[feat] reload firewall with SIGUSR1

- Resolves: riseup_vpn#46

6 files changed, 88 insertions, 0 deletions

diff --git a/bitmask/bitmask.go b/bitmask/bitmask.go
index f9b1cc9..a7aabaa 100644
--- a/bitmask/bitmask.go
+++ b/bitmask/bitmask.go
@@ -21,6 +21,7 @@ type Bitmask interface {
 	Version() (string, error)
 	StartVPN(provider string) error
 	StopVPN() error
+	ReloadFirewall() error
 	GetStatus() (string, error)
 	InstallHelpers() error
 	VPNCheck() (helpers bool, priviledge bool, err error)
diff --git a/bitmaskd/vpn.go b/bitmaskd/vpn.go
index aee5e8f..cfbe7df 100644
--- a/bitmaskd/vpn.go
+++ b/bitmaskd/vpn.go
@@ -32,6 +32,12 @@ func (b *Bitmask) StopVPN() error {
 	return err
 }
 
+// ReloadFirewall restarts the firewall
+func (b *Bitmask) ReloadFirewall() error {
+	_, err := b.send("vpn", "fw_reload")
+	return err
+}
+
 // GetStatus returns the VPN status
 func (b *Bitmask) GetStatus() (string, error) {
 	res, err := b.send("vpn", "status")
diff --git a/main.go b/main.go
index a9dc9e9..2683a88 100644
--- a/main.go
+++ b/main.go
@@ -85,6 +85,7 @@ func initialize(conf *systrayConfig, bt *bmTray) {
 	}
 	defer b.Close()
 	go checkAndStartBitmask(b, notify, conf)
+	go listenSignals(b)
 
 	as := newAutostart(applicationName, getIconPath())
 	err = as.Enable()
diff --git a/signal_unix.go b/signal_unix.go
new file mode 100644
index 0000000..37b3908
--- /dev/null
+++ b/signal_unix.go
@@ -0,0 +1,34 @@
+// +build !windows
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+
+	"0xacab.org/leap/bitmask-systray/bitmask"
+)
+
+func listenSignals(bm bitmask.Bitmask) {
+	sigusrCh := make(chan os.Signal, 1)
+	signal.Notify(sigusrCh, syscall.SIGUSR1)
+
+	for range sigusrCh {
+		bm.ReloadFirewall()
+	}
+}
diff --git a/signal_windows.go b/signal_windows.go
new file mode 100644
index 0000000..7e0eb3d
--- /dev/null
+++ b/signal_windows.go
@@ -0,0 +1,24 @@
+// +build windows
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"0xacab.org/leap/bitmask-systray/bitmask"
+)
+
+func listenSignals(bm bitmask.Bitmask) {
+}
diff --git a/standalone/vpn.go b/standalone/vpn.go
index 0ff090c..c3b2693 100644
--- a/standalone/vpn.go
+++ b/standalone/vpn.go
@@ -82,6 +82,28 @@ func (b *Bitmask) StopVPN() error {
 	return b.launch.openvpnStop()
 }
 
+// ReloadFirewall restarts the firewall
+func (b *Bitmask) ReloadFirewall() error {
+	err := b.launch.firewallStop()
+	if err != nil {
+		return err
+	}
+
+	status, err := b.GetStatus()
+	if err != nil {
+		return err
+	}
+
+	if status != Off {
+		gateways, err := b.bonafide.getGateways()
+		if err != nil {
+			return err
+		}
+		return b.launch.firewallStart(gateways)
+	}
+	return nil
+}
+
 // GetStatus returns the VPN status
 func (b *Bitmask) GetStatus() (string, error) {
 	status, err := b.getOpenvpnState()