diff --git a/README.md b/README.md index 79f125db..2b3c6ec5 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,7 @@ The application installs to `/opt/windscribe`. ### Logs - Client app and location pings: `~/.local/share/Windscribe/Windscribe2` -- Helper: `/opt/windscribe/helper_log.txt` +- Helper: `/var/log/windscribe/helper_log.txt` ## Contributing diff --git a/backend/linux/helper/firewallcontroller.cpp b/backend/linux/helper/firewallcontroller.cpp index c53a190e..be376f14 100644 --- a/backend/linux/helper/firewallcontroller.cpp +++ b/backend/linux/helper/firewallcontroller.cpp @@ -55,6 +55,7 @@ bool FirewallController::enable(bool ipv6, const std::string &rules) // reapply split tunneling rules if necessary setSplitTunnelIpExceptions(splitTunnelIps_); setSplitTunnelAppExceptions(); + setSplitTunnelIngressRules(defaultAdapterIp_); return 0; } @@ -88,16 +89,18 @@ void FirewallController::disable() Utils::executeCommand("rm", {"-f", "/etc/windscribe/rules.v6"}); } -void FirewallController::setSplitTunnelingEnabled(bool isConnected, bool isEnabled, bool isExclude, const std::string &defaultAdapter) +void FirewallController::setSplitTunnelingEnabled(bool isConnected, bool isEnabled, bool isExclude, const std::string &defaultAdapter, const std::string &defaultAdapterIp) { connected_ = isConnected; splitTunnelEnabled_ = isEnabled; splitTunnelExclude_ = isExclude; prevAdapter_ = defaultAdapter_; defaultAdapter_ = defaultAdapter; + defaultAdapterIp_ = defaultAdapterIp; setSplitTunnelIpExceptions(splitTunnelIps_); setSplitTunnelAppExceptions(); + setSplitTunnelIngressRules(defaultAdapterIp_); } void FirewallController::removeExclusiveIpRules() @@ -133,6 +136,20 @@ void FirewallController::removeInclusiveAppRules() } } +void FirewallController::setSplitTunnelIngressRules(const std::string &defaultAdapterIp) +{ + if (!connected_ || !splitTunnelEnabled_ || splitTunnelExclude_) { + Logger::instance().out("Deleting ingress rules"); + Utils::executeCommand("iptables", {"-D", "PREROUTING", "-t", "mangle", "-d", defaultAdapterIp.c_str(), "-j", "CONNMARK", "--set-mark", CGroups::instance().mark(), "-m", "comment", "--comment", kTag}); + Utils::executeCommand("iptables", {"-D", "OUTPUT", "-t", "mangle", "-j", "CONNMARK", "--restore-mark", "-m", "comment", "--comment", kTag}); + return; + } + + Logger::instance().out("Adding ingress rules"); + addRule({"PREROUTING", "-t", "mangle", "-d", defaultAdapterIp.c_str(), "-j", "CONNMARK", "--set-mark", CGroups::instance().mark(), "-m", "comment", "--comment", kTag}); + addRule({"OUTPUT", "-t", "mangle", "-j", "CONNMARK", "--restore-mark", "-m", "comment", "--comment", kTag}); +} + void FirewallController::setSplitTunnelAppExceptions() { if (!connected_ || !splitTunnelEnabled_) { diff --git a/backend/linux/helper/firewallcontroller.h b/backend/linux/helper/firewallcontroller.h index 23a8eb7b..249cae98 100644 --- a/backend/linux/helper/firewallcontroller.h +++ b/backend/linux/helper/firewallcontroller.h @@ -23,7 +23,8 @@ class FirewallController bool isConnected, bool isEnabled, bool isExclude, - const std::string &adapter); + const std::string &adapter, + const std::string &adapterIp); void setSplitTunnelIpExceptions(const std::vector &ips); private: @@ -35,6 +36,7 @@ class FirewallController bool splitTunnelExclude_; std::vector splitTunnelIps_; std::string defaultAdapter_; + std::string defaultAdapterIp_; std::string prevAdapter_; std::string netclassid_; @@ -43,5 +45,6 @@ class FirewallController void removeExclusiveAppRules(); void removeInclusiveAppRules(); void setSplitTunnelAppExceptions(); + void setSplitTunnelIngressRules(const std::string &defaultAdapterIp); void addRule(const std::vector &args); }; diff --git a/backend/linux/helper/logger.cpp b/backend/linux/helper/logger.cpp index 51cff051..127601bd 100644 --- a/backend/linux/helper/logger.cpp +++ b/backend/linux/helper/logger.cpp @@ -25,10 +25,12 @@ void Logger::out(const char *str, ...) bytesOut += vsnprintf(buf + bytesOut, sizeof(buf) - bytesOut, str, args); va_end (args); + auto res = system("mkdir -p /var/log/windscribe"); + if ((bytesOut > 0) && (bytesOut < sizeof(buf))) { mutex_.lock(); - FILE* logFile = fopen("/opt/windscribe/helper_log.txt", "a"); + FILE* logFile = fopen("/var/log/windscribe/helper_log.txt", "a"); if (logFile != NULL) { fprintf(logFile, "%s\n", buf); diff --git a/backend/linux/helper/process_command.cpp b/backend/linux/helper/process_command.cpp index ae5968bb..e8560354 100644 --- a/backend/linux/helper/process_command.cpp +++ b/backend/linux/helper/process_command.cpp @@ -391,7 +391,7 @@ CMD_ANSWER startCtrld(boost::archive::text_iarchive &ia) } } if (cmd.isCreateLog) { - arguments << " --log /opt/windscribe/ctrld.log"; + arguments << " --log /var/log/windscribe/ctrld.log"; arguments << " -vv"; } diff --git a/backend/linux/helper/split_tunneling/split_tunneling.cpp b/backend/linux/helper/split_tunneling/split_tunneling.cpp index 9cfdd414..aef17531 100644 --- a/backend/linux/helper/split_tunneling/split_tunneling.cpp +++ b/backend/linux/helper/split_tunneling/split_tunneling.cpp @@ -82,6 +82,7 @@ bool SplitTunneling::updateState() connectStatus_.isConnected, isSplitTunnelActive_, isExclude_, - connectStatus_.defaultAdapter.adapterName); + connectStatus_.defaultAdapter.adapterName, + connectStatus_.defaultAdapter.adapterIp); return false; } diff --git a/backend/linux/helper/utils.cpp b/backend/linux/helper/utils.cpp index a62b3f41..48edf38a 100644 --- a/backend/linux/helper/utils.cpp +++ b/backend/linux/helper/utils.cpp @@ -82,7 +82,7 @@ std::string getFullCommand(const std::string &exePath, const std::string &execut // check only for release build #ifdef NDEBUG - if (std::string(canonicalPath).rfind("/opt/windscribe", 0) != 0) { + if (std::string(canonicalPath).rfind("/opt/windscribe", 0) != 0 && std::string(canonicalPath).rfind("/usr/lib/opt/windscribe", 0) != 0) { // Don't execute arbitrary commands, only executables that are in our application directory Logger::instance().out("Executable not in correct path, ignoring."); free(canonicalPath); diff --git a/backend/mac/helper/helper-info.plist b/backend/mac/helper/helper-info.plist index 57c2b225..bd67e0dd 100644 --- a/backend/mac/helper/helper-info.plist +++ b/backend/mac/helper/helper-info.plist @@ -9,7 +9,7 @@ CFBundleName WindscribeHelper CFBundleVersion - 76 + 77 NSHumanReadableCopyright Copyright © 2024 Windscribe Limited. All rights reserved. LSMinimumSystemVersion diff --git a/backend/mac/helper/process_command.cpp b/backend/mac/helper/process_command.cpp index 0a8277da..51e7771a 100644 --- a/backend/mac/helper/process_command.cpp +++ b/backend/mac/helper/process_command.cpp @@ -683,8 +683,6 @@ CMD_ANSWER getInterfaceSsid(boost::archive::text_iarchive &ia) CMD_ANSWER answer; CMD_GET_INTERFACE_SSID cmd; ia >> cmd; - LOG("Get interface SSID for %s", cmd.interface.c_str()); - std::string output; answer.executed = Utils::executeCommand("/usr/bin/wdutil", {"info"}, &output); @@ -703,10 +701,8 @@ CMD_ANSWER getInterfaceSsid(boost::archive::text_iarchive &ia) while (getline(stream, line)) { if (line.find("SSID") != std::string::npos) { answer.body = line.substr(line.find(":") + 2); - LOG("Found SSID for %s: %s", cmd.interface.c_str(), answer.body.c_str()); return answer; } } - LOG("No SSID for %s", cmd.interface.c_str()); return answer; } diff --git a/client/base/backend/backend.h b/client/base/backend/backend.h index 36cf1097..fba6b40b 100644 --- a/client/base/backend/backend.h +++ b/client/base/backend/backend.h @@ -1,7 +1,6 @@ #pragma once #include -#include #include #include "connectstatehelper.h" diff --git a/client/common/changelog.txt b/client/common/changelog.txt index aa350a4b..2a056904 100644 --- a/client/common/changelog.txt +++ b/client/common/changelog.txt @@ -1,3 +1,21 @@ +2.11.11 (12/09/2024) +All: + * Clear DNS cache in wsnet when connecting or disconnecting to the VPN. #1122 + + +2.11.10 (10/09/2024) +All: + * Fixed unable to reach API after failover while connected. Fix in wsnet, treat address 0.0.0.0 a DNS-error. #1122 +Windows: + * Fix ctrld not starting even after external DNS service stopped. #1123 +MacOS: + * Fixed macOS auto-update process fails to mount installer. #1118 + * Fixed spammy log when getting SSID. #1126 +Linux: + * Fixed some ingress packets are dropped incorrectly when using inclusive split tunneling. #1124 + * Fixed OpenVPN protocols not working on immutable distros. #1128 + + 2.11.9 (03/09/2024) All: * Improved dialog verbiage when secure hotspot is enabled without Wi-Fi. #1005 diff --git a/client/common/licenses/open_source_licenses.txt b/client/common/licenses/open_source_licenses.txt index 19dec57a..b6f1b952 