Opened 10 years ago

Closed 9 years ago

#2775 closed defect (fixed)

Orbot doesn't show iptables failure

Reported by: kaner Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Orbot iptables settings fail to apply for Orbot on Android 2.3.3, cm7 port. The problem seems to be related to bionic library, not Orbot itself. Still, maybe Orbot should not show a green onion in case the iptables command fails.

Here is an example of how iptables fails on 2.3.3.

# whoami
# iptables -A INPUT -p icmp -j ACCEPT
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:378

A Google search for the error message shows that lots of other projects also encouter the same problem.

Thanks to cubi for testing & reporting this issue.

Child Tickets

Change History (5)

comment:1 Changed 10 years ago by kaner

Looking at src/org/torproject/android/service/, it seems like the iptables return code isn't checked.

comment:2 Changed 10 years ago by n8fr8

Status: newassigned

This is a priority issue for us to address, as more and more "root" devices don't have full iptables support.

In addition, we are looking at the possibility of loading kernel modules in these cases.

comment:3 Changed 9 years ago by aagbsn

testing cm-7.0.2 here; a (quick) fix to get orbot working is to replace the included iptables binary (/system/bin/iptables) with the binary included with droidwall 1.5.1

comment:4 Changed 9 years ago by n8fr8

Thanks aagbsn - we have actually taken that approach in our work on the next Orbot release. We are now embedding iptables 1.4.7 within Orbot.

In addition, we are cleaning up our iptables rules to work more efficiently.

Appreciate your testing and feedback!

comment:5 Changed 9 years ago by n8fr8

Resolution: fixed
Status: assignedclosed

Our latest development build should fix this issue. Specifically we check the iptables return code, and indicate transproxy status throught notifications to the user.

You can test this out through this build:

We will be pushing out an official update to the tor site and market shortly.

Please let us know if you have any problems.

Note: See TracTickets for help on using tickets.