From fbabe5478f57ae94b2d1067c989c293bc1f9ed05 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Thu, 25 Mar 2021 11:29:40 +0100 Subject: [PATCH] Fix host LRU resolution not performed in some cases --- .../adapters/ConnectionsAdapter.java | 3 +- app/src/main/jni/vpnproxy-jni/vpnproxy.c | 177 ++++++++++-------- 2 files changed, 98 insertions(+), 82 deletions(-) diff --git a/app/src/main/java/com/emanuelef/remote_capture/adapters/ConnectionsAdapter.java b/app/src/main/java/com/emanuelef/remote_capture/adapters/ConnectionsAdapter.java index fdf5958b..4c594840 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/adapters/ConnectionsAdapter.java +++ b/app/src/main/java/com/emanuelef/remote_capture/adapters/ConnectionsAdapter.java @@ -107,7 +107,8 @@ public class ConnectionsAdapter extends RecyclerView.Adapterndpi_flow) + return; + + if(data->l7proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + uint8_t proto_guessed; + + data->l7proto = ndpi_detection_giveup(proxy->ndpi, data->ndpi_flow, 1 /* Guess */, + &proto_guessed); + } + + if(data->l7proto.master_protocol == 0) + data->l7proto.master_protocol = data->l7proto.app_protocol; + + log_android(ANDROID_LOG_DEBUG, "nDPI completed[ipver=%d, proto=%d] -> l7proto: app=%d, master=%d", + tuple->ipver, tuple->ipproto, data->l7proto.app_protocol, data->l7proto.master_protocol); + + switch (data->l7proto.master_protocol) { + case NDPI_PROTOCOL_DNS: + if(data->ndpi_flow->host_server_name[0]) { + u_int16_t rsp_type = data->ndpi_flow->protos.dns.rsp_type; + zdtun_ip_t rsp_addr = {0}; + int ipver = 0; + + if(data->info) + free(data->info); + data->info = strdup((char*)data->ndpi_flow->host_server_name); + + if((rsp_type == 0x1) && (data->ndpi_flow->protos.dns.rsp_addr.ipv4 != 0)) { /* A */ + rsp_addr.ip4 = data->ndpi_flow->protos.dns.rsp_addr.ipv4; + ipver = 4; + } else if((rsp_type == 0x1c) + && ((data->ndpi_flow->protos.dns.rsp_addr.ipv6.u6_addr.u6_addr8[0] & 0xE0) == 0x20)) { /* AAAA unicast */ + memcpy(&rsp_addr.ip6, &data->ndpi_flow->protos.dns.rsp_addr.ipv6.u6_addr, 16); + ipver = 6; + } + + if(ipver != 0) { + char rspip[INET6_ADDRSTRLEN]; + int family = (ipver == 4) ? AF_INET : AF_INET6; + + inet_ntop(family, &rsp_addr, rspip, sizeof(rspip)); + + log_android(ANDROID_LOG_DEBUG, "Host LRU cache ADD [v%d]: %s -> %s", ipver, rspip, data->info); + + ip_lru_add(proxy->ip_to_host, &rsp_addr, data->info); + } + } + break; + case NDPI_PROTOCOL_HTTP: + if(data->ndpi_flow->host_server_name[0]) { + if(data->info) + free(data->info); + data->info = strdup((char*) data->ndpi_flow->host_server_name); + } + + if(data->ndpi_flow->http.url) + data->url = strdup(data->ndpi_flow->http.url); + break; + case NDPI_PROTOCOL_TLS: + if(data->ndpi_flow->protos.stun_ssl.ssl.client_requested_server_name[0]) { + if(data->info) + free(data->info); + + data->info = strdup(data->ndpi_flow->protos.stun_ssl.ssl.client_requested_server_name); + } + break; + } + + free_ndpi(data); +} + +/* ******************************************************* */ + static void process_ndpi_packet(conn_data_t *data, vpnproxy_data_t *proxy, const zdtun_conn_t *conn_info, const char *packet, int size, uint8_t from_tun) { bool giveup = ((data->sent_pkts + data->rcvd_pkts) >= MAX_DPI_PACKETS); - const zdtun_5tuple_t *tuple = zdtun_conn_get_5tuple(conn_info); data->l7proto = ndpi_detection_process_packet(proxy->ndpi, data->ndpi_flow, (const u_char *)packet, size, data->last_seen, @@ -334,82 +409,8 @@ static void process_ndpi_packet(conn_data_t *data, vpnproxy_data_t *proxy, const from_tun ? data->dst_id : data->src_id); if(giveup || ((data->l7proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) && - (!ndpi_extra_dissection_possible(proxy->ndpi, data->ndpi_flow)))) { - if(data->l7proto.