100644 --- a/client/common/licenses/open_source_licenses.txt +++ b/client/common/licenses/open_source_licenses.txt @@ -9,6 +9,15 @@ Windscribe uses the following open source software: - OpenVPN (GPLv2) - NSIS zlib/libpng - OpenSSL (Apache License) +- Open Quantum Safe provider for OpenSSL (MIT) +- RapidJSON (MIT) +- Skyr URL (BSLv1) +- SpdLog (MIT) +- WinReg (MIT) +- CMakeRC (MIT) +- cpp-base64 +- ADVobfuscator +- 7-Zip (GNU LGPL) ============================ LICENSES BELOW ============================== @@ -1250,3 +1259,351 @@ incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS + +----------------------------------------------------------------------------- + +Open Quantum Safe provider for OpenSSL (MIT) + +The MIT license, the text of which is below, applies to oqs-provider in general. + +Copyright (c) 2016-2024 The Open Quantum Safe project authors. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +----------------------------------------------------------------------------- + +SpdLog + +The MIT License (MIT) + +Copyright (c) 2016 Gabi Melman. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +-- NOTE: Third party dependency used by this software -- +This software depends on the fmt lib (MIT License), +and users must comply to its license: https://raw.githubusercontent.com/fmtlib/fmt/master/LICENSE + +----------------------------------------------------------------------------- + +WinReg + +MIT License + +Copyright (c) 2017-2024 by Giovanni Dicanio + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +----------------------------------------------------------------------------- + +RapidJSON + +MIT License + +Tencent is pleased to support the open source community by making RapidJSON available. + +Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip. All rights reserved. + +If you have downloaded a copy of the RapidJSON binary from Tencent, please note that the RapidJSON binary is licensed under the MIT License. +If you have downloaded a copy of the RapidJSON source code from Tencent, please note that RapidJSON source code is licensed under the MIT License, except for the third-party components listed below which are subject to different license terms. Your integration of RapidJSON into your own projects may require compliance with the MIT License, as well as the other licenses applicable to the third-party components included within RapidJSON. To avoid the problematic JSON license in your own projects, it's sufficient to exclude the bin/jsonchecker/ directory, as it's the only code under the JSON license. +A copy of the MIT License is included in this file. + +Other dependencies and licenses: + +Open Source Software Licensed Under the BSD License: +-------------------------------------------------------------------- + +The msinttypes r29 +Copyright (c) 2006-2013 Alexander Chemeris +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +* Neither the name of copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Open Source Software Licensed Under the JSON License: +-------------------------------------------------------------------- + +json.org +Copyright (c) 2002 JSON.org +All Rights Reserved. + +JSON_checker +Copyright (c) 2002 JSON.org +All Rights Reserved. + + +Terms of the JSON License: +--------------------------------------------------- + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +The Software shall be used for Good, not Evil. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +Terms of the MIT License: +-------------------------------------------------------------------- + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +----------------------------------------------------------------------------- + +Skyr URL + +Boost Software License - Version 1.0 - August 17th, 2003 + +Permission is hereby granted, free of charge, to any person or organization +obtaining a copy of the software and accompanying documentation covered by +this license (the "Software") to use, reproduce, display, distribute, +execute, and transmit the Software, and to prepare derivative works of the +Software, and to permit third-parties to whom the Software is furnished to +do so, all subject to the following: + +The copyright notices in the Software and this entire statement, including +the above license grant, this restriction and the following disclaimer, +must be included in all copies of the Software, in whole or in part, and +all derivative works of the Software, unless such copies or derivative +works are solely in the form of machine-executable object code generated by +a source language processor. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT +SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE +FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +----------------------------------------------------------------------------- + +CMakeRC + +MIT License + +Copyright (c) 2017 vector-of-bool + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +----------------------------------------------------------------------------- + +cpp-base64 + +Copyright © 2004-2017 by René Nyffenegger + +This source code is provided 'as-is', without any express or implied +warranty. In no event will the author be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + +1. The origin of this source code must not be misrepresented; you must not + claim that you wrote the original source code. If you use this source code + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original source code. + +3. This notice may not be removed or altered from any source distribution. + +----------------------------------------------------------------------------- + +ADVobfuscator + +Written by Sebastien Andrivet - Copyright © 2010-2017 Sebastien Andrivet. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. +3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +----------------------------------------------------------------------------- + +7-Zip + +License for use and distribution +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +7-Zip Copyright (C) 1999-2023 Igor Pavlov. + +The licenses for files are: + +1) 7z.dll: + - The "GNU LGPL" as main license for most of the code + - The "GNU LGPL" with "unRAR license restriction" for some code + - The "BSD 3-clause License" for some code +2) All other files: the "GNU LGPL". + +Redistributions in binary form must reproduce related license information from this file. + +Note: +You can use 7-Zip on any computer, including a computer in a commercial +organization. You don't need to register or pay for 7-Zip. + + +GNU LGPL information +-------------------- + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You can receive a copy of the GNU Lesser General Public License from +http://www.gnu.org/ + +BSD 3-clause License +-------------------- + +The "BSD 3-clause License" is used for the code in 7z.dll that implements LZFSE +data decompression. That code was derived from the code in the "LZFSE compression +library" developed by Apple Inc, that also uses the "BSD 3-clause License": + +---- +Copyright (c) 2015-2016, Apple Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this + list of conditions and the following disclaimer in the documentation and/or + other materials provided with the distribution. + +3. Neither the name of the copyright holder(s) nor the names of any contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. +---- + +unRAR license restriction +------------------------- + +The decompression engine for RAR archives was developed using source +code of unRAR program. +All copyrights to original unRAR code are owned by Alexander Roshal. + +The license for original unRAR code has the following restriction: + + The unRAR sources cannot be used to re-create the RAR compression algorithm, + which is proprietary. Distribution of modified unRAR sources in separate form + or as a part of other software is permitted, provided that it is clearly + stated in the documentation and source comments that the code may + not be used to develop a RAR (WinRAR) compatible archiver. + + +-- +Igor Pavlov diff --git a/client/common/utils/mergelog.cpp b/client/common/utils/mergelog.cpp index 3e738183..2d1a655f 100644 --- a/client/common/utils/mergelog.cpp +++ b/client/common/utils/mergelog.cpp @@ -148,7 +148,7 @@ const QString MergeLog::guiLogLocation() const QString MergeLog::serviceLogLocation() { #if defined(Q_OS_LINUX) - return qApp->applicationDirPath() + "/helper_log.txt"; + return "/var/log/windscribe/helper_log.txt"; #elif defined(Q_OS_MACOS) return "/Library/Logs/com.windscribe.helper.macos/helper_log.txt"; #else diff --git a/client/common/utils/network_utils/network_utils_mac.cpp