Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | service: split into tunnel and manager | Jason A. Donenfeld | 2019-05-20 | 23 | -5171/+0 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: move route monitor and account for changing index | Jason A. Donenfeld | 2019-05-20 | 2 | -133/+150 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: simplify tunnel logging | Jason A. Donenfeld | 2019-05-20 | 2 | -37/+25 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: give indication of socket binding | Jason A. Donenfeld | 2019-05-20 | 1 | -0/+2 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: don't add empty dns allow rules | Jason A. Donenfeld | 2019-05-18 | 1 | -4/+4 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: silently ignore routes that won't have a gateway | Jason A. Donenfeld | 2019-05-16 | 3 | -20/+32 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: print useragent in log | Jason A. Donenfeld | 2019-05-16 | 2 | -1/+5 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | global: correct names and patterns for go lint | Jason A. Donenfeld | 2019-05-16 | 8 | -66/+64 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: use more upstream constants | Jason A. Donenfeld | 2019-05-16 | 4 | -18/+12 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: correct protocol condition in NDP filters | Odd Stranne | 2019-05-16 | 2 | -8/+9 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: token elevation stuff is upstream | Jason A. Donenfeld | 2019-05-16 | 2 | -34/+14 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | global: change acronyms to uppercase | Simon Rozman | 2019-05-16 | 5 | -67/+67 |
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | firewall: allow wireguard.exe to override other rules | Jason A. Donenfeld | 2019-05-15 | 1 | -0/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: give sublayer heavy weight | Jason A. Donenfeld | 2019-05-15 | 1 | -0/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: correct type on 32bit structure | Jason A. Donenfeld | 2019-05-15 | 1 | -1/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: ip adapter might not be up yet | Jason A. Donenfeld | 2019-05-15 | 1 | -5/+19 |
| | | | | | | I don't like polling, but windows is racey. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | ui: drop permissions | Jason A. Donenfeld | 2019-05-15 | 2 | -2/+2 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: move WTS upstream | Jason A. Donenfeld | 2019-05-15 | 4 | -136/+12 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: more apis ported upstream | Jason A. Donenfeld | 2019-05-15 | 3 | -64/+10 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: clean up token mangling | Jason A. Donenfeld | 2019-05-14 | 4 | -89/+21 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: drop all privileges for tunnel service | Odd Stranne | 2019-05-14 | 4 | -0/+108 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: replace GetIfEntry2Ex with GetIfEntry2 | Simon Rozman | 2019-05-14 | 1 | -1/+1 |
| | | | | | | GetIfEntry2Ex is Windows 10+ only Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | service: winipcfg no longer returns a wrapped error | Jason A. Donenfeld | 2019-05-14 | 1 | -2/+2 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: skip routes for interfaces that aren't up | Jason A. Donenfeld | 2019-05-14 | 1 | -0/+5 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: account for loggedon but disconnected sessions | Jason A. Donenfeld | 2019-05-14 | 1 | -1/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | global: use tab after //sys | Jason A. Donenfeld | 2019-05-14 | 2 | -5/+5 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | global: regroup all imports | Jason A. Donenfeld | 2019-05-14 | 13 | -33/+46 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: reuse golang.org/x/sys/windows address family constants | Simon Rozman | 2019-05-14 | 1 | -12/+13 |
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | firewall: fix logic error | Jason A. Donenfeld | 2019-05-13 | 1 | -1/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: only allow specified dns servers | Jason A. Donenfeld | 2019-05-13 | 3 | -49/+186 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: use more standard naming scheme for syscalls | Jason A. Donenfeld | 2019-05-13 | 4 | -99/+95 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: allow go to create correct environment block | Jason A. Donenfeld | 2019-05-13 | 4 | -83/+10 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: run UI with elevated token | Jason A. Donenfeld | 2019-05-12 | 3 | -375/+11 |
| | | | | | | | There are too many attacks possible when starting this with a non-elevated token. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: run UI at high integrity | Jason A. Donenfeld | 2019-05-11 | 3 | -0/+34 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: use LUID directly | Jason A. Donenfeld | 2019-05-10 | 1 | -15/+5 |
| | | | | | | InterfaceGuidToLuid fails if called soon after device creation. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: clean up addresses from stale interfaces | Jason A. Donenfeld | 2019-05-10 | 1 | -0/+51 |
| | | | | | | Other VPN implementations leave trash laying around... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: fix user logout | Jason A. Donenfeld | 2019-05-10 | 1 | -17/+50 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: account for delete pending windows bug in tunneltracker | Jason A. Donenfeld | 2019-05-09 | 2 | -12/+35 |
| | | | | | | | | | | | Sometimes deleting a service disables it and prepares it for being deleted, but doesn't actually mark it as pending deletion. Presumably this is due to a race condition in the service management code. Workaround this by polling for disabled services, so that we don't wind up sleeping forever. Reported-by: Thomas Gschwantner <tharre3@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: prevent against multiple routines per session | Jason A. Donenfeld | 2019-05-08 | 1 | -4/+18 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: print in log after UI exits | Jason A. Donenfeld | 2019-05-08 | 1 | -3/+10 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: waste a page due to sheer incompetence | Jason A. Donenfeld | 2019-05-08 | 1 | -1/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: require elevated token | Jason A. Donenfeld | 2019-05-08 | 1 | -0/+1 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: make the generated bindings do the type forcing | Jason A. Donenfeld | 2019-05-08 | 2 | -64/+56 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: local system's token is a bit more locked down than elevated | Jason A. Donenfeld | 2019-05-08 | 1 | -2/+3 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | service: give process elevated security attributes plus logon session ID with minimal permissions | Jason A. Donenfeld | 2019-05-08 | 5 | -42/+311 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: cleanup | Jason A. Donenfeld | 2019-05-08 | 6 | -58/+59 |
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: implode recurring address definitions | Odd Stranne | 2019-05-08 | 1 | -14/+15 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: remove unused code | Odd Stranne | 2019-05-08 | 8 | -296/+44 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: add permitHyperV() | Odd Stranne | 2019-05-08 | 3 | -0/+108 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | firewall: implement permitNdp() | Odd Stranne | 2019-05-08 | 2 | -4/+222 |
| | | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |