Update Tallow to the latest WinDivert and Tor.

Update Tallow to use: * WinDivert-1.2.0-rc * tor-win32-0.2.6.9
basil00 · Aug 5, 2015 · 82487d3 · 82487d3
1 parent 95a9668
commit 82487d3
Show file tree

Hide file tree

Showing 15 changed files with 79 additions and 42 deletions.
diff --git a/Makefile b/Makefile
@@ -1,8 +1,8 @@
 CC = i686-w64-mingw32-gcc
 WINDRES = i686-w64-mingw32-windres
-CFLAGS = --std=c99 -O2 -I contrib/WinDivert-1.1.7-MINGW/include/ -mwindows \
+CFLAGS = --std=c99 -O2 -I contrib/WinDivert-1.2.0-rc-MINGW/include/ -mwindows \
     -mthreads -m32 -Wall
-CLIBS = -lws2_32 -lkernel32 -L contrib/WinDivert-1.1.7-MINGW/x86/ \
+CLIBS = -lws2_32 -lkernel32 -L contrib/WinDivert-1.2.0-rc-MINGW/x86/ \
     -lWinDivert -lcomctl32 -mwindows
 OBJS = main.o redirect.o domain.o
 PROG = tallow.exe

diff --git a/README.md b/README.md
@@ -89,10 +89,8 @@ To build Tallow you need the MinGW cross-compiler for Linux.
 You also need to download and place the following external dependencies and
 place them in the contrib/ directory:
 
-* [WinDivert-1.1.7-MINGW.zip](http://reqrypt.org/windivert.html).
-* The following files extracted from the
-  [Tor Expert Bundle](https://www.torproject.org/):
-   - tor.exe
+* [WinDivert-1.2.0-rc-MINGW.zip](http://reqrypt.org/windivert.html).
+* [tor-win32-0.2.6.9.zip](https://www.torproject.org/).
 
 Then simply run the build.sh script.
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.4-beta
+0.5-beta
diff --git a/build.sh b/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# (C) 2014, all rights reserved,
+# (C) 2015, all rights reserved,
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,8 +20,8 @@
 
 set -e
 
-WINDIVERT=WinDivert-1.1.7-MINGW
-TOR=tor
+WINDIVERT=WinDivert-1.2.0-rc-MINGW
+TOR=tor-win32-0.2.6.9
 VERSION=`cat VERSION`
 
 echo "Checking for dependencies..."
@@ -32,11 +32,11 @@ then
         "(http://reqrypt.org/windivert.html)" 2>&1
     exit 1
 fi
-for FILE in "$TOR.exe" 
+for FILE in "$TOR.zip" 
 do
     if [ ! -e "$FILE" ]
     then
-        echo "ERROR: missing \"$FILE\"; download and extract from the Tor" \
+        echo "ERROR: missing \"$FILE\"; download the Tor" \
             "Expert Bundle for Windows (https://www.torproject.org/)" 2>&1
         exit 1;
     fi
@@ -45,6 +45,9 @@ done
 echo "Extracting WinDivert..."
 unzip -o $WINDIVERT.zip
 
+echo "Extracting Tor..."
+unzip -o $TOR.zip
+
 echo "Building Tallow..."
 cd ..
 make
@@ -60,10 +63,21 @@ cp torrc install/.
 echo "Copying \"LICENSE\"..."
 cp LICENSE install/.
 
-for FILE in "$TOR.exe" \
+for FILE in \
        "$WINDIVERT/amd64/WinDivert64.sys" \
        "$WINDIVERT/x86/WinDivert32.sys" \
-       "$WINDIVERT/x86/WinDivert.dll"
+       "$WINDIVERT/x86/WinDivert.dll" \
+       "Tor/libeay32.dll" \
+       "Tor/libevent-2-0-5.dll" \
+       "Tor/libevent_core-2-0-5.dll" \
+       "Tor/libevent_extra-2-0-5.dll" \
+       "Tor/libgcc_s_sjlj-1.dll" \
+       "Tor/libssp-0.dll" \
+       "Tor/ssleay32.dll" \
+       "Tor/zlib1.dll" \
+       "Tor/tor.exe" \
+       "Data/Tor/geoip" \
+       "Data/Tor/geoip6"
 do
     echo "Copying \"$FILE\"..."
     cp contrib/"$FILE" install/.

diff --git a/domain.c b/domain.c
@@ -1,6 +1,6 @@
 /*
  * domain.c
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/domain.h b/domain.h
@@ -1,6 +1,6 @@
 /*
  * domain.h
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/hosts.deny b/hosts.deny
@@ -16,6 +16,7 @@ spynet2.microsoft.com
 spynettest.microsoft.com
 sqm.microsoft.com
 watson.microsoft.com
+msftncsi.com
 
 # Common ad servers:
 doubleclick.net

diff --git a/install.nsi b/install.nsi
@@ -1,5 +1,5 @@
 ; install.nsi
-; (C) 2014, all rights reserved,
+; (C) 2015, all rights reserved,
 ; 
 ; This program is free software: you can redistribute it and/or modify
 ; it under the terms of the GNU General Public License as published by
@@ -35,15 +35,32 @@ RequestExecutionLevel admin
 
 Section ""
     SetOutPath $INSTDIR
+
+    ; Tallow files:
     File "tallow.exe"
-    File "tor.exe"
+    File "hosts.deny"
+    File "traffic.deny"
+    File "LICENSE"
+
+    ; WinDivert files:
     File "WinDivert32.sys"
     File "WinDivert64.sys"
     File "WinDivert.dll"
-    File "hosts.deny"
-    File "traffic.deny"
+
+    ; Tor files:
+    File "libeay32.dll"
+    File "libevent-2-0-5.dll"
+    File "libevent_core-2-0-5.dll"
+    File "libevent_extra-2-0-5.dll"
+    File "libgcc_s_sjlj-1.dll"
+    File "libssp-0.dll"
+    File "ssleay32.dll"
+    File "zlib1.dll"
+    File "tor.exe"
+    File "geoip"
+    File "geoip6"
     File "torrc"
-    File "LICENSE"
+
     WriteUninstaller "TallowBundle-uninstall.exe"
     WriteRegStr HKLM \
         "Software\Microsoft\Windows\CurrentVersion\Uninstall\Tallow" \
@@ -55,17 +72,7 @@ Section ""
 SectionEnd
 
 Section "Uninstall"
-    Delete "$INSTDIR\tallow.exe"
-    Delete "$INSTDIR\tor.exe"
-    Delete "$INSTDIR\WinDivert32.sys"
-    Delete "$INSTDIR\WinDivert64.sys"
-    Delete "$INSTDIR\WinDivert.dll"
-    Delete "$INSTDIR\hosts.deny"
-    Delete "$INSTDIR\traffic.deny"
-    Delete "$INSTDIR\torrc"
-    Delete "$INSTDIR\LICENSE"
-    Delete "$INSTDIR\TallowBundle-uninstall.exe"
-    RMDir "$INSTDIR\"
+    RMDir /R /REBOOTOK "$INSTDIR\"
     DeleteRegKey HKCU "Software\Tallow"
     DeleteRegKey HKLM \
         "Software\Microsoft\Windows\CurrentVersion\Uninstall\Tallow"

diff --git a/main.c b/main.c
@@ -1,6 +1,6 @@
 /*
  * main.c
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -301,7 +301,6 @@ int WINAPI WinMain(HINSTANCE instance, HINSTANCE prev_instance,
     option_force_socks4a  = restore_option(OPTION_FORCE_SOCKS4a_ONLY);
     option_force_web_only = restore_option(OPTION_FORCE_WEB_ONLY);
 
-
     // (1) Register the window class:
     memset(&class, 0, sizeof(class));
     class.cbSize = sizeof(WNDCLASSEX);

diff --git a/main.h b/main.h
@@ -1,6 +1,6 @@
 /*
  * main.h
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/main.rc b/main.rc
@@ -1,6 +1,6 @@
 /*
  * main.rc
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/redirect.c b/redirect.c
@@ -1,6 +1,6 @@
 /*
  * redirect.c
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -230,7 +230,7 @@ extern void redirect_start(void)
             "tcp.SrcPort != 9001 and "
             "tcp.DstPort != 9030 and "
             "tcp.SrcPort != 9030))",
-        WINDIVERT_LAYER_NETWORK, -752, WINDIVERT_FLAG_NO_CHECKSUM);
+        WINDIVERT_LAYER_NETWORK, -752, 0);
     if (handle == INVALID_HANDLE_VALUE)
         goto redirect_start_error;
 
@@ -820,6 +820,16 @@ extern bool filter_read(char *filter, size_t len)
                     goto length_error;
                 filter[i++] = '\0';
                 fclose(stream);
+
+                // Check the filter for errors:
+                const char *err_str;
+                if (!WinDivertHelperCheckFilter(filter,
+                        WINDIVERT_LAYER_NETWORK, &err_str, NULL))
+                {
+                    warning("failed to verify \"%s\"; filter error \"%s\"",
+                        filename, err_str);
+                    return false;
+                }
                 return true;
             }
             case '#':
@@ -838,6 +848,7 @@ extern bool filter_read(char *filter, size_t len)
 
 length_error:
 
+    fclose(stream);
     warning("failed to read \"%s\"; filter length is too long (max=%u)",
         filename, len);
     return false;

diff --git a/redirect.h b/redirect.h
@@ -1,6 +1,6 @@
 /*
  * redirect.h
- * Copyright (C) 2014, basil
+ * Copyright (C) 2015, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/torrc b/torrc
@@ -1 +1,3 @@
-# Default empty torrc file.
+# Tallow default torrc file.
+GeoIPFile "geoip"
+GeoIPv6File "geoip6"
diff --git a/traffic.deny b/traffic.deny
@@ -2,12 +2,17 @@
 
 # Notes:
 # - This file uses the WinDivert filter language, see:
-#   (reqrypt.org/windivert-doc.html) for more information.
+#   (https://reqrypt.org/windivert-doc.html) for more information.
 # - This is filter in addition to "web-only" mode; the two filters operate
 #   independently.
 # - ipv6 and non-tcp (except port 53 UDP) will be dropped regardless of what
 #   this file specifies.  However, it is more efficient to filter such
 #   traffic here.
+# - Traffic is dropped if and only if the filter evaluates to "true".
 
-ipv6 or (not tcp and udp.DstPort != 53)
+(ipv6? true: false)                 # IPv6 always dropped.
+    or
+(udp? udp.DstPort != 53: false)     # UDP always dropped except DNS.
+    or
+(not tcp and not udp? true: false)  # non-TCP and non-UDP always dropped.