Upgrade to WinDivert 2.0

- Tallow now uses the WinDivert SOCKET layer to detect and whitelist Tor traffic. - Tor is now configured to listen on the loopback address (127.0.0.1) only. This required some design changes, but should hopefully be address the windows firewall (false positive) warnings.
basil00 · Mar 16, 2019 · b8c2dc1 · b8c2dc1
1 parent 63c8f2d
commit b8c2dc1
Show file tree

Hide file tree

Showing 12 changed files with 701 additions and 568 deletions.
diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@ CFLAGS = --std=c99 -O2 -I contrib/$(WINDIVERT)/include/ -mwindows -mthreads \
     -mno-ms-bitfields -m32 -Wall -DVERSION=$(VERSION)
 CLIBS = -lws2_32 -lkernel32 -L contrib/$(WINDIVERT)/x86/ -lWinDivert \
     -lcomctl32 -liphlpapi -mwindows
-OBJS = main.o redirect.o domain.o allow.o
+OBJS = main.o redirect.o domain.o
 PROG = tallow.exe
 
 $(PROG): $(OBJS)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.2
+2.0
diff --git a/allow.c b/allow.c
diff --git a/allow.h b/allow.h
diff --git a/build.sh b/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# (C) 2018, all rights reserved,
+# (C) 2019, all rights reserved,
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,8 +20,8 @@
 
 set -e
 
-WINDIVERT=WinDivert-1.4.2-A-MINGW
-TOR=tor-win32-0.3.3.7
+WINDIVERT=WinDivert-2.0.0-rc
+TOR=tor-win32-0.3.5.7
 VERSION=`cat VERSION`
 
 echo "Checking for dependencies..."
@@ -66,7 +66,7 @@ echo "Copying \"LICENSE\"..."
 cp LICENSE install/.
 
 for FILE in \
-       "$WINDIVERT/x86_64/WinDivert64.sys" \
+       "$WINDIVERT/x64/WinDivert64.sys" \
        "$WINDIVERT/x86/WinDivert32.sys" \
        "$WINDIVERT/x86/WinDivert.dll" \
        "Tor/libeay32.dll" \

diff --git a/domain.c b/domain.c
@@ -1,6 +1,6 @@
 /*
  * domain.c
- * Copyright (C) 2015, basil
+ * Copyright (C) 2019, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -121,13 +121,13 @@ extern uint32_t domain_lookup_addr(const char *name0)
 
     if (domain_blacklist_lookup(blacklist, name0))
     {
-        debug("Block %s\n", name0);
+        debug(RED, "BLOCK", "%s", name0);
         return 0;       // Blocked!
     }
 
     if (InterlockedIncrement64(&rate) >= RATE_LIMIT)
     {
-        debug("Block (rate limit)\n");
+        debug(RED, "BLOCK", "%s (rate limit)", name0);
         return 0;
     }
 
@@ -139,7 +139,7 @@ extern uint32_t domain_lookup_addr(const char *name0)
     if (names[idx] != NULL)
     {
         // Name table is full!
-        debug("Block %s (name entry is full)\n", name0);
+        debug(RED, "BLOCK", "%s (name entry is full)", name0);
         return 0;
     }
 
@@ -220,7 +220,7 @@ extern void domain_cleanup(size_t count)
         unlock(names_lock);
 
         if (old_name != NULL)
-            debug("Cleanup name %s\n", old_name->name);
+            debug(YELLOW, "CLEANUP", "%s", old_name->name);
         domain_deref(old_name);
     }
 }

diff --git a/domain.h b/domain.h
@@ -1,6 +1,6 @@
 /*
  * domain.h
- * Copyright (C) 2015, basil
+ * Copyright (C) 2019, basil
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,8 +21,10 @@
 
 #include <stdint.h>
 
-#define ADDR_BASE               0x2C000000      // 44.0.0.0/24 (AMPRNet)
+#define ADDR_BASE               0x2C000000      // 44.0.0.0/8 (AMPRNet)
 #define ADDR_MAX                0x2CFFFFFF
+#define ADDR_BASE_STR           "44.0.0.0"
+#define ADDR_MAX_STR            "44.255.255.255"
 
 static inline bool is_fake_addr(uint32_t addr)
 {