b/client/common/utils/network_utils/network_utils_mac.cpp index bda7dac0..7e09c389 100644 --- a/client/common/utils/network_utils/network_utils_mac.cpp +++ b/client/common/utils/network_utils/network_utils_mac.cpp @@ -3,7 +3,6 @@ #include #include #include -#include #include #include @@ -254,4 +253,4 @@ QStringList NetworkUtils_mac::getP2P_AWDL_NetworkInterfaces() QString NetworkUtils_mac::getRoutingTable() { return Utils::execCmd("netstat -rn -finet").trimmed(); -} \ No newline at end of file +} diff --git a/client/common/version/windscribe_version.h b/client/common/version/windscribe_version.h index 64a2d571..0c9f4268 100644 --- a/client/common/version/windscribe_version.h +++ b/client/common/version/windscribe_version.h @@ -2,10 +2,10 @@ #define WINDSCRIBE_MAJOR_VERSION 2 #define WINDSCRIBE_MINOR_VERSION 11 -#define WINDSCRIBE_BUILD_VERSION 9 +#define WINDSCRIBE_BUILD_VERSION 11 // only one of these should be enabled; neither -> stable -#define WINDSCRIBE_IS_BETA +//#define WINDSCRIBE_IS_BETA //#define WINDSCRIBE_IS_GUINEA_PIG #define STR_HELPER(x) #x diff --git a/client/engine/engine/autoupdater/autoupdaterhelper_mac.cpp b/client/engine/engine/autoupdater/autoupdaterhelper_mac.cpp index 131e820f..7f93180e 100644 --- a/client/engine/engine/autoupdater/autoupdaterhelper_mac.cpp +++ b/client/engine/engine/autoupdater/autoupdaterhelper_mac.cpp @@ -8,6 +8,7 @@ #include "names.h" #include "utils/utils.h" #include "utils/executable_signature/executable_signature.h" +#include AutoUpdaterHelper_mac::AutoUpdaterHelper_mac() { @@ -132,35 +133,30 @@ const QString AutoUpdaterHelper_mac::mountDmg(const QString &dmgFilename) qCDebug(LOG_AUTO_UPDATER) << "Mounting: " << dmgFilename; // mount - QStringList args; - args << "attach"; - args << "" + dmgFilename + ""; - QProcess mountProcess; - mountProcess.start("/usr/bin/hdiutil", args); - if (!mountProcess.waitForStarted()) - { - qCDebug(LOG_AUTO_UPDATER) << "Failed to start mounting process"; - return ""; - } - if (!mountProcess.waitForFinished()) - { - qCDebug(LOG_AUTO_UPDATER) << "Mounting process has failed"; - return ""; - } - - if (mountProcess.exitCode() != 0) - { - qCDebug(LOG_AUTO_UPDATER) << "Mounting process failed with exit code: " << mountProcess.exitCode(); + // we use boost::process instead of QProcess here because we encountered + // that QProcess has a bug when waiting for the process to finish on MacOS + using namespace boost::process; + ipstream pipe_stream; + child c("/usr/bin/hdiutil", "attach", dmgFilename.toStdString(), std_out > pipe_stream); + + std::string line; + std::error_code ec; + QStringList lines; + while (pipe_stream && std::getline(pipe_stream, line) && !line.empty()) + lines << QString::fromStdString(line); + + c.wait(ec); + + if (ec.value() != 0) { + qCDebug(LOG_AUTO_UPDATER) << "Mounting process failed with exit code: " << ec.value(); return ""; } // parse output for volume mount point - const QString mountingOutput = mountProcess.readAll(); - const QList lines = mountingOutput.split("\n", Qt::SkipEmptyParts); if (lines.length() > 0) { const QString lastLine = lines[lines.length()-1]; - QRegularExpression regExp("\\s+"); + static QRegularExpression regExp("\\s+"); QStringList entries = lastLine.split(regExp, Qt::SkipEmptyParts); if (entries.length() > 2) @@ -173,8 +169,7 @@ const QString AutoUpdaterHelper_mac::mountDmg(const QString &dmgFilename) } } - const QString hdiutilOutput = mountProcess.readAllStandardError(); - qCDebug(LOG_AUTO_UPDATER) << "Failed to mount " << dmgFilename << " hdiutil error output: " << hdiutilOutput; + qCDebug(LOG_AUTO_UPDATER) << "Failed to mount " << dmgFilename << " hdiutil error output: " << lines; return ""; } @@ -188,21 +183,11 @@ bool AutoUpdaterHelper_mac::unmountVolume(const QString &volumePath) } // unmount - QStringList args; - args << "detach"; - args << "" + volumePath + ""; - QProcess unmountProcess; - unmountProcess.start("/usr/bin/hdiutil", QStringList(args)); - if (!unmountProcess.waitForStarted()) - { - qCDebug(LOG_AUTO_UPDATER) << "Failed to start unmounting process"; - return false; - } - if (!unmountProcess.waitForFinished()) - { - qCDebug(LOG_AUTO_UPDATER) << "Unmounting process has failed"; - return false; - } + // we use boost::process instead of QProcess here because we encountered + // that QProcess has a bug when waiting for