rms/win-split-tunnel
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/win-split-tunnel.git synced 2026-05-17 08:16:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use soft permit for events in excluded processes

Browse Source
This commit is contained in:
Odd Stranne
2021-12-01 10:37:33 +01:00
parent 1176dd6fb4
commit 090df512d6
4 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/firewall/callouts.cpp
View File

@@ -233,7 +233,7 @@ RewriteBind
bindTarget->sin_addr = *newTarget;
ClassificationApplyHardPermit(ClassifyOut);
ClassificationApplySoftPermit(ClassifyOut);
}
}
else
@@ -251,7 +251,7 @@ RewriteBind
bindTarget->sin6_addr = *newTarget;
ClassificationApplyHardPermit(ClassifyOut);
ClassificationApplySoftPermit(ClassifyOut);
}
}
@@ -658,7 +658,7 @@ RewriteConnection
localDetails->sin6_addr = ipAddresses.InternetIpv6;
}
ClassificationApplyHardPermit(ClassifyOut);
ClassificationApplySoftPermit(ClassifyOut);
Cleanup_data:
@@ -1031,7 +1031,7 @@ CalloutPermitSplitApps
// Apply classification.
//
ClassificationApplyHardPermit(ClassifyOut);
ClassificationApplySoftPermit(ClassifyOut);
}
//

10
src/firewall/classify.cpp
View File

@@ -36,6 +36,16 @@ ClassificationApplyHardPermit
ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
}
void
ClassificationApplySoftPermit
(
FWPS_CLASSIFY_OUT0 *ClassifyOut
)
{
ClassifyOut->actionType = FWP_ACTION_PERMIT;
ClassifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
}
void
ClassificationApplyHardBlock
(

9
src/firewall/classify.h
View File

@@ -15,8 +15,13 @@ void
ClassificationApplyHardPermit
(
FWPS_CLASSIFY_OUT0 *ClassifyOut
)
;
);
void
ClassificationApplySoftPermit
(
FWPS_CLASSIFY_OUT0 *ClassifyOut
);
void
ClassificationApplyHardBlock

4
src/firewall/filters.cpp
View File

@@ -248,7 +248,7 @@ RegisterFilterPermitNonTunnelIpv4Tx
filter.filterKey = ST_FW_FILTER_PERMIT_SPLIT_APPS_IPV4_CONN_KEY;
filter.displayData.name = const_cast<wchar_t*>(filterName);
filter.displayData.description = const_cast<wchar_t*>(filterDescription);
filter.flags = FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT | FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.flags = FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerKey = const_cast<GUID*>(&ST_FW_PROVIDER_KEY);
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
@@ -329,7 +329,7 @@ RegisterFilterPermitNonTunnelIpv6Tx
filter.filterKey = ST_FW_FILTER_PERMIT_SPLIT_APPS_IPV6_CONN_KEY;
filter.displayData.name = const_cast<wchar_t*>(filterName);
filter.displayData.description = const_cast<wchar_t*>(filterDescription);
filter.flags = FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT | FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.flags = FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerKey = const_cast<GUID*>(&ST_FW_PROVIDER_KEY);
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;