mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 06:06:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

UI: OptionsPage: Add ability to "Ignore TCP RST-packets".

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2018-01-22 13:33:28 +05:00
parent f98cd3dafc
commit 4d96749ffb
11 changed files with 160 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/common/fortconf.h
View File

@ -15,11 +15,12 @@ typedef struct fort_conf_flags {
UINT32 filter_enabled : 1;
UINT32 stop_traffic : 1;
UINT32 stop_inet_traffic : 1;
UINT32 ignore_tcp_rst : 1;
UINT32 app_block_all : 1;
UINT32 app_allow_all : 1;
UINT32 log_blocked : 1;
UINT32 log_stat : 1;
UINT32 _reserved_ : 9;
UINT32 _reserved_ : 8;
UINT32 group_bits : 16;
} FORT_CONF_FLAGS, *PFORT_CONF_FLAGS;

16
src/common/fortprov.c
View File

@ -185,7 +185,7 @@ fort_prov_register (HANDLE transEngine, BOOL is_boot)
}
static DWORD
fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
fort_prov_flow_register (HANDLE transEngine, BOOL filter_transport)
{
FWPM_FILTER0 sfilter4, dfilter4;
FWPM_FILTER0 itfilter4, otfilter4;
@ -208,7 +208,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
sfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
@ -218,7 +218,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
dfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
@ -228,7 +228,7 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
itfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
@ -238,15 +238,17 @@ fort_prov_flow_register (HANDLE transEngine, BOOL speed_limit)
otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
otfilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
|| (filter_transport
&& ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
#if 0
|| (speed_limit && ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))
#endif
))
) {
fort_prov_trans_abort(engine);
}

2
src/common/version.h
View File

@ -7,6 +7,6 @@
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
#define DRIVER_VERSION 5
#define DRIVER_VERSION 6
#endif // VERSION_H

154
src/driver/fortdrv.c
View File

@ -24,27 +24,35 @@
#include "fortstat.c"
#include "forttmr.c"
#define HTONL(l) _byteswap_ulong(l)
#define NTOHL(l) HTONL(l)
#define HTONS(s) _byteswap_ushort(s)
#define NTOHS(s) HTONS(s)
#define TCP_HEADER_FLAG_FIN 0x0001
#define TCP_HEADER_FLAG_SYN 0x0002
#define TCP_HEADER_FLAG_RST 0x0004
#define TCP_HEADER_FLAG_PSH 0x0008
#define TCP_HEADER_FLAG_ACK 0x0010
#define TCP_HEADER_FLAG_URG 0x0020
#define TCP_HEADER_FLAG_ECE 0x0040
#define TCP_HEADER_FLAG_CWR 0x0080
typedef struct tcp_header {
UINT16 source;
UINT16 dest;
UINT16 source; // Source Port
UINT16 dest; // Destination Port
UINT32 seq;
UINT32 ack_seq;
UINT32 seq; // Sequence number
UINT32 ack_seq; // Acknowledgement number
UINT16 res1 : 4;
UINT16 doff : 4;
UINT16 fin : 1;
UINT16 syn : 1;
UINT16 rst : 1;
UINT16 psh : 1;
UINT16 ack : 1;
UINT16 urg : 1;
UINT16 ece : 1;
UINT16 cwr : 1;
UCHAR res1 : 4; // Unused
UCHAR doff : 4; // Data offset
UINT16 window;
UINT16 checksum;
UINT16 urg_ptr;
UCHAR flags; // Flags
UINT16 window; // Window size
UINT16 csum; // Checksum
UINT16 urg_ptr; // Urgent Pointer
} TCP_HEADER, *PTCP_HEADER;
typedef struct fort_conf_ref {
@ -61,12 +69,13 @@ typedef struct fort_device {
UINT32 connect4_id;
UINT32 accept4_id;
FORT_CONF_FLAGS volatile conf_flags;
PFORT_CONF_REF volatile conf_ref;
KSPIN_LOCK conf_lock;
FORT_BUFFER buffer;
FORT_STAT stat;
FORT_TIMER timer;
PFORT_CONF_REF volatile conf_ref;
KSPIN_LOCK conf_lock;
} FORT_DEVICE, *PFORT_DEVICE;
static PFORT_DEVICE g_device = NULL;
@ -140,8 +149,14 @@ fort_conf_ref_set (PFORT_CONF_REF conf_ref)
}
if (conf_ref != NULL) {
g_device->prov_boot = conf_ref->conf.flags.prov_boot;
const PFORT_CONF_FLAGS conf_flags = &conf_ref->conf.flags;
g_device->prov_boot = conf_flags->prov_boot;
g_device->was_conf = TRUE;
g_device->conf_flags = *conf_flags;
} else {
RtlZeroMemory((void *) &g_device->conf_flags, sizeof(FORT_CONF_FLAGS));
}
}
KeReleaseInStackQueuedSpinLock(&lock_queue);
@ -172,10 +187,14 @@ fort_conf_ref_flags_set (const PFORT_CONF_FLAGS conf_flags)
fort_conf_app_perms_mask_init(conf);
g_device->prov_boot = conf->flags.prov_boot;
g_device->prov_boot = conf_flags->prov_boot;
g_device->conf_flags = *conf_flags;
} else {
RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
old_conf_flags.prov_boot = g_device->prov_boot;
RtlZeroMemory((void *) &g_device->conf_flags, sizeof(FORT_CONF_FLAGS));
}
}
KeReleaseInStackQueuedSpinLock(&lock_queue);
@ -190,6 +209,14 @@ fort_callout_classify_block (FWPS_CLASSIFY_OUT0 *classifyOut)
classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
}
static void
fort_callout_classify_drop (FWPS_CLASSIFY_OUT0 *classifyOut)
{
classifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;
fort_callout_classify_block(classifyOut);
}
static void
fort_callout_classify_permit (const FWPS_FILTER0 *filter,
FWPS_CLASSIFY_OUT0 *classifyOut)
@ -211,7 +238,8 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
const FWPS_FILTER0 *filter,
FWPS_CLASSIFY_OUT0 *classifyOut,
int flagsField, int remoteIpField)
int flagsField, int remoteIpField,
int localPortIpField, int remotePortIpField)
{
PFORT_CONF_REF conf_ref;
PVOID path;
@ -279,6 +307,12 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Classify v4: Flow assoc. error: %d\n", status);
} else if (is_new_proc) {
const UINT16 localPort = inFixedValues->incomingValue[localPortIpField].value.uint16;
const UINT16 remotePort = inFixedValues->incomingValue[remotePortIpField].value.uint16;
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Flow: %x %d %d (%ws)\n", (UINT32) flowId, localPort, remotePort, path);
fort_buffer_proc_new_write(&g_device->buffer,
process_id, path_len, path, &irp, &info);
}
@ -320,7 +354,9 @@ fort_callout_connect_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
fort_callout_classify_v4(inFixedValues, inMetaValues, filter, classifyOut,
FWPS_FIELD_ALE_AUTH_CONNECT_V4_FLAGS,
FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS);
FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS,
FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_PORT,
FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_PORT);
}
static void
@ -336,7 +372,9 @@ fort_callout_accept_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
fort_callout_classify_v4(inFixedValues, inMetaValues, filter, classifyOut,
FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_FLAGS,
FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS);
FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS,
FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_PORT,
FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_PORT);
}
static NTSTATUS NTAPI
@ -352,6 +390,7 @@ fort_callout_notify (FWPS_CALLOUT_NOTIFY_TYPE notifyType,
static void
fort_callout_flow_classify_v4 (const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
const FWPS_FILTER0 *filter,
UINT64 flowContext,
FWPS_CLASSIFY_OUT0 *classifyOut,
UINT32 dataSize, BOOL inbound)
@ -360,9 +399,9 @@ fort_callout_flow_classify_v4 (const FWPS_INCOMING_METADATA_VALUES0 *inMetaValue
if (fort_stat_flow_classify(&g_device->stat, flowContext,
headerSize + dataSize, inbound)) {
fort_callout_classify_block(classifyOut);
fort_callout_classify_drop(classifyOut);
} else {
fort_callout_classify_continue(classifyOut);
fort_callout_classify_permit(filter, classifyOut);
}
}
@ -380,10 +419,9 @@ fort_callout_stream_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
const BOOL inbound = (streamData->flags & FWPS_STREAM_FLAG_RECEIVE) != 0;
UNUSED(inFixedValues);
UNUSED(filter);
fort_callout_flow_classify_v4(inMetaValues, flowContext, classifyOut,
dataSize, inbound);
fort_callout_flow_classify_v4(inMetaValues, filter, flowContext,
classifyOut, dataSize, inbound);
}
static void
@ -402,11 +440,9 @@ fort_callout_datagram_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
const BOOL inbound = (direction == FWP_DIRECTION_INBOUND);
UNUSED(inFixedValues);
UNUSED(filter);
UNUSED(flowContext);
fort_callout_flow_classify_v4(inMetaValues, flowContext, classifyOut,
dataSize, inbound);
fort_callout_flow_classify_v4(inMetaValues, filter, flowContext,
classifyOut, dataSize, inbound);
}
static void
@ -427,38 +463,42 @@ fort_callout_transport_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
FWPS_CLASSIFY_OUT0 *classifyOut,
int ipProtoField, BOOL inbound)
{
#if 0
const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(netBufList);
const UINT32 dataSize = NET_BUFFER_DATA_LENGTH(netBuf);
const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[
ipProtoField].value.uint8;
const BOOL is_udp = (ip_proto == IPPROTO_UDP);
UNUSED(filter);
UNUSED(flowContext);
if (is_udp) goto permit;
if (dataSize == 0) {
const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[
ipProtoField].value.uint8;
const BOOL is_udp = (ip_proto == IPPROTO_UDP);
/* Position in the packet data:
* FWPS_LAYER_INBOUND_TRANSPORT_V4: The beginning of the data.
* FWPS_LAYER_OUTBOUND_TRANSPORT_V4: The beginning of the transport header.
*/
if (!is_udp) {
PTCP_HEADER tcpHeader;
if (inbound && g_device->conf_flags.ignore_tcp_rst) {
const PNET_BUFFER netBuf = NET_BUFFER_LIST_FIRST_NB(netBufList);
TCP_HEADER buf;
PTCP_HEADER tcpHeader;
BOOL blocked = FALSE;
NdisAdvanceNetBufferDataStart(netBuf,
inMetaValues->ipHeaderSize, FALSE, NULL);
NdisRetreatNetBufferDataStart(netBuf, sizeof(TCP_HEADER), 0, NULL);
tcpHeader = NdisGetDataBuffer(netBuf, sizeof(TCP_HEADER),
NULL, sizeof(UINT16), 0);
tcpHeader = NdisGetDataBuffer(netBuf, sizeof(TCP_HEADER), &buf, 1, 0);
if (tcpHeader->ack) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Ack: %d %d\n", (UINT32) flowContext, inbound);
blocked = (tcpHeader->flags & TCP_HEADER_FLAG_RST);
//fort_stat_flow_shape(&g_device->stat, flowContext, inbound);
}
NdisAdvanceNetBufferDataStart(netBuf, sizeof(TCP_HEADER), FALSE, NULL);
if (blocked) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: RST: %x %d %d flags=%x\n", (UINT32) inMetaValues->flowHandle, NTOHS(tcpHeader->dest), NTOHS(tcpHeader->source), tcpHeader->flags);
fort_callout_classify_drop(classifyOut);
return;
}
}
#endif
classifyOut->actionType = FWP_ACTION_CONTINUE;
permit:
fort_callout_classify_permit(filter, classifyOut);
}
static void
@ -653,7 +693,7 @@ fort_callout_force_reauth (PDEVICE_OBJECT device,
stat:
if (conf_flags.log_stat) {
if ((status = fort_prov_flow_register(engine,
(stat->limit_bits != 0))))
(conf_flags.ignore_tcp_rst != 0))))
goto cleanup;
}
}

10
src/ui/conf/firewallconf.cpp
View File

@ -12,6 +12,7 @@ FirewallConf::FirewallConf(QObject *parent) :
m_filterEnabled(true),
m_stopTraffic(false),
m_stopInetTraffic(false),
m_ignoreTcpRst(false),
m_resolveAddress(false),
m_logErrors(false),
m_logBlocked(false),
@ -60,6 +61,14 @@ void FirewallConf::setStopInetTraffic(bool stopInetTraffic)
}
}
void FirewallConf::setIgnoreTcpRst(bool ignoreTcpRst)
{
if (m_ignoreTcpRst != ignoreTcpRst) {
m_ignoreTcpRst = ignoreTcpRst;
emit ignoreTcpRstChanged();
}
}
void FirewallConf::setResolveAddress(bool resolveAddress)
{
if (m_resolveAddress != resolveAddress) {
@ -230,6 +239,7 @@ void FirewallConf::copyFlags(const FirewallConf &o)
setFilterEnabled(o.filterEnabled());
setStopTraffic(o.stopTraffic());
setStopInetTraffic(o.stopInetTraffic());
setIgnoreTcpRst(o.ignoreTcpRst());
setLogErrors(o.logErrors());
setAppBlockAll(o.appBlockAll());
setAppAllowAll(o.appAllowAll());