the process to finish on MacOS + using namespace boost::process; + child c("/usr/bin/hdiutil", "detach", volumePath.toStdString()); + c.wait(); return true; } diff --git a/client/engine/engine/connectionmanager/ctrldmanager/ctrldmanager_win.cpp b/client/engine/engine/connectionmanager/ctrldmanager/ctrldmanager_win.cpp index 42765402..dd76a913 100644 --- a/client/engine/engine/connectionmanager/ctrldmanager/ctrldmanager_win.cpp +++ b/client/engine/engine/connectionmanager/ctrldmanager/ctrldmanager_win.cpp @@ -131,6 +131,11 @@ QString CtrldManager_win::getNextStringFromInputBuffer(bool &bSuccess, int &outS QString CtrldManager_win::getAvailableIp() { + // reset if we previously failed to find an available IP + if (listenIp_.isEmpty()) { + listenIp_ = "127.0.0.1"; + } + if (!AvailablePort::isPortBusy(listenIp_, 53)) return listenIp_; diff --git a/client/engine/engine/connectionmanager/networkextensionlog_mac.cpp b/client/engine/engine/connectionmanager/networkextensionlog_mac.cpp index dca8e1af..736fbb6c 100644 --- a/client/engine/engine/connectionmanager/networkextensionlog_mac.cpp +++ b/client/engine/engine/connectionmanager/networkextensionlog_mac.cpp @@ -1,6 +1,6 @@ #include "networkextensionlog_mac.h" -#include +#include #include #include #include @@ -14,42 +14,40 @@ NetworkExtensionLog_mac::NetworkExtensionLog_mac(QObject *parent) : QObject(pare QMap NetworkExtensionLog_mac::collectLogs(const QDateTime &start) { + using namespace boost::process; QMap logs; - QStringList pars; - pars << "show"; - pars << "--predicate" << "messageType == error and (subsystem == \"com.apple.networkextension\")"; - pars << "--start" << start.toString("yyyy-MM-dd hh:mm:ss"); - pars << "--style" << "json"; - - QProcess process; - process.setProcessChannelMode(QProcess::MergedChannels); - process.start("log", pars); - - if (process.waitForFinished(10000)) { - QJsonParseError errCode; - const QJsonDocument doc = QJsonDocument::fromJson(process.readAll(), &errCode); - if (errCode.error != QJsonParseError::NoError || !doc.isArray()) { - qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command"; - return logs; + ipstream pipe_stream; + child c("/usr/bin/log", "show", "--predicate", "messageType == error and (subsystem == \"com.apple.networkextension\")", + "--start", start.toString("yyyy-MM-dd hh:mm:ss").toStdString(), "--style", "json", + std_out > pipe_stream); + + std::string line; + QString answer; + while (pipe_stream && std::getline(pipe_stream, line) && !line.empty()) + answer += QString::fromStdString(line); + + c.wait(); + + QJsonParseError errCode; + const QJsonDocument doc = QJsonDocument::fromJson(answer.toLocal8Bit(), &errCode); + if (errCode.error != QJsonParseError::NoError || !doc.isArray()) { + qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command"; + return logs; + } + for (const QJsonValue &value : doc.array()) { + QJsonObject jsonObj = value.toObject(); + if (!jsonObj.contains("machTimestamp")) { + qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command (no field machTimestamp)"; + break; } - for (const QJsonValue &value : doc.array()) { - QJsonObject jsonObj = value.toObject(); - if (!jsonObj.contains("machTimestamp")) { - qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command (no field machTimestamp)"; - break; - } - if (!jsonObj.contains("eventMessage")) { - qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command (no field eventMessage)"; - break; - } - - quint64 t = jsonObj["machTimestamp"].toDouble(); - logs[t] = jsonObj["eventMessage"].toString(); + if (!jsonObj.contains("eventMessage")) { + qCDebug(LOG_NETWORK_EXTENSION_MAC) << "Can't parse json from log command (no field eventMessage)"; + break; } - } - else { - qCDebug(LOG_NETWORK_EXTENSION_MAC) << "log read failed or timed out"; + + quint64 t = jsonObj["machTimestamp"].toDouble(); + logs[t] = jsonObj["eventMessage"].toString(); } return logs; diff --git a/client/engine/engine/dns_utils/dnsutils_mac.cpp b/client/engine/engine/dns_utils/dnsutils_mac.cpp index 372ac46e..acf4def2 100644 --- a/client/engine/engine/dns_utils/dnsutils_mac.cpp +++ b/client/engine/engine/dns_utils/dnsutils_mac.cpp @@ -2,8 +2,6 @@ #include "utils/logger.h" #include "utils/macutils.h" -#include - namespace DnsUtils { diff --git a/client/engine/engine/openvpnversioncontroller.cpp b/client/engine/engine/openvpnversioncontroller.cpp index 4b2d8512..77a2c567 100644 --- a/client/engine/engine/openvpnversioncontroller.cpp +++ b/client/engine/engine/openvpnversioncontroller.cpp @@ -6,7 +6,7 @@ #ifdef Q_OS_WIN #include "utils/winutils.h" #else -#include +#include "boost/process.hpp" #include #endif @@ -66,11 +66,17 @@ void OpenVpnVersionController::detectVersion() ovpnVersion_ = QString("%1.%2.%3").arg(parts.at(0), parts.at(1), parts.at(2)); } #else - QProcess process; - process.setProcessChannelMode(QProcess::MergedChannels); - process.start(exe, QStringList() << "--version"); - process.waitForFinished(-1); - QString strAnswer = QString::fromStdString((const char *)process.readAll().constData()).toLower(); + + using namespace boost::process; + ipstream pipe_stream; + child c(exe.toStdString(), "--version", std_out > pipe_stream); + + std::string line; + QString strAnswer; + while (pipe_stream && std::getline(pipe_stream, line) && !line.empty()) + strAnswer += QString::fromStdString(line).toLower(); + + c.wait(); // parse version from process output QRegExp rx("\\d{1,}.\\d{1,}.\\d{1,}"); diff --git a/installer/linux/cli/arch_package/windscribe-cli.install b/installer/linux/cli/arch_package/windscribe-cli.install index c6ba20ab..e470cd8d 100644 --- a/installer/linux/cli/arch_package/windscribe-cli.install +++ b/installer/linux/cli/arch_package/windscribe-cli.install @@ -59,6 +59,6 @@ pre_remove() { userdel -f windscribe || true groupdel -f windscribe || true rm -rf /etc/windscribe - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe rm -f /usr/bin/windscribe-cli } diff --git a/installer/linux/cli/debian_package/DEBIAN/prerm b/installer/linux/cli/debian_package/DEBIAN/prerm index 086f3d7a..d5bf92da 100755 --- a/installer/linux/cli/debian_package/DEBIAN/prerm +++ b/installer/linux/cli/debian_package/DEBIAN/prerm @@ -9,7 +9,7 @@ if [ $1 != "upgrade" ]; then deluser windscribe || true delgroup windscribe || true - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe rm -rf /etc/windscribe rm -f /usr/bin/windscribe-cli fi diff --git a/installer/linux/cli/rpm_fedora_package/SPECS/windscribe_rpm.spec b/installer/linux/cli/rpm_fedora_package/SPECS/windscribe_rpm.spec index 46368187..554b8e49 100644 --- a/installer/linux/cli/rpm_fedora_package/SPECS/windscribe_rpm.spec +++ b/installer/linux/cli/rpm_fedora_package/SPECS/windscribe_rpm.spec @@ -67,7 +67,7 @@ if [ $1 -eq 0 ]; then rm -rf /etc/windscribe/rules.* rm -rf /etc/windscribe/*.ovpn rm -rf /etc/windscribe/stunnel.conf - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe fi %files diff --git a/installer/linux/cli/rpm_opensuse_package/SPECS/windscribe_rpm.spec b/installer/linux/cli/rpm_opensuse_package/SPECS/windscribe_rpm.spec index b1eb68c6..2ee8a7ca 100644 --- a/installer/linux/cli/rpm_opensuse_package/SPECS/windscribe_rpm.spec +++ b/installer/linux/cli/rpm_opensuse_package/SPECS/windscribe_rpm.spec @@ -67,7 +67,7 @@ if [ $1 -eq 0 ]; then userdel -f windscribe || true groupdel -f windscribe || true rm -f /usr/bin/windscribe-cli - rm -f /opt/windscribe/helper_log.txt + rm -f /var/log/windscribe rm -rf /etc/windscribe rm -rf /opt/windscribe fi diff --git a/installer/linux/gui/arch_package/windscribe.install b/installer/linux/gui/arch_package/windscribe.install index 722f23fa..7658838b 100644 --- a/installer/linux/gui/arch_package/windscribe.install +++ b/installer/linux/gui/arch_package/windscribe.install @@ -59,6 +59,6 @@ pre_remove() { userdel -f windscribe || true groupdel -f windscribe || true rm -rf /etc/windscribe - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe rm -f /usr/bin/windscribe-cli } diff --git a/installer/linux/gui/debian_package/DEBIAN/prerm b/installer/linux/gui/debian_package/DEBIAN/prerm index 086f3d7a..d5bf92da 100755 --- a/installer/linux/gui/debian_package/DEBIAN/prerm +++ b/installer/linux/gui/debian_package/DEBIAN/prerm @@ -9,7 +9,7 @@ if [ $1 != "upgrade" ]; then deluser windscribe || true delgroup windscribe || true - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe rm -rf /etc/windscribe rm -f /usr/bin/windscribe-cli fi diff --git a/installer/linux/gui/rpm_fedora_package/SPECS/windscribe_rpm.spec b/installer/linux/gui/rpm_fedora_package/SPECS/windscribe_rpm.spec index b58eb2ff..5ecf4bd3 100644 --- a/installer/linux/gui/rpm_fedora_package/SPECS/windscribe_rpm.spec +++ b/installer/linux/gui/rpm_fedora_package/SPECS/windscribe_rpm.spec @@ -80,7 +80,7 @@ if [ $1 -eq 0 ]; then rm -rf /etc/windscribe/rules.* rm -rf /etc/windscribe/*.ovpn rm -rf /etc/windscribe/stunnel.conf - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe fi %files diff --git a/installer/linux/gui/rpm_opensuse_package/SPECS/windscribe_rpm.spec b/installer/linux/gui/rpm_opensuse_package/SPECS/windscribe_rpm.spec index 93bf0482..896d65f9 100644 --- a/installer/linux/gui/rpm_opensuse_package/SPECS/windscribe_rpm.spec +++ b/installer/linux/gui/rpm_opensuse_package/SPECS/windscribe_rpm.spec @@ -75,7 +75,7 @@ if [ $1 -eq 0 ]; then userdel -f windscribe || true groupdel -f windscribe || true rm -f /usr/bin/windscribe-cli - rm -f /opt/windscribe/helper_log.txt + rm -rf /var/log/windscribe rm -rf /etc/windscribe rm -rf /opt/windscribe fi diff --git a/libs/wsnet/src/httpnetworkmanager/dnscache.cpp b/libs/wsnet/src/httpnetworkmanager/dnscache.cpp index acfec12e..a92f4997 100644 --- a/libs/wsnet/src/httpnetworkmanager/dnscache.cpp +++ b/libs/wsnet/src/httpnetworkmanager/dnscache.cpp @@ -35,6 +35,13 @@ DnsCacheResult DnsCache::resolve(std::uint64_t id, const std::string &hostname, return DnsCacheResult { id, false, std::vector(), false }; } +void DnsCache::clear() +{ + std::lock_guard locker(mutex_); + cache_.clear(); + spdlog::info("Clear DNS cache"); +} + void DnsCache::onDnsResolved(std::uint64_t id, const std::string &hostname, std::shared_ptr result) { std::lock_guard locker(mutex_); diff --git a/libs/wsnet/src/httpnetworkmanager/dnscache.h b/libs/wsnet/src/httpnetworkmanager/dnscache.h index f8ddb80a..4e86dd86 100644 --- a/libs/wsnet/src/httpnetworkmanager/dnscache.h +++ b/libs/wsnet/src/httpnetworkmanager/dnscache.h @@ -26,6 +26,7 @@ class DnsCache final ~DnsCache(); DnsCacheResult resolve(std::uint64_t id, const std::string &hostname, bool bypassCache = false); + void clear(); private: WSNetDnsResolver *dnsResolver_; diff --git a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.cpp b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.cpp index 16010d1c..cf47eb6b 100644 --- a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.cpp +++ b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.cpp @@ -83,5 +83,12 @@ std::shared_ptr HttpNetworkManager::setWhitelistSockets } } +void HttpNetworkManager::clearDnsCache() +{ + boost::asio::post(io_context_, [this] { + impl_.clearDnsCache(); + }); +} + } // namespace wsnet diff --git a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.h b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.h index 4eb40d1b..7d02eb13 100644 --- a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.h +++ b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager.h @@ -38,6 +38,8 @@ class HttpNetworkManager : public WSNetHttpNetworkManager std::shared_ptr setWhitelistIpsCallback(WSNetHttpNetworkManagerWhitelistIpsCallback whitelistIpsCallback) override; std::shared_ptr setWhitelistSocketsCallback(WSNetHttpNetworkManagerWhitelistSocketsCallback whitelistSocketsCallback) override; + void clearDnsCache(); + private: boost::asio::io_context &io_context_; HttpNetworkManager_impl impl_; diff --git a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager_impl.cpp b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager_impl.cpp index ccf0b7c3..250e707a 100644 --- a/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager_impl.cpp +++ b/libs/wsnet/src/httpnetworkmanager/httpnetworkmanager_impl.cpp @@ -66,6 +66,11 @@ void HttpNetworkManager_impl::setWhitelistSocketsCallback(std::shared_ptr > callback); void setWhitelistSocketsCallback(std::shared_ptr > callback); + void clearDnsCache(); + private: boost::asio::io_context &io_context_; DnsCache dnsCache_; diff --git a/libs/wsnet/src/wsnet.cpp b/libs/wsnet/src/wsnet.cpp index f8a7a8b0..715f2730 100644 --- a/libs/wsnet/src/wsnet.cpp +++ b/libs/wsnet/src/wsnet.cpp @@ -90,7 +90,11 @@ class WSNet_impl : public WSNet } void setIsConnectedToVpnState(bool isConnected) override { - connectState_.setIsConnectedToVpnState(isConnected); + if (connectState_.isVPNConnected() != isConnected) { + connectState_.setIsConnectedToVpnState(isConnected); + // When connecting/disconnecting the VPN clear the DNS cache. + httpNetworkManager_->clearDnsCache(); + } } std::string currentPersistentSettings() override