Merge branch 'implement-custom-openvpn-socks5-bridge-client-in-daemon-des-430'

6 files changed, 37 insertions, 28 deletions

diff --git a/windows/winfw/src/winfw/fwcontext.cpp b/windows/winfw/src/winfw/fwcontext.cpp
index f033830b45..4ed22737fc 100644
--- a/windows/winfw/src/winfw/fwcontext.cpp
+++ b/windows/winfw/src/winfw/fwcontext.cpp
@@ -81,7 +81,7 @@ void AppendRelayRules
 (
 	FwContext::Ruleset &ruleset,
 	const WinFwEndpoint &relay,
-	const std::wstring &relayClient
+	const std::vector<std::wstring> &relayClients
 )
 {
 	auto sublayer =
@@ -95,7 +95,7 @@ void AppendRelayRules
 		wfp::IpAddress(relay.ip),
 		relay.port,
 		relay.protocol,
-		relayClient,
+		relayClients,
 		sublayer
 	));
 }
@@ -185,7 +185,7 @@ bool FwContext::applyPolicyConnecting
 (
 	const WinFwSettings &settings,
 	const WinFwEndpoint &relay,
-	const std::wstring &relayClient,
+	const std::vector<std::wstring> &relayClients,
 	const std::optional<std::wstring> &tunnelInterfaceAlias,
 	const std::optional<WinFwAllowedEndpoint> &allowedEndpoint,
 	const WinFwAllowedTunnelTraffic &allowedTunnelTraffic
@@ -195,7 +195,7 @@ bool FwContext::applyPolicyConnecting
 
 	AppendNetBlockedRules(ruleset);
 	AppendSettingsRules(ruleset, settings);
-	AppendRelayRules(ruleset, relay, relayClient);
+	AppendRelayRules(ruleset, relay, relayClients);
 
 	if (allowedEndpoint.has_value())
 	{
@@ -280,7 +280,7 @@ bool FwContext::applyPolicyConnected
 (
 	const WinFwSettings &settings,
 	const WinFwEndpoint &relay,
-	const std::wstring &relayClient,
+	const std::vector<std::wstring> &relayClient,
 	const std::wstring &tunnelInterfaceAlias,
 	const std::vector<wfp::IpAddress> &tunnelDnsServers,
 	const std::vector<wfp::IpAddress> &nonTunnelDnsServers
diff --git a/windows/winfw/src/winfw/fwcontext.h b/windows/winfw/src/winfw/fwcontext.h
index 5fc23f09a7..92ecce4f4f 100644
--- a/windows/winfw/src/winfw/fwcontext.h
+++ b/windows/winfw/src/winfw/fwcontext.h
@@ -28,7 +28,7 @@ public:
 	(
 		const WinFwSettings &settings,
 		const WinFwEndpoint &relay,
-		const std::wstring &relayClient,
+		const std::vector<std::wstring> &relayClients,
 		const std::optional<std::wstring> &tunnelInterfaceAlias,
 		const std::optional<WinFwAllowedEndpoint> &allowedEndpoint,
 		const WinFwAllowedTunnelTraffic &allowedTunnelTraffic
@@ -38,7 +38,7 @@ public:
 	(
 		const WinFwSettings &settings,
 		const WinFwEndpoint &relay,
-		const std::wstring &relayClient,
+		const std::vector<std::wstring> &relayClients,
 		const std::wstring &tunnelInterfaceAlias,
 		const std::vector<wfp::IpAddress> &tunnelDnsServers,
 		const std::vector<wfp::IpAddress> &nonTunnelDnsServers
diff --git a/windows/winfw/src/winfw/rules/multi/permitvpnrelay.cpp b/windows/winfw/src/winfw/rules/multi/permitvpnrelay.cpp
index 3c913cab14..19ce09571b 100644
--- a/windows/winfw/src/winfw/rules/multi/permitvpnrelay.cpp
+++ b/windows/winfw/src/winfw/rules/multi/permitvpnrelay.cpp
@@ -52,13 +52,13 @@ PermitVpnRelay::PermitVpnRelay
 	const wfp::IpAddress &relay,
 	uint16_t relayPort,
 	WinFwProtocol protocol,
-	const std::wstring &relayClient,
+	const std::vector<std::wstring> &relayClients,
 	Sublayer sublayer
 )
 	: m_relay(relay)
 	, m_relayPort(relayPort)
 	, m_protocol(protocol)
-	, m_relayClient(relayClient)
+	, m_relayClients(relayClients)
 	, m_sublayer(sublayer)
 {
 }
@@ -86,7 +86,10 @@ bool PermitVpnRelay::apply(IObjectInstaller &objectInstaller)
 	conditionBuilder.add_condition(ConditionIp::Remote(m_relay));
 	conditionBuilder.add_condition(ConditionPort::Remote(m_relayPort));
 	conditionBuilder.add_condition(CreateProtocolCondition(m_protocol));
-	conditionBuilder.add_condition(std::make_unique<ConditionApplication>(m_relayClient));
+
+	for(auto relayClient : m_relayClients) {
+		conditionBuilder.add_condition(std::make_unique<ConditionApplication>(relayClient));
+	}
 
 	return objectInstaller.addFilter(filterBuilder, conditionBuilder);
 }
diff --git a/windows/winfw/src/winfw/rules/multi/permitvpnrelay.h b/windows/winfw/src/winfw/rules/multi/permitvpnrelay.h
index d63f27a862..a2bfc16384 100644
--- a/windows/winfw/src/winfw/rules/multi/permitvpnrelay.h
+++ b/windows/winfw/src/winfw/rules/multi/permitvpnrelay.h
@@ -23,7 +23,7 @@ public:
 		const wfp::IpAddress &relay,
 		uint16_t relayPort,
 		WinFwProtocol protocol,
-		const std::wstring &relayClient,
+		const std::vector<std::wstring> &relayClients,
 		Sublayer sublayer
 	);
 	
@@ -34,7 +34,7 @@ private:
 	const wfp::IpAddress m_relay;
 	const uint16_t m_relayPort;
 	const WinFwProtocol m_protocol;
-	const std::wstring m_relayClient;
+	const std::vector<std::wstring> m_relayClients;
 	const Sublayer m_sublayer;
 };
 
diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp
index 4110dcd2f8..352a91c0d1 100644
--- a/windows/winfw/src/winfw/winfw.cpp
+++ b/windows/winfw/src/winfw/winfw.cpp
@@ -231,7 +231,8 @@ WINFW_API
 WinFw_ApplyPolicyConnecting(
 	const WinFwSettings *settings,
 	const WinFwEndpoint *relay,
-	const wchar_t *relayClient,
+	const wchar_t **relayClients,
+	size_t relayClientsLen,
 	const wchar_t *tunnelInterfaceAlias,
 	const WinFwAllowedEndpoint *allowedEndpoint,
 	const WinFwAllowedTunnelTraffic *allowedTunnelTraffic
@@ -254,20 +255,21 @@ WinFw_ApplyPolicyConnecting(
 			THROW_ERROR("Invalid argument: relay");
 		}
 
-		if (nullptr == relayClient)
-		{
-			THROW_ERROR("Invalid argument: relayClient");
-		}
-
 		if (nullptr == allowedTunnelTraffic)
 		{
 			THROW_ERROR("Invalid argument: allowedTunnelTraffic");
 		}
 
+		std::vector<std::wstring> relayClientWstrings;
+		relayClientWstrings.reserve(relayClientsLen);
+		for(int i = 0; i < relayClientsLen; i++) {
+			relayClientWstrings.push_back(relayClients[i]);
+		}
+
 		return g_fwContext->applyPolicyConnecting(
 			*settings,
 			*relay,
-			relayClient,
+			relayClientWstrings,
 			tunnelInterfaceAlias != nullptr ? std::make_optional(tunnelInterfaceAlias) : std::nullopt,
 			MakeOptional(allowedEndpoint),
 			*allowedTunnelTraffic
@@ -298,7 +300,8 @@ WINFW_API
 WinFw_ApplyPolicyConnected(
 	const WinFwSettings *settings,
 	const WinFwEndpoint *relay,
-	const wchar_t *relayClient,
+	const wchar_t **relayClients,
+	size_t relayClientsLen,
 	const wchar_t *tunnelInterfaceAlias,
 	const wchar_t *v4Gateway,
 	const wchar_t *v6Gateway,
@@ -323,11 +326,6 @@ WinFw_ApplyPolicyConnected(
 			THROW_ERROR("Invalid argument: relay");
 		}
 
-		if (nullptr == relayClient)
-		{
-			THROW_ERROR("Invalid argument: relayClient");
-		}
-
 		if (nullptr == tunnelInterfaceAlias)
 		{
 			THROW_ERROR("Invalid argument: tunnelInterfaceAlias");
@@ -407,10 +405,16 @@ WinFw_ApplyPolicyConnected(
 			g_logSink(MULLVAD_LOG_LEVEL_DEBUG, ss.str().c_str(), g_logSinkContext);
 		}
 
+		std::vector<std::wstring> relayClientWstrings;
+		relayClientWstrings.reserve(relayClientsLen);
+		for(int i = 0; i < relayClientsLen; i++) {
+			relayClientWstrings.push_back(relayClients[i]);
+		}
+
 		return g_fwContext->applyPolicyConnected(
 			*settings,
 			*relay,
-			relayClient,
+			relayClientWstrings,
 			tunnelInterfaceAlias,
 			tunnelDnsServers,
 			nonTunnelDnsServers
diff --git a/windows/winfw/src/winfw/winfw.h b/windows/winfw/src/winfw/winfw.h
index 5d61f1029d..b786d943d3 100644
--- a/windows/winfw/src/winfw/winfw.h
+++ b/windows/winfw/src/winfw/winfw.h
@@ -164,7 +164,8 @@ WINFW_API
 WinFw_ApplyPolicyConnecting(
 	const WinFwSettings *settings,
 	const WinFwEndpoint *relay,
-	const wchar_t *relayClient,
+	const wchar_t **relayClient,
+	size_t relayClientLen,
 	const wchar_t *tunnelInterfaceAlias,
 	const WinFwAllowedEndpoint *allowedEndpoint,
 	const WinFwAllowedTunnelTraffic *allowedTunnelTraffic
@@ -194,7 +195,8 @@ WINFW_API
 WinFw_ApplyPolicyConnected(
 	const WinFwSettings *settings,
 	const WinFwEndpoint *relay,
-	const wchar_t *relayClient,
+	const wchar_t **relayClient,
+	size_t relayClientLen,
 	const wchar_t *tunnelInterfaceAlias,
 	const wchar_t *v4Gateway,
 	const wchar_t *v6Gateway,