[tor-commits] [orbot/master] fixed double adding of iptables rules, and proper clearing

n8fr8 at torproject.org n8fr8 at torproject.org
Mon Oct 22 12:26:04 UTC 2012 

commit 2b3164ef6cb1b293e9c808eff2be1dbc4789dd73
Author: n8fr8 <nathan at freitas.net>
Date:   Mon Oct 22 13:43:13 2012 +0530

    fixed double adding of iptables rules, and proper clearing
---
 src/org/torproject/android/service/TorService.java |  174 ++++++++------------
 .../torproject/android/service/TorTransProxy.java  |   29 ++-
 2 files changed, 86 insertions(+), 117 deletions(-)

diff --git a/src/org/torproject/android/service/TorService.java b/src/org/torproject/android/service/TorService.java
index f28f013..8ee528b 100644
--- a/src/org/torproject/android/service/TorService.java
+++ b/src/org/torproject/android/service/TorService.java
@@ -58,7 +58,7 @@ import android.util.Log;
 public class TorService extends Service implements TorServiceConstants, TorConstants, Runnable, EventHandler
 {
 	
-	public static boolean ENABLE_DEBUG_LOG = true;
+	public static boolean ENABLE_DEBUG_LOG = false;
 	
 	private static int currentStatus = STATUS_OFF;
 		
@@ -89,7 +89,6 @@ public class TorService extends Service implements TorServiceConstants, TorConst
     private File fileObfsProxy;
     
     private TorTransProxy mTransProxy;
-    private boolean mTransProxyAll = false;
     
     public static void logMessage(String msg)
     {
@@ -313,6 +312,10 @@ public class TorService extends Service implements TorServiceConstants, TorConst
     {
     	currentStatus = STATUS_OFF;
     	
+    	SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+    	
+ 		boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
+ 		
     	try
     	{	
     		killTorProcess ();
@@ -326,7 +329,8 @@ public class TorService extends Service implements TorServiceConstants, TorConst
     		
     		sendCallbackStatusMessage(getString(R.string.status_disabled));
 
-    		disableTransparentProxy();
+    		if (hasRoot)
+    			disableTransparentProxy();
     	}
     	catch (Exception e)
     	{
@@ -582,6 +586,12 @@ public class TorService extends Service implements TorServiceConstants, TorConst
     	SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
     	ENABLE_DEBUG_LOG = prefs.getBoolean("pref_enable_logging",false);
     	Log.i(TAG,"debug logging:" + ENABLE_DEBUG_LOG);
+
+ 		boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
+ 		boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
+ 		boolean transProxyAll = prefs.getBoolean("pref_transparent_all", false);
+	 	boolean transProxyTethering = prefs.getBoolean("pref_transparent_tethering", false);
+	 		
     	
 		currentStatus = STATUS_CONNECTING;
 
@@ -593,9 +603,11 @@ public class TorService extends Service implements TorServiceConstants, TorConst
 		
 		try {
 
-    		enableTransparentProxy();
     		runTorShellCmd();
     		runPrivoxyShellCmd();
+    		
+    		if (hasRoot && enableTransparentProxy)
+    			enableTransparentProxy(transProxyAll, transProxyTethering);
 
 		} catch (Exception e) {
 	    	logException("Unable to start Tor: " + e.getMessage(),e);	
@@ -611,85 +623,54 @@ public class TorService extends Service implements TorServiceConstants, TorConst
      * 
      * the idea is that if Tor is off then transproxy is off
      */
-    private boolean enableTransparentProxy () throws Exception
+    private boolean enableTransparentProxy (boolean proxyAll, boolean enableTether) throws Exception
  	{
-    	SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
     	
- 		boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
- 		boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
- 		
  		if (mTransProxy == null)
  			mTransProxy = new TorTransProxy();
- 		
- 		if (hasRoot && enableTransparentProxy)
-    	{
-	 		
-	 		mTransProxyAll = prefs.getBoolean("pref_transparent_all", false);
-	 		boolean transProxyTethering = prefs.getBoolean("pref_transparent_tethering", false);
 	 		
-	     	TorService.logMessage ("Transparent Proxying: " + enableTransparentProxy);
-	     	
-	     	//String portProxyList = prefs.getString("pref_port_list", "");
+     	TorService.logMessage ("Transparent Proxying: enabling...");
+
+		//TODO: Find a nice place for the next (commented) line
+		//TorTransProxy.setDNSProxying(); 
+		
+		int code = 0; // Default state is "okay"
 	
-	 		
- 			//TODO: Find a nice place for the next (commented) line
-			//TorTransProxy.setDNSProxying(); 
-			
-			int code = 0; // Default state is "okay"
-			/*	
-			if(transProxyPortFallback)
-			{
-				showToolbarNotification(getString(R.string.setting_up_port_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
-				StringTokenizer st = new StringTokenizer(portProxyList, ",");
-				int status = code;
-				while (st.hasMoreTokens())
-				{
-					status = mTransProxy.setTransparentProxyingByPort(this, Integer.parseInt(st.nextToken()));
-					if(status != 0)
-						code = status;
-				}
-			}
-			else
-			{*/
-				if(mTransProxyAll)
-				{
-					showToolbarNotification(getString(R.string.setting_up_full_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+		if(proxyAll)
+		{
+			showToolbarNotification(getString(R.string.setting_up_full_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
 
-					code = mTransProxy.setTransparentProxyingAll(this);
-				}
-				else
-				{
-					showToolbarNotification(getString(R.string.setting_up_app_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+			code = mTransProxy.setTransparentProxyingAll(this);
+		}
+		else
+		{
+			showToolbarNotification(getString(R.string.setting_up_app_based_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
 
