v2.7.9

YerongAI · Nov 20, 2023 · 4e575a4 · 4e575a4
1 parent a9c3362
commit 4e575a4
Show file tree

Hide file tree

Showing 36 changed files with 334 additions and 113 deletions.
diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
@@ -54,8 +54,8 @@ if (WIN32)
                      ${WINDSCRIBE_BUILD_LIBS_PATH}/cares/lib
     )
 
-    set (OS_SPECIFIC_LIBRARIES psapi.lib iphlpapi.lib dnsapi.lib rasapi32.lib pdh.lib Crypt32.lib Version.lib Ntdll.lib
-        libcurl_imp libssl libcrypto
+    set (OS_SPECIFIC_LIBRARIES psapi.lib iphlpapi.lib dnsapi.lib rasapi32.lib pdh.lib Crypt32.lib Version.lib
+        libcurl_imp libssl libcrypto cares
     )
     list(APPEND PROJECT_SOURCES client.rc)
     # Generate debug information (symbol files) for Windows (release build only)

diff --git a/client/common/changelog.txt b/client/common/changelog.txt
@@ -1,3 +1,14 @@
+2.7.9 (08/08/2023)
+All:
+   * Added anti-censorship toggle in preferences. #695
+   * Added anti-censorship feature: WireGuard UDP stuffing. #696
+   * Added an icon on the main screen to indicate anti-censorship mode is enabled. #700
+Windows:
+   * Fixed DNS resolver issue. #643 & #697
+Linux:
+   * Fixed app fails to download update package on Ubuntu arm64. #690
+
+
 2.7.8 (17/07/2023)
 All:
    * Fixed spinner animation on the ROBERT page continues after the website has already been opened. #480

diff --git a/client/common/types/enginesettings.cpp b/client/common/types/enginesettings.cpp
@@ -24,7 +24,8 @@ void EngineSettings::saveToSettings()
         ds << d->language << d->updateChannel << d->isIgnoreSslErrors << d->isTerminateSockets << d->isAllowLanTraffic <<
               d->firewallSettings << d->connectionSettings << d->apiResolutionSettings << d->proxySettings << d->packetSize <<
               d->macAddrSpoofing << d->dnsPolicy << d->tapAdapter << d->customOvpnConfigsPath << d->isKeepAliveEnabled <<
-              d->connectedDnsInfo << d->dnsManager << d->networkPreferredProtocols << d->networkLastKnownGoodProtocols;
+              d->connectedDnsInfo << d->dnsManager << d->networkPreferredProtocols << d->networkLastKnownGoodProtocols <<
+              d->isAntiCensorship;
     }
 
     QSettings settings;
@@ -63,6 +64,10 @@ void EngineSettings::loadFromSettings()
             {
                 ds >> d->networkLastKnownGoodProtocols;
             }
+            if (version >= 4)
+            {
+                ds >> d->isAntiCensorship;
+            }
             if (ds.status() == QDataStream::Ok)
             {
                 bLoaded = true;
@@ -125,6 +130,16 @@ void EngineSettings::setIsTerminateSockets(bool close)
     d->isTerminateSockets = close;
 }
 
+bool EngineSettings::isAntiCensorship() const
+{
+    return d->isAntiCensorship;
+}
+
+void EngineSettings::setIsAntiCensorship(bool enable)
+{
+    d->isAntiCensorship = enable;
+}
+
 bool EngineSettings::isAllowLanTraffic() const
 {
     return d->isAllowLanTraffic;
@@ -322,6 +337,7 @@ bool EngineSettings::operator==(const EngineSettings &other) const
             other.d->updateChannel == d->updateChannel &&
             other.d->isIgnoreSslErrors == d->isIgnoreSslErrors &&
             other.d->isTerminateSockets == d->isTerminateSockets &&
+            other.d->isAntiCensorship == d->isAntiCensorship &&
             other.d->isAllowLanTraffic == d->isAllowLanTraffic &&
             other.d->firewallSettings == d->firewallSettings &&
             other.d->connectionSettings == d->connectionSettings &&
@@ -352,6 +368,7 @@ QDebug operator<<(QDebug dbg, const EngineSettings &es)
     dbg << "updateChannel:" << UPDATE_CHANNEL_toString(es.d->updateChannel) << "; ";
     dbg << "isIgnoreSslErrors:" << es.d->isIgnoreSslErrors << "; ";
     dbg << "isTerminateSockets:" << es.d->isTerminateSockets << "; ";
+    dbg << "isAntiCensorship:" << es.d->isAntiCensorship << "; ";
     dbg << "isAllowLanTraffic:" << es.d->isAllowLanTraffic << "; ";
     dbg << "firewallSettings: " << es.d->firewallSettings << "; ";
     dbg << "connectionSettings: " << es.d->connectionSettings << "; ";

diff --git a/client/common/types/enginesettings.h b/client/common/types/enginesettings.h
@@ -23,6 +23,7 @@ struct EngineSettingsData : public QSharedData
         updateChannel(UPDATE_CHANNEL_RELEASE),
         isIgnoreSslErrors(false),
         isTerminateSockets(true),
+        isAntiCensorship(false),
         isAllowLanTraffic(false),
         dnsPolicy(DNS_TYPE_CLOUDFLARE),
         tapAdapter(WINTUN_ADAPTER),
@@ -34,6 +35,7 @@ struct EngineSettingsData : public QSharedData
     UPDATE_CHANNEL updateChannel;
     bool isIgnoreSslErrors;
     bool isTerminateSockets;
+    bool isAntiCensorship;
     bool isAllowLanTraffic;
     types::FirewallSettings firewallSettings;
     types::ConnectionSettings connectionSettings;
@@ -70,6 +72,8 @@ class EngineSettings
     void setIsIgnoreSslErrors(bool ignore);
     bool isTerminateSockets() const;
     void setIsTerminateSockets(bool close);
+    bool isAntiCensorship() const;
+    void setIsAntiCensorship(bool enable);
     bool isAllowLanTraffic() const;
     void setIsAllowLanTraffic(bool isAllowLanTraffic);
 
@@ -123,7 +127,7 @@ class EngineSettings
 
     // for serialization
     static constexpr quint32 magic_ = 0x7745C2AE;
-    static constexpr int versionForSerialization_ = 3;  // should increment the version if the data format is changed
+    static constexpr int versionForSerialization_ = 4;  // should increment the version if the data format is changed
 };
 
 } // types namespace
diff --git a/client/common/utils/extraconfig.cpp b/client/common/utils/extraconfig.cpp
@@ -28,6 +28,7 @@ const QString WS_USE_ICMP_PINGS = WS_PREFIX + "use-icmp-pings";
 
 const QString WS_STEALTH_EXTRA_TLS_PADDING = WS_PREFIX + "stealth-extra-tls-padding";
 const QString WS_API_EXTRA_TLS_PADDING = WS_PREFIX + "api-extra-tls-padding";
+const QString WS_WG_UDP_STUFFING = WS_PREFIX + "wireguard-udp-stuffing";
 
 void ExtraConfig::writeConfig(const QString &cfg)
 {
@@ -75,6 +76,10 @@ QString ExtraConfig::getExtraConfigForOpenVpn()
         if (isLegalOpenVpnCommand(line))
             result += line + "\n";
     }
+    if (getAntiCensorship()) {
+        result += "udp-stuffing\n";
+        result += "tcp-split-reset\n";
+    }
     return result;
 }
 
@@ -140,6 +145,11 @@ QString ExtraConfig::modifyVerbParameter(const QString &ovpnData, QString &strEx
     return strOvpn;
 }
 
+void ExtraConfig::setAntiCensorship(bool bEnable)
+{
+    isAntiCensorship_ = bEnable;
+}
+
 int ExtraConfig::getMtuOffsetIkev2(bool &success)
 {
     return getIntFromExtraConfigLines(WS_MTU_OFFSET_IKEV_STR, success);
@@ -230,14 +240,24 @@ bool ExtraConfig::getUseICMPPings()
     return getFlagFromExtraConfigLines(WS_USE_ICMP_PINGS);
 }
 
+bool ExtraConfig::getAntiCensorship()
+{
+    return isAntiCensorship_;
+}
+
 bool ExtraConfig::getStealthExtraTLSPadding()
 {
-    return getFlagFromExtraConfigLines(WS_STEALTH_EXTRA_TLS_PADDING);
+    return getFlagFromExtraConfigLines(WS_STEALTH_EXTRA_TLS_PADDING) || getAntiCensorship();
 }
 
 bool ExtraConfig::getAPIExtraTLSPadding()
 {
-    return getFlagFromExtraConfigLines(WS_API_EXTRA_TLS_PADDING);
+    return getFlagFromExtraConfigLines(WS_API_EXTRA_TLS_PADDING) || getAntiCensorship();
+}
+
+bool ExtraConfig::getWireGuardUdpStuffing()
+{
+    return getFlagFromExtraConfigLines(WS_WG_UDP_STUFFING) || getAntiCensorship();
 }
 
 int ExtraConfig::getIntFromLineWithString(const QString &line, const QString &str, bool &success)
@@ -319,7 +339,8 @@ bool ExtraConfig::isLegalOpenVpnCommand(const QString &command) const
 
 ExtraConfig::ExtraConfig() : path_(QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation)
                                    + "/windscribe_extra.conf"),
-                             regExp_("(?m)^(?i)(verb)(\\s+)(\\d+$)")
+                             regExp_("(?m)^(?i)(verb)(\\s+)(\\d+$)"),
+                             isAntiCensorship_(false)
 {
 }
 

diff --git a/client/common/utils/extraconfig.h b/client/common/utils/extraconfig.h
@@ -19,6 +19,8 @@ class ExtraConfig
 
     void logExtraConfig();
     void writeConfig(const QString &cfg);
+    void setAntiCensorship(bool bEnable);
+    bool getAntiCensorship();
 
     QString getExtraConfig(bool bWithLog = false);
     QString getExtraConfigForOpenVpn();
@@ -50,6 +52,7 @@ class ExtraConfig
     bool getUseICMPPings();
     bool getStealthExtraTLSPadding();
     bool getAPIExtraTLSPadding();
+    bool getWireGuardUdpStuffing();
 
 private:
     ExtraConfig();
@@ -58,6 +61,7 @@ class ExtraConfig
     QString path_;
     QRegularExpression regExp_;
     QString detectedIp_;
+    bool isAntiCensorship_;
 
     int getIntFromLineWithString(const QString &line, const QString &str, bool &success);
     int getIntFromExtraConfigLines(const QString &variableName, bool &success);

diff --git a/client/common/utils/linuxutils.h b/client/common/utils/linuxutils.h
@@ -15,7 +15,8 @@ namespace LinuxUtils
     bool isGuiAlreadyRunning();
 
     const QString LAST_INSTALL_PLATFORM_FILE = "/etc/windscribe/platform";
-    const QString DEB_PLATFORM_NAME = QString("linux_deb_x64");
+    const QString DEB_PLATFORM_NAME_X64 = QString("linux_deb_x64");
+    const QString DEB_PLATFORM_NAME_ARM64 = QString("linux_deb_arm64");
     const QString RPM_PLATFORM_NAME = QString("linux_rpm_x64");
     const QString ZST_PLATFORM_NAME = QString("linux_zst_x64");
 

diff --git a/client/common/utils/utils.cpp b/client/common/utils/utils.cpp
@@ -426,7 +426,14 @@ QString Utils::getPlatformNameSafe()
 {
     QString platform = getPlatformName();
 #ifdef Q_OS_LINUX
-    if (platform == "") return LinuxUtils::DEB_PLATFORM_NAME; // default to debian so most of our API calls don't fail if we cannot find the /etc/windscribe/platform file (someone would have to manually delete)
+    // Default to debian so most of our API calls don't fail if we cannot find the /etc/windscribe/platform
+    // file (someone would have to manually delete)
+    if (platform.isEmpty())
+#ifdef __aarch64__
+        return LinuxUtils::DEB_PLATFORM_NAME_ARM64;
+#else
+        return LinuxUtils::DEB_PLATFORM_NAME_X64;
+#endif
 #endif
     return platform;
 }

diff --git a/client/common/version/windscribe_version.h b/client/common/version/windscribe_version.h
@@ -2,7 +2,7 @@
 
