Added v2.3.15 changes

Author: Ed Guloien

backend/engine/engine/connectionmanager/finishactiveconnections.cpp

@@ -14,16 +14,18 @@
     #include "engine/helper/helper_mac.h"
 #endif
 
+#ifdef Q_OS_LINUX
+    #include "engine/helper/helper_posix.h"
+#endif
+
 void FinishActiveConnections::finishAllActiveConnections(IHelper *helper)
 {
 #ifdef Q_OS_WIN
     finishAllActiveConnections_win(helper);
 #elif defined Q_OS_MAC
     finishAllActiveConnections_mac(helper);
 #elif defined Q_OS_LINUX
-    //todo linux
-    //Q_ASSERT(false);
-    Q_UNUSED(helper);
+    finishAllActiveConnections_linux(helper);
 #endif
 }
 
@@ -96,4 +98,22 @@ void FinishActiveConnections::finishWireGuardActiveConnections_mac(IHelper *help
     helper->setDefaultWireGuardDeviceName(WireGuardConnection::getWireGuardAdapterName());
     helper->stopWireGuard();
 }
+#elif defined Q_OS_LINUX
+
+void FinishActiveConnections::finishAllActiveConnections_linux(IHelper *helper)
+{
+    // todo: kill openvpn, wireguard for Linux
+    removeDnsLeaksprotection_linux(helper);
+}
+
+void FinishActiveConnections::removeDnsLeaksprotection_linux(IHelper *helper)
+{
+    Helper_posix *helperPosix = dynamic_cast<Helper_posix *>(helper);
+    int exitCode;
+    helperPosix->executeRootCommand("/etc/windscribe/dns-leak-protect down", &exitCode);
+}
+
 #endif
+
+
+

backend/engine/engine/connectionmanager/finishactiveconnections.h

@@ -18,6 +18,9 @@ class FinishActiveConnections
     static void finishAllActiveConnections_mac(IHelper *helper);
     static void finishOpenVpnActiveConnections_mac(IHelper *helper);
     static void finishWireGuardActiveConnections_mac(IHelper *helper);
+#elif defined Q_OS_LINUX
+    static void finishAllActiveConnections_linux(IHelper *helper);
+    static void removeDnsLeaksprotection_linux(IHelper *helper);
 #endif
 };
 

backend/engine/engine/dnsresolver/dnsutils_linux.cpp

@@ -9,7 +9,37 @@ namespace DnsUtils
 std::vector<std::wstring> getOSDefaultDnsServers()
 {
     std::vector<std::wstring> dnsServers;
-    //todo linux
+
+
+    QString strReply;
+    FILE *file = popen("(nmcli dev list || nmcli dev show ) 2>/dev/null | grep DNS", "r");
+    if (file)
+    {
+        char szLine[4096];
+        while(fgets(szLine, sizeof(szLine), file) != 0)
+        {
+            strReply += szLine;
+        }
+        pclose(file);
+    }
+
+    if (strReply.isEmpty())
+    {
+        qCDebug(LOG_FIREWALL_CONTROLLER) << "Can't get OS default DNS list: probably the nmcli utility (network-manager package) is not installed";
+        return dnsServers;
+    }
+
+    const QStringList lines = strReply.split('\n', QString::SkipEmptyParts);
+    qCDebug(LOG_FIREWALL_CONTROLLER) << "Get OS default DNS list:" << lines;
+    for (auto &it : lines)
+    {
+        const QStringList pars = it.split(QRegExp("\\s+"), QString::SkipEmptyParts);
+        if (pars.size() == 2)
+        {
+            dnsServers.push_back(pars[1].toStdWString());
+        }
+    }
+
     return dnsServers;
 }
 

backend/engine/engine/engine.cpp

@@ -90,7 +90,8 @@ Engine::Engine(const EngineSettings &engineSettings) : QObject(nullptr),
     lastDownloadProgress_(0),
     installerUrl_(""),
     guiWindowHandle_(0),
-    overrideUpdateChannelWithInternal_(false)
+    overrideUpdateChannelWithInternal_(false),
+    bPrevNetworkInterfaceInitialized_(false)
 {
     connectStateController_ = new ConnectStateController(nullptr);
     connect(connectStateController_, SIGNAL(stateChanged(CONNECT_STATE,DISCONNECT_REASON,ProtoTypes::ConnectError,LocationID)), SLOT(onConnectStateChanged(CONNECT_STATE,DISCONNECT_REASON,ProtoTypes::ConnectError,LocationID)));
@@ -501,11 +502,6 @@ void Engine::forceUpdateServerLocations()
     QMetaObject::invokeMethod(this, "forceUpdateServerLocationsImpl");
 }
 
-void Engine::updateCurrentNetworkInterface()
-{
-    QMetaObject::invokeMethod(this, "updateCurrentNetworkInterfaceImpl");
-}
-
 void Engine::updateCurrentInternetConnectivity()
 {
     QMetaObject::invokeMethod(this, "updateCurrentInternetConnectivityImpl");
@@ -983,7 +979,7 @@ void Engine::loginImpl(bool bSkipLoadingFromSettings)
 
             updateSessionStatus();
             updateServerLocations();
-            updateCurrentNetworkInterface();
+            updateCurrentNetworkInterfaceImpl();
             Q_EMIT loginFinished(true, authHash, apiInfo_->getPortMap());
         }
     }
@@ -1197,7 +1193,15 @@ void Engine::updateCurrentInternetConnectivityImpl()
 
 void Engine::updateCurrentNetworkInterfaceImpl()
 {
-    networkDetectionManager_->updateCurrentNetworkInterface();
+    ProtoTypes::NetworkInterface networkInterface;
+    networkDetectionManager_->getCurrentNetworkInterface(networkInterface);
+
+    if (!bPrevNetworkInterfaceInitialized_ || !google::protobuf::util::MessageDifferencer::Equals(networkInterface, prevNetworkInterface_))
+    {
+        prevNetworkInterface_ = networkInterface;
+        bPrevNetworkInterfaceInitialized_ = true;
+        Q_EMIT networkChanged(networkInterface);
+    }
 }
 
 void Engine::firewallOnImpl()
@@ -1381,7 +1385,7 @@ void Engine::onLoginControllerFinished(LOGIN_RET retCode, const apiinfo::ApiInfo
         {
             loginState_ = LOGIN_FINISHED;
         }
-        updateCurrentNetworkInterface();
+        updateCurrentNetworkInterfaceImpl();
         Q_EMIT loginFinished(false, apiInfo_->getAuthHash(), apiInfo_->getPortMap());
     }
     else if (retCode == LOGIN_NO_CONNECTIVITY)

backend/engine/engine/engine.h

@@ -89,7 +89,6 @@ class Engine : public QObject
     void speedRating(int rating, const QString &localExternalIp);  //rate current connection(0 - down, 1 - up)
 
     void updateServerConfigs();
-    void updateCurrentNetworkInterface();
     void updateCurrentInternetConnectivity();
 
     // emergency connect functions
@@ -401,6 +400,8 @@ private slots:
     qint32 guiWindowHandle_;
 
     bool overrideUpdateChannelWithInternal_;
+    bool bPrevNetworkInterfaceInitialized_;
+    ProtoTypes::NetworkInterface prevNetworkInterface_;
 };
 
 #endif // ENGINE_H

backend/engine/engine/firewall/firewallcontroller_linux.cpp

@@ -50,54 +50,19 @@ bool FirewallController_linux::firewallOff()
     FirewallController::firewallOff();
     if (isStateChanged())
     {
-        // get current rules to temp file
+        QString cmd;
         int exitCode;
-        QString cmd = "iptables-save > " + pathToTempTable_;
-        helper_->executeRootCommand(cmd, &exitCode);
-        if (exitCode != 0)
-        {
-            qCDebug(LOG_FIREWALL_CONTROLLER) << "Unsuccessful exit code:" << exitCode << " for cmd:" << cmd;
-            return false;
-        }
-        // Get Windscribe rules
-        QStringList rules;
-        QFile file(pathToTempTable_);
-        if (!file.open(QIODevice::ReadOnly))
-        {
-            qCDebug(LOG_FIREWALL_CONTROLLER) << "Can't open file:" << pathToTempTable_;
-            return false;
-        }
-
-        QTextStream in(&file);
-        bool bFound = false;
-        while (!in.atEnd())
-        {
-            std::string line = in.readLine().toStdString();
-            if ((line.rfind("*", 0) == 0) || // string starts with "*"
-                (line.find("COMMIT") != std::string::npos) ||
-                ((line.rfind("-A", 0) == 0) && (line.find("-m comment --comment " + comment_.toStdString()) != std::string::npos)) )
-            {
-                if (line.rfind("-A", 0) == 0)
-                {
-                    line[1] = 'D';
-                    bFound = true;
-                }
-                rules << QString::fromStdString(line);
-            }
-
-        }
-        file.close();
+        QStringList rules = getWindscribeRules(comment_, true);
 
         // delete Windscribe rules, if found
-        if (bFound && !rules.isEmpty())
+        if (!rules.isEmpty())
         {
             if (rules.last().contains("COMMIT"))
             {
                 rules.insert(rules.count() - 1, "-X windscribe_input");
                 rules.insert(rules.count() - 1, "-X windscribe_output");
             }
 
-            file.remove();
             QFile file2(pathToTempTable_);
             if (file2.open(QIODevice::WriteOnly | QIODevice::Text))
             {
@@ -146,7 +111,6 @@ bool FirewallController_linux::firewallOff()
             qCDebug(LOG_FIREWALL_CONTROLLER) << "Unsuccessful exit code:" << exitCode << " for cmd:" << cmd;
         }
 
-
         return true;
     }
     else
@@ -197,6 +161,9 @@ void FirewallController_linux::enableFirewallOnBoot(bool bEnable)
 
 bool FirewallController_linux::firewallOnImpl(const QString &ip, bool bAllowLanTraffic, const apiinfo::StaticIpPortsVector &ports)
 {
+    // TODO: this is need for Linux?
+    Q_UNUSED(ports);
+
     // if the firewall is not installed by the program, then save iptables to file in order to restore when will we turn off the firewall
     if (!firewallActualState())
     {
@@ -209,6 +176,10 @@ bool FirewallController_linux::firewallOnImpl(const QString &ip, bool bAllowLanT
         }
     }
 
+    // get firewall rules, which could have been installed by a script update-resolv-conf/update-systemd-resolved to avoid DNS-leaks
+    // if these rules exist, then we should leave(not delete) them.
+    const QStringList dnsLeaksRules = getWindscribeRules("\"Windscribe client dns leak protection\"", false);
+
     forceUpdateInterfaceToSkip_ = false;
 
     QFile file(pathToTempTable_);
@@ -220,6 +191,18 @@ bool FirewallController_linux::firewallOnImpl(const QString &ip, bool bAllowLanT
         stream << ":windscribe_input - [0:0]\n";
         stream << ":windscribe_output - [0:0]\n";
 
+        if (!dnsLeaksRules.isEmpty())
+        {
+            stream << ":windscribe_dnsleaks - [0:0]\n";
+            for (auto &rule : dnsLeaksRules)
+            {
+                if (rule.startsWith("-A"))
+                {
+                    stream << rule + "\n";
+                }
+            }
+        }
+
         stream << "-A INPUT -j windscribe_input -m comment --comment " + comment_ + "\n";
         stream << "-A OUTPUT -j windscribe_output -m comment --comment " + comment_ + "\n";
 
@@ -318,3 +301,51 @@ bool FirewallController_linux::firewallOnImpl(const QString &ip, bool bAllowLanT
 
     return true;
 }
+
+// Extract rules from iptables with comment.If modifyForDelete == true, then replace commands for delete.
+QStringList FirewallController_linux::getWindscribeRules(const QString &comment, bool modifyForDelete)
+{
+    QStringList rules;
+    int exitCode;
+    QString cmd = "iptables-save > " + pathToTempTable_;
+    helper_->executeRootCommand(cmd, &exitCode);
+    if (exitCode != 0)
+    {
+        qCDebug(LOG_FIREWALL_CONTROLLER) << "Unsuccessful exit code:" << exitCode << " for cmd:" << cmd;
+    }
+    // Get Windscribe rules
+    QFile file(pathToTempTable_);
+    if (!file.open(QIODevice::ReadOnly))
+    {
+        qCDebug(LOG_FIREWALL_CONTROLLER) << "Can't open file:" << pathToTempTable_;
+    }
+
+    QTextStream in(&file);
+    bool bFound = false;
+    while (!in.atEnd())
+    {
+        std::string line = in.readLine().toStdString();
+        if ((line.rfind("*", 0) == 0) || // string starts with "*"
+            (line.find("COMMIT") != std::string::npos) ||
+            ((line.rfind("-A", 0) == 0) && (line.find("-m comment --comment " + comment.toStdString()) != std::string::npos)) )
+        {
+            if (line.rfind("-A", 0) == 0)
+            {
+                if (modifyForDelete)
+                {
+                    line[1] = 'D';
+                }
+                bFound = true;
+            }
+            rules << QString::fromStdString(line);
+        }
+    }
+
+    file.close();
+    file.remove();
+    if (!bFound)
+    {
+        rules.clear();
+    }
+    return rules;
+}

backend/engine/engine/firewall/firewallcontroller_linux.h

@@ -32,6 +32,7 @@ class FirewallController_linux : public FirewallController
     QString comment_;
 
     bool firewallOnImpl(const QString &ip, bool bAllowLanTraffic, const apiinfo::StaticIpPortsVector &ports);
+    QStringList getWindscribeRules(const QString &comment, bool modifyForDelete);
 };
 
 #endif // FIREWALLCONTROLLER_LINUX_H

backend/engine/engine/macaddresscontroller/macaddresscontroller_mac.cpp

@@ -59,7 +59,8 @@ void MacAddressController_mac::setMacAddrSpoofing(const ProtoTypes::MacAddrSpoof
 
             if (actuallyAutoRotate_) // auto-rotate
             {
-                const ProtoTypes::NetworkInterface lastInterface = networkDetectionManager_->lastNetworkInterface();
+                ProtoTypes::NetworkInterface lastInterface;
+                networkDetectionManager_->getCurrentNetworkInterface(lastInterface);
                 int spoofIndex = lastInterface.interface_index();
                 if (spoofIndex != -1)
                 {
@@ -244,8 +245,11 @@ void MacAddressController_mac::autoRotateUpdateMacSpoof()
 {
     ProtoTypes::MacAddrSpoofing updatedMacAddrSpoofing = macAddrSpoofingWithUpdatedNetworkList();
 
-    bool lastIsSameAsSelected = networkDetectionManager_->lastNetworkInterface().interface_index() == updatedMacAddrSpoofing.selected_network_interface().interface_index();
-    bool lastUp = MacUtils::isAdapterUp(QString::fromStdString(networkDetectionManager_->lastNetworkInterface().interface_name()));
+    ProtoTypes::NetworkInterface lastInterface;
+    networkDetectionManager_->getCurrentNetworkInterface(lastInterface);
+
+    bool lastIsSameAsSelected = lastInterface.interface_index() == updatedMacAddrSpoofing.selected_network_interface().interface_index();
+    bool lastUp = MacUtils::isAdapterUp(QString::fromStdString(lastInterface.interface_name()));
 
     if (autoRotate_ && lastIsSameAsSelected && lastUp) // apply-able interface
     {
@@ -259,7 +263,7 @@ void MacAddressController_mac::autoRotateUpdateMacSpoof()
         qCDebug(LOG_BASIC) << "Couldn't rotate";
         qCDebug(LOG_BASIC) << "Auto rotate ON: " << autoRotate_;
         qCDebug(LOG_BASIC) << "Last is same as selected: " << lastIsSameAsSelected << " "
-                           << QString::fromStdString(networkDetectionManager_->lastNetworkInterface().interface_name()) << " (last) "
+                           << QString::fromStdString(lastInterface.interface_name()) << " (last) "
                            << QString::fromStdString(updatedMacAddrSpoofing.selected_network_interface().interface_name()) << "(selected)";
         qCDebug(LOG_BASIC) << "Last is up?: " << lastUp;
     }

backend/engine/engine/networkdetectionmanager/inetworkdetectionmanager.h

@@ -10,7 +10,7 @@ class INetworkDetectionManager : public QObject
 public:
     explicit INetworkDetectionManager(QObject *parent) : QObject(parent) {}
     virtual ~INetworkDetectionManager() {}
-    virtual void updateCurrentNetworkInterface() = 0;
+    virtual void getCurrentNetworkInterface(ProtoTypes::NetworkInterface &networkInterface) = 0;
     virtual bool isOnline() = 0;
 
 signals: