TrackerControl
netguard.h
1#include <jni.h>
2#include <stdio.h>
3#include <stdlib.h>
4#include <string.h>
5#include <ctype.h>
6#include <time.h>
7#include <unistd.h>
8#include <pthread.h>
9#include <setjmp.h>
10#include <errno.h>
11#include <fcntl.h>
12#include <dirent.h>
13#include <poll.h>
14#include <sys/types.h>
15#include <sys/ioctl.h>
16#include <sys/socket.h>
17#include <sys/epoll.h>
18#include <dlfcn.h>
19#include <sys/stat.h>
20#include <sys/resource.h>
21
22#include <netdb.h>
23#include <arpa/inet.h>
24#include <netinet/in.h>
25#include <netinet/in6.h>
26#include <netinet/ip.h>
27#include <netinet/ip6.h>
28#include <netinet/udp.h>
29#include <netinet/tcp.h>
30#include <netinet/ip_icmp.h>
31#include <netinet/icmp6.h>
32
33#include <android/log.h>
34#include <sys/system_properties.h>
35
36#define TAG "TrackerControl.JNI"
37
38// #define PROFILE_JNI 5
39// #define PROFILE_MEMORY
40
41#define EPOLL_TIMEOUT 3600 // seconds
42#define EPOLL_EVENTS 20
43#define EPOLL_MIN_CHECK 100 // milliseconds
44
45#define TUN_YIELD 10 // packets
46
47#define ICMP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
48#define ICMP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
49#define UDP4_MAXMSG (IP_MAXPACKET - 20 - 8) // bytes (socket)
50#define UDP6_MAXMSG (IPV6_MAXPACKET - 40 - 8) // bytes (socket)
51
52#define ICMP_TIMEOUT 5 // seconds
53
54#define UDP_TIMEOUT_53 15 // seconds
55#define UDP_TIMEOUT_ANY 300 // seconds
56#define UDP_KEEP_TIMEOUT 60 // seconds
57#define UDP_YIELD 10 // packets
58
59#define TCP_INIT_TIMEOUT 20 // seconds ~net.inet.tcp.keepinit
60#define TCP_IDLE_TIMEOUT 3600 // seconds ~net.inet.tcp.keepidle
61#define TCP_CLOSE_TIMEOUT 20 // seconds
62#define TCP_KEEP_TIMEOUT 300 // seconds
63// https://en.wikipedia.org/wiki/Maximum_segment_lifetime
64
65#define SESSION_LIMIT 40 // percent
66#define SESSION_MAX (1024 * SESSION_LIMIT / 100) // number
67
68#define SEND_BUF_DEFAULT 163840 // bytes
69
70#define UID_MAX_AGE 30000 // milliseconds
71
72#define SOCKS5_NONE 1
73#define SOCKS5_HELLO 2
74#define SOCKS5_AUTH 3
75#define SOCKS5_CONNECT 4
76#define SOCKS5_CONNECTED 5
77
78struct context {
79 pthread_mutex_t lock;
80 int pipefds[2];
81 int stopping;
82 int sdk;
83 struct ng_session *ng_session;
84};
85
86struct arguments {
87 JNIEnv *env;
88 jobject instance;
89 int tun;
90 jboolean fwd53;
91 jint rcode;
92 struct context *ctx;
93};
94
95struct allowed {
96 char raddr[INET6_ADDRSTRLEN + 1];
97 uint16_t rport; // host notation
98};
99
100struct segment {
101 uint32_t seq;
102 uint16_t len;
103 uint16_t sent;
104 int psh;
105 uint8_t *data;
106 struct segment *next;
107};
108
110 time_t time;
111 jint uid;
112 int version;
113
114 union {
115 __be32 ip4; // network notation
116 struct in6_addr ip6;
117 } saddr;
118
119 union {
120 __be32 ip4; // network notation
121 struct in6_addr ip6;
122 } daddr;
123
124 uint16_t id;
125
126 uint8_t stop;
127};
128
129#define UDP_ACTIVE 0
130#define UDP_FINISHING 1
131#define UDP_CLOSED 2
132#define UDP_BLOCKED 3
133
135 time_t time;
136 jint uid;
137 int version;
138 uint16_t mss;
139
140 uint64_t sent;
141 uint64_t received;
142
143 union {
144 __be32 ip4; // network notation
145 struct in6_addr ip6;
146 } saddr;
147 __be16 source; // network notation
148
149 union {
150 __be32 ip4; // network notation
151 struct in6_addr ip6;
152 } daddr;
153 __be16 dest; // network notation
154
155 uint8_t state;
156};
157
159 jint uid;
160 time_t time;
161 int version;
162 uint16_t mss;
163 uint8_t recv_scale;
164 uint8_t send_scale;
165 uint32_t recv_window; // host notation, scaled
166 uint32_t send_window; // host notation, scaled
167 uint16_t unconfirmed; // packets
168
169 uint32_t remote_seq; // confirmed bytes received, host notation
170 uint32_t local_seq; // confirmed bytes sent, host notation
171 uint32_t remote_start;
172 uint32_t local_start;
173
174 uint32_t acked; // host notation
175 long long last_keep_alive;
176
177 uint64_t sent;
178 uint64_t received;
179
180 union {
181 __be32 ip4; // network notation
182 struct in6_addr ip6;
183 } saddr;
184 __be16 source; // network notation
185
186 union {
187 __be32 ip4; // network notation
188 struct in6_addr ip6;
189 } daddr;
190 __be16 dest; // network notation
191
192 uint8_t state;
193 uint8_t socks5;
194 struct segment *forward;
195
196 int checkedHostname;
197};
198
200 uint8_t protocol;
201 union {
202 struct icmp_session icmp;
203 struct udp_session udp;
204 struct tcp_session tcp;
205 };
206 jint socket;
207 struct epoll_event ev;
208 struct ng_session *next;
209};
210
212 uint8_t version;
213 uint8_t protocol;
214 uint8_t saddr[16];
215 uint16_t sport;
216 uint8_t daddr[16];
217 uint16_t dport;
218 jint uid;
219 long time;
220};
221
222// IPv6
223
225 struct in6_addr ip6ph_src;
226 struct in6_addr ip6ph_dst;
227 u_int32_t ip6ph_len;
228 u_int8_t ip6ph_zero[3];
229 u_int8_t ip6ph_nxt;
230} __packed;
231
232// PCAP
233// https://wiki.wireshark.org/Development/LibpcapFileFormat
234
235typedef uint16_t guint16_t;
236typedef uint32_t guint32_t;
237typedef int32_t gint32_t;
238
239typedef struct pcap_hdr_s {
240 guint32_t magic_number;
241 guint16_t version_major;
242 guint16_t version_minor;
243 gint32_t thiszone;
244 guint32_t sigfigs;
245 guint32_t snaplen;
246 guint32_t network;
247} __packed pcap_hdr_s;
248
249typedef struct pcaprec_hdr_s {
250 guint32_t ts_sec;
251 guint32_t ts_usec;
252 guint32_t incl_len;
253 guint32_t orig_len;
254} __packed pcaprec_hdr_s;
255
256#define LINKTYPE_RAW 101
257
258// DNS
259
260#define DNS_QCLASS_IN 1
261#define DNS_QTYPE_A 1 // IPv4
262#define DNS_QTYPE_AAAA 28 // IPv6
263
264#define DNS_SVCB 64
265#define DNS_HTTPS 65
266
267#define DNS_QNAME_MAX 255
268#define DNS_TTL (10 * 60) // seconds
269
271 uint16_t id; // identification number
272# if __BYTE_ORDER == __LITTLE_ENDIAN
273 uint16_t rd :1; // recursion desired
274 uint16_t tc :1; // truncated message
275 uint16_t aa :1; // authoritive answer
276 uint16_t opcode :4; // purpose of message
277 uint16_t qr :1; // query/response flag
278 uint16_t rcode :4; // response code
279 uint16_t cd :1; // checking disabled
280 uint16_t ad :1; // authenticated data
281 uint16_t z :1; // its z! reserved
282 uint16_t ra :1; // recursion available
283#elif __BYTE_ORDER == __BIG_ENDIAN
284 uint16_t qr :1; // query/response flag
285 uint16_t opcode :4; // purpose of message
286 uint16_t aa :1; // authoritive answer
287 uint16_t tc :1; // truncated message
288 uint16_t rd :1; // recursion desired
289 uint16_t ra :1; // recursion available
290 uint16_t z :1; // its z! reserved
291 uint16_t ad :1; // authenticated data
292 uint16_t cd :1; // checking disabled
293 uint16_t rcode :4; // response code
294# else
295# error "Adjust your <bits/endian.h> defines"
296#endif
297 uint16_t q_count; // number of question entries
298 uint16_t ans_count; // number of answer entries
299 uint16_t auth_count; // number of authority entries
300 uint16_t add_count; // number of resource entries
301} __packed;
302
303typedef struct dns_rr {
304 __be16 qname_ptr;
305 __be16 qtype;
306 __be16 qclass;
307 __be32 ttl;
308 __be16 rdlength;
309} __packed dns_rr;
310
311// DHCP
312
313#define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
314
315typedef struct dhcp_packet {
316 uint8_t opcode;
317 uint8_t htype;
318 uint8_t hlen;
319 uint8_t hops;
320 uint32_t xid;
321 uint16_t secs;
322 uint16_t flags;
323 uint32_t ciaddr;
324 uint32_t yiaddr;
325 uint32_t siaddr;
326 uint32_t giaddr;
327 uint8_t chaddr[16];
328 uint8_t sname[64];
329 uint8_t file[128];
330 uint32_t option_format;
331} __packed dhcp_packet;
332
333typedef struct dhcp_option {
334 uint8_t code;
335 uint8_t length;
336} __packed dhcp_option;
337
338// Prototypes
339
340void handle_signal(int sig, siginfo_t *info, void *context);
341
342void *handle_events(void *a);
343
344void report_exit(const struct arguments *args, const char *fmt, ...);