6
src/ui/conf/firewallconf.h
View File

@ -21,6 +21,7 @@ class FirewallConf : public QObject
Q_PROPERTY(bool filterEnabled READ filterEnabled WRITE setFilterEnabled NOTIFY filterEnabledChanged)
Q_PROPERTY(bool stopTraffic READ stopTraffic WRITE setStopTraffic NOTIFY stopTrafficChanged)
Q_PROPERTY(bool stopInetTraffic READ stopInetTraffic WRITE setStopInetTraffic NOTIFY stopInetTrafficChanged)
Q_PROPERTY(bool ignoreTcpRst READ ignoreTcpRst WRITE setIgnoreTcpRst NOTIFY ignoreTcpRstChanged)
Q_PROPERTY(bool resolveAddress READ resolveAddress WRITE setResolveAddress NOTIFY resolveAddressChanged)
Q_PROPERTY(bool logErrors READ logErrors WRITE setLogErrors NOTIFY logErrorsChanged)
Q_PROPERTY(bool logBlocked READ logBlocked WRITE setLogBlocked NOTIFY logBlockedChanged)
@ -64,6 +65,9 @@ public:
bool stopInetTraffic() const { return m_stopInetTraffic; }
void setStopInetTraffic(bool stopInetTraffic);
bool ignoreTcpRst() const { return m_ignoreTcpRst; }
void setIgnoreTcpRst(bool ignoreTcpRst);
bool resolveAddress() const { return m_resolveAddress; }
void setResolveAddress(bool resolveAddress);
@ -126,6 +130,7 @@ signals:
void filterEnabledChanged();
void stopTrafficChanged();
void stopInetTrafficChanged();
void ignoreTcpRstChanged();
void resolveAddressChanged();
void logErrorsChanged();
void logBlockedChanged();
@ -152,6 +157,7 @@ private:
uint m_filterEnabled : 1;
uint m_stopTraffic : 1;
uint m_stopInetTraffic : 1;
uint m_ignoreTcpRst : 1;
uint m_resolveAddress : 1;

2
src/ui/fortsettings.cpp
View File

@ -222,6 +222,7 @@ bool FortSettings::readConfIni(FirewallConf &conf) const
conf.setFilterEnabled(iniBool("filterEnabled", true));
conf.setStopTraffic(iniBool("stopTraffic"));
conf.setStopInetTraffic(iniBool("stopInetTraffic"));
conf.setIgnoreTcpRst(iniBool("ignoreTcpRst"));
conf.setResolveAddress(iniBool("resolveAddress"));
conf.setLogErrors(iniBool("logErrors"));
conf.setLogBlocked(iniBool("logBlocked"));
@ -249,6 +250,7 @@ bool FortSettings::writeConfIni(const FirewallConf &conf)
setIniValue("filterEnabled", conf.filterEnabled());
setIniValue("stopTraffic", conf.stopTraffic());
setIniValue("stopInetTraffic", conf.stopInetTraffic());
setIniValue("ignoreTcpRst", conf.ignoreTcpRst());
setIniValue("resolveAddress", conf.resolveAddress());
setIniValue("logErrors", conf.logErrors());
setIniValue("logBlocked", conf.logBlocked());

BIN
src/ui/i18n/i18n_ru.qm
View File

Binary file not shown.

33
src/ui/i18n/i18n_ru.ts
View File

@ -4,17 +4,17 @@
<context>
<name>ConfUtil</name>
<message>
<location filename="../util/conf/confutil.cpp" line="118"/>
<location filename="../util/conf/confutil.cpp" line="119"/>
<source>Bad Include IP address: %1</source>
<translation>Некорректный IP адрес для включения: %1</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="126"/>
<location filename="../util/conf/confutil.cpp" line="127"/>
<source>Bad Exclude IP address: %1</source>
<translation>Некорректный IP адрес для исключения: %1</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="137"/>
<location filename="../util/conf/confutil.cpp" line="138"/>
<source>Too many IP addresses</source>
<translation>Слишком много IP адресов</translation>
</message>
@ -24,17 +24,17 @@
<translation>Слишком много путей приложений</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="159"/>
<location filename="../util/conf/confutil.cpp" line="160"/>
<source>Number of Application Groups must be &lt; %1</source>
<translation>Количество групп приложений должно быть &lt; %1</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="171"/>
<location filename="../util/conf/confutil.cpp" line="172"/>
<source>Length of Application Group&apos;s Name must be &lt; %1</source>
<translation>Длина наименования группы приложения должна быть &lt; %1</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="217"/>
<location filename="../util/conf/confutil.cpp" line="220"/>
<source>Length of Application&apos;s Path must be &lt; %1</source>
<translation>Длина пути приложения должна быть &lt; %1</translation>
</message>
@ -352,7 +352,7 @@
<translation>Статистика</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="103"/>
<location filename="../qml/pages/OptionsPage.qml" line="115"/>
<source>Password:</source>
<translation>Пароль:</translation>
</message>
@ -402,37 +402,42 @@
<translation>Остановить Интернет трафик</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="88"/>
<location filename="../qml/pages/OptionsPage.qml" line="89"/>
<source>Ignore TCP RST-packets</source>
<translation>Игнорировать TCP RST-пакеты</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="100"/>
<source>Log Errors</source>
<translation>Лог ошибок</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="124"/>
<location filename="../qml/pages/OptionsPage.qml" line="136"/>
<source>Installed</source>
<translation>Установлен</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="125"/>
<location filename="../qml/pages/OptionsPage.qml" line="137"/>
<source>Not Installed</source>
<translation>Не установлен</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="135"/>
<location filename="../qml/pages/OptionsPage.qml" line="147"/>
<source>Language:</source>
<translation>Язык:</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="154"/>
<location filename="../qml/pages/OptionsPage.qml" line="166"/>
<source>Logs</source>
<translation>Логи</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="166"/>
<location filename="../qml/pages/OptionsPage.qml" line="178"/>
<source>Profile</source>
<translation>Профиль</translation>
</message>
<message>
<location filename="../qml/pages/OptionsPage.qml" line="176"/>
<location filename="../qml/pages/OptionsPage.qml" line="188"/>
<source>Releases</source>
<translation>Релизы</translation>
</message>

12
src/ui/qml/pages/OptionsPage.qml
View File

@ -83,6 +83,18 @@ BasePage {
}
}
CheckBox {
enabled: firewallConf.logStat
text: translationManager.dummyBool
&& qsTranslate("qml", "Ignore TCP RST-packets")
checked: firewallConf.ignoreTcpRst
onToggled: {
firewallConf.ignoreTcpRst = checked;
setConfFlagsEdited();
}
}
CheckBox {
text: translationManager.dummyBool
&& qsTranslate("qml", "Log Errors")

2
src/ui/util/conf/confutil.cpp
View File

@ -88,6 +88,7 @@ int ConfUtil::writeFlags(const FirewallConf &conf, QByteArray &buf)
confFlags->filter_enabled = conf.filterEnabled();
confFlags->stop_traffic = conf.stopTraffic();
confFlags->stop_inet_traffic = conf.stopInetTraffic();
confFlags->ignore_tcp_rst = conf.ignoreTcpRst();
confFlags->app_block_all = conf.appBlockAll();
confFlags->app_allow_all = conf.appAllowAll();
confFlags->log_blocked = conf.logBlocked();
@ -293,6 +294,7 @@ void ConfUtil::writeData(char *output, const FirewallConf &conf,
drvConf->flags.filter_enabled = conf.filterEnabled();
drvConf->flags.stop_traffic = conf.stopTraffic();
drvConf->flags.stop_inet_traffic = conf.stopInetTraffic();
drvConf->flags.ignore_tcp_rst = conf.ignoreTcpRst();
drvConf->flags.app_block_all = conf.appBlockAll();
drvConf->flags.app_allow_all = conf.appAllowAll();