Make winfw deinitialization more flexible

4 files changed, 39 insertions, 30 deletions

diff --git a/windows/winfw/src/winfw/sessioncontroller.cpp b/windows/winfw/src/winfw/sessioncontroller.cpp
index c5342fce78..83f6863c91 100644
--- a/windows/winfw/src/winfw/sessioncontroller.cpp
+++ b/windows/winfw/src/winfw/sessioncontroller.cpp
@@ -1,10 +1,10 @@
 #include "stdafx.h"
 #include "sessioncontroller.h"
 #include "wfpobjecttype.h"
-#include "libwfp/objectinstaller.h"
-#include "libwfp/objectdeleter.h"
-#include "libwfp/transaction.h"
-#include "libcommon/memory.h"
+#include <libwfp/objectinstaller.h>
+#include <libwfp/objectdeleter.h>
+#include <libwfp/transaction.h>
+#include <libcommon/memory.h>
 #include <libcommon/error.h>
 #include <utility>
 
@@ -65,26 +65,6 @@ SessionController::SessionController(std::unique_ptr<wfp::FilterEngine> &&engine
 {
 }
 
-SessionController::~SessionController()
-{
-	//
-	// TODO: Review destruction of this instance and its owner.
-	//
-
-	try
-	{
-		executeTransaction([this](SessionController &, wfp::FilterEngine &)
-		{
-			reset();
-			return true;
-		});
-	}
-	catch (...)
-	{
-		return;
-	}
-}
-
 bool SessionController::addProvider(wfp::ProviderBuilder &providerBuilder)
 {
 	if (false == m_activeTransaction)
diff --git a/windows/winfw/src/winfw/sessioncontroller.h b/windows/winfw/src/winfw/sessioncontroller.h
index 4300791660..f82563ce0d 100644
--- a/windows/winfw/src/winfw/sessioncontroller.h
+++ b/windows/winfw/src/winfw/sessioncontroller.h
@@ -3,8 +3,8 @@
 #include "iobjectinstaller.h"
 #include "sessionrecord.h"
 #include "mullvadguids.h"
-#include "libwfp/filterengine.h"
-#include "libwfp/iidentifiable.h"
+#include <libwfp/filterengine.h>
+#include <libwfp/iidentifiable.h>
 #include <functional>
 #include <atomic>
 #include <memory>
@@ -15,7 +15,6 @@ class SessionController : public IObjectInstaller
 public:
 
 	SessionController(std::unique_ptr<wfp::FilterEngine> &&engine);
-	~SessionController();
 
 	bool addProvider(wfp::ProviderBuilder &providerBuilder) override;
 	bool addSublayer(wfp::SublayerBuilder &sublayerBuilder) override;
diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp
index 0af40994e6..6c1cc7cd5a 100644
--- a/windows/winfw/src/winfw/winfw.cpp
+++ b/windows/winfw/src/winfw/winfw.cpp
@@ -144,17 +144,35 @@ WinFw_InitializeBlocked(
 WINFW_LINKAGE
 bool
 WINFW_API
-WinFw_Deinitialize()
+WinFw_Deinitialize(WINFW_CLEANUP_POLICY cleanupPolicy)
 {
 	if (nullptr == g_fwContext)
 	{
 		return true;
 	}
 
+	const auto activePolicy = g_fwContext->activePolicy();
+
+	//
+	// Do not use FwContext::reset() here because it just
+	// removes the current policy but leaves sublayers etc.
+	//
+
 	delete g_fwContext;
 	g_fwContext = nullptr;
 
-	return true;
+	//
+	// Only skip clean-up if this is what the caller requested
+	// and if the current policy is "(net) blocked".
+	//
+
+	if (WINFW_CLEANUP_POLICY_CONTINUE_BLOCKING == cleanupPolicy
+		&& FwContext::Policy::Blocked == activePolicy)
+	{
+		return true;
+	}
+
+	return WinFw_Reset();
 }
 
 WINFW_LINKAGE
diff --git a/windows/winfw/src/winfw/winfw.h b/windows/winfw/src/winfw/winfw.h
index e989d69f57..8f418c333b 100644
--- a/windows/winfw/src/winfw/winfw.h
+++ b/windows/winfw/src/winfw/winfw.h
@@ -92,6 +92,16 @@ WinFw_InitializeBlocked(
 	void *logSinkContext
 );
 
+enum WINFW_CLEANUP_POLICY
+{
+	// Continue blocking if this happens to be the active policy
+	// otherwise reset the firewall.
+	WINFW_CLEANUP_POLICY_CONTINUE_BLOCKING = 0,
+
+	// Remove all objects that have been registered with WFP.
+	WINFW_CLEANUP_POLICY_RESET_FIREWALL = 1,
+};
+
 //
 // Deinitialize:
 //
@@ -101,7 +111,9 @@ extern "C"
 WINFW_LINKAGE
 bool
 WINFW_API
-WinFw_Deinitialize();
+WinFw_Deinitialize(
+	WINFW_CLEANUP_POLICY cleanupPolicy
+);
 
 //
 // PingableHosts: