ctrld

mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-05-02 12:45:10 +02:00

Files

T

CodeScribe 8cb383d87e dns_intercept: add WFP loopback protect for VPN block-outside-dns

When third-party VPN software (e.g., OpenVPN) installs WFP block filters via
block-outside-dns, all DNS traffic to non-tunnel interfaces is blocked —
including DNS to 127.0.0.1 (ctrld's NRPT target). This breaks DNS mode
interception because the NRPT catch-all rule routes queries to loopback,
but WFP blocks the connection before it reaches ctrld's listener.

Fix: after exhausting all NRPT recovery attempts, activate a minimal WFP
session with "hard permit" filters (FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT)
for DNS to localhost in a max-priority sublayer (weight 0xFFFF). This
overrides the VPN's block for loopback DNS only, while preserving the
VPN's DNS leak protection for all other (non-loopback) DNS traffic.

The loopback protect is:
- Only activated when NRPT probes fail (not preemptively)
- Harmless when no conflicting WFP blocks exist (permit-only, no blocks)
- Persistent until ctrld shutdown (survives VPN reconnect cycles)
- Cleaned up by the existing cleanupWFPFilters path on shutdown

2026-04-29 15:21:38 +07:00

winres

all: include file information in Windows builds

2024-02-07 14:40:18 +07:00

ad_others.go

all: use local resolver for ADDC

2025-01-24 14:54:20 +07:00

ad_windows_test.go

Including system metadata when posting to utility API

2025-12-18 17:10:39 +07:00

ad_windows.go

Including system metadata when posting to utility API

2025-12-18 17:10:39 +07:00

cgo.go

cmd/cli: support nocgo version for upgrade command

2025-02-18 20:25:13 +07:00

cli_test.go

cmd/cli: write new config file on reload

2024-08-07 15:51:11 +07:00

cli.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

commands.go

Add log tail command for live log streaming

2026-03-25 13:58:44 +07:00

conn.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

control_client.go

Add log tail command for live log streaming

2026-03-25 13:58:44 +07:00

control_server_test.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

control_server.go

Add log tail command for live log streaming

2026-03-25 13:58:44 +07:00

dns_intercept_darwin_test.go

fix(darwin): correct pf rules tests

2026-03-03 15:36:46 +07:00

dns_intercept_darwin.go

fix: block IPv6 DNS in intercept mode, remove raw socket approach

2026-04-01 17:35:08 +07:00

dns_intercept_others.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

dns_intercept_windows.go

dns_intercept: add WFP loopback protect for VPN block-outside-dns

2026-04-29 15:21:38 +07:00

dns_proxy_test.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

dns_proxy.go

fix: block IPv6 DNS in intercept mode, remove raw socket approach

2026-04-01 17:35:08 +07:00

dns.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

hostname_test.go

all: add custom hostname support for provisoning

2024-10-24 13:05:48 +07:00

hostname.go

all: add custom hostname support for provisoning

2024-10-24 13:05:48 +07:00

library.go

start mobile library with provision id and custom hostname.

2025-09-25 16:44:39 +07:00

log_tail_test.go

Add log tail command for live log streaming

2026-03-25 13:58:44 +07:00

log_writer_test.go

log: persist internal runtime logs to disk

2026-04-29 15:12:44 +07:00

log_writer.go

log: persist internal runtime logs to disk

2026-04-29 15:12:44 +07:00

loop_test.go

cmd/cli: improving loop guard test

2023-12-13 14:53:29 +07:00

loop.go

cmd/cli: do not check DNS loop for upstream which is being down

2024-05-24 18:21:07 +07:00

main_test.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

main.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

metrics.go

cmd/cli: write new config file on reload

2024-08-07 15:51:11 +07:00

net_darwin.go

remove leaking timeout, fix blocking upstreams checks, leaking is per listener, OS resolvers are tested in parallel, reset is only done is os is down

2025-01-20 15:03:27 +07:00

net_linux.go

cmd/cli: implement valid interfaces map for all systems

2025-02-10 18:45:17 +07:00

net_others.go

cmd/cli: implement valid interfaces map for all systems

2025-02-10 18:45:17 +07:00

net_windows_test.go

cmd/cli: get physical interfaces using Windows WMI

2024-12-19 21:34:26 +07:00

net_windows.go

fix upgrade flow

2025-01-31 20:04:03 +07:00

network_manager_linux.go

cmd/cli: use better approach for detecting NetworkManager

2023-09-22 18:42:21 +07:00

network_manager_others.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

nextdns.go

cmd/cli: fix wrong generated config for nextdns resolver

2023-11-16 20:55:39 +07:00

nocgo.go

cmd/cli: support nocgo version for upgrade command

2025-02-18 20:25:13 +07:00

os_darwin.go

all: preserve search domains settings

2025-05-15 17:00:59 +07:00

os_freebsd.go

all: preserve search domains settings

2025-05-15 17:00:59 +07:00

os_linux_test.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

os_linux.go

Fix: Filter root domain from search domains on Linux

2025-11-12 15:14:40 +07:00

os_others.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

os_windows_test.go

cmd/cli: get static DNS using syscall

2024-12-19 21:34:37 +07:00

os_windows.go

feat: add Windows NRPT and WFP DNS interception

2026-03-03 14:29:09 +07:00

prog_darwin.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

prog_freebsd.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

prog_linux_test.go

cmd/cli: fix systemd-networkd-wait-online blocks ctrld starts

2024-05-09 18:39:30 +07:00

prog_linux.go

cmd/cli: preserve search domains when reverting resolv.conf

2025-06-04 18:36:51 +07:00

prog_others.go

cmd/cli: add DNS as ctrld service dependency

2025-02-26 00:44:13 +07:00

prog_test.go

Avoiding Windows runners file locking issue

2025-07-15 20:59:57 +07:00

prog_windows.go

cmd/cli: add DNS as ctrld service dependency

2025-02-26 00:44:13 +07:00

prog.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

prometheus.go

cmd/cli: write new config file on reload

2024-08-07 15:51:11 +07:00

reload_others.go

all: implement reload command

2023-11-06 20:01:03 +07:00

reload_windows.go

all: implement reload command

2023-11-06 20:01:03 +07:00

resolvconf_darwin.go

cmd/cli: fix issue with editing /etc/resolv.conf directly on Darwin

2024-08-07 15:54:20 +07:00

resolvconf_not_darwin_unix.go

cmd/cli: preserve search domains when reverting resolv.conf

2025-06-04 18:36:51 +07:00

resolvconf_windows.go

cmd/cli: watch resolv.conf on all unix platforms

2024-02-22 18:15:36 +07:00

resolvconf.go

remove leaking logic in favor of recovery logic.

2025-02-10 18:55:36 +07:00

search_domains_unix.go

all: preserve search domains settings

2025-05-15 17:00:59 +07:00

search_domains_windows.go

all: preserve search domains settings

2025-05-15 17:00:59 +07:00

self_delete_others.go

cmd/cli: make --cleanup removing more files

2024-08-07 15:51:11 +07:00

self_delete_windows.go

cmd/cli: make --cleanup removing more files

2024-08-07 15:51:11 +07:00

self_kill_others.go

cmd/cli: ensure DNS goroutines terminated before self-uninstall

2024-08-16 13:50:11 +07:00

self_kill_unix.go

cmd/cli: handle stop signal from service manager

2025-03-26 23:18:36 +07:00

self_upgrade_others.go

cmd/cli: handle stop signal from service manager

2025-03-26 23:18:36 +07:00

self_upgrade_windows.go

cmd/cli: handle stop signal from service manager

2025-03-26 23:18:36 +07:00

sema.go

cmd: allow import/running ctrld as library

2023-08-15 18:22:38 +07:00

service_args_darwin.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

service_args_others.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

service_args_windows.go

feat: introduce DNS intercept mode infrastructure

2026-03-03 14:26:39 +07:00

service_others.go

Resolve "OS upstream failure / wrong default route"

2025-02-24 18:36:08 +07:00

service_test.go

all: implement self-upgrade flag from API

2025-03-26 23:18:04 +07:00

service_windows_test.go

cmd/cli: check local DNS using Windows API

2024-12-19 21:34:21 +07:00

service_windows.go

fix: close handle leak in hasLocalDnsServerRunning()

2026-03-25 13:58:24 +07:00

service.go

all: implement self-upgrade flag from API

2025-03-26 23:18:04 +07:00

upstream_monitor.go

fix down state handling

2025-02-11 19:27:41 +07:00

vpn_dns.go

fix: bracket IPv6 addresses in VPN DNS upstream config

2026-04-01 17:23:53 +07:00

winres_windows.go

all: include file information in Windows builds

2024-02-07 14:40:18 +07:00