Fix view consistency when app filter is in use

The Connections view now only shows the connections matching the current app filter. TLS mitm is now performed based on the app filter.
2026-06-16 21:10:57 +08:00 · 2020-11-16 14:30:21 +01:00 · 2020-11-16 14:30:21 +01:00 · afebac6904
commit afebac6904
parent a00d10d173
3 changed files with 39 additions and 16 deletions
--- a/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java
@ -115,10 +115,12 @@ public class ConnectionDetails extends AppCompatActivity {
        ConnDescriptor connections[] = (ConnDescriptor[]) intent.getSerializableExtra("value");

        for (ConnDescriptor eval_conn : connections) {
-            if(eval_conn.incr_id == conn.incr_id) {
-                /* Connection found, update stats */
-                conn = eval_conn;
-                updateStats();
+            if(eval_conn != null) {
+                if (eval_conn.incr_id == conn.incr_id) {
+                    /* Connection found, update stats */
+                    conn = eval_conn;
+                    updateStats();
+                }
            }
        }
    }
--- a/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java
@ -33,6 +33,7 @@ import androidx.annotation.NonNull;

 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Comparator;
 import java.util.Objects;

@ -102,11 +103,18 @@ public class ConnectionsAdapter extends BaseAdapter {
        return mItems.get(pos);
    }

-    void updateConnections(ConnDescriptor[] connections) {
+    void updateConnections(ConnDescriptor[] conns) {
        long now = Utils.now();
+        ArrayList<ConnDescriptor> connections = new ArrayList<ConnDescriptor>();
+
+        /* The array may contain null values. Remove them before proceeding */
+        for(ConnDescriptor conn : conns) {
+            if(conn != null)
+                connections.add(conn);
+        }

        /* Sort connections by ascending ID */
-        Arrays.sort(connections, new Comparator<ConnDescriptor>() {
+        Collections.sort(connections, new Comparator<ConnDescriptor>() {
            @Override
            public int compare(ConnDescriptor connDescriptor, ConnDescriptor t1) {
                return Integer.compare(connDescriptor.incr_id, t1.incr_id);
--- a/app/src/main/jni/vpnproxy-jni/vpnproxy.c
+++ b/app/src/main/jni/vpnproxy-jni/vpnproxy.c
@ -297,20 +297,28 @@ static void javaPcapDump(zdtun_t *tun, vpnproxy_data_t *proxy) {

 /* ******************************************************* */

+static bool shouldIgnoreApp(vpnproxy_data_t *proxy, int uid) {
+    bool is_unknown_app = ((uid == -1) || (uid == 1051 /* netd DNS resolver */));
+
+    if(((proxy->uid_filter != -1) && (proxy->uid_filter != uid))
+        && (!is_unknown_app || !proxy->capture_unknown_app_traffic))
+        return true;
+
+    return false;
+}
+
+/* ******************************************************* */
+
 static void account_packet(zdtun_t *tun, const char *packet, ssize_t size, uint8_t from_tap, const zdtun_conn_t *conn_info) {
    struct sockaddr_in servaddr = {0};
    conn_data_t *data = zdtun_conn_get_userdata(conn_info);
    vpnproxy_data_t *proxy;
-    bool is_unknown_app;
-    int uid;

    if(!data) {
        log_android(ANDROID_LOG_ERROR, "Missing user_data in connection");
        return;
    }

-    uid = data->uid;
-    is_unknown_app = ((uid == -1) || (uid == 1051 /* netd DNS resolver */));
    proxy = ((vpnproxy_data_t*)zdtun_userdata(tun));

 #if 0
@ -334,9 +342,8 @@ static void account_packet(zdtun_t *tun, const char *packet, ssize_t size, uint8
    if(data->ndpi_flow)
        process_ndpi_packet(data, proxy, packet, size, from_tap);

-    if(((proxy->uid_filter != -1) && (proxy->uid_filter != uid))
-        && (!is_unknown_app || !proxy->capture_unknown_app_traffic)) {
-        //log_android(ANDROID_LOG_DEBUG, "Discarding connection: UID=%d [filter=%d]", uid, proxy->uid_filter);
+    if(shouldIgnoreApp(proxy, data->uid)) {
+        //log_android(ANDROID_LOG_DEBUG, "Ignoring connection: UID=%d [filter=%d]", data->uid, proxy->uid_filter);
        return;
    }

@ -558,9 +565,12 @@ static int check_dns_req_dnat(struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdt
 /*
 * Check if the packet should be redirected to the mitmproxy
 */
-static int check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdtun_conn_t *conn) {
+static void check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdtun_conn_t *conn) {
    conn_data_t *data = zdtun_conn_get_userdata(conn);

+    if(shouldIgnoreApp(proxy, data->uid))
+        return;
+
    if(pkt->tuple.ipproto == IPPROTO_TCP) {
        uint32_t mitm_ip = proxy->tls_decryption.proxy_ip;
        uint16_t mitm_port = proxy->tls_decryption.proxy_port;
@ -592,8 +602,6 @@ static int check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t
            data->mitm_header_needed = false;
        }
    }
-
-    return 0;
 }

 /* ******************************************************* */
@ -631,6 +639,11 @@ static int connection_dumper(zdtun_t *tun, const zdtun_5tuple_t *conn_info, conn
    vpnproxy_data_t *proxy = (vpnproxy_data_t*) zdtun_userdata(tun);
    JNIEnv *env = proxy->env;

+    if(shouldIgnoreApp(proxy, data->uid)) {
+        /* Continue */
+        return 0;
+    }
+
    addr.s_addr = conn_info->src_ip;
    strncpy(srcip, inet_ntoa(addr), sizeof(srcip));
    addr.s_addr = conn_info->dst_ip;