 #define WINDSCRIBE_MAJOR_VERSION 2
 #define WINDSCRIBE_MINOR_VERSION 7
-#define WINDSCRIBE_BUILD_VERSION 8
+#define WINDSCRIBE_BUILD_VERSION 9
 
 // only one of these should be enabled; neither -> stable
 //#define WINDSCRIBE_IS_BETA

diff --git a/client/engine/engine/autoupdater/downloadhelper.cpp b/client/engine/engine/autoupdater/downloadhelper.cpp
@@ -1,16 +1,19 @@
 #include "downloadhelper.h"
 
-#include "utils/logger.h"
-#include <QStandardPaths>
-#include <QFile>
 #include <QDir>
-#include "names.h"
+#include <QFile>
+#include <QStandardPaths>
+
 #include "engine/networkaccessmanager/networkaccessmanager.h"
 #include "engine/networkaccessmanager/networkreply.h"
-#include "utils/utils.h"
+#include "names.h"
+#include "utils/logger.h"
+#include "utils/ws_assert.h"
 
-#ifdef Q_OS_LINUX
+#if defined(Q_OS_LINUX)
 #include "utils/linuxutils.h"
+#elif defined(Q_OS_MAC)
+#include "utils/utils.h"
 #endif
 
 DownloadHelper::DownloadHelper(QObject *parent, NetworkAccessManager *networkAccessManager, const QString &platform) : QObject(parent)
@@ -39,7 +42,9 @@ const QString DownloadHelper::downloadInstallerPath()
     const QString path = downloadInstallerPathWithoutExtension() + ".dmg";
 #elif defined Q_OS_LINUX
     QString path;
-    if (platform_ == LinuxUtils::DEB_PLATFORM_NAME) { // if getPlatformName() fails, we should never get this far anyway
+    // if getPlatformName() fails, we should never get this far anyway
+    if (platform_ == LinuxUtils::DEB_PLATFORM_NAME_X64 ||
+        platform_ == LinuxUtils::DEB_PLATFORM_NAME_ARM64) {
         path = downloadInstallerPathWithoutExtension() + ".deb";
     }
     else if (platform_ == LinuxUtils::RPM_PLATFORM_NAME) {
@@ -49,6 +54,7 @@ const QString DownloadHelper::downloadInstallerPath()
         path = downloadInstallerPathWithoutExtension() + ".pkg.tar.zst";
     }
 #endif
+    WS_ASSERT(!path.isEmpty());
     return path;
 }
 

diff --git a/client/engine/engine/autoupdater/downloadhelper.h b/client/engine/engine/autoupdater/downloadhelper.h
@@ -1,5 +1,4 @@
-#ifndef DOWNLOADHELPER_H
-#define DOWNLOADHELPER_H
+#pragma once
 
 #include <QString>
 #include <QObject>
@@ -64,7 +63,4 @@ private slots:
     bool allRepliesDone();
     void abortAllReplies();
     void deleteAllReplies();
-
 };
-
-#endif // DOWNLOADHELPER_H
diff --git a/client/engine/engine/connectionmanager/connectionmanager.cpp b/client/engine/engine/connectionmanager/connectionmanager.cpp
@@ -3,6 +3,9 @@
 #include <QThread>
 #include <QCoreApplication>
 #include <QDateTime>
+#include <QUdpSocket>
+#include <QRandomGenerator>
+
 #include "isleepevents.h"
 #include "openvpnconnection.h"
 #include "engine/crossplatformobjectfactory.h"
@@ -117,6 +120,27 @@ ConnectionManager::~ConnectionManager()
     SAFE_DELETE(getWireGuardConfig_);
 }
 
+QString ConnectionManager::udpStuffingWithNtp(const QString &ip, const quint16 port)
+{
+    char ntpBuf[48] = {0};
+    // NTP client behavior as seen in Linux with chrony
+    ntpBuf[0] = 0x23; // ntp ver=4, mode=client
+    ntpBuf[2] = 0x09; // polling interval=9
+    ntpBuf[3] = 0x20; // clock precision
+    quint64 *ntpRand = (quint64*)&ntpBuf[40];
+
+    QUdpSocket udpSocket = QUdpSocket();
+    udpSocket.bind(QHostAddress::Any, 0);
+    const QString localPort = QString::number(udpSocket.localPort());
+    // repeat up to 5 times. Bounded argument is exclusive.
+    for (int i=0; i<=QRandomGenerator::global()->bounded(5); i++) {
+        *ntpRand = QRandomGenerator::global()->generate64();
+        udpSocket.writeDatagram(ntpBuf, sizeof(ntpBuf), QHostAddress(ip), port);
+    }
+    udpSocket.close();
+    return localPort;
+}
+
 void ConnectionManager::clickConnect(const QString &ovpnConfig, const apiinfo::ServerCredentials &serverCredentials,
                                          QSharedPointer<locationsmodel::BaseLocationInfo> bli,
                                          const types::ConnectionSettings &connectionSettings,
@@ -1127,6 +1151,12 @@ void ConnectionManager::doConnectPart3()
             QString endpointAndPort = QString("%1:%2").arg(currentConnectionDescr_.ip).arg(currentConnectionDescr_.port);
             wireGuardConfig_.setPeerPublicKey(currentConnectionDescr_.wgPeerPublicKey);
             wireGuardConfig_.setPeerEndpoint(endpointAndPort);
+
+            if (ExtraConfig::instance().getWireGuardUdpStuffing()) {
+                QString localPort = udpStuffingWithNtp(currentConnectionDescr_.ip, currentConnectionDescr_.port);
+                wireGuardConfig_.setClientListenPort(localPort);
+            }
+
             recreateConnector(types::Protocol::WIREGUARD);
             connector_->startConnect(QString(), currentConnectionDescr_.ip,
                 currentConnectionDescr_.dnsHostName, QString(), QString(), lastProxySettings_,

diff --git a/client/engine/engine/connectionmanager/connectionmanager.h b/client/engine/engine/connectionmanager/connectionmanager.h
@@ -51,6 +51,8 @@ class ConnectionManager : public QObject
     void blockingDisconnect();
     bool isDisconnected();
 
+    QString udpStuffingWithNtp(const QString &ip, const quint16 port);
+
     QString getLastConnectedIp();
     const AdapterGatewayInfo &getDefaultAdapterInfo() const;
     const AdapterGatewayInfo &getVpnAdapterInfo() const;

diff --git a/client/engine/engine/dnsresolver/CMakeLists.txt b/client/engine/engine/dnsresolver/CMakeLists.txt
@@ -1,6 +1,8 @@
 target_sources(engine PRIVATE
     areslibraryinit.cpp
     areslibraryinit.h
+    dnsresolver_cares.cpp
+    dnsresolver_cares.h
     dnsrequest.cpp
     dnsrequest.h
     idnsresolver.h
@@ -11,20 +13,14 @@ target_sources(engine PRIVATE
 
 if (WIN32)
     target_sources(engine PRIVATE
-	dnsresolver_win.cpp
-	dnsresolver_win.h
         dnsutils_win.cpp
     )
 elseif(APPLE)
     target_sources(engine PRIVATE
-	dnsresolver_posix.cpp
-	dnsresolver_posix.h
         dnsutils_mac.cpp
     )
 elseif(UNIX)
     target_sources(engine PRIVATE
-	dnsresolver_posix.cpp
-	dnsresolver_posix.h
         dnsutils_linux.cpp
     )
 endif()