andrei/amnezia-client
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amnezia-client.git synced 2026-06-20 02:00:55 +07:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: revoke old endpoint from KS allowlist after server switch

Browse Source
This commit is contained in:
cd-amn
2026-05-07 15:26:01 +04:00
parent 3a133ad6b5
commit dfe2965aea
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client/core/vpnTrafficGuard.cpp
+16
View File
@@ -35,6 +35,9 @@ bool VpnTrafficGuard::allowEndpoint(const QString &remoteAddress)
if (remoteAddress.isEmpty()) {
return false;
}
if (!m_allowedEndpoints.contains(remoteAddress)) {
m_allowedEndpoints.append(remoteAddress);
}
return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
QRemoteObjectPendingReply<bool> reply = iface->addKillSwitchAllowedRange(QStringList(remoteAddress));
return reply.waitForFinished(1000) && reply.returnValue();
@@ -45,6 +48,18 @@ bool VpnTrafficGuard::allowEndpoint(const QString &remoteAddress)
#endif
}
void VpnTrafficGuard::revokeEndpoint(const QString &remoteAddress)
{
#ifdef AMNEZIA_DESKTOP
m_allowedEndpoints.removeAll(remoteAddress);
IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> iface) {
iface->resetKillSwitchAllowedRange(m_allowedEndpoints);
});
#else
Q_UNUSED(remoteAddress)
#endif
}
void VpnTrafficGuard::setupRoutes(const QJsonObject &vpnConfiguration, const QSharedPointer<VpnProtocol> &protocol, const QString &remoteAddress)
{
#ifdef AMNEZIA_DESKTOP
@@ -222,6 +237,7 @@ void VpnTrafficGuard::teardown()
#ifdef AMNEZIA_DESKTOP
IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
QRemoteObjectPendingReply<bool> reply = iface->disableKillSwitch();
m_allowedEndpoints.clear();
//TODO: why it takes so long?
if (!reply.waitForFinished(5000) || !reply.returnValue()) {
qWarning() << "VpnTrafficGuard::teardown: Failed to disable killswitch";
client/core/vpnTrafficGuard.h
+2 -1
View File
@@ -19,13 +19,14 @@ public:
void teardown();
bool allowEndpoint(const QString &remoteAddress);
void revokeEndpoint(const QString &remoteAddress);
void applyFirewall(const QString &vpnGateway, const QString &vpnLocalAddress);
private:
void addSplitTunnelRoutes(const QString &gateway, amnezia::RouteMode mode);
SecureAppSettingsRepository* m_appSettingsRepository;
QJsonObject m_config;
bool m_ipv6RoutingStopped = false;
QStringList m_allowedEndpoints;
};
#endif // VPNTRAFFICGUARD_H