diff options
| author | Jonathan <jonathan@mullvad.net> | 2023-02-22 14:37:56 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2023-02-28 10:07:52 +0100 |
| commit | 8a7074a29e4eb53266d0efd84f3df393ec14581e (patch) | |
| tree | a58156babd920ba82f53d76b0f8ed314abf8c85b | |
| parent | 893705e56e243a4c6e91ffdfded9bfa9f820549e (diff) | |
| download | mullvadvpn-8a7074a29e4eb53266d0efd84f3df393ec14581e.tar.xz mullvadvpn-8a7074a29e4eb53266d0efd84f3df393ec14581e.zip | |
Update naming in windows firewall
exitEndpoint and entryEndpoint are incorrect names instead endpoint1
and endpoint2 are more descriptive.
| -rw-r--r-- | talpid-core/src/firewall/windows.rs | 40 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/fwcontext.cpp | 18 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.cpp | 32 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.h | 16 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitvpntunnel.cpp | 12 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitvpntunnelservice.cpp | 12 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/winfw.h | 4 |
7 files changed, 68 insertions, 66 deletions
diff --git a/talpid-core/src/firewall/windows.rs b/talpid-core/src/firewall/windows.rs index b015db2385..fa40fdcb42 100644 --- a/talpid-core/src/firewall/windows.rs +++ b/talpid-core/src/firewall/windows.rs @@ -168,15 +168,16 @@ impl Firewall { ptr::null() }; - // SAFETY: `allowed_tun_ips`, `entry_endpoint` and `exit_endpoint` must not be dropped until + // SAFETY: `endpoint1_ip`, `endpoint2_ip`, `endpoint1` and `endpoint2` must not be dropped until // `WinFw_ApplyPolicyConnecting` has returned. - let mut allowed_tun_ips = [WideCString::new(), WideCString::new()]; - let (entry_endpoint, exit_endpoint) = match allowed_tunnel_traffic { + let mut endpoint1_ip = WideCString::new(); + let mut endpoint2_ip = WideCString::new(); + let (endpoint1, endpoint2) = match allowed_tunnel_traffic { AllowedTunnelTraffic::One(endpoint) => { - allowed_tun_ips[0] = widestring_ip(endpoint.address.ip()); + endpoint1_ip = widestring_ip(endpoint.address.ip()); ( Some(WinFwEndpoint { - ip: allowed_tun_ips[0].as_ptr(), + ip: endpoint1_ip.as_ptr(), port: endpoint.address.port(), protocol: WinFwProt::from(endpoint.protocol), }), @@ -184,30 +185,30 @@ impl Firewall { ) } AllowedTunnelTraffic::Two(endpoint1, endpoint2) => { - allowed_tun_ips[0] = widestring_ip(endpoint1.address.ip()); - let entry_endpoint = Some(WinFwEndpoint { - ip: allowed_tun_ips[0].as_ptr(), + endpoint1_ip = widestring_ip(endpoint1.address.ip()); + let endpoint1 = Some(WinFwEndpoint { + ip: endpoint1_ip.as_ptr(), port: endpoint1.address.port(), protocol: WinFwProt::from(endpoint1.protocol), }); - allowed_tun_ips[1] = widestring_ip(endpoint2.address.ip()); - let exit_endpoint = Some(WinFwEndpoint { - ip: allowed_tun_ips[1].as_ptr(), + endpoint2_ip = widestring_ip(endpoint2.address.ip()); + let endpoint2 = Some(WinFwEndpoint { + ip: endpoint2_ip.as_ptr(), port: endpoint2.address.port(), protocol: WinFwProt::from(endpoint2.protocol), }); - (entry_endpoint, exit_endpoint) + (endpoint1, endpoint2) } AllowedTunnelTraffic::None | AllowedTunnelTraffic::All => (None, None), }; let allowed_tunnel_traffic = WinFwAllowedTunnelTraffic { type_: WinFwAllowedTunnelTrafficType::from(allowed_tunnel_traffic), - entry_endpoint: entry_endpoint + endpoint1: endpoint1 .as_ref() .map(|ep| ep as *const _) .unwrap_or(ptr::null()), - exit_endpoint: exit_endpoint + endpoint2: endpoint2 .as_ref() .map(|ep| ep as *const _) .unwrap_or(ptr::null()), @@ -228,9 +229,10 @@ impl Firewall { // SAFETY: All of these hold stack allocated memory which is pointed to by // `allowed_tunnel_traffic` and must remain allocated until `WinFw_ApplyPolicyConnecting` // has returned. - drop(allowed_tun_ips); - drop(entry_endpoint); - drop(exit_endpoint); + drop(endpoint1_ip); + drop(endpoint2_ip); + drop(endpoint1); + drop(endpoint2); res } @@ -471,8 +473,8 @@ mod winfw { #[repr(C)] pub struct WinFwAllowedTunnelTraffic { pub type_: WinFwAllowedTunnelTrafficType, - pub entry_endpoint: *const WinFwEndpoint, - pub exit_endpoint: *const WinFwEndpoint, + pub endpoint1: *const WinFwEndpoint, + pub endpoint2: *const WinFwEndpoint, } #[repr(u8)] diff --git a/windows/winfw/src/winfw/fwcontext.cpp b/windows/winfw/src/winfw/fwcontext.cpp index ac5e367587..6f6a73baf4 100644 --- a/windows/winfw/src/winfw/fwcontext.cpp +++ b/windows/winfw/src/winfw/fwcontext.cpp @@ -222,9 +222,9 @@ bool FwContext::applyPolicyConnecting { auto onlyEndpoint = std::make_optional<baseline::PermitVpnTunnel::Endpoints>({ baseline::PermitVpnTunnel::Endpoint{ - wfp::IpAddress(allowedTunnelTraffic.entryEndpoint->ip), - allowedTunnelTraffic.entryEndpoint->port, - allowedTunnelTraffic.entryEndpoint->protocol + wfp::IpAddress(allowedTunnelTraffic.endpoint1->ip), + allowedTunnelTraffic.endpoint1->port, + allowedTunnelTraffic.endpoint1->protocol }, std::nullopt, }); @@ -242,14 +242,14 @@ bool FwContext::applyPolicyConnecting { auto endpoints = std::make_optional<baseline::PermitVpnTunnel::Endpoints>({ baseline::PermitVpnTunnel::Endpoint{ - wfp::IpAddress(allowedTunnelTraffic.entryEndpoint->ip), - allowedTunnelTraffic.entryEndpoint->port, - allowedTunnelTraffic.entryEndpoint->protocol + wfp::IpAddress(allowedTunnelTraffic.endpoint1->ip), + allowedTunnelTraffic.endpoint1->port, + allowedTunnelTraffic.endpoint1->protocol }, std::make_optional<baseline::PermitVpnTunnel::Endpoint>({ - wfp::IpAddress(allowedTunnelTraffic.exitEndpoint->ip), - allowedTunnelTraffic.exitEndpoint->port, - allowedTunnelTraffic.exitEndpoint->protocol + wfp::IpAddress(allowedTunnelTraffic.endpoint2->ip), + allowedTunnelTraffic.endpoint2->port, + allowedTunnelTraffic.endpoint2->protocol }) }); ruleset.emplace_back(std::make_unique<baseline::PermitVpnTunnel>( diff --git a/windows/winfw/src/winfw/mullvadguids.cpp b/windows/winfw/src/winfw/mullvadguids.cpp index 49e80107db..890c8b0c2e 100644 --- a/windows/winfw/src/winfw/mullvadguids.cpp +++ b/windows/winfw/src/winfw/mullvadguids.cpp @@ -130,14 +130,14 @@ MullvadGuids::DetailedIdentityRegistry MullvadGuids::DetailedRegistry(IdentityQu registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcpServer_Outbound_Response_Ipv4())); registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnRelay())); registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitEndpoint())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Exit())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Exit())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv4_Exit())); - registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv6_Exit())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_1())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_1())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_2())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_2())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv4_1())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv6_1())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv4_2())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv6_2())); registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Outbound_Router_Solicitation())); registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Inbound_Router_Advertisement())); registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Outbound_Neighbor_Solicitation())); @@ -667,7 +667,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitEndpoint() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_1() { static const GUID g = { @@ -681,7 +681,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_1() { static const GUID g = { @@ -695,7 +695,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Exit() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_2() { static const GUID g = { @@ -709,7 +709,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Exit() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Exit() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_2() { static const GUID g = { @@ -723,7 +723,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Exit() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_1() { static const GUID g = { @@ -737,7 +737,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_1() { static const GUID g = { @@ -751,7 +751,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Exit() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_2() { static const GUID g = { @@ -765,7 +765,7 @@ const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Exit() } //static -const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Exit() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_2() { static const GUID g = diff --git a/windows/winfw/src/winfw/mullvadguids.h b/windows/winfw/src/winfw/mullvadguids.h index 57d4cc4c91..d63af0206d 100644 --- a/windows/winfw/src/winfw/mullvadguids.h +++ b/windows/winfw/src/winfw/mullvadguids.h @@ -71,15 +71,15 @@ public: static const GUID &Filter_Baseline_PermitEndpoint(); - static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry(); - static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry(); - static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Exit(); - static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Exit(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_1(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_1(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_2(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_2(); - static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry(); - static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry(); - static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv4_Exit(); - static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv6_Exit(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv4_1(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv6_1(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv4_2(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv6_2(); static const GUID &Filter_Baseline_PermitNdp_Outbound_Router_Solicitation(); static const GUID &Filter_Baseline_PermitNdp_Inbound_Router_Advertisement(); diff --git a/windows/winfw/src/winfw/rules/baseline/permitvpntunnel.cpp b/windows/winfw/src/winfw/rules/baseline/permitvpntunnel.cpp index b5ea28aeeb..3aaff601a3 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitvpntunnel.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitvpntunnel.cpp @@ -92,23 +92,23 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller) { return AddEndpointFilter( std::nullopt, - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry(), - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_1(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_1(), objectInstaller ); } AddEndpointFilter( std::make_optional<Endpoint>(m_potentialEndpoints.value().entryEndpoint), - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Entry(), - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Entry(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_1(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_1(), objectInstaller ); if (m_potentialEndpoints.value().exitEndpoint.has_value()) { AddEndpointFilter( m_potentialEndpoints.value().exitEndpoint.value(), - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_Exit(), - MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_Exit(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4_2(), + MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6_2(), objectInstaller ); } diff --git a/windows/winfw/src/winfw/rules/baseline/permitvpntunnelservice.cpp b/windows/winfw/src/winfw/rules/baseline/permitvpntunnelservice.cpp index 0cb773725b..e5b7ab1f5c 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitvpntunnelservice.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitvpntunnelservice.cpp @@ -94,23 +94,23 @@ bool PermitVpnTunnelService::apply(IObjectInstaller &objectInstaller) { return AddEndpointFilter( std::nullopt, - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry(), - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_1(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_1(), objectInstaller ); } AddEndpointFilter( std::make_optional<Endpoint>(m_potentialEndpoints.value().entryEndpoint), - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Entry(), - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Entry(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_1(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_1(), objectInstaller ); if (m_potentialEndpoints.value().exitEndpoint.has_value()) { AddEndpointFilter( m_potentialEndpoints.value().exitEndpoint.value(), - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_Exit(), - MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_Exit(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4_2(), + MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6_2(), objectInstaller ); } diff --git a/windows/winfw/src/winfw/winfw.h b/windows/winfw/src/winfw/winfw.h index c5498d3969..5d61f1029d 100644 --- a/windows/winfw/src/winfw/winfw.h +++ b/windows/winfw/src/winfw/winfw.h @@ -66,8 +66,8 @@ enum WinFwAllowedTunnelTrafficType : uint8_t typedef struct tag_WinFwAllowedTunnelTraffic { WinFwAllowedTunnelTrafficType type; - WinFwEndpoint *entryEndpoint; - WinFwEndpoint *exitEndpoint; + WinFwEndpoint *endpoint1; + WinFwEndpoint *endpoint2; } WinFwAllowedTunnelTraffic; |