aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/service (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-05-20service: split into tunnel and managerJason A. Donenfeld23-5171/+0
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-20service: move route monitor and account for changing indexJason A. Donenfeld2-133/+150
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-20service: simplify tunnel loggingJason A. Donenfeld2-37/+25
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-20service: give indication of socket bindingJason A. Donenfeld1-0/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-18firewall: don't add empty dns allow rulesJason A. Donenfeld1-4/+4
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16service: silently ignore routes that won't have a gatewayJason A. Donenfeld3-20/+32
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16service: print useragent in logJason A. Donenfeld2-1/+5
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16global: correct names and patterns for go lintJason A. Donenfeld8-66/+64
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16service: use more upstream constantsJason A. Donenfeld4-18/+12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16firewall: correct protocol condition in NDP filtersOdd Stranne2-8/+9
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16service: token elevation stuff is upstreamJason A. Donenfeld2-34/+14
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-16global: change acronyms to uppercaseSimon Rozman5-67/+67
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-05-15firewall: allow wireguard.exe to override other rulesJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15firewall: give sublayer heavy weightJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15firewall: correct type on 32bit structureJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15service: ip adapter might not be up yetJason A. Donenfeld1-5/+19
I don't like polling, but windows is racey. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15ui: drop permissionsJason A. Donenfeld2-2/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15service: move WTS upstreamJason A. Donenfeld4-136/+12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-15service: more apis ported upstreamJason A. Donenfeld3-64/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: clean up token manglingJason A. Donenfeld4-89/+21
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: drop all privileges for tunnel serviceOdd Stranne4-0/+108
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: replace GetIfEntry2Ex with GetIfEntry2Simon Rozman1-1/+1
GetIfEntry2Ex is Windows 10+ only Signed-off-by: Simon Rozman <simon@rozman.si>
2019-05-14service: winipcfg no longer returns a wrapped errorJason A. Donenfeld1-2/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: skip routes for interfaces that aren't upJason A. Donenfeld1-0/+5
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: account for loggedon but disconnected sessionsJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14global: use tab after //sysJason A. Donenfeld2-5/+5
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14global: regroup all importsJason A. Donenfeld13-33/+46
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-14service: reuse golang.org/x/sys/windows address family constantsSimon Rozman1-12/+13
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-05-13firewall: fix logic errorJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-13firewall: only allow specified dns serversJason A. Donenfeld3-49/+186
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-13service: use more standard naming scheme for syscallsJason A. Donenfeld4-99/+95
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-13service: allow go to create correct environment blockJason A. Donenfeld4-83/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-12service: run UI with elevated tokenJason A. Donenfeld3-375/+11
There are too many attacks possible when starting this with a non-elevated token. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-11service: run UI at high integrityJason A. Donenfeld3-0/+34
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-10service: use LUID directlyJason A. Donenfeld1-15/+5
InterfaceGuidToLuid fails if called soon after device creation. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-10service: clean up addresses from stale interfacesJason A. Donenfeld1-0/+51
Other VPN implementations leave trash laying around... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-10service: fix user logoutJason A. Donenfeld1-17/+50
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-09service: account for delete pending windows bug in tunneltrackerJason A. Donenfeld2-12/+35
Sometimes deleting a service disables it and prepares it for being deleted, but doesn't actually mark it as pending deletion. Presumably this is due to a race condition in the service management code. Workaround this by polling for disabled services, so that we don't wind up sleeping forever. Reported-by: Thomas Gschwantner <tharre3@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: prevent against multiple routines per sessionJason A. Donenfeld1-4/+18
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: print in log after UI exitsJason A. Donenfeld1-3/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: waste a page due to sheer incompetenceJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: require elevated tokenJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: make the generated bindings do the type forcingJason A. Donenfeld2-64/+56
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: local system's token is a bit more locked down than elevatedJason A. Donenfeld1-2/+3
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08service: give process elevated security attributes plus logon session ID with minimal permissionsJason A. Donenfeld5-42/+311
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08firewall: cleanupJason A. Donenfeld6-58/+59
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08firewall: implode recurring address definitionsOdd Stranne1-14/+15
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08firewall: remove unused codeOdd Stranne8-296/+44
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08firewall: add permitHyperV()Odd Stranne3-0/+108
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-08firewall: implement permitNdp()Odd Stranne2-4/+222
Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>