From 308b30a656ce999e3a1097c6cd3298535ed7f4db Mon Sep 17 00:00:00 2001
From: zhangshuai <zhangshuai@geedgenetworks.com>
Date: Wed, 27 Nov 2024 10:44:26 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20ASW-194=20tcpdump=20=E6=8D=95=E5=8C=85?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=BF=87=E6=BB=A4=E6=9D=A1=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/net/geedge/api/util/AdbUtil.java     | 42 ++++++++++++++++---
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/src/main/java/net/geedge/api/util/AdbUtil.java b/src/main/java/net/geedge/api/util/AdbUtil.java
index fe785c4..36ce066 100644
--- a/src/main/java/net/geedge/api/util/AdbUtil.java
+++ b/src/main/java/net/geedge/api/util/AdbUtil.java
@@ -619,11 +619,27 @@ public class AdbUtil {
                     .build());
             commandExec.exec(AdbCommandBuilder.builder()
                     .serial(this.getSerial())
-                    .buildShellCommand(String.format("shell iptables -A INPUT -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .buildShellCommand(String.format("shell iptables -A INPUT -p tcp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
                     .build());
             commandExec.exec(AdbCommandBuilder.builder()
                     .serial(this.getSerial())
-                    .buildShellCommand(String.format("shell iptables -A OUTPUT -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .buildShellCommand(String.format("shell iptables -A INPUT -p udp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .build());
+            commandExec.exec(AdbCommandBuilder.builder()
+                    .serial(this.getSerial())
+                    .buildShellCommand(String.format("shell iptables -A INPUT -p icmp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .build());
+            commandExec.exec(AdbCommandBuilder.builder()
+                    .serial(this.getSerial())
+                    .buildShellCommand(String.format("shell iptables -A OUTPUT -p tcp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .build());
+            commandExec.exec(AdbCommandBuilder.builder()
+                    .serial(this.getSerial())
+                    .buildShellCommand(String.format("shell iptables -A OUTPUT -p udp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                    .build());
+            commandExec.exec(AdbCommandBuilder.builder()
+                    .serial(this.getSerial())
+                    .buildShellCommand(String.format("shell iptables -A OUTPUT -p icmp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
                     .build());
 
             String ruleList = commandExec.exec(AdbCommandBuilder.builder()
@@ -644,7 +660,7 @@ public class AdbUtil {
             String pcapFilePath = "/data/local/tmp/capture_all_" + taskId + ".pcap";
             commandExec.execForProcess(AdbCommandBuilder.builder()
                     .serial(this.getSerial())
-                    .buildShellCommand(String.format("shell tcpdump not port %s -w %s &", this.vncPort, pcapFilePath))
+                    .buildShellCommand(String.format("shell \"tcpdump '(tcp or udp or icmp) and not (port %s or port 53 or port 67 or port 68 or port 123 or port 1900 or port 5353 or port 69)' -w %s &\"", this.vncPort, pcapFilePath))
                     .build());
         }
 
@@ -677,11 +693,27 @@ public class AdbUtil {
                         .build());
                 commandExec.exec(AdbCommandBuilder.builder()
                         .serial(this.getSerial())
-                        .buildShellCommand(String.format("shell iptables -D INPUT -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .buildShellCommand(String.format("shell iptables -D INPUT -p tcp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
                         .build());
                 commandExec.exec(AdbCommandBuilder.builder()
                         .serial(this.getSerial())
-                        .buildShellCommand(String.format("shell iptables -D OUTPUT -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .buildShellCommand(String.format("shell iptables -D INPUT -p udp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .build());
+                commandExec.exec(AdbCommandBuilder.builder()
+                        .serial(this.getSerial())
+                        .buildShellCommand(String.format("shell iptables -D INPUT -p icmp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .build());
+                commandExec.exec(AdbCommandBuilder.builder()
+                        .serial(this.getSerial())
+                        .buildShellCommand(String.format("shell iptables -D OUTPUT -p tcp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .build());
+                commandExec.exec(AdbCommandBuilder.builder()
+                        .serial(this.getSerial())
+                        .buildShellCommand(String.format("shell iptables -D OUTPUT -p udp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
+                        .build());
+                commandExec.exec(AdbCommandBuilder.builder()
+                        .serial(this.getSerial())
+                        .buildShellCommand(String.format("shell iptables -D OUTPUT -p icmp -m connmark --mark %s -j NFLOG --nflog-group %s", userId, userId))
                         .build());
             }
         }