[or-cvs] r22743: {projects} updates related to motorola milestone debugging and iptables (in projects/android/trunk/Orbot: . src/org/torproject/android src/org/torproject/android/service)
Nathan Freitas
nathan at freitas.net
Sat Jul 31 15:43:56 UTC 2010
Author: n8fr8
Date: 2010-07-31 15:43:56 +0000 (Sat, 31 Jul 2010)
New Revision: 22743
Modified:
projects/android/trunk/Orbot/AndroidManifest.xml
projects/android/trunk/Orbot/src/org/torproject/android/Orbot.java
projects/android/trunk/Orbot/src/org/torproject/android/service/TorBinaryInstaller.java
projects/android/trunk/Orbot/src/org/torproject/android/service/TorService.java
projects/android/trunk/Orbot/src/org/torproject/android/service/TorServiceConstants.java
projects/android/trunk/Orbot/src/org/torproject/android/service/TorTransProxy.java
Log:
updates related to motorola milestone debugging and iptables transproxy settings
Modified: projects/android/trunk/Orbot/AndroidManifest.xml
===================================================================
--- projects/android/trunk/Orbot/AndroidManifest.xml 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/AndroidManifest.xml 2010-07-31 15:43:56 UTC (rev 22743)
@@ -5,7 +5,7 @@
<uses-permission android:name="android.permission.INTERNET" />
- <application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="false">
+ <application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="true">
<activity android:name=".Orbot"
android:theme="@android:style/Theme.NoTitleBar"
Modified: projects/android/trunk/Orbot/src/org/torproject/android/Orbot.java
===================================================================
--- projects/android/trunk/Orbot/src/org/torproject/android/Orbot.java 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/src/org/torproject/android/Orbot.java 2010-07-31 15:43:56 UTC (rev 22743)
@@ -390,135 +390,8 @@
* Read in the Preferences and write then to the .torrc file
*/
- /*
- private void processSettingsOld ()
- {
- StringBuffer torrcText = new StringBuffer();
-
- torrcText.append(TorConstants.TORRC_DEFAULT);
-
- SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
-
- boolean useBridges = prefs.getBoolean(PREF_BRIDGES_ENABLED, false);
-
- boolean autoUpdateBridges = prefs.getBoolean(PREF_BRIDGES_UPDATED, false);
-
- boolean becomeRelay = prefs.getBoolean(PREF_OR, false);
-
- boolean ReachableAddresses = prefs.getBoolean(PREF_REACHABLE_ADDRESSES,false);
-
- enableTransparentProxy = prefs.getBoolean(PREF_TRANSPARENT, false);
-
- if (hasRoot)
- {
- if (enableTransparentProxy)
- {
- TorTransProxy.setDNSProxying();
- TorTransProxy.setTransparentProxying(this, TorServiceUtils.getApps(this));
- }
- else
- {
- TorTransProxy.purgeNatIptables();
- }
-
- }
-
- String bridgeList = prefs.getString(PREF_BRIDGES_LIST,"");
-
- if (useBridges)
- {
- if (bridgeList == null || bridgeList.length() == 0)
- {
-
- showAlert("Bridge Error","In order to use the bridge feature, you must enter at least one bridge IP address." +
- "Send an email to bridges at torproject.org with the line \"get bridges\" by itself in the body of the mail from a gmail account.");
-
- showSettings();
- return;
- }
-
-
- torrcText.append("UseBridges 1");
- torrcText.append('\n');
-
- torrcText.append("UpdateBridgesFromAuthority ");
-
- if (autoUpdateBridges)
- torrcText.append("1");
- else
- torrcText.append("0");
-
- torrcText.append('\n');
-
- String bridgeDelim = "\n";
-
- if (bridgeList.indexOf(",") != -1)
- {
- bridgeDelim = ",";
- }
-
- StringTokenizer st = new StringTokenizer(bridgeList,bridgeDelim);
- while (st.hasMoreTokens())
- {
- torrcText.append("bridge ");
- torrcText.append(st.nextToken());
- torrcText.append('\n');
-
- }
- }
- else
- {
- torrcText.append("UseBridges 0");
