Update captive portal detection to work without server

safing · Jul 21, 2020 · 811516e · 811516e
1 parent b87ba37
commit 811516e
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 146 deletions.
diff --git a/firewall/master.go b/firewall/master.go
@@ -184,18 +184,28 @@ func checkConnectionType(ctx context.Context, conn *network.Connection, _ packet
 func checkConnectivityDomain(_ context.Context, conn *network.Connection, _ packet.Packet) bool {
 	p := conn.Process().Profile()
 
-	if !p.BlockScopeInternet() {
+	switch {
+	case netenv.GetOnlineStatus() > netenv.StatusPortal:
+		// Special grant only applies if network status is Portal (or even more limited).
+		return false
+
+	case conn.Inbound:
+		// Special grant only applies to outgoing connections.
+		return false
+
+	case p.BlockScopeInternet():
 		// Special grant only applies if application is allowed to connect to the Internet.
 		return false
-	}
 
-	if netenv.GetOnlineStatus() <= netenv.StatusPortal &&
-		netenv.IsConnectivityDomain(conn.Entity.Domain) {
+	case netenv.IsConnectivityDomain(conn.Entity.Domain):
+		// Special grant!
 		conn.Accept("special grant for connectivity domain during network bootstrap")
 		return true
-	}
 
-	return false
+	default:
+		// Not a special grant domain
+		return false
+	}
 }
 
 func checkConnectionScope(_ context.Context, conn *network.Connection, _ packet.Packet) bool {

diff --git a/netenv/main.go b/netenv/main.go
@@ -15,11 +15,15 @@ var (
 )
 
 func init() {
-	module = modules.Register("netenv", nil, start, nil)
+	module = modules.Register("netenv", prep, start, nil)
 	module.RegisterEvent(NetworkChangedEvent)
 	module.RegisterEvent(OnlineStatusChangedEvent)
 }
 
+func prep() error {
+	return prepOnlineStatus()
+}
+
 func start() error {
 	module.StartServiceWorker(
 		"monitor network changes",