static WCHAR *FIREWALL_NAME = L"OpenVPN";
+VOID NETIOAPI_API_
+InitializeIpInterfaceEntry(PMIB_IPINTERFACE_ROW Row);
+
/*
* Default msg handler does nothing
*/
return err;
}
+/*
+ * Returns interface metric value for specified interface index.
+ *
+ * Arguments:
+ * index : The index of TAP adapter.
+ * family : Address family (AF_INET for IPv4 and AF_INET6 for IPv6).
+ * Returns positive metric value or zero for automatic metric on success,
+ * a less then zero error code on failure.
+ */
+
+int
+get_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family)
+{
+ DWORD err = 0;
+ MIB_IPINTERFACE_ROW ipiface;
+ InitializeIpInterfaceEntry(&ipiface);
+ ipiface.Family = family;
+ ipiface.InterfaceIndex = index;
+ err = GetIpInterfaceEntry(&ipiface);
+ if (err == NO_ERROR)
+ {
+ if (ipiface.UseAutomaticMetric)
+ {
+ return 0;
+ }
+ return ipiface.Metric;
+ }
+ return -err;
+}
+
+/*
+ * Sets interface metric value for specified interface index.
+ *
+ * Arguments:
+ * index : The index of TAP adapter.
+ * family : Address family (AF_INET for IPv4 and AF_INET6 for IPv6).
+ * metric : Metric value. 0 for automatic metric.
+ * Returns 0 on success, a non-zero status code of the last failed action on failure.
+ */
+
+DWORD
+set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
+ const ULONG metric)
+{
+ DWORD err = 0;
+ MIB_IPINTERFACE_ROW ipiface;
+ InitializeIpInterfaceEntry(&ipiface);
+ ipiface.Family = family;
+ ipiface.InterfaceIndex = index;
+ err = GetIpInterfaceEntry(&ipiface);
+ if (err == NO_ERROR)
+ {
+ if (family == AF_INET)
+ {
+ /* required for IPv4 as per MSDN */
+ ipiface.SitePrefixLength = 0;
+ }
+ ipiface.Metric = metric;
+ if (metric == 0)
+ {
+ ipiface.UseAutomaticMetric = TRUE;
+ }
+ else
+ {
+ ipiface.UseAutomaticMetric = FALSE;
+ }
+ err = SetIpInterfaceEntry(&ipiface);
+ if (err == NO_ERROR)
+ {
+ return 0;
+ }
+ }
+ return err;
+}
+
#endif /* ifdef _WIN32 */
#ifndef OPENVPN_BLOCK_DNS_H
#define OPENVPN_BLOCK_DNS_H
+/* Any value less than 5 should work fine. 3 is choosen without any real reason. */
+#define BLOCK_DNS_IFACE_METRIC 3
+
typedef void (*block_dns_msg_handler_t) (DWORD err, const char *msg);
DWORD
add_block_dns_filters(HANDLE *engine, int iface_index, const WCHAR *exe_path,
block_dns_msg_handler_t msg_handler_callback);
+/**
+ * Returns interface metric value for specified interface index.
+ *
+ * @param index The index of TAP adapter
+ * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6)
+ *
+ * @return positive metric value or zero for automatic metric on success,
+ * a less then zero error code on failure.
+ */
+
+int
+get_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family);
+
+/**
+ * Sets interface metric value for specified interface index.
+ *
+ * @param index The index of TAP adapter
+ * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6)
+ * @param metric Metric value. 0 for automatic metric
+ *
+ * @return 0 on success, a non-zero status code of the last failed action on failure.
+ */
+
+DWORD
+set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
+ const ULONG metric);
+
#endif
#endif
#if defined(_WIN32)
if (c->options.block_outside_dns)
{
- if (!win_wfp_uninit(c->options.msg_channel))
+ if (!win_wfp_uninit(adapter_index, c->options.msg_channel))
{
msg(M_FATAL, "Uninitialising WFP failed!");
}
#if defined(_WIN32)
if (c->options.block_outside_dns)
{
- if (!win_wfp_uninit(c->options.msg_channel))
+ if (!win_wfp_uninit(adapter_index, c->options.msg_channel))
{
msg(M_FATAL, "Uninitialising WFP failed!");
}
*/
static HANDLE m_hEngineHandle = NULL; /* GLOBAL */
+/*
+ * TAP adapter original metric value
+ */
+static int tap_metric_v4 = -1; /* GLOBAL */
+static int tap_metric_v6 = -1; /* GLOBAL */
+
/*
* Windows internal socket API state (opaque).
*/
status = add_block_dns_filters(&m_hEngineHandle, index, openvpnpath,
block_dns_msg_handler);
+ if (status == 0)
+ {
+ tap_metric_v4 = get_interface_metric(index, AF_INET);
+ tap_metric_v6 = get_interface_metric(index, AF_INET6);
+ if (tap_metric_v4 < 0)
+ {
+ /* error, should not restore metric */
+ tap_metric_v4 = -1;
+ }
+ if (tap_metric_v6 < 0)
+ {
+ /* error, should not restore metric */
+ tap_metric_v6 = -1;
+ }
+ status = set_interface_metric(index, AF_INET, BLOCK_DNS_IFACE_METRIC);
+ if (!status)
+ {
+ set_interface_metric(index, AF_INET6, BLOCK_DNS_IFACE_METRIC);
+ }
+ }
+
ret = (status == 0);
out:
}
bool
-win_wfp_uninit(const HANDLE msg_channel)
+win_wfp_uninit(const NET_IFINDEX index, const HANDLE msg_channel)
{
dmsg(D_LOW, "Uninitializing WFP");
if (msg_channel)
{
msg(D_LOW, "Using service to delete block dns filters");
- win_block_dns_service(false, -1, msg_channel);
+ win_block_dns_service(false, index, msg_channel);
}
else
{
delete_block_dns_filters(m_hEngineHandle);
m_hEngineHandle = NULL;
+ if (tap_metric_v4 >= 0)
+ {
+ set_interface_metric(index, AF_INET, tap_metric_v4);
+ }
+ if (tap_metric_v6 >= 0)
+ {
+ set_interface_metric(index, AF_INET6, tap_metric_v6);
+ }
}
return true;
bool win_wfp_block_dns(const NET_IFINDEX index, const HANDLE msg_channel);
-bool win_wfp_uninit(const HANDLE msg_channel);
+bool win_wfp_uninit(const NET_IFINDEX index, const HANDLE msg_channel);
#define WIN_XP 0
#define WIN_VISTA 1
} undo_type_t;
typedef list_item_t *undo_lists_t[_undo_type_max];
+typedef struct {
+ HANDLE engine;
+ int index;
+ int metric_v4;
+ int metric_v6;
+} block_dns_data_t;
+
static DWORD
AddListItem(list_item_t **pfirst, LPVOID data)
HandleBlockDNSMessage(const block_dns_message_t *msg, undo_lists_t *lists)
{
DWORD err = 0;
+ block_dns_data_t *interface_data;
HANDLE engine = NULL;
LPCWSTR exe_path;
err = add_block_dns_filters(&engine, msg->iface.index, exe_path, BlockDNSErrHandler);
if (!err)
{
- err = AddListItem(&(*lists)[block_dns], engine);
+ interface_data = malloc(sizeof(block_dns_data_t));
+ if (!interface_data)
+ {
+ return ERROR_OUTOFMEMORY;
+ }
+ interface_data->engine = engine;
+ interface_data->index = msg->iface.index;
+ interface_data->metric_v4 = get_interface_metric(msg->iface.index,
+ AF_INET);
+ if (interface_data->metric_v4 < 0)
+ {
+ interface_data->metric_v4 = -1;
+ }
+ interface_data->metric_v6 = get_interface_metric(msg->iface.index,
+ AF_INET6);
+ if (interface_data->metric_v6 < 0)
+ {
+ interface_data->metric_v6 = -1;
+ }
+ err = AddListItem(&(*lists)[block_dns], interface_data);
+ if (!err)
+ {
+ err = set_interface_metric(msg->iface.index, AF_INET,
+ BLOCK_DNS_IFACE_METRIC);
+ if (!err)
+ {
+ set_interface_metric(msg->iface.index, AF_INET6,
+ BLOCK_DNS_IFACE_METRIC);
+ }
+ }
}
}
else
{
- engine = RemoveListItem(&(*lists)[block_dns], CmpEngine, NULL);
- if (engine)
+ interface_data = RemoveListItem(&(*lists)[block_dns], CmpEngine, NULL);
+ if (interface_data)
{
+ engine = interface_data->engine;
err = delete_block_dns_filters(engine);
engine = NULL;
+ if (interface_data->metric_v4 >= 0)
+ {
+ set_interface_metric(msg->iface.index, AF_INET,
+ interface_data->metric_v4);
+ }
+ if (interface_data->metric_v6 >= 0)
+ {
+ set_interface_metric(msg->iface.index, AF_INET6,
+ interface_data->metric_v6);
+ }
+ free(interface_data);
}
else
{
Undo(undo_lists_t *lists)
{
undo_type_t type;
+ block_dns_data_t *interface_data;
for (type = 0; type < _undo_type_max; type++)
{
list_item_t **pnext = &(*lists)[type];
break;
case block_dns:
- delete_block_dns_filters(item->data);
- item->data = NULL;
+ interface_data = (block_dns_data_t*)(item->data);
+ delete_block_dns_filters(interface_data->engine);
+ if (interface_data->metric_v4 >= 0)
+ {
+ set_interface_metric(interface_data->index, AF_INET,
+ interface_data->metric_v4);
+ }
+ if (interface_data->metric_v6 >= 0)
+ {
+ set_interface_metric(interface_data->index, AF_INET6,
+ interface_data->metric_v6);
+ }
break;
}
projects / thirdparty / openvpn.git / commitdiff
