From b6188baeb877d892c36c0542f58359095d7130b3 Mon Sep 17 00:00:00 2001 From: cd-amn Date: Thu, 21 May 2026 18:46:39 +0400 Subject: [PATCH] fix: traffic drops for killswitch blacklisted sites during the switch --- service/server/killswitch.cpp | 24 +++++++++++++++++++++--- service/server/killswitch.h | 2 ++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/service/server/killswitch.cpp b/service/server/killswitch.cpp index a0f68008a..67437d1b4 100644 --- a/service/server/killswitch.cpp +++ b/service/server/killswitch.cpp @@ -164,25 +164,36 @@ bool KillSwitch::disableAllTraffic() { return true; } +QStringList KillSwitch::combinedAllowNets() const { + QStringList result = m_allowedRanges; + for (const QString &site : m_splitTunnelAllows) { + if (!site.isEmpty() && !result.contains(site)) { + result.append(site); + } + } + return result; +} + bool KillSwitch::resetAllowedRange(const QStringList &ranges) { m_allowedRanges = ranges; + const QStringList combined = combinedAllowNets(); #ifdef Q_OS_LINUX LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), true); - LinuxFirewall::updateAllowNets(m_allowedRanges); + LinuxFirewall::updateAllowNets(combined); #endif #ifdef Q_OS_MACOS MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), true); - MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), m_allowedRanges); + MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), combined); #endif #ifdef Q_OS_WIN if (isStrictKillSwitchEnabled()) { WindowsFirewall::create(this)->enableInterface(-1); } - WindowsFirewall::create(this)->allowTrafficRange(m_allowedRanges); + WindowsFirewall::create(this)->allowTrafficRange(combined); #endif return true; @@ -306,6 +317,13 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn allownets.append(v.toString()); } } + + m_splitTunnelAllows = allownets; + for (const QString &endpoint : m_allowedRanges) { + if (!endpoint.isEmpty() && !allownets.contains(endpoint)) { + allownets.append(endpoint); + } + } #endif #ifdef Q_OS_LINUX diff --git a/service/server/killswitch.h b/service/server/killswitch.h index 70ea3ced7..d4022aae8 100644 --- a/service/server/killswitch.h +++ b/service/server/killswitch.h @@ -23,7 +23,9 @@ public: private: KillSwitch(QObject* parent) {}; + QStringList combinedAllowNets() const; QStringList m_allowedRanges; + QStringList m_splitTunnelAllows; QSharedPointer m_appSettigns; };