Hi,
I feel some of the errors may have to be treated as FATAL. I understand
this patch was discussed in the last IRC meeting, so may be I'm
misunderstanding this, please bear with me.
I presume, the main purpose of the option is to work around something seen
as a serious security issue for some people (dns leak). If so, when a user
specifies --block-outside-dns, and we fail to block it, shouldn't we exit?
On Tue, Nov 17, 2015 at 5:14 PM, ValdikSS <i...@valdikss.org.ru> wrote:
> + if (c->options.block_outside_dns)
> + {
> + if (!win_wfp_init())
> + msg (M_NONFATAL, "Initialising WFP failed!");
> + else
> + {
> + dmsg (D_LOW, "Blocking outside DNS");
> + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index))
> + msg (M_NONFATAL, "Blocking DNS failed!");
>
M_FATAL here and a few other places?
Further, if there is an error during the set up of a filter, all previously
setup filters should be removed, This may become a non-issue if errors are
made FATAL.
Selva
