diff options
Diffstat (limited to 'ui/editdialog.go')
| -rw-r--r-- | ui/editdialog.go | 65 |
1 files changed, 34 insertions, 31 deletions
diff --git a/ui/editdialog.go b/ui/editdialog.go index ade6c498..45b25fd0 100644 --- a/ui/editdialog.go +++ b/ui/editdialog.go @@ -1,11 +1,12 @@ /* SPDX-License-Identifier: MIT * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved. */ package ui import ( + "net/netip" "strings" "github.com/lxn/walk" @@ -78,7 +79,7 @@ func newEditDialog(owner walk.Form, tunnel *manager.Tunnel) (*EditDialog, error) dlg.SetTitle(title) dlg.SetLayout(layout) dlg.SetMinMaxSize(walk.Size{500, 400}, walk.Size{0, 0}) - if icon, err := loadSystemIcon("imageres", 109, 32); err == nil { + if icon, err := loadSystemIcon("imageres", -114, 32); err == nil { dlg.SetIcon(icon) } @@ -129,7 +130,7 @@ func newEditDialog(owner walk.Form, tunnel *manager.Tunnel) (*EditDialog, error) return nil, err } dlg.blockUntunneledTrafficCB.SetText(l18n.Sprintf("&Block untunneled traffic (kill-switch)")) - dlg.blockUntunneledTrafficCB.SetToolTipText(l18n.Sprintf("When a configuration has exactly one peer, and that peer has an allowed IPs containing at least one of 0.0.0.0/0 or ::/0, then the tunnel service engages a firewall ruleset to block all traffic that is neither to nor from the tunnel interface, with special exceptions for DHCP and NDP.")) + dlg.blockUntunneledTrafficCB.SetToolTipText(l18n.Sprintf("When a configuration has exactly one peer, and that peer has an allowed IPs containing at least one of 0.0.0.0/0 or ::/0, and the interface does not have table off, then the tunnel service engages a firewall ruleset to block all traffic that is neither to nor from the tunnel interface or is to the wrong DNS server, with special exceptions for DHCP and NDP.")) dlg.blockUntunneledTrafficCB.SetVisible(false) dlg.blockUntunneledTrafficCB.CheckedChanged().Attach(dlg.onBlockUntunneledTrafficCBCheckedChanged) @@ -185,15 +186,17 @@ func (dlg *EditDialog) onBlockUntunneledTrafficCBCheckedChanged() { return } var ( - v40 = [4]byte{} - v60 = [16]byte{} - v48 = [4]byte{0x80} - v68 = [16]byte{0x80} + v400 = netip.PrefixFrom(netip.IPv4Unspecified(), 0) + v600000 = netip.PrefixFrom(netip.IPv6Unspecified(), 0) + v401 = netip.PrefixFrom(netip.AddrFrom4([4]byte{}), 1) + v600001 = netip.PrefixFrom(netip.AddrFrom16([16]byte{}), 1) + v41281 = netip.PrefixFrom(netip.AddrFrom4([4]byte{0x80}), 1) + v680001 = netip.PrefixFrom(netip.AddrFrom16([16]byte{0x80}), 1) ) block := dlg.blockUntunneledTrafficCB.Checked() cfg, err := conf.FromWgQuick(dlg.syntaxEdit.Text(), "temporary") - var newAllowedIPs []conf.IPCidr + var newAllowedIPs []netip.Prefix if err != nil { goto err @@ -202,7 +205,7 @@ func (dlg *EditDialog) onBlockUntunneledTrafficCBCheckedChanged() { goto err } - newAllowedIPs = make([]conf.IPCidr, 0, len(cfg.Peers[0].AllowedIPs)) + newAllowedIPs = make([]netip.Prefix, 0, len(cfg.Peers[0].AllowedIPs)) if block { var ( foundV401 bool @@ -211,13 +214,13 @@ func (dlg *EditDialog) onBlockUntunneledTrafficCBCheckedChanged() { foundV680001 bool ) for _, allowedip := range cfg.Peers[0].AllowedIPs { - if allowedip.Cidr == 1 && len(allowedip.IP) == 16 && allowedip.IP.Equal(v60[:]) { + if allowedip == v600001 { foundV600001 = true - } else if allowedip.Cidr == 1 && len(allowedip.IP) == 16 && allowedip.IP.Equal(v68[:]) { + } else if allowedip == v680001 { foundV680001 = true - } else if allowedip.Cidr == 1 && len(allowedip.IP) == 4 && allowedip.IP.Equal(v40[:]) { + } else if allowedip == v401 { foundV401 = true - } else if allowedip.Cidr == 1 && len(allowedip.IP) == 4 && allowedip.IP.Equal(v48[:]) { + } else if allowedip == v41281 { foundV41281 = true } else { newAllowedIPs = append(newAllowedIPs, allowedip) @@ -227,44 +230,44 @@ func (dlg *EditDialog) onBlockUntunneledTrafficCBCheckedChanged() { goto err } if foundV401 && foundV41281 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v40[:], 0}) + newAllowedIPs = append(newAllowedIPs, v400) } else if foundV401 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v40[:], 1}) + newAllowedIPs = append(newAllowedIPs, v401) } else if foundV41281 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v48[:], 1}) + newAllowedIPs = append(newAllowedIPs, v41281) } if foundV600001 && foundV680001 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v60[:], 0}) + newAllowedIPs = append(newAllowedIPs, v600000) } else if foundV600001 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v60[:], 1}) + newAllowedIPs = append(newAllowedIPs, v600001) } else if foundV680001 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v68[:], 1}) + newAllowedIPs = append(newAllowedIPs, v680001) } cfg.Peers[0].AllowedIPs = newAllowedIPs } else { var ( - foundV400 bool - foundV600 bool + foundV400 bool + foundV600000 bool ) for _, allowedip := range cfg.Peers[0].AllowedIPs { - if allowedip.Cidr == 0 && len(allowedip.IP) == 16 && allowedip.IP.Equal(v60[:]) { - foundV600 = true - } else if allowedip.Cidr == 0 && len(allowedip.IP) == 4 && allowedip.IP.Equal(v40[:]) { + if allowedip == v600000 { + foundV600000 = true + } else if allowedip == v400 { foundV400 = true } else { newAllowedIPs = append(newAllowedIPs, allowedip) } } - if !(foundV400 || foundV600) { + if !(foundV400 || foundV600000) { goto err } if foundV400 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v40[:], 1}) - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v48[:], 1}) + newAllowedIPs = append(newAllowedIPs, v401) + newAllowedIPs = append(newAllowedIPs, v41281) } - if foundV600 { - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v60[:], 1}) - newAllowedIPs = append(newAllowedIPs, conf.IPCidr{v68[:], 1}) + if foundV600000 { + newAllowedIPs = append(newAllowedIPs, v600001) + newAllowedIPs = append(newAllowedIPs, v680001) } cfg.Peers[0].AllowedIPs = newAllowedIPs } @@ -279,7 +282,7 @@ err: func (dlg *EditDialog) onBlockUntunneledTrafficStateChanged(state int) { dlg.blockUntunneledTraficCheckGuard = true - switch state { + switch syntax.BlockState(state) { case syntax.InevaluableBlockingUntunneledTraffic: dlg.blockUntunneledTrafficCB.SetVisible(false) case syntax.BlockingUntunneledTraffic: |