[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [orbot/master] with transproxy allow localport access for proxies
commit 8906c31dd68f9836e4bc27dbd356d842d009c4fb
Author: Nathan Freitas <nathan@xxxxxxxxxxx>
Date: Fri Jan 13 10:58:51 2012 -0500
with transproxy allow localport access for proxies
when transproxy all is on, or when app by app proxying is on,
access to the localhost transproxy, SOCKS, HTTP, tor DNS and
other localhost ports should be allowed for apps that want
to speak directly to tor regardless of transproxy being enabled
---
.../torproject/android/service/TorTransProxy.java | 27 ++++++++++++++------
1 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/org/torproject/android/service/TorTransProxy.java b/src/org/torproject/android/service/TorTransProxy.java
index 462d2f0..aed3a02 100644
--- a/src/org/torproject/android/service/TorTransProxy.java
+++ b/src/org/torproject/android/service/TorTransProxy.java
@@ -246,6 +246,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t nat");
script.append(" -A OUTPUT -p tcp");
+ script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m tcp --syn");
@@ -267,6 +268,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t filter");
script.append(" -A OUTPUT -p tcp");
+ script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner --uid-owner ");
script.append(apps[i].getUid());
script.append(" -m tcp --dport ");
@@ -425,6 +427,7 @@ public class TorTransProxy implements TorServiceConstants {
script.append(ipTablesPath);
script.append(" -t nat");
script.append(" -A OUTPUT -p tcp");
+ script.append(" ! -d 127.0.0.1"); //allow access to localhost
script.append(" -m owner ! --uid-owner ");
script.append(torUid);
script.append(" -m tcp --syn");
@@ -443,14 +446,22 @@ public class TorTransProxy implements TorServiceConstants {
script.append(TOR_DNS_PORT);
script.append(" || exit\n");
- // Allow packets to localhost (contains all the port-redirected ones)
- script.append(ipTablesPath);
- script.append(" -t filter");
- script.append(" -A OUTPUT");
- script.append(" -p tcp");
- script.append(" -d 127.0.0.1");
- script.append(" -j ACCEPT");
- script.append(" || exit\n");
+ int[] ports = {TOR_DNS_PORT,TOR_TRANSPROXY_PORT,PORT_SOCKS,PORT_HTTP};
+
+ for (int port : ports)
+ {
+ // Allow packets to localhost (contains all the port-redirected ones)
+ script.append(ipTablesPath);
+ script.append(" -t filter");
+ script.append(" -A OUTPUT");
+ script.append(" -p tcp");
+ script.append(" -d 127.0.0.1");
+ script.append(" --dport ");
+ script.append(port);
+ script.append(" -j ACCEPT");
+ script.append(" || exit\n");
+
+ }
// Allow loopback
script.append(ipTablesPath);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits