2020-11-28 23:38

Leaking traffic

(Might be related to https://github.com/henrypp/simplewall/issues/405)

Looks like I can consistently reproduce what might constitute a "leak". Steps: - Latest mIRC (signed binary) - Dead-simple Windows Firewall rule:

Name    Group   Profile Enabled Action  Override    Program Local Address   Remote Address  Protocol    Local Port  Remote Port Authorized Computers    Authorized Local Principals Local User Owner    Application Package 
Allow mIRC      All Yes Allow   No  %ProgramFiles% (x86)\mIRC\mirc.exe  Any Any TCP Any Any Any Any Any Any 
  • Relevant SimpleWall rule:
<?xml version="1.0"?>
<root timestamp="1565009685" type="1">
<item name="IRC" rule="6697-7000" protocol="6" version="2" apps="%ProgramFiles% (x86)\mirc\mirc.exe" is_enabled="true"></item>
  • SimpleWall is running in the white list mode.
  • Sniffing on the eth: wtf_firewall
  • If port range is limited in Windows Firewall - all works as expected.

Tested with Windows Firewall on and off. What is going on here?


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • weixin_39756540 weixin_39756540 5月前

    After learning a bit more about networking in NT, this was probably caused by misconfiguration on my side.

    Closing for now, but please feel free to re-open if there is anything to add.

    点赞 评论 复制链接分享
  • weixin_39756540 weixin_39756540 5月前

    Some more details that might be relevant:

    • Computer is running latest stable build of Windows 10 Pro with Hyper-V enabled. Thus, virtual adapters come into play:
    > Get-NetAdapter | select Name, MediaType, DriverFileName
    Name                       MediaType     DriverFileName
    ----                       ---------     --------------
    Physical                   802.3         e1i65x64.sys
    Npcap Loopback Adapter     802.3         loop.sys
    vEthernet (Default Switch) 802.3         VmsProxyHNic.sys
    vEthernet (ext_switch)     802.3         VmsProxyHNic.sys
    WiFi                       Native 802.11 NETwew01.sys
    • OS itself is using "ext_switch" via the following scheme:


    Perhaps the issue in question is because SimpleWall does not operate as intended on certain types of adapters or with the "internet sharing" feature?

    , relative path was created by SimpleWall, I've just snipped it out of the config.

    点赞 评论 复制链接分享
  • weixin_39786706 weixin_39786706 5月前

    2.x was bugged, try use latest 3.0.4 RC version.

    ps: i think relative path %ProgramFiles% (x86)\mirc\mirc.exe is not supported, try use full path

    点赞 评论 复制链接分享
  • weixin_39609622 weixin_39609622 5月前

    I just tried to reproduce in simplewall v2.4.6, but I don't think it actually leaked anything. I did use an absolute path, though (not "%ProgramFiles%").

    Could you retry with absolute paths?

    I'm still on v2 hoping Blocklist GUI & "Discard this notification" return in v3. Is it really that buggy? (hopefully not "bugged", which would imply someone is listening in ;-) )

    Perhaps backporting the code that fixes those leaks to v2 is a good idea since v3 is still a prerelease?

    点赞 评论 复制链接分享
  • weixin_39786706 weixin_39786706 5月前

    last RC for v3 released today and it was return blocklist v2 (actually v2.4.6) is really bugged - drops profile sometimes and other not good stuff

    点赞 评论 复制链接分享
  • weixin_39609622 weixin_39609622 5月前

    Ok, thanks, I'll have to move away from v2 then, I guess. Have not had issues with the profiles, though. I still really miss the possibility to discard a notification in v3, otherwise I'm quite happy with all the work you've done for v3, great job! :-)

    点赞 评论 复制链接分享