Merge branch 'fix-default-route-filter'

author: David Lönnhager <david.l@mullvad.net> 2022-03-28 14:22:18 +0200
committer: David Lönnhager <david.l@mullvad.net> 2022-03-28 14:22:18 +0200
commit: 077a1f91b738195ec15731bb5cb8ec9608b66db2 (patch)
tree: d53690ab319c285655e48c4473ab98018d7c59ac
parent: d701d5389115da2665d549c6af4798f3570d7eb4 (diff)
parent: 4cbea9153fdda45407015a183a3e8a805e1dcf95 (diff)
download: mullvadvpn-077a1f91b738195ec15731bb5cb8ec9608b66db2.tar.xz
mullvadvpn-077a1f91b738195ec15731bb5cb8ec9608b66db2.zip
1 files changed, 16 insertions, 13 deletions
diff --git a/talpid-core/src/tunnel/wireguard/mod.rs b/talpid-core/src/tunnel/wireguard/mod.rs
index 59098a00ca..817ad74eea 100644
--- a/talpid-core/src/tunnel/wireguard/mod.rs
+++ b/talpid-core/src/tunnel/wireguard/mod.rs
@@ -413,7 +413,7 @@ impl WireguardMonitor {
                 #[cfg(not(windows))]
                 tun_provider,
                 #[cfg(not(windows))]
-                Self::get_tunnel_destinations(config),
+                Self::get_tunnel_destinations(config).flat_map(Self::replace_default_prefixes),
                 #[cfg(windows)]
                 setup_done_tx,
             )
@@ -536,6 +536,7 @@ impl WireguardMonitor {
         let (node_v4, node_v6) = Self::get_tunnel_nodes(iface_name, config);
         Self::get_tunnel_destinations(config)
             .filter(|allowed_ip| allowed_ip.prefix() == 0)
+            .flat_map(Self::replace_default_prefixes)
             .map(move |allowed_ip| {
                 if allowed_ip.is_ipv4() {
                     RequiredRoute::new(allowed_ip, node_v4.clone())
@@ -547,26 +548,28 @@ impl WireguardMonitor {
 
     /// Return routes for all allowed IPs.
     fn get_tunnel_destinations(config: &Config) -> impl Iterator<Item = ipnetwork::IpNetwork> + '_ {
-        let routes = config
+        config
             .peers
             .iter()
             .flat_map(|peer| peer.allowed_ips.iter())
-            .cloned();
+            .cloned()
+    }
 
+    /// Replace default (0-prefix) routes with more specific routes.
+    fn replace_default_prefixes(network: ipnetwork::IpNetwork) -> Vec<ipnetwork::IpNetwork> {
         #[cfg(not(target_os = "linux"))]
-        let routes = routes.flat_map(|allowed_ip| {
-            if allowed_ip.prefix() == 0 {
-                if allowed_ip.is_ipv4() {
-                    vec!["0.0.0.0/1".parse().unwrap(), "128.0.0.0/1".parse().unwrap()]
-                } else {
-                    vec!["8000::/1".parse().unwrap(), "::/1".parse().unwrap()]
-                }
+        if network.prefix() == 0 {
+            if network.is_ipv4() {
+                vec!["0.0.0.0/1".parse().unwrap(), "128.0.0.0/1".parse().unwrap()]
             } else {
-                vec![allowed_ip]
+                vec!["8000::/1".parse().unwrap(), "::/1".parse().unwrap()]
             }
-        });
+        } else {
+            vec![network]
+        }
 
-        routes
+        #[cfg(target_os = "linux")]
+        vec![network]
     }
 
     fn tunnel_metadata(interface_name: &str, config: &Config) -> TunnelMetadata {
author	David Lönnhager <david.l@mullvad.net>	2022-03-28 14:22:18 +0200
committer	David Lönnhager <david.l@mullvad.net>	2022-03-28 14:22:18 +0200
commit	077a1f91b738195ec15731bb5cb8ec9608b66db2 (patch)
tree	d53690ab319c285655e48c4473ab98018d7c59ac
parent	d701d5389115da2665d549c6af4798f3570d7eb4 (diff)
parent	4cbea9153fdda45407015a183a3e8a805e1dcf95 (diff)
download	mullvadvpn-077a1f91b738195ec15731bb5cb8ec9608b66db2.tar.xz mullvadvpn-077a1f91b738195ec15731bb5cb8ec9608b66db2.zip