Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | ui: syntax: implement trafic blocking semantics | Jason A. Donenfeld | 2019-05-05 | 1 | -2/+8 |
| | | | | This is our "auto kill switch". | ||||
* | service: temporarily disable security attributes | Jason A. Donenfeld | 2019-05-04 | 1 | -1/+11 |
| | | | | This must be reverted before we release! See big source code comment. | ||||
* | firewall: do not add unused permit rules when !restrictAll | Jason A. Donenfeld | 2019-05-04 | 1 | -16/+18 |
| | |||||
* | firewall: DNS is TCP and UDP | Jason A. Donenfeld | 2019-05-03 | 1 | -3/+22 |
| | |||||
* | firewall: block dns before allowing localhost | Jason A. Donenfeld | 2019-05-03 | 3 | -38/+31 |
| | | | | | This prevents DNS leaks from people who have a localhost resolver doing something funky. | ||||
* | firewall: only use one list | Jason A. Donenfeld | 2019-05-03 | 2 | -230/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Unless you use complicated rights veto rules, WFP's policy is that between sublayers, block always outweighs allow. It's easier, therefore, to simply weight a single sublayer correctly, with allow rules having heavier weight than block rules. This basically means that we have to be careful that DNS isn't a subset of some allow rule. One place where this would be a problem are the permitLan* rules, which we don't use anyway, and so this commit nukes them. Another place would be if somebody is using a localhost/loopback resolver for whatever reason. This is probably a "low risk" sort of thing, but we may want to fix this by ordering the dns block just in front of the loopback permit. The other place is in the wireguard.exe tunnel service itself, which does DNS lookups. Since right now we mostly enforce one-tunnel-at-a- time, this isn't really a problem. But later if we allow nested tunneling, it means that the DNS lookup in a second tunnel can potentially escape the DNS server of the first tunnel. We can address this problem later, perhaps with fancier security descriptors that we shuffle around depending on which state the tunnel is in. And on the bright side, this change allows people to run WireGuard over port 53 itself, which is generally a desirable thing. | ||||
* | firewall: since DNS is a blacklist, we have to exclude our own interface | Jason A. Donenfeld | 2019-05-03 | 2 | -6/+18 |
| | |||||
* | firewall: pass blob of security descriptor instead of raw, and give dacl | Jason A. Donenfeld | 2019-05-03 | 5 | -30/+33 |
| | |||||
* | firewall: wrap errors because there are lots of syscalls | Jason A. Donenfeld | 2019-05-03 | 3 | -88/+102 |
| | |||||
* | service: wire up firewall | Jason A. Donenfeld | 2019-05-03 | 4 | -18/+57 |
| | |||||
* | firewall: introduce incomplete untested prototype | Odd Stranne | 2019-05-03 | 10 | -0/+2857 |
| | | | | | | | | | | This doesn't support NDP yet, and some major things are still left to be decided, but this is the beginning of something that can be debugged into shape. Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com> | ||||
* | service: lock OS thread before making inheritable handles | Jason A. Donenfeld | 2019-05-02 | 1 | -0/+7 |
| | |||||
* | service: wtf->wts | Jason A. Donenfeld | 2019-05-02 | 2 | -3/+3 |
| | |||||
* | service: set security attributes on new process | Jason A. Donenfeld | 2019-05-02 | 3 | -9/+60 |
| | |||||
* | service: correct sid bounds | Jason A. Donenfeld | 2019-05-02 | 1 | -2/+1 |
| | |||||
* | service: fix ooo | Jason A. Donenfeld | 2019-05-02 | 1 | -1/+1 |
| | |||||
* | ui: fix log closure variable | Jason A. Donenfeld | 2019-04-30 | 1 | -3/+3 |
| | |||||
* | service: inform UIs it is time to quit so they can kill tray | Jason A. Donenfeld | 2019-04-30 | 3 | -0/+30 |
| | |||||
* | ui: fix quoting in error strings | Jason A. Donenfeld | 2019-04-30 | 1 | -1/+1 |
| | |||||
* | service: pass global state with notification | Jason A. Donenfeld | 2019-04-29 | 2 | -5/+10 |
| | |||||
* | service: tunnel: print stack and quit after 30 seconds of shutdown deadlock | Jason A. Donenfeld | 2019-04-29 | 1 | -3/+42 |
| | |||||
* | service: improve state transitions | Jason A. Donenfeld | 2019-04-29 | 3 | -11/+33 |
| | |||||
* | service: tunnel: UAPI serialization is always DNS related | Jason A. Donenfeld | 2019-04-27 | 2 | -4/+4 |
| | |||||
* | service: create environment for user | Jason A. Donenfeld | 2019-04-27 | 2 | -0/+69 |
| | |||||
* | ui: simplify everything | Jason A. Donenfeld | 2019-04-27 | 3 | -5/+66 |
| | |||||
* | service: use WireGuardTunnel$ prefix | Jason A. Donenfeld | 2019-04-05 | 2 | -6/+6 |
| | |||||
* | ifaceconfig: remove unused code | Jason A. Donenfeld | 2019-04-03 | 1 | -13/+0 |
| | |||||
* | ringlogger: give unprivd access via inheritable mapping handle | Jason A. Donenfeld | 2019-04-02 | 3 | -12/+6 |
| | |||||
* | errors: don't put periods at end of errors | Jason A. Donenfeld | 2019-03-21 | 1 | -17/+17 |
| | |||||
* | ringlogger: introduce basic file ring logging | Jason A. Donenfeld | 2019-03-21 | 5 | -77/+38 |
| | |||||
* | manager: CreateWellKnownSid is upstreamed now | Jason A. Donenfeld | 2019-03-16 | 2 | -38/+1 |
| | |||||
* | tunnel: tell wggo about mtu changes | Jason A. Donenfeld | 2019-03-13 | 2 | -9/+12 |
| | |||||
* | tunneltracker: don't track tunnels that haven't been started | Jason A. Donenfeld | 2019-03-12 | 3 | -21/+49 |
| | | | | | | | | Otherwise we get the hasn't-been-started-yet error, and the tracker quits. Meanwhile this is reported back to the ui as an error. While we're at it, don't let multiple trackers be run, in the event that the at-start tracker races with the installation tracker. And, make sure we actually get the deletion notification. | ||||
* | tunneltracker: redo deletion state machine | Jason A. Donenfeld | 2019-03-12 | 4 | -58/+53 |
| | | | | | We're now properly examining the notifier return value and also making sure events are delivered in order. | ||||
* | service: keep track of proper errors | Jason A. Donenfeld | 2019-03-10 | 7 | -76/+205 |
| | |||||
* | tunneltracker: account for windows 7 statemachine bug | Jason A. Donenfeld | 2019-03-09 | 1 | -1/+8 |
| | | | | | Windows 7 will transition to stopping after it has already triggered stopped, so keep track of that and filter it out. | ||||
* | ifaceconfig: don't try to set v6 MTUs under 1280 | Jason A. Donenfeld | 2019-03-08 | 1 | -0/+6 |
| | | | | | | | We also constrain v4, but it'd be surprising for that to actually be an issue without something else also being an issue. Reported-by: Thomas Gschwantner <tharre3@gmail.com> | ||||
* | names: better casing | Jason A. Donenfeld | 2019-03-07 | 1 | -1/+1 |
| | |||||
* | ifaceconfig: more compact less function | Jason A. Donenfeld | 2019-03-05 | 1 | -13/+4 |
| | |||||
* | conf: validate tunnel name | Jason A. Donenfeld | 2019-03-05 | 5 | -8/+57 |
| | |||||
* | ifaceconfig: set MTU and monitor for auto mtu changes | Jason A. Donenfeld | 2019-03-05 | 2 | -2/+53 |
| | |||||
* | ifaceconfig: trim filtered list | Jason A. Donenfeld | 2019-03-05 | 1 | -1/+1 |
| | |||||
* | manager: connect to tunnel for runtime config | Jason A. Donenfeld | 2019-03-04 | 1 | -2/+24 |
| | |||||
* | ifaceconfig: cleanup | Jason A. Donenfeld | 2019-03-04 | 1 | -5/+5 |
| | |||||
* | ifaceconfig: remove split routes param | Jason A. Donenfeld | 2019-03-04 | 1 | -1/+1 |
| | |||||
* | ifaceconfig: deduplicate routes | Jason A. Donenfeld | 2019-03-04 | 1 | -18/+31 |
| | |||||
* | ifaceconfig: call setsockopt less often | Jason A. Donenfeld | 2019-03-04 | 1 | -4/+14 |
| | | | | Cache the last LUID set, and only change when the default route changes. | ||||
* | tunnel: do not rely on submodule | Jason A. Donenfeld | 2019-03-03 | 2 | -46/+22 |
| | |||||
* | tunnel: simplify shutdown | Jason A. Donenfeld | 2019-03-03 | 3 | -53/+42 |
| | |||||
* | callbacks: use cb as receiver for unregister | Jason A. Donenfeld | 2019-03-03 | 2 | -4/+3 |
| |