Comments (14)
DNS traffic from Phone/Unknown is now automatically allowed, whereas other connections from such apps are still blocked. The fix will be available in the next PCAPdroid release. You can test it with the beta APK https://pcapdroid.org/fdroid/repo/PCAPdroid_1.6.5-958fc6a.apk (to use the firewall, install it along with the official PCAPdroid app).
Please confirm that the fix works correctly for you.
from pcapdroid.
Hi, if you manually add this Phone app and the Unknown app to the whitelist, does it solve the issue?
from pcapdroid.
Hi, if you manually add this Phone app and the Unknown app to the whitelist, does it solve the issue?
Yes, it will solve the issue, but I want to block them.
from pcapdroid.
DNS traffic from Phone/Unknown is now automatically allowed, whereas other connections from such apps are still blocked. The fix will be available in the next PCAPdroid release. You can test it with the beta APK https://pcapdroid.org/fdroid/repo/PCAPdroid_1.6.5-958fc6a.apk (to use the firewall, install it along with the official PCAPdroid app). Please confirm that the fix works correctly for you.
It fixed, thank you.
from pcapdroid.
Thanks for reporting
from pcapdroid.
DNS traffic from Phone/Unknown is now automatically allowed
Is this just about the apps in Whitelist by default? Such as #376
Or have you changed some global rules?
from pcapdroid.
It's a global rule, see 958fc6a#diff-8f7802a1b248c0ddceaa307427717ccd8a74ba8d0bd1062b2faad276eea76a66R334
from pcapdroid.
It's a global rule
In Whitelist mode?
from pcapdroid.
see 958fc6a#diff-8f7802a1b248c0ddceaa307427717ccd8a74ba8d0bd1062b2faad276eea76a66R334
Do I understand correctly that DNS traffic from NETD, PHONE and UNKNOWN is always allowed?
Then this is a very bad idea and this means that uncontrolled traffic in whitelist mode is possible.
Okay, if there is some kind of default app whitelist that can be cleared. But if there are global rules that cannot be influenced in whitelist mode. This is clearly wrong.
Which I really haven't noticed yet :)
It's better to at least add these uids to the default whitelist. So that they can be excluded.
Receiving DNS addresses can be configured via your own local server in order to exclude external DNS connections. And here you are with your global rules ;)
The enabling of a whitelist mode initially implies that a person first wants to get a complete absence of any traffic. And only then add exemptions.
In general, any global firewall rules that cannot be reconfigured are very bad.
Don't act like Google: give users the opportunity to choose and reconfigure ;)
from pcapdroid.
This is the best we can do with the current Android implementation, because there is no way to know which app performed the DNS request, so blocking netd will disrupt all the apps who rely on it. In any case, let's say you want to block a specific app, only the DNS request will succed (which alone is useless), any subsequent TCP/UDP/ICMP traffic from the app will be blocked, so this function in essence works as you would expect (no big surprises).
from pcapdroid.
which alone is useless
In what sense?
If there is a need to block all DNS connections with a guarantee then will your global rules definitely not prevent this?
So far, I haven't seen DNS leaks (as opposed to Rethink leaks) but these global rules raise very big doubts about their impossibility.
That's why I suggest moving all global rules to a custom user settings.
Let them be the default but so that can turn on the whitelist mode to the maximum.
The whitelist mode should have a guaranteed option of not having any connections.
from pcapdroid.
And I was also interested in the line
data->to_block = !blacklist_match_uid(pd->firewall.wl, data->uid);
Maybe it's better to rename blacklist_match_uid to list_match_uid ;)
from pcapdroid.
This does not makes to me, so I will not implement it
from pcapdroid.
so I will not implement it
Perhaps you don't need to implement anything.
But to understand this, you need to at least have time to discuss rather than quickly adding global rules to save your time ;)
Merry Christmas :)
from pcapdroid.
Related Issues (20)
- Is that possible to use real-time capture by default? HOT 2
- Activity Monitor HOT 7
- Pvapdroid
- no network connection in specific app when using PCAPDroid HOT 12
- Log: [AppsResolver] Could not retrieve package HOT 1
- Filtering by Prepared Hosts HOT 1
- sslkeylogfile.txt produces "Duplicated entry" warnings in scapy, fails to decrypt traffic HOT 2
- PCAPdroid Trailer not work,lua plugin is loaded normally HOT 8
- Feature request: Geo location block
- ICMP traffic not available HOT 2
- App crashes on Android permissions reset
- Start on boot doesn't seem to work HOT 3
- High cpu usage when use it through root mode, and libcapd.so process doesn't be killed HOT 6
- Implement PCAPdroid trailer equivalent in pcapng
- Garbage characters in PCAPdtoid trailer app name HOT 6
- Save mitmproxy capture HOT 1
- I want to thank those for being patient with me. I didn't know anything about the internet until I got hacked. I have a big problem with reading much more than 2 sentences and I loose focus and skip a quarter page.
- Add network interface information HOT 1
- Mention the Blacklist source when Malware connection is detected and other disclosures HOT 3
- Improve connections error reporting
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcapdroid.