From 20f9b0386d62fa8df8835fec7238188ab87e792a Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 4 May 2019 22:40:19 +0200
Subject: ui: syntax: implement trafic blocking semantics

This is our "auto kill switch".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 ui/syntax/syntaxedit.c  | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
 ui/syntax/syntaxedit.go | 17 +++++++++++--
 ui/syntax/syntaxedit.h  |  7 ++++++
 3 files changed, 86 insertions(+), 2 deletions(-)

(limited to 'ui/syntax')

diff --git a/ui/syntax/syntaxedit.c b/ui/syntax/syntaxedit.c
index 1b674623..cf75b0e4 100644
--- a/ui/syntax/syntaxedit.c
+++ b/ui/syntax/syntaxedit.c
@@ -21,6 +21,7 @@ const GUID CDECL IID_ITextDocument = { 0x8CC497C0, 0xA1DF, 0x11CE, { 0x80, 0x98,
 struct syntaxedit_data {
 	IRichEditOle *irich;
 	ITextDocument *idoc;
+	enum block_state last_block_state;
 	bool highlight_guard;
 };
 
@@ -54,6 +55,67 @@ static const struct span_style stylemap[] = {
 	[HighlightError] = { .color = RGB(0xC4, 0x1A, 0x16), .effects = CFE_UNDERLINE }
 };
 
+static void evaluate_untunneled_blocking(struct syntaxedit_data *this, HWND hWnd, const char *msg, struct highlight_span *spans)
+{
+	enum block_state state = InevaluableBlockingUntunneledTraffic;
+	bool on_allowedips = false;
+	bool seen_peer = false;
+	bool seen_v6_00 = false, seen_v4_00 = false;
+	bool seen_v6_01 = false, seen_v6_80001 = false, seen_v4_01 = false, seen_v4_1281 = false;
+
+	for (struct highlight_span *span = spans; span->type != HighlightEnd; ++span) {
+		switch (span->type) {
+		case HighlightError:
+			goto done;
+		case HighlightSection:
+			if (span->len != 6 || strncasecmp(&msg[span->start], "[peer]", 6))
+				break;
+			if (!seen_peer)
+				seen_peer = true;
+			else
+				goto done;
+			break;
+		case HighlightField:
+			on_allowedips = span->len == 10 && !strncasecmp(&msg[span->start], "allowedips", 10);
+			break;
+		case HighlightIP:
+			if (!on_allowedips || !seen_peer)
+				break;
+			if ((span + 1)->type != HighlightDelimiter || (span + 2)->type != HighlightCidr)
+				break;
+			if ((span + 2)->len != 1)
+				break;
+			if (msg[(span + 2)->start] == '0') {
+				if (span->len == 7 && !strncmp(&msg[span->start], "0.0.0.0", 7))
+					seen_v4_00 = true;
+				else if (span->len == 2 && !strncmp(&msg[span->start], "::", 2))
+					seen_v6_00 = true;
+			} else if (msg[(span + 2)->start] == '1') {
+				if (span->len == 7 && !strncmp(&msg[span->start], "0.0.0.0", 7))
+					seen_v4_01 = true;
+				else if (span->len == 9 && !strncmp(&msg[span->start], "128.0.0.0", 9))
+					seen_v4_1281 = true;
+				else if (span->len == 2 && !strncmp(&msg[span->start], "::", 2))
+					seen_v6_01 = true;
+				else if (span->len == 6 && !strncmp(&msg[span->start], "8000::", 6))
+					seen_v6_80001 = true;
+			}
+			break;
+		}
+	}
+
+    if (seen_v4_00 || seen_v6_00)
+        state = BlockingUntunneledTraffic;
+    else if ((seen_v4_01 && seen_v4_1281) || (seen_v6_01 && seen_v6_80001))
+        state = NotBlockingUntunneledTraffic;
+
+done:
+	if (state != this->last_block_state) {
+		SendMessage(hWnd, SE_TRAFFIC_BLOCK, 0, state);
+		this->last_block_state = state;
+	}
+}
+
 static void highlight_text(HWND hWnd)
 {
 	GETTEXTLENGTHEX gettextlengthex = {
@@ -104,6 +166,8 @@ static void highlight_text(HWND hWnd)
 	if (!spans)
 		goto out;
 
+	evaluate_untunneled_blocking(this, hWnd, msg, spans);
+
 	this->idoc->lpVtbl->Undo(this->idoc, tomSuspend, NULL);
 	SendMessage(hWnd, WM_SETREDRAW, FALSE, 0);
 	SendMessage(hWnd, EM_EXGETSEL, 0, (LPARAM)&orig_selection);
diff --git a/ui/syntax/syntaxedit.go b/ui/syntax/syntaxedit.go
index 5598d7a8..67e132c4 100644
--- a/ui/syntax/syntaxedit.go
+++ b/ui/syntax/syntaxedit.go
@@ -20,10 +20,17 @@ import "C"
 
 type SyntaxEdit struct {
 	walk.WidgetBase
-	textChangedPublisher walk.EventPublisher
-	privateKeyPublisher  walk.StringEventPublisher
+	textChangedPublisher            walk.EventPublisher
+	privateKeyPublisher             walk.StringEventPublisher
+	blockUntunneledTrafficPublisher walk.IntEventPublisher
 }
 
+const (
+	InevaluableBlockingUntunneledTraffic = C.InevaluableBlockingUntunneledTraffic
+	BlockingUntunneledTraffic            = C.BlockingUntunneledTraffic
+	NotBlockingUntunneledTraffic         = C.NotBlockingUntunneledTraffic
+)
+
 func (se *SyntaxEdit) LayoutFlags() walk.LayoutFlags {
 	return walk.GrowableHorz | walk.GrowableVert | walk.GreedyHorz | walk.GreedyVert
 }
@@ -63,6 +70,10 @@ func (se *SyntaxEdit) PrivateKeyChanged() *walk.StringEvent {
 	return se.privateKeyPublisher.Event()
 }
 
+func (se *SyntaxEdit) BlockUntunneledTrafficStateChanged() *walk.IntEvent {
+	return se.blockUntunneledTrafficPublisher.Event()
+}
+
 func (se *SyntaxEdit) WndProc(hwnd win.HWND, msg uint32, wParam, lParam uintptr) uintptr {
 	switch msg {
 	case win.WM_NOTIFY, win.WM_COMMAND:
@@ -78,6 +89,8 @@ func (se *SyntaxEdit) WndProc(hwnd win.HWND, msg uint32, wParam, lParam uintptr)
 		} else {
 			se.privateKeyPublisher.Publish(C.GoString((*C.char)(unsafe.Pointer(lParam))))
 		}
+	case C.SE_TRAFFIC_BLOCK:
+		se.blockUntunneledTrafficPublisher.Publish(int(lParam))
 	}
 	return se.WidgetBase.WndProc(hwnd, msg, wParam, lParam)
 }
diff --git a/ui/syntax/syntaxedit.h b/ui/syntax/syntaxedit.h
index 4013f328..7d158b29 100644
--- a/ui/syntax/syntaxedit.h
+++ b/ui/syntax/syntaxedit.h
@@ -17,6 +17,13 @@
 #define WM_REFLECT (WM_USER + 0x1C00)
 
 #define SE_PRIVATE_KEY (WM_USER + 0x3100)
+#define SE_TRAFFIC_BLOCK (WM_USER + 0x3101)
+
+enum block_state {
+	InevaluableBlockingUntunneledTraffic,
+	BlockingUntunneledTraffic,
+	NotBlockingUntunneledTraffic
+};
 
 extern bool register_syntax_edit(void);
 
-- 
cgit v1.2.3-59-g8ed1b