From afebac69047f614d8146c97533fd69b82f3ecfc3 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Mon, 16 Nov 2020 14:30:21 +0100 Subject: [PATCH] Fix view consistency when app filter is in use The Connections view now only shows the connections matching the current app filter. TLS mitm is now performed based on the app filter. --- .../remote_capture/ConnectionDetails.java | 10 +++--- .../remote_capture/ConnectionsAdapter.java | 12 +++++-- app/src/main/jni/vpnproxy-jni/vpnproxy.c | 33 +++++++++++++------ 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java b/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java index 8eb85fb1..8d0ac738 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java +++ b/app/src/main/java/com/emanuelef/remote_capture/ConnectionDetails.java @@ -115,10 +115,12 @@ public class ConnectionDetails extends AppCompatActivity { ConnDescriptor connections[] = (ConnDescriptor[]) intent.getSerializableExtra("value"); for (ConnDescriptor eval_conn : connections) { - if(eval_conn.incr_id == conn.incr_id) { - /* Connection found, update stats */ - conn = eval_conn; - updateStats(); + if(eval_conn != null) { + if (eval_conn.incr_id == conn.incr_id) { + /* Connection found, update stats */ + conn = eval_conn; + updateStats(); + } } } } diff --git a/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java b/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java index 7a946b11..66cfce9e 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java +++ b/app/src/main/java/com/emanuelef/remote_capture/ConnectionsAdapter.java @@ -33,6 +33,7 @@ import androidx.annotation.NonNull; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.Comparator; import java.util.Objects; @@ -102,11 +103,18 @@ public class ConnectionsAdapter extends BaseAdapter { return mItems.get(pos); } - void updateConnections(ConnDescriptor[] connections) { + void updateConnections(ConnDescriptor[] conns) { long now = Utils.now(); + ArrayList connections = new ArrayList(); + + /* The array may contain null values. Remove them before proceeding */ + for(ConnDescriptor conn : conns) { + if(conn != null) + connections.add(conn); + } /* Sort connections by ascending ID */ - Arrays.sort(connections, new Comparator() { + Collections.sort(connections, new Comparator() { @Override public int compare(ConnDescriptor connDescriptor, ConnDescriptor t1) { return Integer.compare(connDescriptor.incr_id, t1.incr_id); diff --git a/app/src/main/jni/vpnproxy-jni/vpnproxy.c b/app/src/main/jni/vpnproxy-jni/vpnproxy.c index 01756a27..7345fbb0 100644 --- a/app/src/main/jni/vpnproxy-jni/vpnproxy.c +++ b/app/src/main/jni/vpnproxy-jni/vpnproxy.c @@ -297,20 +297,28 @@ static void javaPcapDump(zdtun_t *tun, vpnproxy_data_t *proxy) { /* ******************************************************* */ +static bool shouldIgnoreApp(vpnproxy_data_t *proxy, int uid) { + bool is_unknown_app = ((uid == -1) || (uid == 1051 /* netd DNS resolver */)); + + if(((proxy->uid_filter != -1) && (proxy->uid_filter != uid)) + && (!is_unknown_app || !proxy->capture_unknown_app_traffic)) + return true; + + return false; +} + +/* ******************************************************* */ + static void account_packet(zdtun_t *tun, const char *packet, ssize_t size, uint8_t from_tap, const zdtun_conn_t *conn_info) { struct sockaddr_in servaddr = {0}; conn_data_t *data = zdtun_conn_get_userdata(conn_info); vpnproxy_data_t *proxy; - bool is_unknown_app; - int uid; if(!data) { log_android(ANDROID_LOG_ERROR, "Missing user_data in connection"); return; } - uid = data->uid; - is_unknown_app = ((uid == -1) || (uid == 1051 /* netd DNS resolver */)); proxy = ((vpnproxy_data_t*)zdtun_userdata(tun)); #if 0 @@ -334,9 +342,8 @@ static void account_packet(zdtun_t *tun, const char *packet, ssize_t size, uint8 if(data->ndpi_flow) process_ndpi_packet(data, proxy, packet, size, from_tap); - if(((proxy->uid_filter != -1) && (proxy->uid_filter != uid)) - && (!is_unknown_app || !proxy->capture_unknown_app_traffic)) { - //log_android(ANDROID_LOG_DEBUG, "Discarding connection: UID=%d [filter=%d]", uid, proxy->uid_filter); + if(shouldIgnoreApp(proxy, data->uid)) { + //log_android(ANDROID_LOG_DEBUG, "Ignoring connection: UID=%d [filter=%d]", data->uid, proxy->uid_filter); return; } @@ -558,9 +565,12 @@ static int check_dns_req_dnat(struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdt /* * Check if the packet should be redirected to the mitmproxy */ -static int check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdtun_conn_t *conn) { +static void check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t *pkt, zdtun_conn_t *conn) { conn_data_t *data = zdtun_conn_get_userdata(conn); + if(shouldIgnoreApp(proxy, data->uid)) + return; + if(pkt->tuple.ipproto == IPPROTO_TCP) { uint32_t mitm_ip = proxy->tls_decryption.proxy_ip; uint16_t mitm_port = proxy->tls_decryption.proxy_port; @@ -592,8 +602,6 @@ static int check_tls_mitm(zdtun_t *tun, struct vpnproxy_data *proxy, zdtun_pkt_t data->mitm_header_needed = false; } } - - return 0; } /* ******************************************************* */ @@ -631,6 +639,11 @@ static int connection_dumper(zdtun_t *tun, const zdtun_5tuple_t *conn_info, conn vpnproxy_data_t *proxy = (vpnproxy_data_t*) zdtun_userdata(tun); JNIEnv *env = proxy->env; + if(shouldIgnoreApp(proxy, data->uid)) { + /* Continue */ + return 0; + } + addr.s_addr = conn_info->src_ip; strncpy(srcip, inet_ntoa(addr), sizeof(srcip)); addr.s_addr = conn_info->dst_ip;