diff options
author | Simon Rozman <simon@rozman.si> | 2019-05-16 10:34:09 +0200 |
---|---|---|
committer | Simon Rozman <simon@rozman.si> | 2019-05-16 10:36:28 +0200 |
commit | 852e38a360d47c7dc64798d1b051b2f61047fd8e (patch) | |
tree | a65c6f4208cde882003109437158456f3e712405 /service | |
parent | firewall: allow wireguard.exe to override other rules (diff) | |
download | wireguard-windows-852e38a360d47c7dc64798d1b051b2f61047fd8e.tar.xz wireguard-windows-852e38a360d47c7dc64798d1b051b2f61047fd8e.zip |
global: change acronyms to uppercase
Signed-off-by: Simon Rozman <simon@rozman.si>
Diffstat (limited to '')
-rw-r--r-- | service/firewall/blocker.go | 20 | ||||
-rw-r--r-- | service/firewall/rules.go | 18 | ||||
-rw-r--r-- | service/firewall/types_windows.go | 8 | ||||
-rw-r--r-- | service/ifaceconfig.go | 86 | ||||
-rw-r--r-- | service/service_tunnel.go | 2 |
5 files changed, 67 insertions, 67 deletions
diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go index 0589ae66..8034935d 100644 --- a/service/firewall/blocker.go +++ b/service/firewall/blocker.go @@ -49,14 +49,14 @@ func createWfpSession() (uintptr, error) { func registerBaseObjects(session uintptr) (*baseObjects, error) { // {48E29F38-7492-4436-8F92-29D78A8D29D3} - providerGuid := windows.GUID{ + providerGUID := windows.GUID{ Data1: 0x48e29f38, Data2: 0x7492, Data3: 0x4436, Data4: [8]byte{0x8f, 0x92, 0x29, 0xd7, 0x8a, 0x8d, 0x29, 0xd3}, } // {FE3DB7F8-4658-4DE5-8DA9-CE5086A8266B} - filtersGuid := windows.GUID{ + filtersGUID := windows.GUID{ Data1: 0xfe3db7f8, Data2: 0x4658, Data3: 0x4de5, @@ -72,7 +72,7 @@ func registerBaseObjects(session uintptr) (*baseObjects, error) { return nil, wrapErr(err) } provider := wtFwpmProvider0{ - providerKey: providerGuid, + providerKey: providerGUID, displayData: *displayData, } err = fwpmProviderAdd0(session, &provider, 0) @@ -91,9 +91,9 @@ func registerBaseObjects(session uintptr) (*baseObjects, error) { return nil, wrapErr(err) } sublayer := wtFwpmSublayer0{ - subLayerKey: filtersGuid, + subLayerKey: filtersGUID, displayData: *displayData, - providerKey: &providerGuid, + providerKey: &providerGUID, weight: ^uint16(0), } err = fwpmSubLayerAdd0(session, &sublayer, 0) @@ -103,8 +103,8 @@ func registerBaseObjects(session uintptr) (*baseObjects, error) { } return &baseObjects{ - providerGuid, - filtersGuid, + providerGUID, + filtersGUID, }, nil } @@ -125,7 +125,7 @@ func EnableFirewall(luid uint64, restrictToDNSServers []net.IP, restrictAll bool } if len(restrictToDNSServers) > 0 { - err = blockDns(restrictToDNSServers, session, baseObjects, 15, 14) + err = blockDNS(restrictToDNSServers, session, baseObjects, 15, 14) if err != nil { return wrapErr(err) } @@ -149,12 +149,12 @@ func EnableFirewall(luid uint64, restrictToDNSServers []net.IP, restrictAll bool } if restrictAll { - err = permitDhcpIpv4(session, baseObjects, 12) + err = permitDHCPIPv4(session, baseObjects, 12) if err != nil { return wrapErr(err) } - err = permitDhcpIpv6(session, baseObjects, 12) + err = permitDHCPIPv6(session, baseObjects, 12) if err != nil { return wrapErr(err) } diff --git a/service/firewall/rules.go b/service/firewall/rules.go index c48de299..7fc5bef4 100644 --- a/service/firewall/rules.go +++ b/service/firewall/rules.go @@ -22,19 +22,19 @@ import ( var ( linkLocal = wtFwpV6AddrAndMask{[16]uint8{0xfe, 0x80}, 10} - linkLocalDhcpMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}} - siteLocalDhcpMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3}} + linkLocalDHCPMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}} + siteLocalDHCPMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3}} linkLocalRouterMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}} ) -func permitTunInterface(session uintptr, baseObjects *baseObjects, weight uint8, ifLuid uint64) error { +func permitTunInterface(session uintptr, baseObjects *baseObjects, weight uint8, ifLUID uint64) error { ifaceCondition := wtFwpmFilterCondition0{ fieldKey: cFWPM_CONDITION_IP_LOCAL_INTERFACE, matchType: cFWP_MATCH_EQUAL, conditionValue: wtFwpConditionValue0{ _type: cFWP_UINT64, - value: (uintptr)(unsafe.Pointer(&ifLuid)), + value: (uintptr)(unsafe.Pointer(&ifLUID)), }, } @@ -356,7 +356,7 @@ func permitLoopback(session uintptr, baseObjects *baseObjects, weight uint8) err return nil } -func permitDhcpIpv4(session uintptr, baseObjects *baseObjects, weight uint8) error { +func permitDHCPIPv4(session uintptr, baseObjects *baseObjects, weight uint8) error { // // #1 Outbound DHCP request on IPv4. // @@ -459,7 +459,7 @@ func permitDhcpIpv4(session uintptr, baseObjects *baseObjects, weight uint8) err return nil } -func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) error { +func permitDHCPIPv6(session uintptr, baseObjects *baseObjects, weight uint8) error { // // #1 Outbound DHCP request on IPv6. // @@ -474,13 +474,13 @@ func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) err conditions[1].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[1].matchType = cFWP_MATCH_EQUAL conditions[1].conditionValue._type = cFWP_BYTE_ARRAY16_TYPE - conditions[1].conditionValue.value = uintptr(unsafe.Pointer(&linkLocalDhcpMulticast)) + conditions[1].conditionValue.value = uintptr(unsafe.Pointer(&linkLocalDHCPMulticast)) // Repeat the condition type for logical OR. conditions[2].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[2].matchType = cFWP_MATCH_EQUAL conditions[2].conditionValue._type = cFWP_BYTE_ARRAY16_TYPE - conditions[2].conditionValue.value = uintptr(unsafe.Pointer(&siteLocalDhcpMulticast)) + conditions[2].conditionValue.value = uintptr(unsafe.Pointer(&siteLocalDHCPMulticast)) conditions[3].fieldKey = cFWPM_CONDITION_IP_REMOTE_PORT conditions[3].matchType = cFWP_MATCH_EQUAL @@ -991,7 +991,7 @@ func blockAll(session uintptr, baseObjects *baseObjects, weight uint8) error { } // Block all DNS traffic except towards specified DNS servers. -func blockDns(except []net.IP, session uintptr, baseObjects *baseObjects, weightAllow uint8, weightDeny uint8) error { +func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weightAllow uint8, weightDeny uint8) error { if weightDeny >= weightAllow { return errors.New("The allow weight must be greater than the deny weight") } diff --git a/service/firewall/types_windows.go b/service/firewall/types_windows.go index 5d247338..9aa5ccce 100644 --- a/service/firewall/types_windows.go +++ b/service/firewall/types_windows.go @@ -407,10 +407,10 @@ const ( cIF_TYPE_SOFTWARE_LOOPBACK wtIfType = 24 ) -type wtIpProto uint32 +type wtIPProto uint32 const ( - cIPPROTO_ICMP wtIpProto = 1 - cIPPROTO_TCP wtIpProto = 6 - cIPPROTO_UDP wtIpProto = 17 + cIPPROTO_ICMP wtIPProto = 1 + cIPPROTO_TCP wtIPProto = 6 + cIPPROTO_UDP wtIPProto = 17 ) diff --git a/service/ifaceconfig.go b/service/ifaceconfig.go index 4a036a0d..6655f263 100644 --- a/service/ifaceconfig.go +++ b/service/ifaceconfig.go @@ -22,7 +22,7 @@ import ( "golang.zx2c4.com/wireguard/windows/service/firewall" ) -func bindSocketRoute(family winipcfg.AddressFamily, device *device.Device, ourLuid