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - uint8_t proto_guessed; - - data->l7proto = ndpi_detection_giveup(proxy->ndpi, data->ndpi_flow, 1 /* Guess */, - &proto_guessed); - } - - if(data->l7proto.master_protocol == 0) - data->l7proto.master_protocol = data->l7proto.app_protocol; - - log_android(ANDROID_LOG_DEBUG, "nDPI completed[ipver=%d, proto=%d] -> l7proto: app=%d, master=%d", - tuple->ipver, tuple->ipproto, data->l7proto.app_protocol, data->l7proto.master_protocol); - - switch (data->l7proto.master_protocol) { - case NDPI_PROTOCOL_DNS: - if(data->ndpi_flow->host_server_name[0]) { - u_int16_t rsp_type = data->ndpi_flow->protos.dns.rsp_type; - zdtun_ip_t rsp_addr = {0}; - int ipver = 0; - - data->info = strdup((char*)data->ndpi_flow->host_server_name); - - if((rsp_type == 0x1) && (data->ndpi_flow->protos.dns.rsp_addr.ipv4 != 0)) { /* A */ - rsp_addr.ip4 = data->ndpi_flow->protos.dns.rsp_addr.ipv4; - ipver = 4; - } else if((rsp_type == 0x1c) - && ((data->ndpi_flow->protos.dns.rsp_addr.ipv6.u6_addr.u6_addr8[0] & 0xE0) == 0x20)) { /* AAAA unicast */ - memcpy(&rsp_addr.ip6, &data->ndpi_flow->protos.dns.rsp_addr.ipv6.u6_addr, 16); - ipver = 6; - } - - if(ipver != 0) { - char rspip[INET6_ADDRSTRLEN]; - int family = (ipver == 4) ? AF_INET : AF_INET6; - - inet_ntop(family, &rsp_addr, rspip, sizeof(rspip)); - - log_android(ANDROID_LOG_DEBUG, "Host LRU cache ADD [v%d]: %s -> %s", ipver, rspip, data->info); - - ip_lru_add(proxy->ip_to_host, &rsp_addr, data->info); - } - } - break; - case NDPI_PROTOCOL_HTTP: - if(data->ndpi_flow->host_server_name[0]) - data->info = strdup((char*)data->ndpi_flow->host_server_name); - if(data->ndpi_flow->http.url) - data->url = strdup(data->ndpi_flow->http.url); - break; - case NDPI_PROTOCOL_TLS: - if(data->ndpi_flow->protos.stun_ssl.ssl.client_requested_server_name[0]) - data->info = strdup(data->ndpi_flow->protos.stun_ssl.ssl.client_requested_server_name); - break; - } - - if(!data->info) { - // Search the LRU cache - zdtun_ip_t ip = tuple->dst_ip; - data->info = ip_lru_find(proxy->ip_to_host, &ip); - - if(data->info) { - char resip[INET6_ADDRSTRLEN]; - int family = (tuple->ipver == 4) ? AF_INET : AF_INET6; - - inet_ntop(family, &ip, resip, sizeof(resip)); - - log_android(ANDROID_LOG_DEBUG, "Host LRU cache HIT: %s -> %s", resip, data->info); - } - } - - if(data->info) - log_android(ANDROID_LOG_DEBUG, "info: %s", data->info); - - free_ndpi(data); - } + (!ndpi_extra_dissection_possible(proxy->ndpi, data->ndpi_flow)))) + end_ndpi_detection(data, proxy, conn_info); } /* ******************************************************* */ @@ -570,6 +571,7 @@ static int resolve_uid(vpnproxy_data_t *proxy, const zdtun_5tuple_t *conn_info) static int handle_new_connection(zdtun_t *tun, zdtun_conn_t *conn_info) { vpnproxy_data_t *proxy = ((vpnproxy_data_t*)zdtun_userdata(tun)); + const zdtun_5tuple_t *tuple = zdtun_conn_get_5tuple(conn_info); if(!check_dns_req_allowed(proxy, conn_info)) { // block connection @@ -603,11 +605,24 @@ static int handle_new_connection(zdtun_t *tun, zdtun_conn_t *conn_info) { } data->first_seen = data->last_seen = time(NULL); - data->uid = resolve_uid(proxy, zdtun_conn_get_5tuple(conn_info)); + data->uid = resolve_uid(proxy, tuple); + + // Try to resolve host name via the LRU cache + zdtun_ip_t ip = tuple->dst_ip; + data->info = ip_lru_find(proxy->ip_to_host, &ip); + + if(data->info) { + char resip[INET6_ADDRSTRLEN]; + int family = (tuple->ipver == 4) ? AF_INET : AF_INET6; + + inet_ntop(family, &ip, resip, sizeof(resip)); + + log_android(ANDROID_LOG_DEBUG, "Host LRU cache HIT: %s -> %s", resip, data->info); + } zdtun_conn_set_userdata(conn_info, data); - if(!shouldIgnoreConn(proxy, zdtun_conn_get_5tuple(conn_info), data)) { + if(!shouldIgnoreConn(proxy, tuple, data)) { // Important: only set the incr_id on registered connections since // ConnectionsRegister::connectionsUpdates does not allow gaps data->incr_id = proxy->incr_id++; @@ -632,7 +647,7 @@ static void destroy_connection(zdtun_t *tun, const zdtun_conn_t *conn_info) { } /* Will free the other data in sendConnectionsDump */ - free_ndpi(data); + end_ndpi_detection(data, proxy, conn_info); data->status = zdtun_conn_get_status(conn_info); if(!data->pending_notification && !shouldIgnoreConn(proxy, zdtun_conn_get_5tuple(conn_info), data)) {