildCount();
for(int i=0; i<num_chips; i++) {

View File

@ -50,6 +50,7 @@ import com.emanuelef.remote_capture.R;
import com.emanuelef.remote_capture.Utils;
import com.emanuelef.remote_capture.activities.ConnectionsActivity;
import com.emanuelef.remote_capture.activities.MainActivity;
import com.emanuelef.remote_capture.model.ConnectionDescriptor;
import com.emanuelef.remote_capture.model.FilterDescriptor;
import com.emanuelef.remote_capture.model.MatchList;
import com.emanuelef.remote_capture.model.Prefs;
@ -95,7 +96,7 @@ public class FirewallStatus extends Fragment {
view.findViewById(R.id.show_connections).setOnClickListener(v -> {
FilterDescriptor filter = new FilterDescriptor();
filter.onlyBLocked = true;
filter.filteringStatus = ConnectionDescriptor.FilteringStatus.BLOCKED;
Intent intent = new Intent(requireContext(), ConnectionsActivity.class)
.putExtra(ConnectionsFragment.FILTER_EXTRA, filter);

View File

@ -72,6 +72,12 @@ public class ConnectionDescriptor {
ERROR,
}
public enum FilteringStatus {
INVALID,
ALLOWED,
BLOCKED
}
/* Metadata */
public final int ipver;
public final int ipproto;

View File

@ -27,6 +27,7 @@ import com.emanuelef.remote_capture.PCAPdroid;
import com.emanuelef.remote_capture.R;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.Status;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.DecryptionStatus;
import com.emanuelef.remote_capture.model.ConnectionDescriptor.FilteringStatus;
import com.google.android.material.chip.Chip;
import com.google.android.material.chip.ChipGroup;
@ -35,8 +36,8 @@ import java.io.Serializable;
public class FilterDescriptor implements Serializable {
public Status status;
public boolean showMasked;
public boolean onlyBLocked;
public boolean onlyBlacklisted;
public FilteringStatus filteringStatus;
public DecryptionStatus decStatus;
public String iface;
public int uid = -2; // this is persistent and used internally (AppDetailsActivity)
@ -48,8 +49,8 @@ public class FilterDescriptor implements Serializable {
public boolean isSet() {
return (status != Status.STATUS_INVALID)
|| (decStatus != DecryptionStatus.INVALID)
|| (filteringStatus != FilteringStatus.INVALID)
|| (iface != null)
|| onlyBLocked
|| onlyBlacklisted
|| (uid != 2)
|| (!showMasked && !PCAPdroid.getInstance().getVisualizationMask().isEmpty());
@ -57,10 +58,10 @@ public class FilterDescriptor implements Serializable {
public boolean matches(ConnectionDescriptor conn) {
return (showMasked || !PCAPdroid.getInstance().getVisualizationMask().matches(conn))
&& (!onlyBLocked || conn.is_blocked)
&& (!onlyBlacklisted || conn.isBlacklisted())
&& ((status == Status.STATUS_INVALID) || (conn.getStatus().equals(status)))
&& ((decStatus == DecryptionStatus.INVALID) || (conn.getDecryptionStatus() == decStatus))
&& ((filteringStatus == FilteringStatus.INVALID) || ((filteringStatus == FilteringStatus.BLOCKED) == conn.is_blocked))
&& ((iface == null) || (CaptureService.getInterfaceName(conn.ifidx).equals(iface)))
&& ((uid == -2) || (uid == conn.uid));
}
@ -77,8 +78,6 @@ public class FilterDescriptor implements Serializable {
if(!showMasked)
addChip(inflater, group, R.id.not_hidden, ctx.getString(R.string.not_hidden_filter));
if(onlyBLocked)
addChip(inflater, group, R.id.blocked, ctx.getString(R.string.blocked_connection_filter));
if(onlyBlacklisted)
addChip(inflater, group, R.id.blacklisted, ctx.getString(R.string.malicious_connection_filter));
if(status != Status.STATUS_INVALID) {
@ -89,6 +88,11 @@ public class FilterDescriptor implements Serializable {
String label = String.format(ctx.getString(R.string.decryption_filter), ConnectionDescriptor.getDecryptionStatusLabel(decStatus, ctx));
addChip(inflater, group, R.id.decryption_status, label);
}
if(filteringStatus != FilteringStatus.INVALID) {
String label = ctx.getString(R.string.firewall_filter, ctx.getString((filteringStatus == FilteringStatus.BLOCKED) ?
R.string.blocked_connection_filter : R.string.allowed_connection_filter));
addChip(inflater, group, R.id.firewall, label);
}
if(iface != null)
addChip(inflater, group, R.id.capture_interface, String.format(ctx.getString(R.string.interface_filter), iface));
}
@ -96,24 +100,24 @@ public class FilterDescriptor implements Serializable {
public void clear(int filter_id) {
if(filter_id == R.id.not_hidden)
showMasked = true;
else if(filter_id == R.id.blocked)
onlyBLocked = false;
else if(filter_id == R.id.blacklisted)
onlyBlacklisted = false;
else if(filter_id == R.id.status_ind)
status = Status.STATUS_INVALID;
else if(filter_id == R.id.decryption_status)
decStatus = DecryptionStatus.INVALID;
else if(filter_id == R.id.firewall)
filteringStatus = FilteringStatus.INVALID;
else if(filter_id == R.id.capture_interface)
iface = null;
}
public void clear() {
showMasked = true;
onlyBLocked = false;
onlyBlacklisted = false;
status = Status.STATUS_INVALID;
decStatus = DecryptionStatus.INVALID;
filteringStatus = FilteringStatus.INVALID;
iface = null;
}
}

View File

@ -36,13 +36,6 @@
android:textColor="@color/colorTabText" />
</RelativeLayout>
<CheckBox
android:id="@+id/only_blocked"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_marginBottom="10dp"
android:text="@string/show_only_blocked" />
<CheckBox
android:id="@+id/only_blacklisted"
android:layout_width="wrap_content"
@ -135,6 +128,41 @@
android:text="@string/error"/>
</com.google.android.material.chip.ChipGroup>
<TextView
android:id="@+id/firewall_label"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="@string/firewall"
android:textStyle="bold"
android:textColor="@color/colorAccent"
android:textSize="18sp"
android:visibility="gone"
tools:visibility="visible"
android:layout_marginBottom="5dp"/>
<com.google.android.material.chip.ChipGroup
android:id="@+id/firewall_group"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_marginBottom="10dp"
android:visibility="gone"
tools:visibility="visible"
app:singleSelection="true">
<com.google.android.material.chip.Chip
android:id="@+id/status_blocked"
style="@style/Widget.MaterialComponents.Chip.Choice"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="@string/blocked_connection_filter"/>
<com.google.android.material.chip.Chip
android:id="@+id/status_allowed"
style="@style/Widget.MaterialComponents.Chip.Choice"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="@string/allowed_connection_filter"/>
</com.google.android.material.chip.ChipGroup>
<TextView
android:id="@+id/interfaces_label"
android:layout_width="wrap_content"

View File

@ -231,7 +231,9 @@
<string name="blocked_pkts">Blocked</string>
<string name="n_pkts">%1$s pkts</string>
<string name="show_only_blocked">Blocked connections</string>
<string name="blocked_connection_filter">blocked</string>
<string name="blocked_connection_filter">Blocked</string>
<string name="allowed_connection_filter">Allowed</string>
<string name="firewall_filter">Firewall: %1$s</string>
<string name="paid_features">Paid features</string>
<string name="unlock_code">Unlock code</string>
<string name="validate">Validate</string>