andrei/amnezia-client
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amnezia-client.git synced 2026-06-22 02:01:08 +07:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: revoke old endpoint from KS allowlist after server switch

Browse Source
This commit is contained in:
cd-amn
2026-05-07 15:26:01 +04:00
parent f67927667a
commit 4bca2df4a2
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client/core/vpnTrafficGuard.cpp
+16
View File
@@ -35,6 +35,9 @@ bool VpnTrafficGuard::allowEndpoint(const QString &remoteAddress)
if (remoteAddress.isEmpty()) { if (remoteAddress.isEmpty()) {
return false; return false;
} }
if (!m_allowedEndpoints.contains(remoteAddress)) {
m_allowedEndpoints.append(remoteAddress);
}
return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) { return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
QRemoteObjectPendingReply<bool> reply = iface->addKillSwitchAllowedRange(QStringList(remoteAddress)); QRemoteObjectPendingReply<bool> reply = iface->addKillSwitchAllowedRange(QStringList(remoteAddress));
return reply.waitForFinished(1000) && reply.returnValue(); return reply.waitForFinished(1000) && reply.returnValue();
@@ -45,6 +48,18 @@ bool VpnTrafficGuard::allowEndpoint(const QString &remoteAddress)
#endif #endif
} }
void VpnTrafficGuard::revokeEndpoint(const QString &remoteAddress)
{
#ifdef AMNEZIA_DESKTOP
m_allowedEndpoints.removeAll(remoteAddress);
IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> iface) {
iface->resetKillSwitchAllowedRange(m_allowedEndpoints);
});
#else
Q_UNUSED(remoteAddress)
#endif
}
void VpnTrafficGuard::setupRoutes(const QJsonObject &vpnConfiguration, const QSharedPointer<VpnProtocol> &protocol, const QString &remoteAddress) void VpnTrafficGuard::setupRoutes(const QJsonObject &vpnConfiguration, const QSharedPointer<VpnProtocol> &protocol, const QString &remoteAddress)
{ {
#ifdef AMNEZIA_DESKTOP #ifdef AMNEZIA_DESKTOP
@@ -222,6 +237,7 @@ void VpnTrafficGuard::teardown()
#ifdef AMNEZIA_DESKTOP #ifdef AMNEZIA_DESKTOP
IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) { IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
QRemoteObjectPendingReply<bool> reply = iface->disableKillSwitch(); QRemoteObjectPendingReply<bool> reply = iface->disableKillSwitch();
m_allowedEndpoints.clear();
//TODO: why it takes so long? //TODO: why it takes so long?
if (!reply.waitForFinished(5000) || !reply.returnValue()) { if (!reply.waitForFinished(5000) || !reply.returnValue()) {
qWarning() << "VpnTrafficGuard::teardown: Failed to disable killswitch"; qWarning() << "VpnTrafficGuard::teardown: Failed to disable killswitch";
client/core/vpnTrafficGuard.h
+2 -1
View File
@@ -19,13 +19,14 @@ public:
void teardown(); void teardown();
bool allowEndpoint(const QString &remoteAddress); bool allowEndpoint(const QString &remoteAddress);
void revokeEndpoint(const QString &remoteAddress);
void applyFirewall(const QString &vpnGateway, const QString &vpnLocalAddress); void applyFirewall(const QString &vpnGateway, const QString &vpnLocalAddress);
private: private:
void addSplitTunnelRoutes(const QString &gateway, amnezia::RouteMode mode); void addSplitTunnelRoutes(const QString &gateway, amnezia::RouteMode mode);
SecureAppSettingsRepository* m_appSettingsRepository; SecureAppSettingsRepository* m_appSettingsRepository;
QJsonObject m_config; QJsonObject m_config;
bool m_ipv6RoutingStopped = false; bool m_ipv6RoutingStopped = false;
QStringList m_allowedEndpoints;
}; };
#endif // VPNTRAFFICGUARD_H #endif // VPNTRAFFICGUARD_H