345
346void report_error(const struct arguments *args, jint error, const char *fmt, ...);
347
348void check_allowed(const struct arguments *args);
349
350void clear(struct context *ctx);
351
352int check_icmp_session(const struct arguments *args,
353 struct ng_session *s,
354 int sessions, int maxsessions);
355
356int check_udp_session(const struct arguments *args,
357 struct ng_session *s,
358 int sessions, int maxsessions);
359
360int check_tcp_session(const struct arguments *args,
361 struct ng_session *s,
362 int sessions, int maxsessions);
363
364int monitor_tcp_session(const struct arguments *args, struct ng_session *s, int epoll_fd);
365
366int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions);
367
368int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions);
369
370int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions);
371
372uint16_t get_mtu();
373
374uint16_t get_default_mss(int version);
375
376int check_tun(const struct arguments *args,
377 const struct epoll_event *ev,
378 const int epoll_fd,
379 int sessions, int maxsessions);
380
381void check_icmp_socket(const struct arguments *args, const struct epoll_event *ev);
382
383void check_udp_socket(const struct arguments *args, const struct epoll_event *ev);
384
385int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char *qname);
386
387void parse_dns_response(const struct arguments *args, const struct ng_session *session,
388 const uint8_t *data, size_t *datalen);
389
390uint32_t get_send_window(const struct tcp_session *cur);
391
392uint32_t get_receive_buffer(const struct ng_session *cur);
393
394uint32_t get_receive_window(const struct ng_session *cur);
395
396void check_tcp_socket(const struct arguments *args,
397 const struct epoll_event *ev,
398 const int epoll_fd);
399
400int is_lower_layer(int protocol);
401
402int is_upper_layer(int protocol);
403
404void handle_ip(const struct arguments *args,
405 const uint8_t *buffer, size_t length,
406 const int epoll_fd,
407 int sessions, int maxsessions);
408
409jboolean handle_icmp(const struct arguments *args,
410 const uint8_t *pkt, size_t length,
411 const uint8_t *payload,
412 int uid,
413 const int epoll_fd);
414
415int has_udp_session(const struct arguments *args, const uint8_t *pkt, const uint8_t *payload);
416
417void block_udp(const struct arguments *args,
418 const uint8_t *pkt, size_t length,
419 const uint8_t *payload,
420 int uid);
421
422jboolean handle_udp(const struct arguments *args,
423 const uint8_t *pkt, size_t length,
424 const uint8_t *payload,
425 int uid, struct allowed *redirect,
426 const int epoll_fd);
427
428int check_dhcp(const struct arguments *args, const struct udp_session *u,
429 const uint8_t *data, const size_t datalen);
430
431void clear_tcp_data(struct tcp_session *cur);
432
433jboolean handle_tcp(const struct arguments *args,
434 const uint8_t *pkt, size_t length,
435 const uint8_t *payload,
436 int uid, int allowed, struct allowed *redirect,
437 const int epoll_fd);
438
439void queue_tcp(const struct arguments *args,
440 const struct tcphdr *tcphdr,
441 const char *session, struct tcp_session *cur,
442 const uint8_t *data, uint16_t datalen);
443
444int open_icmp_socket(const struct arguments *args, const struct icmp_session *cur);
445
446int open_udp_socket(const struct arguments *args,
447 const struct udp_session *cur, const struct allowed *redirect);
448
449int open_tcp_socket(const struct arguments *args,
450 const struct tcp_session *cur, const struct allowed *redirect);
451
452int32_t get_local_port(const int sock);
453
454int write_syn_ack(const struct arguments *args, struct tcp_session *cur);
455
456int write_ack(const struct arguments *args, struct tcp_session *cur);
457
458int write_data(const struct arguments *args, struct tcp_session *cur,
459 const uint8_t *buffer, size_t length);
460
461int write_fin_ack(const struct arguments *args, struct tcp_session *cur);
462
463void write_rst(const struct arguments *args, struct tcp_session *cur);
464
465void write_rst_ack(const struct arguments *args, struct tcp_session *cur);
466
467ssize_t write_icmp(const struct arguments *args, const struct icmp_session *cur,
468 uint8_t *data, size_t datalen);
469
470ssize_t write_udp(const struct arguments *args, const struct udp_session *cur,
471 uint8_t *data, size_t datalen);
472
473ssize_t write_tcp(const struct arguments *args, const struct tcp_session *cur,
474 const uint8_t *data, size_t datalen,
475 int syn, int ack, int fin, int rst);
476
477uint8_t char2nible(const char c);
478
479void hex2bytes(const char *hex, uint8_t *buffer);
480
481jint get_uid(const int version, const int protocol,
482 const void *saddr, const uint16_t sport,
483 const void *daddr, const uint16_t dport);
484
485jint get_uid_sub(const int version, const int protocol,
486 const void *saddr, const uint16_t sport,
487 const void *daddr, const uint16_t dport,
488 const char *source, const char *dest,
489 long now);
490
491int protect_socket(const struct arguments *args, int socket);
492
493uint16_t calc_checksum(uint16_t start, const uint8_t *buffer, size_t length);
494
495jobject jniGlobalRef(JNIEnv *env, jobject cls);
496
497jclass jniFindClass(JNIEnv *env, const char *name);
498
499jmethodID jniGetMethodID(JNIEnv *env, jclass cls, const char *name, const char *signature);
500
501jfieldID jniGetFieldID(JNIEnv *env, jclass cls, const char *name, const char *type);
502
503jobject jniNewObject(JNIEnv *env, jclass cls, jmethodID constructor, const char *name);
504
505int jniCheckException(JNIEnv *env);
506
507int sdk_int(JNIEnv *env);
508
509void log_android(int prio, const char *fmt, ...);
510
511void log_packet(const struct arguments *args, jobject jpacket);
512
513void dns_resolved(const struct arguments *args,
514 const char *qname, const char *aname, const char *resource, int ttl);
515
516jboolean is_domain_blocked(const struct arguments *args, const char *name);
517
518jint get_uid_q(const struct arguments *args,
519 jint version,
520 jint protocol,
521 const char *source,
522 jint sport,
523 const char *dest,
524 jint dport);
525
526struct allowed *is_address_allowed(const struct arguments *args, jobject objPacket);
527
528jobject create_packet(const struct arguments *args,
529 jint version,
530 jint protocol,
531 const char *flags,
532 const char *source,
533 jint sport,
534 const char *dest,
535 jint dport,
536 const char *data,
537 jint uid,
538 jboolean allowed);
539
540void account_usage(const struct arguments *args, jint version, jint protocol,
541 const char *daddr, jint dport, jint uid, jlong sent, jlong received);
542
543void write_pcap_hdr();
544
545void write_pcap_rec(const uint8_t *buffer, size_t len);
546
547void write_pcap(const void *ptr, size_t len);
548
549int compare_u32(uint32_t seq1, uint32_t seq2);
550
551const char *strstate(const int state);
552
553char *hex(const u_int8_t *data, const size_t len);
554
555int is_readable(int fd);
556
557int is_writable(int fd);
558
559long long get_ms();
560
561void ng_add_alloc(void *ptr, const char *tag);
562
563void ng_delete_alloc(void *ptr, const char *file, int line);
564
565void *ng_malloc(size_t __byte_count, const char *tag);
566
567void *ng_calloc(size_t __item_count, size_t __item_size, const char *tag);
568
569void *ng_realloc(void *__ptr, size_t __byte_count, const char *tag);
570
571void ng_free(void *__ptr, const char *file, int line);
572
573void ng_dump();
Definition: netguard.h:95
Definition: netguard.h:86
Definition: netguard.h:78
Definition: netguard.h:333
Definition: netguard.h:315
Definition: netguard.h:270
Definition: netguard.h:303
Definition: netguard.h:109
Definition: netguard.h:224
Definition: netguard.h:199
Definition: netguard.h:239
Definition: netguard.h:249
Definition: netguard.h:100
Definition: netguard.h:158
Definition: netguard.h:134
Definition: netguard.h:211