diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-07-27 19:14:33 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-08-04 10:52:43 +0200 |
| commit | 2786f85a0ac65eccbb4ae965c7e1644109099ad4 (patch) | |
| tree | b2b9a43dd2e8746751c2cb7808d718fb696066ac | |
| parent | 19bb453f237a6a0c467710b1b5ff3f7081cb7c8f (diff) | |
| download | mullvadvpn-2786f85a0ac65eccbb4ae965c7e1644109099ad4.tar.xz mullvadvpn-2786f85a0ac65eccbb4ae965c7e1644109099ad4.zip | |
Replace error state reason with the firewall error (more critical) if
the blocking policy cannot be applied
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/error_state.rs | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/talpid-core/src/tunnel_state_machine/error_state.rs b/talpid-core/src/tunnel_state_machine/error_state.rs index 692a69b3d3..86b35ff989 100644 --- a/talpid-core/src/tunnel_state_machine/error_state.rs +++ b/talpid-core/src/tunnel_state_machine/error_state.rs @@ -5,7 +5,7 @@ use super::{ use crate::firewall::FirewallPolicy; use futures01::{sync::mpsc, Stream}; use talpid_types::{ - tunnel::{self as talpid_tunnel, ErrorStateCause}, + tunnel::{self as talpid_tunnel, ErrorStateCause, FirewallPolicyError}, ErrorExt, }; @@ -16,23 +16,29 @@ pub struct ErrorState { impl ErrorState { /// Returns true if firewall policy was applied successfully - fn set_firewall_policy(shared_values: &mut SharedTunnelStateValues) -> bool { + fn set_firewall_policy( + shared_values: &mut SharedTunnelStateValues, + ) -> Result<(), FirewallPolicyError> { let policy = FirewallPolicy::Blocked { allow_lan: shared_values.allow_lan, }; - match shared_values.firewall.apply_policy(policy) { - Ok(()) => true, - Err(error) => { + shared_values + .firewall + .apply_policy(policy) + .map_err(|error| { log::error!( "{}", error.display_chain_with_msg( "Failed to apply firewall policy for blocked state" ) ); - false - } - } + match error { + #[cfg(windows)] + crate::firewall::Error::ApplyingBlockedPolicy(policy_error) => policy_error, + _ => FirewallPolicyError::Generic, + } + }) } /// Returns true if a new tunnel device was successfully created. @@ -61,9 +67,12 @@ impl TunnelState for ErrorState { block_reason: Self::Bootstrap, ) -> (TunnelStateWrapper, TunnelStateTransition) { #[cfg(not(target_os = "android"))] - let is_blocking = Self::set_firewall_policy(shared_values); + let (block_reason, is_blocking) = match Self::set_firewall_policy(shared_values) { + Ok(()) => (block_reason, true), + Err(error) => (ErrorStateCause::SetFirewallPolicyError(error), false), + }; #[cfg(target_os = "android")] - let is_blocking = Self::create_blocking_tun(shared_values); + let (block_reason, is_blocking) = (block_reason, Self::create_blocking_tun(shared_values)); ( TunnelStateWrapper::from(ErrorState { block_reason: block_reason.clone(), @@ -84,7 +93,7 @@ impl TunnelState for ErrorState { if let Err(error_state_cause) = shared_values.set_allow_lan(allow_lan) { NewState(Self::enter(shared_values, error_state_cause)) } else { - Self::set_firewall_policy(shared_values); + let _ = Self::set_firewall_policy(shared_values); SameState(self) } } |