- torrcText.append('\n');
- }
-
- try
- {
- if (ReachableAddresses)
- {
- String ReachableAddressesPorts =
- prefs.getString(PREF_REACHABLE_ADDRESSES_PORTS, "*:80,*:443");
- torrcText.append("ReachableAddresses ");
- // We should verify this and someday, the Exception will matter :-)
- torrcText.append(ReachableAddressesPorts);
- torrcText.append('\n');
- }
- }
- catch (Exception e)
- {
- showAlert("Config Error","Your ReachableAddresses settings caused an exception!");
- }
-
- try
- {
- if (becomeRelay && (!useBridges) && (!ReachableAddresses))
- {
- int ORPort = Integer.parseInt(prefs.getString(PREF_OR_PORT, "9001"));
- String nickname = prefs.getString(PREF_OR_NICKNAME, "Orbot");
-
- torrcText.append("ORPort ");
- torrcText.append(ORPort);
- torrcText.append('\n');
-
- torrcText.append("Nickname ");
- torrcText.append(nickname);
- torrcText.append('\n');
-
- torrcText.append("ExitPolicy reject *:*");
- torrcText.append('\n');
- }
- }
- catch (Exception e)
- {
- showAlert("Uh-oh!","Your relay settings caused an exception!");
- showSettings();
- return;
- }
-
- Utils.saveTextFile(TorServiceConstants.TORRC_INSTALL_PATH, torrcText.toString());
- }
- */
+
private void processSettings () throws RemoteException
{
Modified: projects/android/trunk/Orbot/src/org/torproject/android/service/TorBinaryInstaller.java
===================================================================
--- projects/android/trunk/Orbot/src/org/torproject/android/service/TorBinaryInstaller.java 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/src/org/torproject/android/service/TorBinaryInstaller.java 2010-07-31 15:43:56 UTC (rev 22743)
@@ -38,7 +38,10 @@
boolean privoxyBinaryExists = new File(installPath + PRIVOXY_ASSET_KEY).exists();
Log.i(TAG,"Privoxy binary exists=" + privoxyBinaryExists);
- if (!(torBinaryExists && privoxyBinaryExists) || force)
+ boolean iptablesBinaryExists = new File(installPath + IPTABLES_ASSET_KEY).exists();
+ Log.i(TAG,"IPTables binary exists=" + iptablesBinaryExists);
+
+ if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists) || force)
installFromZip ();
}
@@ -51,39 +54,31 @@
try
{
- /*
- String apkPath = APK_PATH;
- int apkIdx = 1;
-
- while (!new File(apkPath).exists())
- {
- apkPath = APK_PATH_BASE + '-' + (apkIdx++) + ".apk";
-
- Log.i(TAG,"Could not find APK. Trying new path: " + apkPath);
- }
- */
-
-
-
ZipFile zip = new ZipFile(apkPath);
- ZipEntry zipen = zip.getEntry(TOR_BINARY_ZIP_KEY);
+ ZipEntry zipen = zip.getEntry(ASSETS_BASE + TOR_BINARY_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + TOR_BINARY_ASSET_KEY);
- zipen = zip.getEntry(TORRC_ZIP_KEY);
+ zipen = zip.getEntry(ASSETS_BASE + TORRC_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + TORRC_ASSET_KEY);
- zipen = zip.getEntry(PRIVOXY_ZIP_KEY);
+ zipen = zip.getEntry(ASSETS_BASE + PRIVOXY_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + PRIVOXY_ASSET_KEY);
- zipen = zip.getEntry(PRIVOXYCONFIG_ZIP_KEY);
+ zipen = zip.getEntry(ASSETS_BASE + PRIVOXYCONFIG_ASSET_KEY);
streamToFile(zip.getInputStream(zipen),installPath + PRIVOXYCONFIG_ASSET_KEY);
+ zipen = zip.getEntry(ASSETS_BASE + PRIVOXYCONFIG_ASSET_KEY);
+ streamToFile(zip.getInputStream(zipen),installPath + PRIVOXYCONFIG_ASSET_KEY);
+ zipen = zip.getEntry(ASSETS_BASE + IPTABLES_ASSET_KEY);
+ streamToFile(zip.getInputStream(zipen),installPath + IPTABLES_ASSET_KEY);
+
+
zip.close();
- Log.i(TAG,"SUCCESS: unzipped tor, privoxy binaries from apk");
+ Log.i(TAG,"SUCCESS: unzipped tor, privoxy, iptables binaries from apk");
}
catch (IOException ioe)
Modified: projects/android/trunk/Orbot/src/org/torproject/android/service/TorService.java
===================================================================
--- projects/android/trunk/Orbot/src/org/torproject/android/service/TorService.java 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/src/org/torproject/android/service/TorService.java 2010-07-31 15:43:56 UTC (rev 22743)
@@ -401,11 +401,13 @@
torBinaryPath = appHome + TOR_BINARY_ASSET_KEY;
privoxyPath = appHome + PRIVOXY_ASSET_KEY;
+ String iptablesPath = appHome + IPTABLES_ASSET_KEY;
boolean torBinaryExists = new File(torBinaryPath).exists();
boolean privoxyBinaryExists = new File(privoxyPath).exists();
+ boolean iptablesBinaryExists = new File(iptablesPath).exists();
- if (!(torBinaryExists && privoxyBinaryExists))
+ if (!(torBinaryExists && privoxyBinaryExists && iptablesBinaryExists))
{
killTorProcess ();
@@ -415,7 +417,7 @@
torBinaryExists = new File(torBinaryPath).exists();
privoxyBinaryExists = new File(privoxyPath).exists();
- if (torBinaryExists && privoxyBinaryExists)
+ if (torBinaryExists && privoxyBinaryExists && iptablesBinaryExists)
{
logNotice(getString(R.string.status_install_success));
@@ -429,8 +431,6 @@
sendCallbackMessage(getString(R.string.status_install_fail));
- //showAlert(getString(R.string.title_error),getString(R.string.status_install_fail));
-
return false;
}
@@ -439,8 +439,10 @@
{
logNotice("Found Tor binary: " + torBinaryPath);
- logNotice("Found prvoxy binary: " + privoxyPath);
+ logNotice("Found privoxy binary: " + privoxyPath);
+ logNotice("Found iptables binary: " + iptablesPath);
+
}
StringBuilder log = new StringBuilder ();
@@ -453,6 +455,10 @@
String[] cmd2 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + privoxyPath};
TorServiceUtils.doShellCommand(cmd2, log, false, true);
+ logNotice("(re)Setting permission on iptables binary");
+ String[] cmd3 = {SHELL_CMD_CHMOD + ' ' + CHMOD_EXE_VALUE + ' ' + iptablesPath};
+ TorServiceUtils.doShellCommand(cmd3, log, false, true);
+
return true;
}
@@ -1181,15 +1187,15 @@
logNotice ("TorTransProxy enabled: " + success);
} catch (Exception e) {
+
logNotice("WARNING: Error configuring transparenty proxying: " + e.getMessage());
-
Log.w(TAG, "error refreshing iptables: err=" + e.getMessage(), e);
}
}
else
{
- TorTransProxy.purgeNatIptables();
+ TorTransProxy.purgeIptables();
}
}
@@ -1197,7 +1203,7 @@
{
if (hasRoot)
{
- TorTransProxy.purgeNatIptables();
+ TorTransProxy.purgeIptables();
}
}
}
Modified: projects/android/trunk/Orbot/src/org/torproject/android/service/TorServiceConstants.java
===================================================================
--- projects/android/trunk/Orbot/src/org/torproject/android/service/TorServiceConstants.java 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/src/org/torproject/android/service/TorServiceConstants.java 2010-07-31 15:43:56 UTC (rev 22743)
@@ -8,43 +8,28 @@
public final static String TOR_APP_USERNAME = "org.torproject.android";
+ public final static String ASSETS_BASE = "assets/";
+
//home directory of Android application
-// public final static String TOR_HOME = "/data/data/" + TOR_APP_USERNAME + "/";
-
- //public final static String TOR_HOME_DATA_DIR = TOR_HOME + "data/";
//name of the tor C binary
public final static String TOR_BINARY_ASSET_KEY = "tor";
-// public final static String TOR_BINARY_INSTALL_PATH = TOR_HOME + TOR_BINARY_ASSET_KEY; //path to install the Tor binary too
- public final static String TOR_BINARY_ZIP_KEY = "assets/" + TOR_BINARY_ASSET_KEY;//key of the tor binary in the Zip file
//torrc (tor config file)
public final static String TORRC_ASSET_KEY = "torrc";
-// public final static String TORRC_INSTALL_PATH = TOR_HOME + TORRC_ASSET_KEY; //path to install torrc to within the android app data folder
- public final static String TORRC_ZIP_KEY = "assets/" + TORRC_ASSET_KEY; //key of the torrc file in the Zip file
