aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorOdd Stranne <odd@mullvad.net>2019-06-12 23:11:57 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-06-13 11:59:44 +0200
commita8b30367866002bfce8efbfe610376077c1dedcb (patch)
tree834ab4b22f701ca1683f93363dd4631cabb3de89
parentinstaller: remove sidtype compat code (diff)
downloadwireguard-windows-a8b30367866002bfce8efbfe610376077c1dedcb.tar.xz
wireguard-windows-a8b30367866002bfce8efbfe610376077c1dedcb.zip
firewall: adjust loopback rule for better matching
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--tunnel/firewall/rules.go6
-rw-r--r--tunnel/firewall/types_windows.go25
2 files changed, 14 insertions, 17 deletions
diff --git a/tunnel/firewall/rules.go b/tunnel/firewall/rules.go
index 1f28d3ab..1216065b 100644
--- a/tunnel/firewall/rules.go
+++ b/tunnel/firewall/rules.go
@@ -260,11 +260,11 @@ func permitWireGuardService(session uintptr, baseObjects *baseObjects, weight ui
func permitLoopback(session uintptr, baseObjects *baseObjects, weight uint8) error {
condition := wtFwpmFilterCondition0{
- fieldKey: cFWPM_CONDITION_INTERFACE_TYPE,
- matchType: cFWP_MATCH_EQUAL,
+ fieldKey: cFWPM_CONDITION_FLAGS,
+ matchType: cFWP_MATCH_FLAGS_ALL_SET,
conditionValue: wtFwpConditionValue0{
_type: cFWP_UINT32,
- value: uintptr(cIF_TYPE_SOFTWARE_LOOPBACK),
+ value: uintptr(cFWP_CONDITION_FLAG_IS_LOOPBACK),
},
}
diff --git a/tunnel/firewall/types_windows.go b/tunnel/firewall/types_windows.go
index 6f86571f..fd313993 100644
--- a/tunnel/firewall/types_windows.go
+++ b/tunnel/firewall/types_windows.go
@@ -100,14 +100,6 @@ var cFWPM_CONDITION_IP_REMOTE_ADDRESS = windows.GUID{
Data4: [8]byte{0xa4, 0x4c, 0x5f, 0xf3, 0xd9, 0x09, 0x50, 0x45},
}
-// Defined in fwpmu.h. daf8cd14-e09e-4c93-a5ae-c5c13b73ffca
-var cFWPM_CONDITION_INTERFACE_TYPE = windows.GUID{
- Data1: 0xdaf8cd14,
- Data2: 0xe09e,
- Data3: 0x4c93,
- Data4: [8]byte{0xa5, 0xae, 0xc5, 0xc1, 0x3b, 0x73, 0xff, 0xca},
-}
-
// Defined in fwpmu.h. 3971ef2b-623e-4f9a-8cb1-6e79b806b9a7
var cFWPM_CONDITION_IP_PROTOCOL = windows.GUID{
Data1: 0x3971ef2b,
@@ -171,6 +163,17 @@ type wtFwpmL2Flags uint32
const cFWP_CONDITION_L2_IS_VM2VM wtFwpmL2Flags = 0x00000010
+var cFWPM_CONDITION_FLAGS = windows.GUID{
+ Data1: 0x632ce23b,
+ Data2: 0x5167,
+ Data3: 0x435c,
+ Data4: [8]byte{0x86, 0xd7, 0xe9, 0x03, 0x68, 0x4a, 0xa8, 0x0c},
+}
+
+type wtFwpmFlags uint32
+
+const cFWP_CONDITION_FLAG_IS_LOOPBACK wtFwpmFlags = 0x00000001
+
// Defined in fwpmtypes.h
type wtFwpmFilterFlags uint32
@@ -393,12 +396,6 @@ type wtFwpmProvider0 struct {
serviceName *uint16
}
-type wtIfType uint32
-
-const (
- cIF_TYPE_SOFTWARE_LOOPBACK wtIfType = 24
-)
-
type wtIPProto uint32
const (