Пример #1
0
  private void flushIptables() {

    StringBuffer cmd = new StringBuffer();

    cmd.append(BASE + "iptables -t nat -F SSHTUNNEL\n");
    cmd.append(BASE + "iptables -t nat -X SSHTUNNEL\n");

    cmd.append((CMD_IPTABLES_RETURN.replace("0.0.0.0", hostAddress)).replace("-A", "-D"));

    if (enableDNSProxy) {
      cmd.append(BASE + "iptables -t nat -F SSHTUNNELDNS\n");
      cmd.append(BASE + "iptables -t nat -X SSHTUNNELDNS\n");
      cmd.append(BASE + "iptables -t nat -D OUTPUT -p udp -j SSHTUNNELDNS\n");
    }

    if (profile.isGFWList()) {
      String[] gfw_list = getResources().getStringArray(R.array.gfw_list);

      for (String item : gfw_list) {
        cmd.append(BASE + "iptables -t nat -D OUTPUT -p tcp -d " + item + " -j SSHTUNNEL\n");
      }
    } else if (profile.isAutoSetProxy()) {
      cmd.append(BASE + "iptables -t nat -D OUTPUT -p tcp -j SSHTUNNEL\n");
    } else {

      // for proxy specified apps
      if (apps == null || apps.length <= 0)
        apps = AppManager.getProxyedApps(this, profile.getProxyedApps());

      for (int i = 0; i < apps.length; i++) {
        if (apps[i].isProxyed()) {
          cmd.append(
              BASE
                  + "iptables "
                  + "-t nat -m owner --uid-owner "
                  + apps[i].getUid()
                  + " -D OUTPUT -p tcp -j SSHTUNNEL\n");
        }
      }
    }

    String rules = cmd.toString();

    runRootCommand(rules);

    if (profile.isSocks()) runRootCommand(BASE + "proxy_socks.sh stop");
    else runRootCommand(BASE + "proxy_http.sh stop");
  }
Пример #2
0
  /**
   * Internal method to request actual PTY terminal once we've finished authentication. If called
   * before authenticated, it will just fail.
   */
  private void finishConnection() {

    Log.e(TAG, "Forward Successful");

    if (profile.isSocks()) runRootCommand(BASE + "proxy_socks.sh start " + profile.getLocalPort());
    else runRootCommand(BASE + "proxy_http.sh start " + profile.getLocalPort());

    StringBuffer cmd = new StringBuffer();

    cmd.append(BASE + "iptables -t nat -N SSHTUNNEL\n");
    cmd.append(BASE + "iptables -t nat -F SSHTUNNEL\n");

    if (enableDNSProxy) {

      cmd.append(BASE + "iptables -t nat -N SSHTUNNELDNS\n");
      cmd.append(BASE + "iptables -t nat -F SSHTUNNELDNS\n");

      if (hasRedirectSupport)
        cmd.append(
            BASE
                + "iptables "
                + "-t nat -A SSHTUNNELDNS -p udp --dport 53 -j REDIRECT --to "
                + dnsPort
                + "\n");
      else
        cmd.append(
            BASE
                + "iptables "
                + "-t nat -A SSHTUNNELDNS -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:"
                + dnsPort
                + "\n");

      cmd.append(BASE + "iptables -t nat -A OUTPUT -p udp -j SSHTUNNELDNS\n");
    }

    if (profile.isSocks())
      cmd.append(
          hasRedirectSupport ? CMD_IPTABLES_REDIRECT_ADD_SOCKS : CMD_IPTABLES_DNAT_ADD_SOCKS);
    else cmd.append(hasRedirectSupport ? CMD_IPTABLES_REDIRECT_ADD : CMD_IPTABLES_DNAT_ADD);

    cmd.append(CMD_IPTABLES_RETURN.replace("0.0.0.0", hostAddress));

    if (profile.isGFWList()) {
      String[] gfw_list = getResources().getStringArray(R.array.gfw_list);

      for (String item : gfw_list) {
        cmd.append(BASE + "iptables -t nat -A OUTPUT -p tcp -d " + item + " -j SSHTUNNEL\n");
      }
    } else if (profile.isAutoSetProxy()) {
      cmd.append(BASE + "iptables -t nat -A OUTPUT -p tcp -j SSHTUNNEL\n");
    } else {

      // for proxy specified apps
      if (apps == null || apps.length <= 0)
        apps = AppManager.getProxyedApps(this, profile.getProxyedApps());

      for (int i = 0; i < apps.length; i++) {
        if (apps[i].isProxyed()) {
          cmd.append(
              BASE
                  + "iptables "
                  + "-t nat -m owner --uid-owner "
                  + apps[i].getUid()
                  + " -A OUTPUT -p tcp -j SSHTUNNEL\n");
        }
      }
    }

    String rules = cmd.toString();

    if (hostAddress != null)
      rules =
          rules
              .replace("--dport 443", "! -d " + hostAddress + " --dport 443")
              .replace("--dport 80", "! -d " + hostAddress + " --dport 80");

    if (profile.isSocks()) runRootCommand(rules.replace("8124", "8123"));
    else runRootCommand(rules);
  }