public override void ExceptionIfRequired()
{
if (Available() == false)
{
throw new Exception(Messages.ToolsCurlRequired);
}
if (UtilsCore.CompareVersions(Version, minVersionRequired) == -1)
{
throw new Exception(GetRequiredVersionMessage());
}
}
public override void OnRun()
{
if (m_lastVersionNotification == "")
{
m_lastVersionNotification = Constants.VersionDesc;
}
string channel = Engine.Instance.Storage.Get("updater.channel");
try
{
HttpRequest request = new HttpRequest();
request.Url = Constants.WebSite + "/download/";
request.Url += "?mode=info";
request.Url += "&platform=" + Platform.Instance.GetCodeInstaller();
request.Url += "&arch=" + Platform.Instance.GetArchitecture();
request.Url += "&ui=" + "ui";
request.Url += "&format=updater";
request.Url += "&version=" + channel;
HttpResponse response = Engine.Instance.FetchUrl(request);
Json j = null;
if (Json.TryParse(response.GetBody(), out j))
{
string latestVersion = j["version"].Value as string;
int compare = UtilsCore.CompareVersions(m_lastVersionNotification, latestVersion);
if (compare == -1)
{
Json jUpdaterAvailable = new Json();
jUpdaterAvailable["command"].Value = "ui.updater.available";
Engine.Instance.UiManager.Broadcast(jUpdaterAvailable);
}
m_lastVersionNotification = latestVersion;
m_timeEvery = 60 * 60 * 24 * 1000;
}
else
{
// Error, retry later
m_timeEvery = 60 * 60 * 3 * 1000;
}
}
catch
{
// Error, retry later
m_timeEvery = 60 * 60 * 3 * 1000;
}
}
// Override
public Platform()
{
try
{
m_monoVersion = NativeMethods.GetMonoVersion();
}
catch
{
m_monoVersion = "2-generic";
}
if (UtilsCore.CompareVersions(m_monoVersion, "5.10.1.45") < 0)
{
// Workaround for https://github.com/mono/mono/issues/6752
Environment.SetEnvironmentVariable("TERM", "XTERM", EnvironmentVariableTarget.Process);
}
}
public override void OnUpdateIps()
{
base.OnUpdateIps();
// Remember: Rules must be in order: options, normalization, queueing, translation, filtering
string pf = "";
pf += "# " + Engine.Instance.GenerateFileHeader() + "\n";
pf += "# Block policy, RST for quickly notice\n";
pf += "set block-policy return\n"; // 2.9
pf += "# Skip interfaces: lo0 and utun (only when connected)\n"; // 2.9
if (m_connected)
{
pf += "set skip on { lo0 " + Engine.Instance.ConnectionActive.InterfaceId + " }\n";
}
else
{
pf += "set skip on { lo0 }\n";
}
pf += "# Scrub\n";
pf += "scrub in all\n"; // 2.9
pf += "# General rule\n";
if (Engine.Instance.Storage.Get("netlock.incoming") == "allow")
{
pf += "pass in all\n";
}
else
{
pf += "block in all\n";
}
if (Engine.Instance.Storage.Get("netlock.outgoing") == "allow")
{
pf += "pass out all\n";
}
else
{
pf += "block out all\n";
}
if (Engine.Instance.Storage.GetBool("netlock.allow_private"))
{
pf += "# IPv4 - Private networks\n";
pf += "pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16\n";
pf += "pass in quick inet from 192.168.0.0/16 to 192.168.0.0/16\n";
pf += "pass out quick inet from 172.16.0.0/12 to 172.16.0.0/12\n";
pf += "pass in quick inet from 172.16.0.0/12 to 172.16.0.0/12\n";
pf += "pass out quick inet from 10.0.0.0/8 to 10.0.0.0/8\n";
pf += "pass in quick inet from 10.0.0.0/8 to 10.0.0.0/8\n";
pf += "# IPv4 - Multicast\n";
pf += "pass out quick inet from 192.168.0.0/16 to 224.0.0.0/24\n";
pf += "pass out quick inet from 172.16.0.0/12 to 224.0.0.0/24\n";
pf += "pass out quick inet from 10.0.0.0/8 to 224.0.0.0/24\n";
pf += "# IPv4 - Simple Service Discovery Protocol address\n";
pf += "pass out quick inet from 192.168.0.0/16 to 239.255.255.250/32\n";
pf += "pass out quick inet from 172.16.0.0/12 to 239.255.255.250/32\n";
pf += "pass out quick inet from 10.0.0.0/8 to 239.255.255.250/32\n";
pf += "# IPv4 - Service Location Protocol version 2 address\n";
pf += "pass out quick inet from 192.168.0.0/16 to 239.255.255.253/32\n";
pf += "pass out quick inet from 172.16.0.0/12 to 239.255.255.253/32\n";
pf += "pass out quick inet from 10.0.0.0/8 to 239.255.255.253/32\n";
pf += "# IPv6 - Allow Link-Local addresses\n";
pf += "pass out quick inet6 from fe80::/10 to fe80::/10\n";
pf += "pass in quick inet6 from fe80::/10 to fe80::/10\n";
pf += "# IPv6 - Allow Link-Local addresses\n";
pf += "pass out quick inet6 from ff00::/8 to ff00::/8\n";
pf += "pass in quick inet6 from ff00::/8 to ff00::/8\n";
}
if (Engine.Instance.Storage.GetBool("netlock.allow_ping"))
{
pf += "# Allow ICMP\n";
pf += "pass quick proto icmp\n"; // 2.9
// Old macOS throw "unknown protocol icmp6". We don't known from when, so use icmp6 if High Sierra and above.
if (UtilsCore.CompareVersions(Platform.Instance.GetName(), "10.13") >= 0)
{
pf += "pass quick proto icmp6 all\n"; // 2.14.0
}
}
IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);
pf += "# Specific ranges\n";
foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
{
if (ip.IsV4)
{
pf += "pass out quick inet from any to " + ip.ToCIDR() + "\n";
}
else if (ip.IsV6)
{
pf += "pass out quick inet6 from any to " + ip.ToCIDR() + "\n";
}
}
if (Platform.Instance.FileContentsWriteText(m_filePfConf.Path, pf))
{
Engine.Instance.Logs.Log(LogType.Verbose, "macOS - PF rules updated, reloading");
SystemShell s = new SystemShell();
s.Path = m_pfctlPath;
s.Arguments.Add("-v");
s.Arguments.Add("-f");
s.Arguments.Add(SystemShell.EscapePath(m_filePfConf.Path));
if (s.Run() == false)
{
throw new Exception(Messages.NetworkLockMacOSUnableToStart);
}
if (s.StdErr.Contains("rules not loaded"))
{
throw new Exception(Messages.NetworkLockMacOSUnableToStart);
}
}
}
public string BuildPfConfig()
{
// Remember: Rules must be in order: options, normalization, queueing, translation, filtering
string pf = "";
pf += "# " + Engine.Instance.GenerateFileHeader() + "\n";
pf += "# Block policy, RST for quickly notice\n";
pf += "set block-policy return\n"; // 2.9
pf += "# Skip interfaces: lo0 and utun (only when connected)\n"; // 2.9
if (m_connected)
{
pf += "set skip on { lo0 " + Engine.Instance.ConnectionActive.InterfaceId + " }\n";
}
else
{
pf += "set skip on { lo0 }\n";
}
pf += "# Scrub\n";
pf += "scrub in all\n"; // 2.9
pf += "# General rule\n";
if (Engine.Instance.Storage.Get("netlock.incoming") == "allow")
{
pf += "pass in all\n";
}
else
{
pf += "block in all\n";
}
if (Engine.Instance.Storage.Get("netlock.outgoing") == "allow")
{
pf += "pass out all\n";
}
else
{
pf += "block out all\n";
}
if (Engine.Instance.Storage.GetBool("netlock.allow_private"))
{
pf += "# IPv4 - Private networks\n";
pf += "pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16\n";
pf += "pass in quick inet from 192.168.0.0/16 to 192.168.0.0/16\n";
pf += "pass out quick inet from 172.16.0.0/12 to 172.16.0.0/12\n";
pf += "pass in quick inet from 172.16.0.0/12 to 172.16.0.0/12\n";
pf += "pass out quick inet from 10.0.0.0/8 to 10.0.0.0/8\n";
pf += "pass in quick inet from 10.0.0.0/8 to 10.0.0.0/8\n";
pf += "# IPv4 - Multicast\n";
pf += "pass out quick inet from 192.168.0.0/16 to 224.0.0.0/24\n";
pf += "pass out quick inet from 172.16.0.0/12 to 224.0.0.0/24\n";
pf += "pass out quick inet from 10.0.0.0/8 to 224.0.0.0/24\n";
pf += "# IPv4 - Simple Service Discovery Protocol address\n";
pf += "pass out quick inet from 192.168.0.0/16 to 239.255.255.250/32\n";
pf += "pass out quick inet from 172.16.0.0/12 to 239.255.255.250/32\n";
pf += "pass out quick inet from 10.0.0.0/8 to 239.255.255.250/32\n";
pf += "# IPv4 - Service Location Protocol version 2 address\n";
pf += "pass out quick inet from 192.168.0.0/16 to 239.255.255.253/32\n";
pf += "pass out quick inet from 172.16.0.0/12 to 239.255.255.253/32\n";
pf += "pass out quick inet from 10.0.0.0/8 to 239.255.255.253/32\n";
pf += "# IPv6 - Allow Link-Local addresses\n";
pf += "pass out quick inet6 from fe80::/10 to fe80::/10\n";
pf += "pass in quick inet6 from fe80::/10 to fe80::/10\n";
pf += "# IPv6 - Allow Link-Local addresses\n";
pf += "pass out quick inet6 from ff00::/8 to ff00::/8\n";
pf += "pass in quick inet6 from ff00::/8 to ff00::/8\n";
}
if (Engine.Instance.Storage.GetBool("netlock.allow_ping"))
{
pf += "# Allow ICMP\n";
pf += "pass quick proto icmp\n"; // 2.9
// Old macOS throw "unknown protocol icmp6". We don't known from when, so use icmp6 if High Sierra and above.
if (UtilsCore.CompareVersions(Platform.Instance.GetName(), "10.13") >= 0)
{
pf += "pass quick proto icmp6 all\n"; // 2.14.0
}
}
IpAddresses ipsWhiteListIncoming = GetIpsWhiteListIncoming();
pf += "# Specific ranges - incoming\n";
foreach (IpAddress ip in ipsWhiteListIncoming.IPs)
{
if (ip.IsV4)
{
pf += "pass in quick inet from " + ip.ToCIDR() + " to any\n";
}
else if (ip.IsV6)
{
pf += "pass in quick inet6 from " + ip.ToCIDR() + " to any\n";
}
}
IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);
pf += "# Specific ranges - outgoing\n";
foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
{
if (ip.IsV4)
{
pf += "pass out quick inet from any to " + ip.ToCIDR() + "\n";
}
else if (ip.IsV6)
{
pf += "pass out quick inet6 from any to " + ip.ToCIDR() + "\n";
}
}
return(pf);
}