diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2021-11-02 17:32:47 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-11-06 14:36:57 +0100 |
| commit | 25d879e1ae8fb8c7aebd18829ab2ef9fbc8ac9fa (patch) | |
| tree | 55a3d09f403adaa57c69d971599ac93a9e9c89ae /tunnel/firewall/rules.go | |
| parent | manager: cleanup legacy wintun (diff) | |
| download | wireguard-windows-25d879e1ae8fb8c7aebd18829ab2ef9fbc8ac9fa.tar.xz wireguard-windows-25d879e1ae8fb8c7aebd18829ab2ef9fbc8ac9fa.zip | |
global: switch to netip
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'tunnel/firewall/rules.go')
| -rw-r--r-- | tunnel/firewall/rules.go | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/tunnel/firewall/rules.go b/tunnel/firewall/rules.go index c4488a31..201a73e3 100644 --- a/tunnel/firewall/rules.go +++ b/tunnel/firewall/rules.go @@ -8,10 +8,11 @@ package firewall import ( "encoding/binary" "errors" - "net" "runtime" "unsafe" + "golang.zx2c4.com/go118/netip" + "golang.org/x/sys/windows" ) @@ -985,7 +986,7 @@ func blockAll(session uintptr, baseObjects *baseObjects, weight uint8) error { } // Block all DNS traffic except towards specified DNS servers. -func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weightAllow uint8, weightDeny uint8) error { +func blockDNS(except []netip.Addr, session uintptr, baseObjects *baseObjects, weightAllow uint8, weightDeny uint8) error { if weightDeny >= weightAllow { return errors.New("The allow weight must be greater than the deny weight") } @@ -1106,8 +1107,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight allowConditionsV4 := make([]wtFwpmFilterCondition0, 0, len(denyConditions)+len(except)) allowConditionsV4 = append(allowConditionsV4, denyConditions...) for _, ip := range except { - ip4 := ip.To4() - if ip4 == nil { + if !ip.Is4() { continue } allowConditionsV4 = append(allowConditionsV4, wtFwpmFilterCondition0{ @@ -1115,7 +1115,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight matchType: cFWP_MATCH_EQUAL, conditionValue: wtFwpConditionValue0{ _type: cFWP_UINT32, - value: uintptr(binary.BigEndian.Uint32(ip4)), + value: uintptr(binary.BigEndian.Uint32(ip.AsSlice())), }, }) } @@ -1124,11 +1124,10 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight allowConditionsV6 := make([]wtFwpmFilterCondition0, 0, len(denyConditions)+len(except)) allowConditionsV6 = append(allowConditionsV6, denyConditions...) for _, ip := range except { - if ip.To4() != nil { + if !ip.Is6() { continue } - var address wtFwpByteArray16 - copy(address.byteArray16[:], ip) + address := wtFwpByteArray16{byteArray16: ip.As16()} allowConditionsV6 = append(allowConditionsV6, wtFwpmFilterCondition0{ fieldKey: cFWPM_CONDITION_IP_REMOTE_ADDRESS, matchType: cFWP_MATCH_EQUAL, |