service: wire up firewall

author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-03 16:53:05 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-03 16:53:05 +0200
commit: 9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed (patch)
tree: 18943c62deb6aa40cdaa4a2b6cad931546d0ff43 /service/service_tunnel.go
parent: firewall: introduce incomplete untested prototype (diff)
download: wireguard-windows-9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed.tar.xz
wireguard-windows-9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed.zip
1 files changed, 29 insertions, 16 deletions
diff --git a/service/service_tunnel.go b/service/service_tunnel.go
index 419cfdbe..01e7b417 100644
--- a/service/service_tunnel.go
+++ b/service/service_tunnel.go
@@ -119,47 +119,45 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest,
 	logger = &device.Logger{stdLog, stdLog, stdLog}
 
 	logger.Info.Println("Starting wireguard-go version", device.WireGuardGoVersion)
-	logger.Debug.Println("Debug log enabled")
 
+	logger.Info.Println("Resolving DNS names")
 	uapiConf, err := conf.ToUAPI()
 	if err != nil {
 		serviceError = ErrorDNSLookup
 		return
 	}
 
+	logger.Info.Println("Creating Wintun device")
 	wintun, err := tun.CreateTUN(conf.Name)
 	if err != nil {
 		serviceError = ErrorCreateWintun
 		return
 	}
+	logger.Info.Println("Determining Wintun device name")
 	realInterfaceName, err := wintun.Name()
 	if err != nil {
 		serviceError = ErrorDetermineWintunName
 		return
 	}
 	conf.Name = realInterfaceName
+	nativeTun := wintun.(*tun.NativeTun)
+
+	logger.Info.Println("Enabling firewall rules")
+	err = enableFirewall(conf, nativeTun)
+	if err != nil {
+		serviceError = ErrorFirewall
+		return
+	}
 
+	logger.Info.Println("Creating interface instance")
 	dev = device.NewDevice(wintun, logger)
-	dev.Up()
-	logger.Info.Println("Device started")
 
+	logger.Info.Println("Setting interface configuration")
 	uapi, err = ipc.UAPIListen(conf.Name)
 	if err != nil {
 		serviceError = ErrorUAPIListen
 		return
 	}
-
-	go func() {
-		for {
-			conn, err := uapi.Accept()
-			if err != nil {
-				continue
-			}
-			go dev.IpcHandle(conn)
-		}
-	}()
-	logger.Info.Println("UAPI listener started")
-
 	ipcErr := dev.IpcSetOperation(bufio.NewReader(strings.NewReader(uapiConf)))
 	if ipcErr != nil {
 		err = ipcErr
@@ -167,21 +165,36 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest,
 		return
 	}
 
-	nativeTun := wintun.(*tun.NativeTun)
+	logger.Info.Println("Bringing peers up")
+	dev.Up()
 
+	logger.Info.Println("Monitoring default routes")
 	routeChangeCallback, err = monitorDefaultRoutes(dev, conf.Interface.Mtu == 0, nativeTun)
 	if err != nil {
 		serviceError = ErrorBindSocketsToDefaultRoutes
 		return
 	}
 
+	logger.Info.Println("Setting device address")
 	err = configureInterface(conf, nativeTun)
 	if err != nil {
 		serviceError = ErrorSetNetConfig
 		return
 	}
 
+	logger.Info.Println("Listening for UAPI requests")
+	go func() {
+		for {
+			conn, err := uapi.Accept()
+			if err != nil {
+				continue
+			}
+			go dev.IpcHandle(conn)
+		}
+	}()
+
 	changes <- svc.Status{State: svc.Running, Accepts: svc.AcceptStop}
+	logger.Info.Println("Startup complete")
 
 	for {
 		select {
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-03 16:53:05 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-03 16:53:05 +0200
commit	9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed (patch)
tree	18943c62deb6aa40cdaa4a2b6cad931546d0ff43 /service/service_tunnel.go
parent	firewall: introduce incomplete untested prototype (diff)
download	wireguard-windows-9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed.tar.xz wireguard-windows-9316f1c3d4fc47fb4f806d9554bfc78a4a7357ed.zip