diff --git a/firewall/interception/interception_linux.go b/firewall/interception/interception_linux.go index fb72a59e..d0f7f5e8 100644 --- a/firewall/interception/interception_linux.go +++ b/firewall/interception/interception_linux.go @@ -1,6 +1,7 @@ package interception import ( + "github.com/safing/portmaster/firewall/interception/nfq" "github.com/safing/portmaster/network/packet" ) @@ -13,3 +14,8 @@ func start(ch chan packet.Packet) error { func stop() error { return StopNfqueueInterception() } + +// ResetAllConnections resets all connections so they are forced to go thought the firewall again +func ResetAllConnections() error { + return nfq.DeleteAllMarkedConnection() +} diff --git a/firewall/interception/interception_windows.go b/firewall/interception/interception_windows.go index 2d343a46..150d24d8 100644 --- a/firewall/interception/interception_windows.go +++ b/firewall/interception/interception_windows.go @@ -38,3 +38,8 @@ func start(ch chan packet.Packet) error { func stop() error { return windowskext.Stop() } + +// ResetAllConnections resets all connections so they are forced to go thought the firewall again +func ResetAllConnections() error { + return windowskext.ClearCache() +} diff --git a/firewall/interception/nfqueue_linux.go b/firewall/interception/nfqueue_linux.go index c72af96b..488cc7a4 100644 --- a/firewall/interception/nfqueue_linux.go +++ b/firewall/interception/nfqueue_linux.go @@ -341,8 +341,3 @@ func (dnfq *disabledNfQueue) PacketChannel() <-chan packet.Packet { } func (dnfq *disabledNfQueue) Destroy() {} - -// ResetAllConnections resets all connections so they are forced to go thought the firewall again -func ResetAllConnections() error { - return nfq.DeleteAllMarkedConnection() -} diff --git a/firewall/interception/windowskext/kext.go b/firewall/interception/windowskext/kext.go index 1767667b..5b7c972c 100644 --- a/firewall/interception/windowskext/kext.go +++ b/firewall/interception/windowskext/kext.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows package windowskext @@ -48,6 +49,7 @@ type WinKext struct { recvVerdictRequest *windows.Proc setVerdict *windows.Proc getPayload *windows.Proc + clearCache *windows.Proc } // Init initializes the DLL and the Kext (Kernel Driver). @@ -90,6 +92,12 @@ func Init(dllPath, driverPath string) error { if err != nil { return fmt.Errorf("could not find proc PortmasterGetPayload in dll: %s", err) } + new.clearCache, err = new.dll.FindProc("PortmasterClearCache") + if err != nil { + // the loaded dll is an old version + log.Errorf("could not find proc PortmasterClearCache in dll: %s", err) + log.Warning("are you using the latest kext version?") + } // initialize dll/kext rc, _, lastErr := new.init.Call() @@ -246,6 +254,27 @@ func GetPayload(packetID uint32, packetSize uint32) ([]byte, error) { return buf, nil } +func ClearCache() error { + kextLock.RLock() + defer kextLock.RUnlock() + if !ready.IsSet() { + log.Error("kext: failed to clear the cache: kext not ready") + return ErrKextNotReady + } + + if kext.clearCache == nil { + log.Error("kext: cannot clear cache: clearCache function missing") + } + + rc, _, lastErr := kext.clearCache.Call() + + if rc != windows.NO_ERROR { + return formatErr(lastErr, rc) + } + + return nil +} + func formatErr(err error, rc uintptr) error { sysErr, ok := err.(syscall.Errno) if ok {