Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2019-05-04 | ui: specify default action in tray | Jason A. Donenfeld | 2 | -2/+4 | |
2019-05-03 | version: expose OsVersion for firewall | Jason A. Donenfeld | 2 | -26/+37 | |
2019-05-03 | firewall: DNS is TCP and UDP | Jason A. Donenfeld | 1 | -3/+22 | |
2019-05-03 | firewall: block dns before allowing localhost | Jason A. Donenfeld | 3 | -38/+31 | |
This prevents DNS leaks from people who have a localhost resolver doing something funky. | |||||
2019-05-03 | ui: fix thundering herd problem in importing/deleting | Jason A. Donenfeld | 4 | -117/+53 | |
2019-05-03 | firewall: only use one list | Jason A. Donenfeld | 2 | -230/+22 | |
Unless you use complicated rights veto rules, WFP's policy is that between sublayers, block always outweighs allow. It's easier, therefore, to simply weight a single sublayer correctly, with allow rules having heavier weight than block rules. This basically means that we have to be careful that DNS isn't a subset of some allow rule. One place where this would be a problem are the permitLan* rules, which we don't use anyway, and so this commit nukes them. Another place would be if somebody is using a localhost/loopback resolver for whatever reason. This is probably a "low risk" sort of thing, but we may want to fix this by ordering the dns block just in front of the loopback permit. The other place is in the wireguard.exe tunnel service itself, which does DNS lookups. Since right now we mostly enforce one-tunnel-at-a- time, this isn't really a problem. But later if we allow nested tunneling, it means that the DNS lookup in a second tunnel can potentially escape the DNS server of the first tunnel. We can address this problem later, perhaps with fancier security descriptors that we shuffle around depending on which state the tunnel is in. And on the bright side, this change allows people to run WireGuard over port 53 itself, which is generally a desirable thing. | |||||
2019-05-03 | firewall: since DNS is a blacklist, we have to exclude our own interface | Jason A. Donenfeld | 2 | -6/+18 | |
2019-05-03 | firewall: pass blob of security descriptor instead of raw, and give dacl | Jason A. Donenfeld | 5 | -30/+33 | |
2019-05-03 | firewall: wrap errors because there are lots of syscalls | Jason A. Donenfeld | 3 | -88/+102 | |
2019-05-03 | service: wire up firewall | Jason A. Donenfeld | 4 | -18/+57 | |
2019-05-03 | firewall: introduce incomplete untested prototype | Odd Stranne | 10 | -0/+2857 | |
This doesn't support NDP yet, and some major things are still left to be decided, but this is the beginning of something that can be debugged into shape. Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com> | |||||
2019-05-03 | ui: add toolbar after adding it to the tabs | Jason A. Donenfeld | 3 | -79/+89 | |
2019-05-03 | ui: import lowercase extension matching | Jason A. Donenfeld | 1 | -4/+4 | |
2019-05-03 | ui: background import configs | Jason A. Donenfeld | 1 | -85/+90 | |
2019-05-03 | ui: fix up confview ticker and list sync logic | Jason A. Donenfeld | 3 | -46/+64 | |
2019-05-03 | ui: better manage window size | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-03 | ui: fix left list width | Jason A. Donenfeld | 1 | -13/+14 | |
2019-05-03 | ui: double buffer list view | Jason A. Donenfeld | 2 | -2/+4 | |
2019-05-02 | ui: fix version strings | Jason A. Donenfeld | 1 | -1/+2 | |
2019-05-02 | ui: use system icons instead of green and red dots | Jason A. Donenfeld | 1 | -24/+4 | |
2019-05-02 | ui: use system icons in toolbar | Jason A. Donenfeld | 6 | -13/+26 | |
2019-05-02 | updater: use /qb!- instead of /qb- | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-02 | ui: rename things to say tunnel less | Jason A. Donenfeld | 3 | -33/+33 | |
2019-05-02 | ui: move toolbar up | Jason A. Donenfeld | 1 | -0/+1 | |
2019-05-02 | ui: add labels and keyboard shortcuts | Jason A. Donenfeld | 1 | -2/+6 | |
2019-05-02 | service: lock OS thread before making inheritable handles | Jason A. Donenfeld | 1 | -0/+7 | |
2019-05-02 | service: wtf->wts | Jason A. Donenfeld | 2 | -3/+3 | |
2019-05-02 | service: set security attributes on new process | Jason A. Donenfeld | 4 | -10/+63 | |
2019-05-02 | service: correct sid bounds | Jason A. Donenfeld | 1 | -2/+1 | |
2019-05-02 | service: fix ooo | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-02 | README: update linux deps | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-02 | ui: Quit -> Exit | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-02 | ui: settle unofficial behavior | Jason A. Donenfeld | 1 | -9/+2 | |
2019-05-02 | manifest: disable per-monitor DPI | Jason A. Donenfeld | 1 | -4/+1 | |
2019-05-02 | ui: render dots with svgs instead | Jason A. Donenfeld | 9 | -182/+45 | |
2019-05-02 | build: remove stray debugging echo | Jason A. Donenfeld | 1 | -1/+0 | |
2019-05-02 | build: mirror imagemagick | Jason A. Donenfeld | 1 | -1/+2 | |
Their server crashes lots. | |||||
2019-05-02 | ui: set zero spacing in grid view | Jason A. Donenfeld | 1 | -0/+1 | |
2019-05-02 | ui: more reasonable DPI-dependent window size | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-02 | ui: separate out about dialog and revamp | Jason A. Donenfeld | 2 | -59/+82 | |
2019-05-02 | ui: select closest tunnel after deletion | Jason A. Donenfeld | 1 | -0/+18 | |
2019-05-02 | ui: add multiple tunnel deletion | Jason A. Donenfeld | 2 | -26/+46 | |
Signed-off-by: Anthony Dong <aanthony.dong@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | |||||
2019-05-02 | ui: filler view when no tunnels exist | Anthony Dong | 1 | -10/+48 | |
Signed-off-by: Anthony Dong <aanthony.dong@gmail.com> | |||||
2019-05-02 | ui: use icons instead of unicode font | Jason A. Donenfeld | 21 | -65/+87 | |
2019-05-01 | ui: rework margins | Jason A. Donenfeld | 7 | -12/+20 | |
2019-05-01 | ui: better tab icon dot hack | Jason A. Donenfeld | 1 | -1/+5 | |
2019-05-01 | ui: allow selecting all on log page | Jason A. Donenfeld | 1 | -8/+16 | |
2019-05-01 | installer: allow same version upgrades | Jason A. Donenfeld | 1 | -0/+1 | |
The alternative is that MSI installs two different versions, and that's not okay, and makes debugging harder. | |||||
2019-05-01 | version: dynamically get file version | Jason A. Donenfeld | 13 | -36/+147 | |
2019-05-01 | ui: support clipboard copying for log items | Ostap Slyusar | 1 | -0/+15 | |
Signed-off-by: Ostap Slyusar <linux.dev53@gmail.com> |