diff options
| author |   Odd Stranne <odd@mullvad.net> | 2019-06-12 23:11:57 +0200 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-06-13 11:59:44 +0200 |
| commit | a8b30367866002bfce8efbfe610376077c1dedcb (patch) | |
| tree | 834ab4b22f701ca1683f93363dd4631cabb3de89 | |
| parent | installer: remove sidtype compat code (diff) | |
| download | wireguard-windows-a8b30367866002bfce8efbfe610376077c1dedcb.tar.xz wireguard-windows-a8b30367866002bfce8efbfe610376077c1dedcb.zip | |
firewall: adjust loopback rule for better matching
Signed-off-by: Odd Stranne <odd@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | tunnel/firewall/rules.go | 6 | ||||
| -rw-r--r-- | tunnel/firewall/types_windows.go | 25 |
2 files changed, 14 insertions, 17 deletions
diff --git a/tunnel/firewall/rules.go b/tunnel/firewall/rules.go index 1f28d3ab..1216065b 100644 --- a/tunnel/firewall/rules.go +++ b/tunnel/firewall/rules.go @@ -260,11 +260,11 @@ func permitWireGuardService(session uintptr, baseObjects *baseObjects, weight ui func permitLoopback(session uintptr, baseObjects *baseObjects, weight uint8) error { condition := wtFwpmFilterCondition0{ - fieldKey: cFWPM_CONDITION_INTERFACE_TYPE, - matchType: cFWP_MATCH_EQUAL, + fieldKey: cFWPM_CONDITION_FLAGS, + matchType: cFWP_MATCH_FLAGS_ALL_SET, conditionValue: wtFwpConditionValue0{ _type: cFWP_UINT32, - value: uintptr(cIF_TYPE_SOFTWARE_LOOPBACK), + value: uintptr(cFWP_CONDITION_FLAG_IS_LOOPBACK), }, } diff --git a/tunnel/firewall/types_windows.go b/tunnel/firewall/types_windows.go index 6f86571f..fd313993 100644 --- a/tunnel/firewall/types_windows.go +++ b/tunnel/firewall/types_windows.go @@ -100,14 +100,6 @@ var cFWPM_CONDITION_IP_REMOTE_ADDRESS = windows.GUID{ Data4: [8]byte{0xa4, 0x4c, 0x5f, 0xf3, 0xd9, 0x09, 0x50, 0x45}, } -// Defined in fwpmu.h. daf8cd14-e09e-4c93-a5ae-c5c13b73ffca -var cFWPM_CONDITION_INTERFACE_TYPE = windows.GUID{ - Data1: 0xdaf8cd14, - Data2: 0xe09e, - Data3: 0x4c93, - Data4: [8]byte{0xa5, 0xae, 0xc5, 0xc1, 0x3b, 0x73, 0xff, 0xca}, -} - // Defined in fwpmu.h. 3971ef2b-623e-4f9a-8cb1-6e79b806b9a7 var cFWPM_CONDITION_IP_PROTOCOL = windows.GUID{ Data1: 0x3971ef2b, @@ -171,6 +163,17 @@ type wtFwpmL2Flags uint32 const cFWP_CONDITION_L2_IS_VM2VM wtFwpmL2Flags = 0x00000010 +var cFWPM_CONDITION_FLAGS = windows.GUID{ + Data1: 0x632ce23b, + Data2: 0x5167, + Data3: 0x435c, + Data4: [8]byte{0x86, 0xd7, 0xe9, 0x03, 0x68, 0x4a, 0xa8, 0x0c}, +} + +type wtFwpmFlags uint32 + +const cFWP_CONDITION_FLAG_IS_LOOPBACK wtFwpmFlags = 0x00000001 + // Defined in fwpmtypes.h type wtFwpmFilterFlags uint32 @@ -393,12 +396,6 @@ type wtFwpmProvider0 struct { serviceName *uint16 } -type wtIfType uint32 - -const ( - cIF_TYPE_SOFTWARE_LOOPBACK wtIfType = 24 -) - type wtIPProto uint32 const ( |