OpenVPN 3 Core Library
Loading...
Searching...
No Matches
Classes | Public Types | Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Friends | List of all members
openvpn::TunWin::WFP Class Reference

Add WFP rules to block traffic from escaping the VPN. More...

#include <wfp.hpp>

Inheritance diagram for openvpn::TunWin::WFP:
[legend]
Collaboration diagram for openvpn::TunWin::WFP:
[legend]

Classes

class  ActionBase
 Base class for WFP actions. More...
 
struct  ActionBlock
 
struct  ActionUnblock
 
class  Context
 Wrapper class for a WFP session. More...
 
class  EngineHandle
 

Public Types

enum class  Block { All , AllButLocalDns , Dns }
 Enum for type of local traffic to block. More...
 
typedef RCPtr< WFPPtr
 
- Public Types inherited from openvpn::RC< thread_unsafe_refcount >
typedef RCPtr< RCPtr
 

Public Member Functions

 OPENVPN_EXCEPTION (wfp_error)
 
- Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount >
 RC () noexcept=default
 
 RC (const RC &)=delete
 
virtual ~RC ()=default
 
RCoperator= (const RC &)=delete
 
olong use_count () const noexcept
 Delegates call to RCImpl and returns the result.
 

Private Member Functions

void block (const std::wstring &openvpn_app_path, NET_IFINDEX itf_index, Block block_type, std::ostream &log)
 Add WFP block filters to prevent VPN traffic from leaking.
 
void reset (std::ostream &log)
 Remove WFP block filters.
 
void add_filter (const FWPM_FILTER0 *filter, PSECURITY_DESCRIPTOR sd, UINT64 *id)
 

Static Private Member Functions

static GUID new_guid ()
 
static NET_LUID adapter_index_to_luid (const NET_IFINDEX index)
 
static unique_ptr_del< FWP_BYTE_BLOB > get_app_id_blob (const std::wstring &app_path)
 

Private Attributes

const GUID subLayerGUID {new_guid()}
 
EngineHandle engineHandle
 

Friends

class Context
 

Additional Inherited Members

- Static Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount >
static constexpr bool is_thread_safe ()
 Delegates call to RCImpl and returns the result.
 

Detailed Description

Add WFP rules to block traffic from escaping the VPN.

Definition at line 141 of file wfp.hpp.

Member Typedef Documentation

◆ Ptr

typedef RCPtr<WFP> openvpn::TunWin::WFP::Ptr

Definition at line 144 of file wfp.hpp.

Member Enumeration Documentation

◆ Block

enum class openvpn::TunWin::WFP::Block
strong

Enum for type of local traffic to block.

Enumerator
All 
AllButLocalDns 
Dns 

Definition at line 151 of file wfp.hpp.

Member Function Documentation

◆ adapter_index_to_luid()

static NET_LUID openvpn::TunWin::WFP::adapter_index_to_luid ( const NET_IFINDEX  index)
inlinestaticprivate

Definition at line 516 of file wfp.hpp.

Here is the caller graph for this function:

◆ add_filter()

void openvpn::TunWin::WFP::add_filter ( const FWPM_FILTER0 *  filter,
PSECURITY_DESCRIPTOR  sd,
UINT64 *  id 
)
inlineprivate

Definition at line 535 of file wfp.hpp.

Here is the caller graph for this function:

◆ block()

void openvpn::TunWin::WFP::block ( const std::wstring &  openvpn_app_path,
NET_IFINDEX  itf_index,
Block  block_type,
std::ostream &  log 
)
inlineprivate

Add WFP block filters to prevent VPN traffic from leaking.

Block traffic to all interfaces besides the VPN interface. The OpenVPN process gets an exception to this rule. If dns_only is set this only concerns traffic to port 53.

Derived from code in openvpn 2, originally: https://github.com/ValdikSS/openvpn-with-patches/commit/3bd4d503d21aa34636e4f97b3e32ae0acca407f0

Parameters
openvpn_app_pathpath to the openvpn executable
itf_indexinterface index of the VPN interface
block_typewhich type of traffic should be blocked
logthe log ostream to use for diagnostics

Definition at line 287 of file wfp.hpp.

◆ get_app_id_blob()

static unique_ptr_del< FWP_BYTE_BLOB > openvpn::TunWin::WFP::get_app_id_blob ( const std::wstring &  app_path)
inlinestaticprivate

Definition at line 525 of file wfp.hpp.

Here is the caller graph for this function:

◆ new_guid()

static GUID openvpn::TunWin::WFP::new_guid ( )
inlinestaticprivate

Definition at line 507 of file wfp.hpp.

◆ OPENVPN_EXCEPTION()

openvpn::TunWin::WFP::OPENVPN_EXCEPTION ( wfp_error  )

◆ reset()

void openvpn::TunWin::WFP::reset ( std::ostream &  log)
inlineprivate

Remove WFP block filters.

Parameters
logthe log ostream to use for disgnostics

Definition at line 431 of file wfp.hpp.

Friends And Related Symbol Documentation

◆ Context

friend class Context
friend

Definition at line 270 of file wfp.hpp.

Member Data Documentation

◆ engineHandle

EngineHandle openvpn::TunWin::WFP::engineHandle
private

Definition at line 545 of file wfp.hpp.

◆ subLayerGUID

const GUID openvpn::TunWin::WFP::subLayerGUID {new_guid()}
private

Definition at line 544 of file wfp.hpp.

The documentation for this class was generated from the following file: