- Upgrade Tallow to WinDivert 1.1.7

- Tallow now includes an empty torrc file. Users can edit if need be. - Bug fix: redirect_init() filter needs to be split. This did not seem to affect WinDivert1.1.6. - Version bump to 0.4-beta.
basil00 · Nov 21, 2014 · 0e677d0 · 0e677d0
1 parent 318840c
commit 0e677d0
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 14 deletions.
diff --git a/Makefile b/Makefile
@@ -1,8 +1,8 @@
 CC = i686-w64-mingw32-gcc
 WINDRES = i686-w64-mingw32-windres
-CFLAGS = --std=c99 -O2 -I contrib/WinDivert-1.1.5-MINGW/include/ -mwindows \
+CFLAGS = --std=c99 -O2 -I contrib/WinDivert-1.1.7-MINGW/include/ -mwindows \
     -mthreads -m32 -Wall
-CLIBS = -lws2_32 -lkernel32 -L contrib/WinDivert-1.1.5-MINGW/x86/ \
+CLIBS = -lws2_32 -lkernel32 -L contrib/WinDivert-1.1.7-MINGW/x86/ \
     -lWinDivert -lcomctl32 -mwindows
 OBJS = main.o redirect.o domain.o
 PROG = tallow.exe

diff --git a/README.md b/README.md
@@ -89,7 +89,7 @@ To build Tallow you need the MinGW cross-compiler for Linux.
 You also need to download and place the following external dependencies and
 place them in the contrib/ directory:
 
-* [WinDivert-1.1.6-MINGW.zip](http://reqrypt.org/windivert.html).
+* [WinDivert-1.1.7-MINGW.zip](http://reqrypt.org/windivert.html).
 * The following files extracted from the
   [Tor Expert Bundle](https://www.torproject.org/):
    - tor.exe

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.3-beta
+0.4-beta
diff --git a/build.sh b/build.sh
@@ -20,7 +20,7 @@
 
 set -e
 
-WINDIVERT=WinDivert-1.1.6-MINGW
+WINDIVERT=WinDivert-1.1.7-MINGW
 TOR=tor
 VERSION=`cat VERSION`
 
@@ -55,6 +55,8 @@ echo "Copying \"hosts.deny\"..."
 cp hosts.deny install/.
 echo "Copying \"traffic.deny\"..."
 cp traffic.deny install/.
+echo "Copying \"torrc\"..."
+cp torrc install/.
 echo "Copying \"LICENSE\"..."
 cp LICENSE install/.
 

diff --git a/install.nsi b/install.nsi
@@ -42,6 +42,7 @@ Section ""
     File "WinDivert.dll"
     File "hosts.deny"
     File "traffic.deny"
+    File "torrc"
     File "LICENSE"
     WriteUninstaller "TallowBundle-uninstall.exe"
     WriteRegStr HKLM \
@@ -61,6 +62,7 @@ Section "Uninstall"
     Delete "$INSTDIR\WinDivert.dll"
     Delete "$INSTDIR\hosts.deny"
     Delete "$INSTDIR\traffic.deny"
+    Delete "$INSTDIR\torrc"
     Delete "$INSTDIR\LICENSE"
     Delete "$INSTDIR\TallowBundle-uninstall.exe"
     RMDir "$INSTDIR\"

diff --git a/main.c b/main.c
@@ -410,8 +410,11 @@ static DWORD WINAPI tor_thread(LPVOID arg)
     si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
     si.wShowWindow = SW_HIDE;
     const char *tor_path = ".\\tor.exe";
+
+    // NOTE: Tor warns about allowing external connections.  However, such
+    //       connections are blocked (see redirect_init).
     if (!CreateProcess(tor_path,
-        "tor.exe --SOCKSListenAddress 0.0.0.0:" STR(TOR_PORT),
+        "tor.exe --SOCKSListenAddress 0.0.0.0:" STR(TOR_PORT) " -f .\\torrc",
         NULL, NULL, TRUE, CREATE_BREAKAWAY_FROM_JOB, NULL, NULL, &si, &pi))
     {
         warning("failed to start Tor");

diff --git a/redirect.c b/redirect.c
@@ -27,7 +27,7 @@
 #include "main.h"
 #include "redirect.h"
 
-#define MAX_PACKET          0xFFFF
+#define MAX_PACKET          4096
 #define NUM_WORKERS         4
 #define MAX_FILTER          (1024-1)
 
@@ -170,21 +170,26 @@ static void send_packet(HANDLE handle, void *packet, size_t packet_len,
 // Init this module:
 extern void redirect_init(void)
 {
-    // This does two things:
-    // (1) Stops external connections to Tor; and
-    // (2) Prevents "fake" IPs leaking to the internet (which may indicate the
-    //     use of this program).
+    // Stop external connections to Tor:
     HANDLE handle = WinDivertOpen(
-        "(inbound and tcp.DstPort == " STR(TOR_PORT) ") or "
-        "(outbound and ip.DstAddr >= " STR(ADDR_BASE) " and ip.DstAddr <= "
-            STR(ADDR_MAX) ")",
+        "inbound and tcp.DstPort == " STR(TOR_PORT),
         WINDIVERT_LAYER_NETWORK, -755, WINDIVERT_FLAG_DROP);
     if (handle == INVALID_HANDLE_VALUE)
     {
+redirect_init_error:
         warning("failed to open WinDivert filter");
         exit(EXIT_FAILURE);
     }
 
+    // Prevent "fake" IPs leaking to the internet (which may indicate the use
+    // of this program):
+    handle = WinDivertOpen(
+        "outbound and ip.DstAddr >= " STR(ADDR_BASE) " and ip.DstAddr <= "
+            STR(ADDR_MAX),
+        WINDIVERT_LAYER_NETWORK, 755, WINDIVERT_FLAG_DROP);
+    if (handle == INVALID_HANDLE_VALUE)
+        goto redirect_init_error;
+
     // Read the filter:
     if (!filter_read(filter, sizeof(filter)))
     {

diff --git a/torrc b/torrc
@@ -0,0 +1 @@
+# This is the torrc file loaded by Tor invoked by Tallow.