aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/service (follow)
Commit message (Collapse)AuthorAgeFilesLines
* service: account for delete pending windows bug in tunneltrackerJason A. Donenfeld2019-05-092-12/+35
| | | | | | | | | | Sometimes deleting a service disables it and prepares it for being deleted, but doesn't actually mark it as pending deletion. Presumably this is due to a race condition in the service management code. Workaround this by polling for disabled services, so that we don't wind up sleeping forever. Reported-by: Thomas Gschwantner <tharre3@gmail.com>
* service: prevent against multiple routines per sessionJason A. Donenfeld2019-05-081-4/+18
|
* service: print in log after UI exitsJason A. Donenfeld2019-05-081-3/+10
|
* service: waste a page due to sheer incompetenceJason A. Donenfeld2019-05-081-1/+1
|
* service: require elevated tokenJason A. Donenfeld2019-05-081-0/+1
|
* service: make the generated bindings do the type forcingJason A. Donenfeld2019-05-082-64/+56
|
* service: local system's token is a bit more locked down than elevatedJason A. Donenfeld2019-05-081-2/+3
|
* service: give process elevated security attributes plus logon session ID with minimal permissionsJason A. Donenfeld2019-05-085-42/+311
|
* firewall: cleanupJason A. Donenfeld2019-05-086-58/+59
|
* firewall: implode recurring address definitionsOdd Stranne2019-05-081-14/+15
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: remove unused codeOdd Stranne2019-05-088-296/+44
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: add permitHyperV()Odd Stranne2019-05-083-0/+108
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: implement permitNdp()Odd Stranne2019-05-082-4/+222
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* service: delay restart for one secondJason A. Donenfeld2019-05-071-0/+5
| | | | | | This prevents a thundering herd. Also, we can now use the restart manager in the MSI because our walk fork handles the right window messages.
* ringlogger: export R/O handle for UI processJason A. Donenfeld2019-05-072-2/+3
|
* updater: move into managerJason A. Donenfeld2019-05-066-148/+386
|
* ui: syntax: implement trafic blocking semanticsJason A. Donenfeld2019-05-051-2/+8
| | | | This is our "auto kill switch".
* service: temporarily disable security attributesJason A. Donenfeld2019-05-041-1/+11
| | | | This must be reverted before we release! See big source code comment.
* firewall: do not add unused permit rules when !restrictAllJason A. Donenfeld2019-05-041-16/+18
|
* firewall: DNS is TCP and UDPJason A. Donenfeld2019-05-031-3/+22
|
* firewall: block dns before allowing localhostJason A. Donenfeld2019-05-033-38/+31
| | | | | This prevents DNS leaks from people who have a localhost resolver doing something funky.
* firewall: only use one listJason A. Donenfeld2019-05-032-230/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | Unless you use complicated rights veto rules, WFP's policy is that between sublayers, block always outweighs allow. It's easier, therefore, to simply weight a single sublayer correctly, with allow rules having heavier weight than block rules. This basically means that we have to be careful that DNS isn't a subset of some allow rule. One place where this would be a problem are the permitLan* rules, which we don't use anyway, and so this commit nukes them. Another place would be if somebody is using a localhost/loopback resolver for whatever reason. This is probably a "low risk" sort of thing, but we may want to fix this by ordering the dns block just in front of the loopback permit. The other place is in the wireguard.exe tunnel service itself, which does DNS lookups. Since right now we mostly enforce one-tunnel-at-a- time, this isn't really a problem. But later if we allow nested tunneling, it means that the DNS lookup in a second tunnel can potentially escape the DNS server of the first tunnel. We can address this problem later, perhaps with fancier security descriptors that we shuffle around depending on which state the tunnel is in. And on the bright side, this change allows people to run WireGuard over port 53 itself, which is generally a desirable thing.
* firewall: since DNS is a blacklist, we have to exclude our own interfaceJason A. Donenfeld2019-05-032-6/+18
|
* firewall: pass blob of security descriptor instead of raw, and give daclJason A. Donenfeld2019-05-035-30/+33
|
* firewall: wrap errors because there are lots of syscallsJason A. Donenfeld2019-05-033-88/+102
|
* service: wire up firewallJason A. Donenfeld2019-05-034-18/+57
|
* firewall: introduce incomplete untested prototypeOdd Stranne2019-05-0310-0/+2857
| | | | | | | | | | This doesn't support NDP yet, and some major things are still left to be decided, but this is the beginning of something that can be debugged into shape. Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
* service: lock OS thread before making inheritable handlesJason A. Donenfeld2019-05-021-0/+7
|
* service: wtf->wtsJason A. Donenfeld2019-05-022-3/+3
|
* service: set security attributes on new processJason A. Donenfeld2019-05-023-9/+60
|
* service: correct sid boundsJason A. Donenfeld2019-05-021-2/+1
|
* service: fix oooJason A. Donenfeld2019-05-021-1/+1
|
* ui: fix log closure variableJason A. Donenfeld2019-04-301-3/+3
|
* service: inform UIs it is time to quit so they can kill trayJason A. Donenfeld2019-04-303-0/+30
|
* ui: fix quoting in error stringsJason A. Donenfeld2019-04-301-1/+1
|
* service: pass global state with notificationJason A. Donenfeld2019-04-292-5/+10
|
* service: tunnel: print stack and quit after 30 seconds of shutdown deadlockJason A. Donenfeld2019-04-291-3/+42
|
* service: improve state transitionsJason A. Donenfeld2019-04-293-11/+33
|
* service: tunnel: UAPI serialization is always DNS relatedJason A. Donenfeld2019-04-272-4/+4
|
* service: create environment for userJason A. Donenfeld2019-04-272-0/+69
|
* ui: simplify everythingJason A. Donenfeld2019-04-273-5/+66
|
* service: use WireGuardTunnel$ prefixJason A. Donenfeld2019-04-052-6/+6
|
* ifaceconfig: remove unused codeJason A. Donenfeld2019-04-031-13/+0
|
* ringlogger: give unprivd access via inheritable mapping handleJason A. Donenfeld2019-04-023-12/+6
|
* errors: don't put periods at end of errorsJason A. Donenfeld2019-03-211-17/+17
|
* ringlogger: introduce basic file ring loggingJason A. Donenfeld2019-03-215-77/+38
|
* manager: CreateWellKnownSid is upstreamed nowJason A. Donenfeld2019-03-162-38/+1
|
* tunnel: tell wggo about mtu changesJason A. Donenfeld2019-03-132-9/+12
|
* tunneltracker: don't track tunnels that haven't been startedJason A. Donenfeld2019-03-123-21/+49
| | | | | | | | Otherwise we get the hasn't-been-started-yet error, and the tracker quits. Meanwhile this is reported back to the ui as an error. While we're at it, don't let multiple trackers be run, in the event that the at-start tracker races with the installation tracker. And, make sure we actually get the deletion notification.
* tunneltracker: redo deletion state machineJason A. Donenfeld2019-03-124-58/+53
| | | | | We're now properly examining the notifier return value and also making sure events are delivered in order.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.