diff options
| author |   Odd Stranne <odd@mullvad.net> | 2019-05-07 13:35:13 +0200 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-08 08:31:00 +0200 |
| commit | 9d6b89f34fca68572aa5f601fa516356dac8334d (patch) | |
| tree | 82e90cd981ebde3298713d0263d356f16c573a7a /service | |
| parent | firewall: remove unused code (diff) | |
| download | wireguard-windows-9d6b89f34fca68572aa5f601fa516356dac8334d.tar.xz wireguard-windows-9d6b89f34fca68572aa5f601fa516356dac8334d.zip | |
firewall: implode recurring address definitions
Signed-off-by: Odd Stranne <odd@mullvad.net>
Diffstat (limited to 'service')
| -rw-r--r-- | service/firewall/rules.go | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/service/firewall/rules.go b/service/firewall/rules.go index 15901655..1cec3ae6 100644 --- a/service/firewall/rules.go +++ b/service/firewall/rules.go @@ -11,6 +11,18 @@ import ( "unsafe" ) +// +// Known addresses. These should be const but there are initialization issues. +// +var ( + linkLocal = wtFwpV6AddrAndMask{[16]uint8{0xfe, 0x80}, 10} + + linkLocalDhcpMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}} + siteLocalDhcpMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3}} + + linkLocalRouterMulticast = wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}} +) + func permitTunInterface(session uintptr, baseObjects *baseObjects, weight uint8, ifLuid uint64) error { ifaceCondition := wtFwpmFilterCondition0{ fieldKey: cFWPM_CONDITION_IP_LOCAL_INTERFACE, @@ -442,15 +454,10 @@ func permitDhcpIpv4(session uintptr, baseObjects *baseObjects, weight uint8) err } func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) error { - privateNetwork := wtFwpV6AddrAndMask{[16]uint8{0xfe, 0x80}, 10} - // // #1 Outbound DHCP request on IPv6. // { - linkLocalDhcpMulticast := wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}} - siteLocalDhcpMulticast := wtFwpByteArray16{[16]uint8{0xFF, 0x05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3}} - var conditions [6]wtFwpmFilterCondition0 conditions[0].fieldKey = cFWPM_CONDITION_IP_PROTOCOL @@ -477,7 +484,7 @@ func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) err conditions[4].fieldKey = cFWPM_CONDITION_IP_LOCAL_ADDRESS conditions[4].matchType = cFWP_MATCH_EQUAL conditions[4].conditionValue._type = cFWP_V6_ADDR_MASK - conditions[4].conditionValue.value = uintptr(unsafe.Pointer(&privateNetwork)) + conditions[4].conditionValue.value = uintptr(unsafe.Pointer(&linkLocal)) conditions[5].fieldKey = cFWPM_CONDITION_IP_LOCAL_PORT conditions[5].matchType = cFWP_MATCH_EQUAL @@ -524,7 +531,7 @@ func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) err conditions[1].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[1].matchType = cFWP_MATCH_EQUAL conditions[1].conditionValue._type = cFWP_V6_ADDR_MASK - conditions[1].conditionValue.value = uintptr(unsafe.Pointer(&privateNetwork)) + conditions[1].conditionValue.value = uintptr(unsafe.Pointer(&linkLocal)) conditions[2].fieldKey = cFWPM_CONDITION_IP_REMOTE_PORT conditions[2].matchType = cFWP_MATCH_EQUAL @@ -534,7 +541,7 @@ func permitDhcpIpv6(session uintptr, baseObjects *baseObjects, weight uint8) err conditions[3].fieldKey = cFWPM_CONDITION_IP_LOCAL_ADDRESS conditions[3].matchType = cFWP_MATCH_EQUAL conditions[3].conditionValue._type = cFWP_V6_ADDR_MASK - conditions[3].conditionValue.value = uintptr(unsafe.Pointer(&privateNetwork)) + conditions[3].conditionValue.value = uintptr(unsafe.Pointer(&linkLocal)) conditions[4].fieldKey = cFWPM_CONDITION_IP_LOCAL_PORT conditions[4].matchType = cFWP_MATCH_EQUAL @@ -610,8 +617,6 @@ func permitNdp(session uintptr, baseObjects *baseObjects, weight uint8) error { conditions[2].conditionValue._type = cFWP_UINT16 conditions[2].conditionValue.value = uintptr(0) - linkLocalRouterMulticast := wtFwpByteArray16{[16]uint8{0xFF, 0x02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}} - conditions[3].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[3].matchType = cFWP_MATCH_EQUAL conditions[3].conditionValue._type = cFWP_BYTE_ARRAY16_TYPE @@ -651,8 +656,6 @@ func permitNdp(session uintptr, baseObjects *baseObjects, weight uint8) error { conditions[2].conditionValue._type = cFWP_UINT16 conditions[2].conditionValue.value = uintptr(0) - linkLocal := wtFwpV6AddrAndMask{[16]uint8{0xfe, 0x80}, 10} - conditions[3].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[3].matchType = cFWP_MATCH_EQUAL conditions[3].conditionValue._type = cFWP_V6_ADDR_MASK @@ -772,8 +775,6 @@ func permitNdp(session uintptr, baseObjects *baseObjects, weight uint8) error { conditions[2].conditionValue._type = cFWP_UINT16 conditions[2].conditionValue.value = uintptr(0) - linkLocal := wtFwpV6AddrAndMask{[16]uint8{0xfe, 0x80}, 10} - conditions[3].fieldKey = cFWPM_CONDITION_IP_REMOTE_ADDRESS conditions[3].matchType = cFWP_MATCH_EQUAL conditions[3].conditionValue._type = cFWP_V6_ADDR_MASK |