feature/mozilla upstream (#1237)

* cherry-pick 4dfcad96506fb5b88c5bb27342b6d9413fc361c9 from mozilla upstream * cherry-pick a95fa8c088b9edaff2de18751336942c2d145a9a from mozilla * cherry-pick commit 4fc1ebbad86a9abcafdc761725a7afd811c8d2d3 from mozilla * cherry-pick 4dfcad96506fb5b88c5bb27342b6d9413fc361c9 from mozilla upstream * cherry-pick 22de4fcbd454c64ff496c3380eeaeeb6afff4d64 from mozilla upstream * cherry-pick 649673be561b66c96367adf379da1545f8838763 from mozilla upstream * cherry-pick 41bdad34517d0ddaef32139482e5505d92e4b533 from mozilla upstream * cherry-pick f6e49a85538eaa230d3a8634fa7600966132ccab from mozilla upstream * cherry-pick 86c585387efa0a09c7937dfe799a90a666404fcd from mozilla upstream * cherry-pick a18c1fac740469ca3566751b74a16227518630c4 from mozilla upstream * fixed missing ; * added excludeLocalNetworks() for linux * build fixes on windows after cherry-picks * Add rules for excluded sites splittunell mode * Fix app splittunell when ipv6 is not setup * Fix Linux build --------- Co-authored-by: Mykola Baibuz <mykola.baibuz@gmail.com>
2025-01-13 21:45:06 +07:00 · 2025-01-13 21:45:06 +07:00 · 8ca31e0c90
commit 8ca31e0c90
parent f1c6067485
27 changed files with 1119 additions and 607 deletions
--- a/client/platforms/windows/daemon/windowsfirewall.h
+++ b/client/platforms/windows/daemon/windowsfirewall.h
@ -26,18 +26,27 @@ struct FWP_CONDITION_VALUE0_;

 class WindowsFirewall final : public QObject {
 public:
-  ~WindowsFirewall();
+  /**
+   * @brief Opens the Windows Filtering Platform, initializes the session,
+   * sublayer. Returns a WindowsFirewall object if successful, otherwise
+   * nullptr. If there is already a WindowsFirewall object, it will be returned.
+   *
+   * @param parent - parent QObject
+   * @return WindowsFirewall* - nullptr if failed to open the Windows Filtering
+   * Platform.
+   */
+  static WindowsFirewall* create(QObject* parent);
+  ~WindowsFirewall() override;

-  static WindowsFirewall* instance();
-  bool init();
-
-  bool enableKillSwitch(int vpnAdapterIndex);
+  bool enableInterface(int vpnAdapterIndex);
+  bool enableLanBypass(const QList<IPAddress>& ranges);
  bool enablePeerTraffic(const InterfaceConfig& config);
  bool disablePeerTraffic(const QString& pubkey);
  bool disableKillSwitch();

 private:
-  WindowsFirewall(QObject* parent);
+  static bool initSublayer();
+  WindowsFirewall(HANDLE session, QObject* parent);
  HANDLE m_sessionHandle;
  bool m_init = false;
  QList<uint64_t> m_activeRules;
@ -50,11 +59,10 @@ class WindowsFirewall final : public QObject {
  bool blockTrafficTo(const IPAddress& addr, uint8_t weight,
                      const QString& title, const QString& peer = QString());
  bool blockTrafficOnPort(uint port, uint8_t weight, const QString& title);
+  bool allowTrafficTo(const IPAddress& addr, int weight, const QString& title,
+                      const QString& peer = QString());
  bool allowTrafficTo(const QHostAddress& targetIP, uint port, int weight,
                      const QString& title, const QString& peer = QString());
-  bool allowTrafficToRange(const IPAddress& addr, uint8_t weight,
-                           const QString& title,
-                           const QString& peer);
  bool allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
                             const QString& title);
  bool allowDHCPTraffic(uint8_t weight, const QString& title);