-					code = mTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this));
-				}
-				
-			//}
-		
-			TorService.logMessage ("TorTransProxy resp code: " + code);
+			code = mTransProxy.setTransparentProxyingByApp(this,AppManager.getApps(this));
+		}
 			
-			if (code == 0)
-			{
-				showToolbarNotification(getString(R.string.transparent_proxying_enabled), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
-
-				if (transProxyTethering)
-				{
-					showToolbarNotification(getString(R.string.transproxy_enabled_for_tethering_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+	
+		TorService.logMessage ("TorTransProxy resp code: " + code);
+		
+		if (code == 0)
+		{
+			showToolbarNotification(getString(R.string.transparent_proxying_enabled), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
 
-					mTransProxy.enableTetheringRules(this);
-					  
-				}
-			}
-			else
+			if (enableTether)
 			{
-				showToolbarNotification(getString(R.string.warning_error_starting_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+				showToolbarNotification(getString(R.string.transproxy_enabled_for_tethering_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
 
+				mTransProxy.enableTetheringRules(this);
+				  
 			}
-		
-			return true;
-    	}
- 		else
- 			return false;
+		}
+		else
+		{
+			showToolbarNotification(getString(R.string.warning_error_starting_transparent_proxying_), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+
+		}
+	
+		return true;
  	}
     
     /*
@@ -700,31 +681,23 @@ public class TorService extends Service implements TorServiceConstants, TorConst
      */
     private boolean disableTransparentProxy () throws Exception
  	{
-    	SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
     	
- 		boolean hasRoot = prefs.getBoolean(PREF_HAS_ROOT,false);
- 		boolean enableTransparentProxy = prefs.getBoolean("pref_transparent", false);
- 		
- 		if (hasRoot && enableTransparentProxy)
-    	{
-	 		
-	     	TorService.logMessage ("Clearing TransProxy rules");
+     	TorService.logMessage ("Transparent Proxying: disabling...");
 
-	 		if (mTransProxy == null)
-	 			mTransProxy = new TorTransProxy();
-	 		
-	     	if (mTransProxyAll)
-	     		mTransProxy.clearTransparentProxyingAll(this);
-	     	else
-	    		mTransProxy.clearTransparentProxyingByApp(this,AppManager.getApps(this));
-		     		
-			showToolbarNotification(getString(R.string.transproxy_rules_cleared), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
-
-	     	
-	     	return true;
-    	}
- 		else
- 			return false;
+ 		if (mTransProxy == null)
+ 			mTransProxy = new TorTransProxy();
+ 		
+     //	if (transProxyAll)
+     		mTransProxy.clearTransparentProxyingAll(this);
+    // 	else
+    		mTransProxy.clearTransparentProxyingByApp(this,AppManager.getApps(this));
+	    
+     	
+     	
+		//showToolbarNotification(getString(R.string.transproxy_rules_cleared), TRANSPROXY_NOTIFY_ID, R.drawable.ic_stat_notify, -1);
+     	clearNotifications();
+     	
+     	return true;
  	}
     
     private void runTorShellCmd() throws Exception
@@ -1271,20 +1244,7 @@ public class TorService extends Service implements TorServiceConstants, TorConst
             	
         		updateTorConfiguration();
 
-		        if (currentStatus == STATUS_ON)
-		        {
-		        	//reset iptables rules in active mode
-		        
-					try
-					{
-						disableTransparentProxy();
-			    		enableTransparentProxy();
-					}
-					catch (Exception e)
-					{
-						logException("unable to setup transproxy",e);
-					}
-		        }
+		    
 		        
 				
 			} catch (RemoteException e) {
diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java
index bd2c58a..78094c3 100644
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@@ -194,8 +194,16 @@ public class TorTransProxy implements TorServiceConstants {
     	
     	// Allow everything for Tor
 		script.append(ipTablesPath);
-		script.append(" -t filter");
 		script.append(" -A OUTPUT");
+		script.append(" -t filter");
+		script.append(" -m owner --uid-owner ");
+		script.append(torUid);
+		script.append(" -j ACCEPT");
+		script.append(" || exit\n");
+		
+		script.append(ipTablesPath);
+		script.append(" -D OUTPUT");
+		script.append(" -t filter");
 		script.append(" -m owner --uid-owner ");
 		script.append(torUid);
 		script.append(" -j ACCEPT");
@@ -497,7 +505,16 @@ public class TorTransProxy implements TorServiceConstants {
     	//flushIptables(context);
     	
     	int torUid = context.getApplicationInfo().uid;
-    	
+
+		// Allow everything for Tor
+		script.append(ipTablesPath);
+    	script.append(" -" + cmd + " OUTPUT");
+		script.append(" -t filter");
+		script.append(" -m owner --uid-owner ");
+		script.append(torUid);
+		script.append(" -j ACCEPT");
+		script.append(" || exit\n");
+		
     	// Set up port redirection
     	script.append(ipTablesPath);
     	script.append(" -" + cmd + " OUTPUT");
@@ -551,14 +568,6 @@ public class TorTransProxy implements TorServiceConstants {
 		script.append(" -j ACCEPT");
 		script.append(" || exit\n");
 		
-		// Allow everything for Tor
-		script.append(ipTablesPath);
-    	script.append(" -" + cmd + " OUTPUT");
-		script.append(" -t filter");
-		script.append(" -m owner --uid-owner ");
-		script.append(torUid);
-		script.append(" -j ACCEPT");
-		script.append(" || exit\n");
 		
 		if (TorService.ENABLE_DEBUG_LOG)
 		{

More information about the tor-commits mailing list