feat: remove DoH address from killswitch exceptions after resolving

2026-05-08 14:33:23 +00:00 · 2025-10-24 16:41:07 +04:00
parent f4a9bdd367
commit fcef264559
7 changed files with 63 additions and 4 deletions
--- a/client/core/controllers/gatewayController.cpp
+++ b/client/core/controllers/gatewayController.cpp
@@ -79,7 +79,7 @@ ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBo
    if (m_isStrictKillSwitchEnabled) {
        const QUrl originalUrl = request.url();
        const QString originalHost = originalUrl.host();
-        const QString resolvedIp = allowKillSwitchExceptionForUrl(originalUrl);
+        const QString resolvedIp = addKillSwitchExceptionForUrl(originalUrl);
        if (!resolvedIp.isEmpty() && resolvedIp != originalHost) {
            QUrl ipUrl = originalUrl;
            ipUrl.setHost(resolvedIp);
@@ -146,7 +146,7 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
    if (m_isStrictKillSwitchEnabled) {
        const QUrl originalUrl = request.url();
        const QString originalHost = originalUrl.host();
-        const QString resolvedIp = allowKillSwitchExceptionForUrl(originalUrl);
+        const QString resolvedIp = addKillSwitchExceptionForUrl(originalUrl);
        if (!resolvedIp.isEmpty() && resolvedIp != originalHost) {
            QUrl ipUrl = originalUrl;
            ipUrl.setHost(resolvedIp);
@@ -384,7 +384,7 @@ void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *repl
    }
 }

-QString GatewayController::allowKillSwitchExceptionForUrl(const QUrl &url)
+QString GatewayController::addKillSwitchExceptionForUrl(const QUrl &url)
 {
 #ifdef AMNEZIA_DESKTOP
    const QString host = url.host();
@@ -475,6 +475,41 @@ bool GatewayController::addKillSwitchException(const QStringList &ranges)
    return result;
 }

+bool GatewayController::removeKillSwitchException(const QStringList &ranges)
+{
+    auto ipcInterface = IpcClient::Interface();
+    if (!ipcInterface) {
+        qWarning() << "IPC interface is null, cannot remove KillSwitch exception";
+        return false;
+    }
+
+    const auto waitForReply = [](QRemoteObjectPendingReply<bool> reply) -> bool {
+        if (!reply.waitForFinished()) {
+            qWarning() << "Timed out waiting for KillSwitch removal reply";
+            return false;
+        }
+        return reply.returnValue();
+    };
+
+    QRemoteObjectPendingReply<bool> reply;
+    if (ipcInterface->thread() == QThread::currentThread()) {
+        reply = ipcInterface->removeKillSwitchAllowedRange(ranges);
+    } else {
+        const bool invoked = QMetaObject::invokeMethod(ipcInterface.data(),
+                                                       [&reply, ipcInterface, ranges]() {
+                                                           reply = ipcInterface->removeKillSwitchAllowedRange(ranges);
+                                                       },
+                                                       Qt::BlockingQueuedConnection);
+        if (!invoked) {
+            qWarning() << "Failed to invoke KillSwitch removal via queued connection";
+            return false;
+        }
+    }
+
+    const bool result = waitForReply(reply);
+    return result;
+}
+
 QString GatewayController::resolveHostViaOpenDns(const QString &host)
 {
    const QString fallbackIp = QStringLiteral("146.112.41.2");
--- a/client/core/controllers/gatewayController.h
+++ b/client/core/controllers/gatewayController.h
@@ -27,10 +27,11 @@ private:
                           const QByteArray &iv = "", const QByteArray &salt = "");
    void bypassProxy(const QString &endpoint, QNetworkReply *reply, std::function<QNetworkReply *(const QString &url)> requestFunction,
                     std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction);
-    QString allowKillSwitchExceptionForUrl(const QUrl &url);
+    QString addKillSwitchExceptionForUrl(const QUrl &url);
    QString resolveHost(const QString &host);
 #ifdef AMNEZIA_DESKTOP
    bool addKillSwitchException(const QStringList &ranges);
+    bool removeKillSwitchException(const QStringList &ranges);
    QString resolveHostViaOpenDns(const QString &host);
    QString resolveHostViaQuad9(const QString &host);
    QByteArray buildDnsQuery(const QString &host) const;
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -32,6 +32,7 @@ class IpcInterface
    SLOT( bool disableAllTraffic() );
    SLOT( bool refreshKillSwitch( bool enabled ) );
    SLOT( bool addKillSwitchAllowedRange( const QStringList ranges ) );
+    SLOT( bool removeKillSwitchAllowedRange( const QStringList ranges ) );
    SLOT( bool resetKillSwitchAllowedRange( const QStringList ranges ) );
    SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
    SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -189,6 +189,11 @@ bool IpcServer::addKillSwitchAllowedRange(QStringList ranges)
    return KillSwitch::instance()->addAllowedRange(ranges);
 }

+bool IpcServer::removeKillSwitchAllowedRange(QStringList ranges)
+{
+    return KillSwitch::instance()->removeAllowedRange(ranges);
+}
+
 bool IpcServer::disableAllTraffic()
 {
    return KillSwitch::instance()->disableAllTraffic();
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -36,6 +36,7 @@ public:
    virtual void StopRoutingIpv6() override;
    virtual bool disableAllTraffic() override;
    virtual bool addKillSwitchAllowedRange(QStringList ranges) override;
+    virtual bool removeKillSwitchAllowedRange(QStringList ranges) override;
    virtual bool resetKillSwitchAllowedRange(QStringList ranges) override;
    virtual bool enablePeerTraffic(const QJsonObject &configStr) override;
    virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;
--- a/service/server/killswitch.cpp
+++ b/service/server/killswitch.cpp
@@ -189,6 +189,21 @@ bool KillSwitch::addAllowedRange(const QStringList &ranges) {
    return resetAllowedRange(m_allowedRanges);
 }

+bool KillSwitch::removeAllowedRange(const QStringList &ranges) {
+    bool modified = false;
+    for (const QString &range : ranges) {
+        if (!range.isEmpty()) {
+            modified = modified || m_allowedRanges.removeAll(range) > 0;
+        }
+    }
+
+    if (!modified) {
+        return true;
+    }
+
+    return resetAllowedRange(m_allowedRanges);
+}
+
 bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 #ifdef Q_OS_WIN
    InterfaceConfig config;
--- a/service/server/killswitch.h
+++ b/service/server/killswitch.h
@@ -19,6 +19,7 @@ public:
    bool enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex);
    bool resetAllowedRange(const QStringList &ranges);
    bool addAllowedRange(const QStringList &ranges);
+    bool removeAllowedRange(const QStringList &ranges);
    bool isStrictKillSwitchEnabled();

 private: