added killSwitch switcher (#746)

* added killSwitch switcher * KillSwitch toggle for OpenVPN and XRay * killSwitch toggle for AWG/WG protocol * Some fixes for killSwitch
2024-04-25 20:01:00 +07:00 · 2024-04-25 20:01:00 +07:00 · 87b738ef16
commit 87b738ef16
parent 477d7214c5
21 changed files with 144 additions and 58 deletions
--- a/client/platforms/linux/daemon/wireguardutilslinux.cpp
+++ b/client/platforms/linux/daemon/wireguardutilslinux.cpp
@ -136,24 +136,25 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
    if (err != 0) {
        logger.error() << "Interface configuration failed:" << strerror(err);
    } else {
-        FirewallParams params { };
-        params.dnsServers.append(config.m_dnsServer);
-        if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
-            params.blockAll = true;
-            if (config.m_excludedAddresses.size()) {
-                params.allowNets = true;
-                foreach (auto net, config.m_excludedAddresses) {
-                    params.allowAddrs.append(net.toUtf8());
+        if (config.m_killSwitchEnabled) {
+            FirewallParams params { };
+            params.dnsServers.append(config.m_dnsServer);
+            if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
+                params.blockAll = true;
+                if (config.m_excludedAddresses.size()) {
+                    params.allowNets = true;
+                    foreach (auto net, config.m_excludedAddresses) {
+                        params.allowAddrs.append(net.toUtf8());
+                    }
+                }
+            } else {
+                params.blockNets = true;
+                foreach (auto net, config.m_allowedIPAddressRanges) {
+                    params.blockAddrs.append(net.toString());
                }
            }
-        } else {
-            params.blockNets = true;
-            foreach (auto net, config.m_allowedIPAddressRanges) {
-                params.blockAddrs.append(net.toString());
-            }
+            applyFirewallRules(params);
        }
-
-        applyFirewallRules(params);
    }

    return (err == 0);
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@ -134,26 +134,26 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  if (err != 0) {
    logger.error() << "Interface configuration failed:" << strerror(err);
  } else {
-      FirewallParams params { };
-      params.dnsServers.append(config.m_dnsServer);
-      if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
-        params.blockAll = true;
-        if (config.m_excludedAddresses.size()) {
+      if (config.m_killSwitchEnabled) {
+        FirewallParams params { };
+        params.dnsServers.append(config.m_dnsServer);
+        if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
+          params.blockAll = true;
+          if (config.m_excludedAddresses.size()) {
            params.allowNets = true;
            foreach (auto net, config.m_excludedAddresses) {
-                params.allowAddrs.append(net.toUtf8());
+              params.allowAddrs.append(net.toUtf8());
            }
-        }
-      } else {
-        params.blockNets = true;
-        foreach (auto net, config.m_allowedIPAddressRanges) {
+          }
+        } else {
+          params.blockNets = true;
+          foreach (auto net, config.m_allowedIPAddressRanges) {
            params.blockAddrs.append(net.toString());
+          }
        }
+        applyFirewallRules(params);
      }
-
-      applyFirewallRules(params);
  }
-
  return (err == 0);
 }

--- a/client/platforms/windows/daemon/wireguardutilswindows.cpp
+++ b/client/platforms/windows/daemon/wireguardutilswindows.cpp
@ -116,10 +116,12 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
  m_luid = luid.Value;
  m_routeMonitor.setLuid(luid.Value);

-  // Enable the windows firewall
-  NET_IFINDEX ifindex;
-  ConvertInterfaceLuidToIndex(&luid, &ifindex);
-  WindowsFirewall::instance()->enableKillSwitch(ifindex);
+  if (config.m_killSwitchEnabled) {
+    // Enable the windows firewall
+    NET_IFINDEX ifindex;
+    ConvertInterfaceLuidToIndex(&luid, &ifindex);
+    WindowsFirewall::instance()->enableKillSwitch(ifindex);
+  }

  logger.debug() << "Registration completed";
  return true;
@ -137,9 +139,10 @@ bool WireguardUtilsWindows::updatePeer(const InterfaceConfig& config) {
  QByteArray pskKey =
      QByteArray::fromBase64(qPrintable(config.m_serverPskKey));

-  // Enable the windows firewall for this peer.
-  WindowsFirewall::instance()->enablePeerTraffic(config);
-
+  if (config.m_killSwitchEnabled) {
+    // Enable the windows firewall for this peer.
+    WindowsFirewall::instance()->enablePeerTraffic(config);
+  }
  logger.debug() << "Configuring peer" << publicKey.toHex()
                 << "via" << config.m_serverIpv4AddrIn;