FORUMS
Remove All Ads from XDA

[Module] | X8 | X10 mini | X10 mini pro | AX8NETFILTER v003 | Netfilter [2011-08-01]

195 posts
Thanks Meter: 457
 
By AnDyX, Senior Member on 25th July 2011, 12:45 PM
Post Reply Email Thread
This is another module from series "breaking the SE limits".

What benefits they give us:

Quote:
Originally Posted by doixanh

- we can (hopefully) have native usb/wifi tether on our phone.

Other benefits:
- Firewall apps
- Transparent proxies
- NAT

Works:
- tetheting using Wifi Tether (only version from this post, automatically loads needed modules)

To do:
- iptables executable that automatically loads needed modules,
- USB Tether via Gingerbread menu (currently show USB not connected on my phone),
- Wifi Tether via Gingerbread menu (currently is missing in XGin menu)

I finally managed Netfilter to compile and insmod into our kernel. Few minor of them still didn't load because depends of modules that I didn't add - but I will in next versions.
Dev note: There is no more space in sk_buff structure so to make IPV6 work some special code will be required.

Prerequisites:
- X8,
- Baseband x15
- free will to help.

Installation:

Installation using ADB on Windows:
- unzip netfilter package to adb directory,
- unzip copy_nf_files_adb.zip to adb directory,
- execute copy_nf_files.cmd file - it copies and make chmod on files.

Manual installation:
The package in not for xRecovery (maybe some will do this), it just contains files that should be in directories specified in zip.
Zip contains iptables executable so to use it do chmod on it:
Code:
chmod +x /system/xbin/iptables
Loading Netfilter modules.

run following command to load basic set of modules:
Code:
sh /system/xbin/basic_iptables.sh
or following command to load full set of modules:
Code:
sh /system/xbin/full_iptables.sh
In dmesg should contains lines:
Code:
ax8netfilter: module v003 for X8 device loaded
ax8netfilter: Field arp_process set
ax8netfilter: Field ip_finish_output2 set
ax8netfilter: Field xfrm_output set
ax8netfilter: Field xfrm_output2 set
ax8netfilter: Field inet_protos set
ax8netfilter: Field ip_forward_options set
ax8netfilter: Field ip_call_ra_chain set
ax8netfilter: Field ip_rt_send_redirect set
ax8netfilter: Field raw_local_deliver set
ax8netfilter: Field ip_options_fragment set
ax8netfilter: Field ip_options_get_from_user set
ax8netfilter: Field ip_mc_leave_group set
ax8netfilter: Field ip_mc_msfilter set
ax8netfilter: Field ip_mc_source set
ax8netfilter: Field ip_ra_control set
ax8netfilter: Field ip_options_undo set
ax8netfilter: Field ip_mc_msfget set
ax8netfilter: Field ip_mc_gsfget set
ax8netfilter: Field sysctl_ip_default_ttl set
ax8netfilter: Field ip_local_error set
ax8netfilter: Field icmp_out_count set
ax8netfilter: Field ip_cmsg_send set
ax8netfilter: Field ip_append_data set
ax8netfilter: Field ip_push_pending_frames set
ax8netfilter: Field ip_flush_pending_frames set
ax8netfilter: Field xfrm_replay_notify set
ax8netfilter: Field sysctl_igmp_max_msf set
ax8netfilter: Field ip_options_compile set
ax8netfilter: Field ip_options_rcv_srr set
ax8netfilter: Function skb_release_head_state hijacked
ax8netfilter: Function __copy_skb_header hijacked
ax8netfilter: Function arp_xmit hijacked
ax8netfilter: Function arp_rcv hijacked
ax8netfilter: Function ip_forward hijacked
ax8netfilter: Function ip_local_deliver hijacked
ax8netfilter: Function __ip_local_out hijacked
ax8netfilter: Function ip_mc_output hijacked
ax8netfilter: Function ip_output hijacked
ax8netfilter: Function ip_fragment hijacked
ax8netfilter: Function ip_setsockopt hijacked
ax8netfilter: Function ip_getsockopt hijacked
ax8netfilter: Function raw_sendmsg hijacked
ax8netfilter: Function raw_rcv hijacked
ax8netfilter: Function xfrm4_transport_finish hijacked
ax8netfilter: Function xfrm_output_resume hijacked
ax8netfilter: Function ip_rcv hijacked
ip_tables: (C) 2000-2006 Netfilter Core Team
Execute lsmod. Should contains lines:

Code:
# lsmod
lsmod
ipt_MASQUERADE 2708 0 - Live 0xbf0d9000
iptable_nat 5208 0 - Live 0xbf0d2000
nf_nat 17466 2 ipt_MASQUERADE,iptable_nat, Live 0xbf0c8000
nf_conntrack_ipv4 8300 3 iptable_nat,nf_nat, Live 0xbf0c0000
nf_defrag_ipv4 1828 1 nf_conntrack_ipv4, Live 0xbf086000
xt_multiport 3160 0 - Live 0xbf06d000
nf_conntrack 58176 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0
xbf0ac000
iptable_filter 2736 0 - Live 0xbf059000
ip_tables 10516 2 iptable_nat,iptable_filter, Live 0xbf0a7000
x_tables 14256 4 ipt_MASQUERADE,iptable_nat,xt_multiport,ip_tables, Live 0xbf0a1
000
ax8netfilter 42412 8 iptable_nat,nf_nat,nf_conntrack_ipv4,nf_defrag_ipv4,nf_conn
track,iptable_filter,ip_tables,x_tables,[permanent], Live 0xbf0940000
You can use iptables executable now and check if works:

Result of the
Code:
iptables -L
Code:
# iptables -L
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
#
Result of the
Code:
iptables -t nat -L
Code:
# iptables -t nat -L
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Try to use network. Current connections tracked by netfilter are in:
Code:
# cat /proc/net/nf_conntrack
cat /proc/net/nf_conntrack
ipv4     2 tcp      6 11 SYN_SENT src=10.72.207.153 dst=82.145.209.253 sport=53625 dport=1080 packets=1 bytes=60 [UNREPLIED] src=82.145.209.253 dst=10.72.207.153 sport=1080 dport=53625 packets=0 bytes=0 mark=0 use=2
ipv4     2 udp      17 22 src=10.72.207.153 dst=213.158.199.1 sport=22346 dport=53 packets=1 bytes=68 [UNREPLIED] src=213.158.199.1 dst=10.72.207.153 sport=53 dport=22346 packets=0 bytes=0 mark=0 use=2
ipv4     2 tcp      6 4 SYN_SENT src=10.72.207.153 dst=213.244.185.17 sport=47040 dport=80 packets=1 bytes=60 [UNREPLIED] src=213.244.185.17 dst=10.72.207.153 sport=80 dport=47040 packets=0 bytes=0 mark=0 use=2
ipv4     2 icmp     1 29 src=10.72.207.153 dst=50.23.231.74 type=8 code=0 id=44555 packets=8 bytes=672 [UNREPLIED] src=50.23.231.74 dst=10.72.207.153 type=0 code=0 id=44555 packets=0 bytes=0 mark=0 use=9
ipv4     2 udp      17 23 src=10.72.207.153 dst=213.158.199.1 sport=48956 dport=53 packets=1 bytes=71 [UNREPLIED] src=213.158.199.1 dst=10.72.207.153 sport=53 dport=48956 packets=0 bytes=0 mark=0 use=2
Release history:
v003:
- fixed issue with incoming packets,
- modified WifiTether to work with our netfilter modules.

v002:
- added two scripts:
* first load basic set of modules - should be enough to run WifiTether app,
* second load all possible modules - for playing fun with netfilter.

v001:
- rewrited hijacking code.

v001a:
- this is POC (proof of concept) that we can have working netfilter in our devices.

Sources as usually at: My GIT
The Following 67 Users Say Thank You to AnDyX For This Useful Post: [ View ] Gift AnDyX Ad-Free
 
 
25th July 2011, 12:47 PM |#2  
Really nice work. Thanks man
The Following User Says Thank You to doixanh For This Useful Post: [ View ] Gift doixanh Ad-Free
25th July 2011, 01:02 PM |#3  
dzadzev's Avatar
Senior Member
Flag Macedonia
Thanks Meter: 190
 
More
Great work man, keep it up ... Thanks !
25th July 2011, 01:10 PM |#4  
timpot07's Avatar
Senior Member
Thanks Meter: 35
 
More
nice..thanks
25th July 2011, 01:17 PM |#5  
Dare-Devil Inside's Avatar
Senior Member
Flag Sibenik
Thanks Meter: 368
 
More
I dreamt about this last night.
Good work

Sent from my X8 using Tapatalk
25th July 2011, 02:35 PM |#6  
Senior Member
Thanks Meter: 158
 
More
good work...can't wait to try it!
25th July 2011, 02:40 PM |#7  
Koulis2000's Avatar
Senior Member
Flag Thessaloniki
Thanks Meter: 1,208
 
Donate to Me
More
Can somebody tell me with simple English:
-What are the benefits of using this module?
-What we will be able to do using this module?
25th July 2011, 02:42 PM |#8  
Member
Flag Santiago
Thanks Meter: 5
 
Donate to Me
More
is write in the first post....

theter = you phone is used as modem to share internet conection
25th July 2011, 02:51 PM |#9  
DeanBoro's Avatar
Senior Member
Thanks Meter: 220
 
Donate to Me
More
Congratulations you just acheived something one of our top developers 'doixanh' though was impossible without custom kernel. Excellent work!
25th July 2011, 03:02 PM |#10  
XperianPro's Avatar
Senior Member
Flag Mars
Thanks Meter: 881
 
Donate to Me
More
Who needs custom kernel now.

btw what is progress on swap.
25th July 2011, 03:05 PM |#11  
DeanBoro's Avatar
Senior Member
Thanks Meter: 220
 
Donate to Me
More
All the hard work and long wait for custom kernels, all I ever wanted was a working Net Filter and abillity to OC and UV, and we have them all now
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes