summaryrefslogtreecommitdiff
path: root/src/openvpn/win32.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/win32.c')
-rw-r--r--src/openvpn/win32.c51
1 files changed, 43 insertions, 8 deletions
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 6c6ac4c..e17cca1 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -1223,13 +1223,14 @@ win_wfp_block_dns (const NET_IFINDEX index)
/* Prepare filter. */
Filter.subLayerKey = SubLayer.subLayerKey;
Filter.displayData.name = FIREWALL_NAME;
- Filter.weight.type = FWP_EMPTY;
+ Filter.weight.type = FWP_UINT8;
+ Filter.weight.uint8 = 0xF;
Filter.filterCondition = Condition;
Filter.numFilterConditions = 2;
- /* First filter. Block IPv4 DNS queries except from OpenVPN itself. */
+ /* First filter. Permit IPv4 DNS queries from OpenVPN itself. */
Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
- Filter.action.type = FWP_ACTION_BLOCK;
+ Filter.action.type = FWP_ACTION_PERMIT;
Condition[0].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
Condition[0].matchType = FWP_MATCH_EQUAL;
@@ -1237,26 +1238,44 @@ win_wfp_block_dns (const NET_IFINDEX index)
Condition[0].conditionValue.uint16 = 53;
Condition[1].fieldKey = FWPM_CONDITION_ALE_APP_ID;
- Condition[1].matchType = FWP_MATCH_NOT_EQUAL;
+ Condition[1].matchType = FWP_MATCH_EQUAL;
Condition[1].conditionValue.type = FWP_BYTE_BLOB_TYPE;
Condition[1].conditionValue.byteBlob = openvpnblob;
/* Add filter condition to our interface. */
if (!win_wfp_add_filter(m_hEngineHandle, &Filter, NULL, &filterid))
goto err;
- dmsg (D_LOW, "Filter (Block IPv4 DNS) added with ID=%I64d", filterid);
+ dmsg (D_LOW, "Filter (Permit OpenVPN IPv4 DNS) added with ID=%I64d", filterid);
- /* Second filter. Block IPv6 DNS queries except from OpenVPN itself. */
+ /* Second filter. Permit IPv6 DNS queries from OpenVPN itself. */
Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
/* Add filter condition to our interface. */
if (!win_wfp_add_filter(m_hEngineHandle, &Filter, NULL, &filterid))
goto err;
+ dmsg (D_LOW, "Filter (Permit OpenVPN IPv6 DNS) added with ID=%I64d", filterid);
+
+ /* Third filter. Block all IPv4 DNS queries. */
+ Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
+ Filter.action.type = FWP_ACTION_BLOCK;
+ Filter.weight.type = FWP_EMPTY;
+ Filter.numFilterConditions = 1;
+
+ if (!win_wfp_add_filter(m_hEngineHandle, &Filter, NULL, &filterid))
+ goto err;
+ dmsg (D_LOW, "Filter (Block IPv4 DNS) added with ID=%I64d", filterid);
+
+ /* Forth filter. Block all IPv6 DNS queries. */
+ Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
+
+ if (!win_wfp_add_filter(m_hEngineHandle, &Filter, NULL, &filterid))
+ goto err;
dmsg (D_LOW, "Filter (Block IPv6 DNS) added with ID=%I64d", filterid);
- /* Third filter. Permit IPv4 DNS queries from TAP. */
+ /* Fifth filter. Permit IPv4 DNS queries from TAP. */
Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
Filter.action.type = FWP_ACTION_PERMIT;
+ Filter.numFilterConditions = 2;
Condition[1].fieldKey = FWPM_CONDITION_IP_LOCAL_INTERFACE;
Condition[1].matchType = FWP_MATCH_EQUAL;
@@ -1268,7 +1287,7 @@ win_wfp_block_dns (const NET_IFINDEX index)
goto err;
dmsg (D_LOW, "Filter (Permit IPv4 DNS queries from TAP) added with ID=%I64d", filterid);
- /* Forth filter. Permit IPv6 DNS queries from TAP. */
+ /* Sixth filter. Permit IPv6 DNS queries from TAP. */
Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
/* Add filter condition to our interface. */
@@ -1323,6 +1342,20 @@ win32_version_info()
}
}
+bool
+win32_is_64bit()
+{
+#if defined(_WIN64)
+ return true; // 64-bit programs run only on Win64
+#elif defined(_WIN32)
+ // 32-bit programs run on both 32-bit and 64-bit Windows
+ BOOL f64 = FALSE;
+ return IsWow64Process(GetCurrentProcess(), &f64) && f64;
+#else
+ return false; // Win64 does not support Win16
+#endif
+}
+
const char *
win32_version_string(struct gc_arena *gc, bool add_name)
{
@@ -1349,6 +1382,8 @@ win32_version_string(struct gc_arena *gc, bool add_name)
break;
}
+ buf_printf (&out, win32_is_64bit() ? " 64bit" : " 32bit");
+
return (const char *)out.data;
}