uint64, lastLuid *uint64) error { +func bindSocketRoute(family winipcfg.AddressFamily, device *device.Device, ourLUID uint64, lastLUID *uint64) error { routes, err := winipcfg.GetRoutes(family) if err != nil { return err @@ -31,10 +31,10 @@ func bindSocketRoute(family winipcfg.AddressFamily, device *device.Device, ourLu index := uint32(0) // Zero is "unspecified", which for IP_UNICAST_IF resets the value, which is what we want. luid := uint64(0) // Hopefully luid zero is unspecified, but hard to find docs saying so. for _, route := range routes { - if route.DestinationPrefix.PrefixLength != 0 || route.InterfaceLuid == ourLuid { + if route.DestinationPrefix.PrefixLength != 0 || route.InterfaceLUID == ourLUID { continue } - ifrow, err := winipcfg.GetIfRow(route.InterfaceLuid) + ifrow, err := winipcfg.GetIfRow(route.InterfaceLUID) if err != nil || ifrow.OperStatus != winipcfg.IfOperStatusUp { log.Printf("Found default route for interface %d, but not up, so skipping", route.InterfaceIndex) continue @@ -42,13 +42,13 @@ func bindSocketRoute(family winipcfg.AddressFamily, device *device.Device, ourLu if route.Metric < lowestMetric { lowestMetric = route.Metric index = route.InterfaceIndex - luid = route.InterfaceLuid + luid = route.InterfaceLUID } } - if luid == *lastLuid { + if luid == *lastLUID { return nil } - *lastLuid = luid + *lastLUID = luid if family == windows.AF_INET { return device.BindSocketToInterface4(index) } else if family == windows.AF_INET6 { @@ -57,10 +57,10 @@ func bindSocketRoute(family winipcfg.AddressFamily, device *device.Device, ourLu return nil } -func getIpInterfaceRetry(luid uint64, family winipcfg.AddressFamily, retry bool) (ipi *winipcfg.IpInterface, err error) { +func getIPInterfaceRetry(luid uint64, family winipcfg.AddressFamily, retry bool) (ipi *winipcfg.IPInterface, err error) { const maxRetries = 100 for i := 0; i < maxRetries; i++ { - ipi, err = winipcfg.GetIpInterface(luid, family) + ipi, err = winipcfg.GetIPInterface(luid, family) if retry && i != maxRetries-1 && err == windows.ERROR_NOT_FOUND { time.Sleep(time.Millisecond * 50) continue @@ -71,16 +71,16 @@ func getIpInterfaceRetry(luid uint64, family winipcfg.AddressFamily, retry bool) } func monitorDefaultRoutes(device *device.Device, autoMTU bool, tun *tun.NativeTun) (*winipcfg.RouteChangeCallback, error) { - ourLuid := tun.LUID() - lastLuid4 := uint64(0) - lastLuid6 := uint64(0) - lastMtu := uint32(0) + ourLUID := tun.LUID() + lastLUID4 := uint64(0) + lastLUID6 := uint64(0) + lastMTU := uint32(0) doIt := func(retry bool) error { - err := bindSocketRoute(windows.AF_INET, device, ourLuid, &lastLuid4) + err := bindSocketRoute(windows.AF_INET, device, ourLUID, &lastLUID4) if err != nil { return err } - err = bindSocketRoute(windows.AF_INET6, device, ourLuid, &lastLuid6) + err = bindSocketRoute(windows.AF_INET6, device, ourLUID, &lastLUID6) if err != nil { return err } @@ -88,51 +88,51 @@ func monitorDefaultRoutes(device *device.Device, autoMTU bool, tun *tun.NativeTu return nil } mtu := uint32(0) - if lastLuid4 != 0 { - iface, err := winipcfg.InterfaceFromLUID(lastLuid4) + if lastLUID4 != 0 { + iface, err := winipcfg.InterfaceFromLUID(lastLUID4) if err != nil { return err } - if iface.Mtu > 0 { - mtu = iface.Mtu + if iface.MTU > 0 { + mtu = iface.MTU } } - if lastLuid6 != 0 { - iface, err := winipcfg.InterfaceFromLUID(lastLuid6) + if lastLUID6 != 0 { + iface, err := winipcfg.InterfaceFromLUID(lastLUID6) if err != nil { return err } - if iface.Mtu > 0 && iface.Mtu < mtu { - mtu = iface.Mtu + if iface.MTU > 0 && iface.MTU < mtu { + mtu = iface.MTU } } - if mtu > 0 && (lastMtu == 0 || lastMtu != mtu) { - iface, err := getIpInterfaceRetry(ourLuid, windows.AF_INET, retry) + if mtu > 0 && (lastMTU == 0 || lastMTU != mtu) { + iface, err := getIPInterfaceRetry(ourLUID, windows.AF_INET, retry) if err != nil { return err } - iface.NlMtu = mtu - 80 - if iface.NlMtu < 576 { - iface.NlMtu = 576 + iface.NLMTU = mtu - 80 + if iface.NLMTU < 576 { + iface.NLMTU = 576 } err = iface.Set() if err != nil { return err } - tun.ForceMtu(int(iface.NlMtu)) //TODO: it sort of breaks the model with v6 mtu and v4 mtu being different. Just set v4 one for now. - iface, err = getIpInterfaceRetry(ourLuid, windows.AF_INET6, retry) + tun.ForceMTU(int(iface.NLMTU)) //TODO: it sort of breaks the model with v6 mtu and v4 mtu being different. Just set v4 one for now. + iface, err = getIPInterfaceRetry(ourLUID, windows.AF_INET6, retry) if err != nil { return err } - iface.NlMtu = mtu - 80 - if iface.NlMtu < 1280 { - iface.NlMtu = 1280 + iface.NLMTU = mtu - 80 + if iface.NLMTU < 1280 { + iface.NLMTU = 1280 } err = iface.Set() if err != nil { return err } - lastMtu = mtu + lastMTU = mtu } return nil } @@ -290,12 +290,12 @@ func configureInterface(conf *conf.Config, tun *tun.NativeTun) error { return nil } - err = iface.SetDNS(conf.Interface.Dns) + err = iface.SetDNS(conf.Interface.DNS) if err != nil { return err } - ipif, err := iface.GetIpInterface(windows.AF_INET) + ipif, err := iface.GetIPInterface(windows.AF_INET) if err != nil { return err } @@ -303,16 +303,16 @@ func configureInterface(conf *conf.Config, tun *tun.NativeTun) error { ipif.UseAutomaticMetric = false ipif.Metric = 0 } - if conf.Interface.Mtu > 0 { - ipif.NlMtu = uint32(conf.Interface.Mtu) - tun.ForceMtu(int(ipif.NlMtu)) + if conf.Interface.MTU > 0 { + ipif.NLMTU = uint32(conf.Interface.MTU) + tun.ForceMTU(int(ipif.NLMTU)) } err = ipif.Set() if err != nil { return err } - ipif, err = iface.GetIpInterface(windows.AF_INET6) + ipif, err = iface.GetIPInterface(windows.AF_INET6) if err != nil { return err } @@ -320,8 +320,8 @@ func configureInterface(conf *conf.Config, tun *tun.NativeTun) error { ipif.UseAutomaticMetric = false ipif.Metric = 0 } - if conf.Interface.Mtu > 0 { - ipif.NlMtu = uint32(conf.Interface.Mtu) + if conf.Interface.MTU > 0 { + ipif.NLMTU = uint32(conf.Interface.MTU) } ipif.DadTransmits = 0 ipif.RouterDiscoveryBehavior = winipcfg.RouterDiscoveryDisabled @@ -349,9 +349,9 @@ func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { } } } - if restrictAll && len(conf.Interface.Dns) == 0 { + if restrictAll && len(conf.Interface.DNS) == 0 { name, _ := tun.Name() log.Printf("[%s] Warning: no DNS server specified, despite having an allowed IPs of 0.0.0.0/0 or ::/0. There may be connectivity issues.", name) } - return firewall.EnableFirewall(tun.LUID(), conf.Interface.Dns, restrictAll) + return firewall.EnableFirewall(tun.LUID(), conf.Interface.DNS, restrictAll) } diff --git a/service/service_tunnel.go b/service/service_tunnel.go index be1eff69..5f4b302e 100644 --- a/service/service_tunnel.go +++ b/service/service_tunnel.go @@ -177,7 +177,7 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest, dev.Up() logger.Info.Println("Monitoring default routes") - routeChangeCallback, err = monitorDefaultRoutes(dev, conf.Interface.Mtu == 0, nativeTun) + routeChangeCallback, err = monitorDefaultRoutes(dev, conf.Interface.MTU == 0, nativeTun) if err != nil { serviceError = ErrorBindSocketsToDefaultRoutes return |