+
//how to launch tor
// public final static String TOR_COMMAND_LINE_ARGS = "-f " + TORRC_INSTALL_PATH + " || exit\n";
//privoxy
public final static String PRIVOXY_ASSET_KEY = "privoxy";
-// public final static String PRIVOXY_INSTALL_PATH = TOR_HOME + PRIVOXY_ASSET_KEY; //path to install privoxy to within the android app data folder
- public final static String PRIVOXY_ZIP_KEY = "assets/" + PRIVOXY_ASSET_KEY; //key of the privoxy file in the Zip file
//privoxy.config
public final static String PRIVOXYCONFIG_ASSET_KEY = "privoxy.config";
-// public final static String PRIVOXYCONFIG_INSTALL_PATH = TOR_HOME + PRIVOXYCONFIG_ASSET_KEY; //path to install privoxy to within the android app data folder
- public final static String PRIVOXYCONFIG_ZIP_KEY = "assets/" + PRIVOXYCONFIG_ASSET_KEY; //key of the privoxy file in the Zip file
- //how to launch privoxy
-// public final static String PRIVOXY_COMMAND_LINE_ARGS = ' ' + PRIVOXYCONFIG_INSTALL_PATH + " || exit\n";
-
- //where to send the notices log
-// public final static String TOR_LOG_PATH = TOR_HOME + "notices.log";
-
- //control port cookie path
-// public final static String TOR_CONTROL_AUTH_COOKIE = TOR_HOME_DATA_DIR + "control_auth_cookie";
-
-
+ //iptables key
+ public final static String IPTABLES_ASSET_KEY = "iptables";
+
//various console cmds
public final static String SHELL_CMD_CHMOD = "chmod";
public final static String SHELL_CMD_KILL = "kill";
Modified: projects/android/trunk/Orbot/src/org/torproject/android/service/TorTransProxy.java
===================================================================
--- projects/android/trunk/Orbot/src/org/torproject/android/service/TorTransProxy.java 2010-07-31 15:43:47 UTC (rev 22742)
+++ projects/android/trunk/Orbot/src/org/torproject/android/service/TorTransProxy.java 2010-07-31 15:43:56 UTC (rev 22743)
@@ -1,5 +1,7 @@
package org.torproject.android.service;
+import java.io.File;
+
import org.torproject.android.TorifiedApp;
import android.content.Context;
@@ -9,14 +11,17 @@
private final static String TAG = "TorTransProxy";
+ private static String BASE_DIR = "/data/data/" + TorServiceConstants.TOR_APP_USERNAME + "/";
+
private final static String CMD_NAT_FLUSH = "iptables -t nat -F || exit\n";
+ private final static String CMD_FILTER_FLUSH = "iptables -t filter -F || exit\n";
+
private final static String CMD_DNS_PROXYING_ADD = "iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
+ private final static String IPTABLES_ADD = " -A ";
+
//private final static String CMD_DNS_PROXYING_DELETE = "iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5400 || exit\n";
// - just calling a system wide flush of iptables rules
-
- private final static String IPTABLES_ADD = " -A ";
-
//private final static String IPTABLES_DELETE = " -D "; //not deleting manually anymore - just calling a system wide flush of iptables rules
// private final static String IPTABLES_DROP_ALL = " -j DROP ";
@@ -32,7 +37,7 @@
try {
// Run an empty script just to check root access
- String[] cmd = {"whoami"};
+ String[] cmd = {"exit 0"};
int exitCode = TorServiceUtils.doShellCommand(cmd, log, true, true);
if (exitCode == 0) {
@@ -46,13 +51,36 @@
return false;
}
+ private static String findBaseDir ()
+ {
+ String[] cmds = {"/system/bin/iptables -t nat --list"};
+ StringBuilder res = new StringBuilder();
+
+ int code;
+ try {
+ code = TorServiceUtils.doShellCommand(cmds, res, true, true);
+
+
+ if (code != 0) {
+ return BASE_DIR;
+ }
+ else
+ return "/system/bin/";
+
+ } catch (Exception e) {
+ return BASE_DIR;
+ }
+
+
+ }
public static int setDNSProxying () throws Exception
{
+ String baseDir = findBaseDir();
final StringBuilder log = new StringBuilder();
int code;
- String[] cmds = {CMD_DNS_PROXYING_ADD};
+ String[] cmds = {baseDir + CMD_DNS_PROXYING_ADD};
code = TorServiceUtils.doShellCommand(cmds, log, true, true);
@@ -78,15 +106,21 @@
}
*/
- public static boolean purgeNatIptables() {
+ public static boolean purgeIptables() {
+
+ String baseDir = findBaseDir();
+
+
StringBuilder res = new StringBuilder();
try {
- String[] cmds = {CMD_NAT_FLUSH};
+ String[] cmds = {baseDir + CMD_NAT_FLUSH, baseDir + CMD_FILTER_FLUSH};
int code = TorServiceUtils.doShellCommand(cmds, res, true, true);
if (code != 0) {
Log.w(TAG, "error purging iptables. exit code: " + code + "\n" + res);
return false;
}
+
+
return true;
} catch (Exception e) {
Log.w(TAG,"error purging iptables: " + e);
@@ -96,7 +130,9 @@
public static boolean setTransparentProxyingByApp(Context context, TorifiedApp[] apps, boolean forceAll) throws Exception
{
-
+
+ String baseDir = findBaseDir();
+
String command = null;
command = IPTABLES_ADD; //ADD
@@ -121,30 +157,49 @@
Log.i(TAG,"enabling transproxy for app: " + apps[i].getUsername() + "(" + apps[i].getUid() + ")");
//TCP
+ script.append(baseDir);
script.append("iptables -t nat");
- script.append(command);
- script.append("OUTPUT -p tcp -m owner --uid-owner ");
+ script.append(" -A OUTPUT -p tcp -m owner --uid-owner ");
script.append(apps[i].getUid());
- script.append(" -j DNAT --to 127.0.0.1:9040");
+ // script.append(" -j DNAT --to 127.0.0.1:9040");
+ script.append(" -m tcp --syn -j REDIRECT --to-ports 9040");
script.append(" || exit\n");
//UDP
+ script.append(baseDir);
script.append("iptables -t nat");
- script.append(command);
- script.append("OUTPUT -p udp -m owner --uid-owner ");
+ script.append(" -A OUTPUT -p udp -m owner --uid-owner ");
script.append(apps[i].getUid());
- script.append(" -j DROP"); //drop all UDP packets as Tor won't handle them
+ script.append(" --dport 53 -j REDIRECT --to-ports 5400"); //drop all UDP packets as Tor won't handle them
script.append(" || exit\n");
+
+ script.append(baseDir);
+ script.append("iptables -t nat");
+ script.append(" -A OUTPUT -m owner --uid-owner ");
+ script.append(apps[i].getUid());
+ script.append(" -j DROP"); //drop all other packets as Tor won't handle them
+ script.append(" || exit\n");
+
+
+ /*
+ * iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp -j REDIRECT --to-ports 9040
+iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
+iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --dport 9040 -j ACCEPT
+iptables -t filter -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j ACCEPT
+iptables -t filter -A OUTPUT -m owner --uid-owner anonymous -j DROP
+
+ */
}
}
String[] cmd = {script.toString()};
-
+ Log.i(TAG, cmd[0]);
+
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
String msg = res.toString();
- Log.e(TAG, msg);
+ Log.i(TAG, msg);
return false;
@@ -153,10 +208,9 @@
public static boolean setTransparentProxyingByPort(Context context, String[] ports) {
- String command = null;
+ String baseDir = findBaseDir();
+
- command = IPTABLES_ADD; //ADD
-
final StringBuilder script = new StringBuilder();
try {
@@ -167,6 +221,8 @@
Log.i(TAG,"enabling transproxy for port: " + ports[i]);
//TCP
+
+ script.append(baseDir);
script.append("iptables -t nat");
script.append("-A PREROUTING -p tcp --dport ");
script.append(ports[i]);
@@ -174,6 +230,8 @@
script.append(" || exit\n");
//UDP
+
+ script.append(baseDir);
script.append("iptables -t nat");
script.append("-A PREROUTING -p udp --dport ");
script.append(ports[i]);
@@ -185,7 +243,8 @@
StringBuilder res = new StringBuilder();
String[] cmd = {script.toString()};
-
+ Log.i(TAG, cmd[0]);
+
code = TorServiceUtils.doShellCommand(cmd, res, true, true);
String msg = res.toString();
More information about the tor-commits
mailing list