diff options
| author | Emīls <emils@mullvad.net> | 2021-12-06 17:08:51 +0000 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2021-12-10 09:58:51 +0000 |
| commit | 2967b7f29522e413994acd538e34d4637b8cf6b5 (patch) | |
| tree | 01fc2d99af6fdadc887ea1032ba7db8f5440dc7c | |
| parent | 523089c5c5d4f9fecd2bf518a26216a8a0bd4e54 (diff) | |
| download | mullvadvpn-2967b7f29522e413994acd538e34d4637b8cf6b5.tar.xz mullvadvpn-2967b7f29522e413994acd538e34d4637b8cf6b5.zip | |
Rename option to 'allow_macos_connection_check'
19 files changed, 174 insertions, 154 deletions
diff --git a/gui/src/main/daemon-rpc.ts b/gui/src/main/daemon-rpc.ts index 5e5424142d..a2416e9943 100644 --- a/gui/src/main/daemon-rpc.ts +++ b/gui/src/main/daemon-rpc.ts @@ -827,8 +827,8 @@ function convertFromTunnelStateErrorCause( } case grpcTypes.ErrorState.Cause.SPLIT_TUNNEL_ERROR: return { reason: 'split_tunnel_error' }; - case grpcTypes.ErrorState.Cause.CUSTOM_RESOLVER_ERROR: - return { reason: 'custom_resolver_error' }; + case grpcTypes.ErrorState.Cause.FILTERING_RESOLVER_ERROR: + return { reason: 'filtering_resolver_error' }; case grpcTypes.ErrorState.Cause.READ_SYSTEM_DNS_CONFIG: return { reason: 'read_system_dns_config' }; case grpcTypes.ErrorState.Cause.VPN_PERMISSION_DENIED: diff --git a/gui/src/shared/daemon-rpc-types.ts b/gui/src/shared/daemon-rpc-types.ts index ebe177c69b..300af97660 100644 --- a/gui/src/shared/daemon-rpc-types.ts +++ b/gui/src/shared/daemon-rpc-types.ts @@ -40,7 +40,7 @@ export type ErrorStateCause = | 'set_dns_error' | 'start_tunnel_error' | 'is_offline' - | 'custom_resolver_error' + | 'filtering_resolver_error' | 'read_system_dns_config' | 'split_tunnel_error'; } diff --git a/gui/src/shared/notifications/error.ts b/gui/src/shared/notifications/error.ts index 73de3a9f90..22fd1858dc 100644 --- a/gui/src/shared/notifications/error.ts +++ b/gui/src/shared/notifications/error.ts @@ -138,11 +138,11 @@ function getMessage(errorDetails: IErrorState, accountExpiry?: string): string { 'notifications', "Your device is offline. Try connecting when it's back online.", ); - case 'custom_resolver_error': + case 'filtering_resolver_error': // TODO: Figure out a better error message to show to users return messages.pgettext( 'notifications', - "Failed to start custom resolver, check if there's a service running on port 53.", + ' Unable to activate macOS network check module. Close any programs that might be using port 53, or disable "Allow macOS network check".', ); case 'read_system_dns_config': // TODO: Figure out a better error message to show to users diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index e37467277a..568b70c79f 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -247,9 +247,9 @@ pub enum DaemonCommand { SetEnableIpv6(ResponseTx<(), settings::Error>, bool), /// Set DNS options or servers to use SetDnsOptions(ResponseTx<(), settings::Error>, DnsOptions), - /// Toggle custom resolver + /// Toggle macOS network check leak #[cfg(target_os = "macos")] - SetCustomResolver( + SetAllowMacosNetworkCheck( ResponseTx<(), Either<settings::Error, talpid_core::resolver::Error>>, bool, ), @@ -686,7 +686,7 @@ where #[cfg(target_os = "macos")] exclusion_gid, #[cfg(target_os = "macos")] - settings.enable_custom_resolver, + settings.allow_macos_network_check, #[cfg(target_os = "android")] android_context, ) @@ -1259,8 +1259,8 @@ where SetEnableIpv6(tx, enable_ipv6) => self.on_set_enable_ipv6(tx, enable_ipv6).await, SetDnsOptions(tx, dns_servers) => self.on_set_dns_options(tx, dns_servers).await, #[cfg(target_os = "macos")] - SetCustomResolver(tx, enable_custom_resolver) => { - self.on_set_custom_resolver(tx, enable_custom_resolver) + SetAllowMacosNetworkCheck(tx, enable_custom_resolver) => { + self.on_set_allow_macos_network_check(tx, enable_custom_resolver) .await } SetWireguardMtu(tx, mtu) => self.on_set_wireguard_mtu(tx, mtu).await, @@ -2263,35 +2263,35 @@ where } #[cfg(target_os = "macos")] - async fn on_set_custom_resolver( + async fn on_set_allow_macos_network_check( &mut self, tx: ResponseTx<(), Either<settings::Error, talpid_core::resolver::Error>>, enable_custom_resolver: bool, ) { - let result = if self.settings.enable_custom_resolver != enable_custom_resolver { + let result = if self.settings.allow_macos_network_check != enable_custom_resolver { self.on_set_custom_resolver_inner(enable_custom_resolver) .await } else { Ok(()) }; - Self::oneshot_send(tx, result, "on_set_custom_resolver resposne"); + Self::oneshot_send(tx, result, "on_set_allow_macos_network_check resposne"); } #[cfg(target_os = "macos")] async fn on_set_custom_resolver_inner( &mut self, - enable_custom_resolver: bool, + allow_macos_network_check: bool, ) -> Result<(), Either<settings::Error, talpid_core::resolver::Error>> { let _ = self .settings - .set_custom_resolver(enable_custom_resolver) + .set_allow_macos_network_check(allow_macos_network_check) .await .map_err(Either::Left)?; let (start_tx, start_rx) = oneshot::channel(); - self.send_tunnel_command(TunnelCommand::SetCustomResolver( - enable_custom_resolver, + self.send_tunnel_command(TunnelCommand::AllowMacosNetworkCheck( + allow_macos_network_check, start_tx, )); match start_rx.await { diff --git a/mullvad-daemon/src/management_interface.rs b/mullvad-daemon/src/management_interface.rs index 13882b333c..e27f5fd506 100644 --- a/mullvad-daemon/src/management_interface.rs +++ b/mullvad-daemon/src/management_interface.rs @@ -369,12 +369,18 @@ impl ManagementService for ManagementServiceImpl { } #[cfg(target_os = "macos")] - async fn set_custom_resolver(&self, request: Request<bool>) -> ServiceResult<()> { - let enable_custom_resolver = request.into_inner(); - log::debug!("set_custom_resolver({:?})", enable_custom_resolver); + async fn set_allow_macos_network_check(&self, request: Request<bool>) -> ServiceResult<()> { + let allow_macos_network_check = request.into_inner(); + log::debug!( + "set_allow_macos_network_check({:?})", + allow_macos_network_check + ); let (tx, rx) = oneshot::channel(); - self.send_command_to_daemon(DaemonCommand::SetCustomResolver(tx, enable_custom_resolver))?; + self.send_command_to_daemon(DaemonCommand::SetAllowMacosNetworkCheck( + tx, + allow_macos_network_check, + ))?; self.wait_for_result(rx) .await? .map(Response::new) @@ -387,7 +393,7 @@ impl ManagementService for ManagementServiceImpl { } #[cfg(not(target_os = "macos"))] - async fn set_custom_resolver(&self, _: Request<bool>) -> ServiceResult<()> { + async fn set_allow_macos_network_check(&self, _: Request<bool>) -> ServiceResult<()> { Ok(Response::new(())) } diff --git a/mullvad-daemon/src/settings.rs b/mullvad-daemon/src/settings.rs index cc64fb4684..0465185086 100644 --- a/mullvad-daemon/src/settings.rs +++ b/mullvad-daemon/src/settings.rs @@ -239,13 +239,13 @@ impl SettingsPersister { } #[cfg(target_os = "macos")] - pub async fn set_custom_resolver( + pub async fn set_allow_macos_network_check( &mut self, - enable_custom_resolver: bool, + allow_macos_network_check: bool, ) -> Result<bool, Error> { let should_save = Self::update_field( - &mut self.settings.enable_custom_resolver, - enable_custom_resolver, + &mut self.settings.allow_macos_network_check, + allow_macos_network_check, ); self.update(should_save).await } diff --git a/mullvad-management-interface/proto/management_interface.proto b/mullvad-management-interface/proto/management_interface.proto index ef28bc4640..3c7c0fe2e1 100644 --- a/mullvad-management-interface/proto/management_interface.proto +++ b/mullvad-management-interface/proto/management_interface.proto @@ -41,7 +41,7 @@ service ManagementService { rpc SetWireguardMtu(google.protobuf.UInt32Value) returns (google.protobuf.Empty) {} rpc SetEnableIpv6(google.protobuf.BoolValue) returns (google.protobuf.Empty) {} rpc SetDnsOptions(DnsOptions) returns (google.protobuf.Empty) {} - rpc SetCustomResolver(google.protobuf.BoolValue) returns (google.protobuf.Empty) {} + rpc SetAllowMacosNetworkCheck(google.protobuf.BoolValue) returns (google.protobuf.Empty) {} // Account management rpc CreateNewAccount(google.protobuf.Empty) returns (google.protobuf.StringValue) {} @@ -111,7 +111,7 @@ message ErrorState { IS_OFFLINE = 6; VPN_PERMISSION_DENIED = 7; SPLIT_TUNNEL_ERROR = 8; - CUSTOM_RESOLVER_ERROR = 9; + FILTERING_RESOLVER_ERROR = 9; READ_SYSTEM_DNS_CONFIG = 10; } @@ -275,7 +275,7 @@ message Settings { TunnelOptions tunnel_options = 8; bool show_beta_releases = 9; SplitTunnelSettings split_tunnel = 10; - bool enable_custom_resolver = 11; + bool allow_macos_network_check = 11; } message SplitTunnelSettings { diff --git a/mullvad-management-interface/src/types.rs b/mullvad-management-interface/src/types.rs index 0edf324a4c..43925d0b91 100644 --- a/mullvad-management-interface/src/types.rs +++ b/mullvad-management-interface/src/types.rs @@ -150,8 +150,8 @@ impl From<mullvad_types::states::TunnelState> for TunnelState { i32::from(Cause::SplitTunnelError) } #[cfg(target_os = "macos")] - talpid_tunnel::ErrorStateCause::CustomResolverError => { - i32::from(Cause::CustomResolverError) + talpid_tunnel::ErrorStateCause::FilteringResolverError => { + i32::from(Cause::FilteringResolverError) } #[cfg(target_os = "macos")] talpid_tunnel::ErrorStateCause::ReadSystemDnsConfig => { @@ -395,9 +395,9 @@ impl From<&mullvad_types::settings::Settings> for Settings { let split_tunnel = None; #[cfg(not(target_os = "macos"))] - let enable_custom_resolver = false; + let allow_macos_network_check = false; #[cfg(target_os = "macos")] - let enable_custom_resolver = settings.enable_custom_resolver; + let allow_macos_network_check = settings.allow_macos_network_check; Self { account_token: settings.get_account_token().unwrap_or_default(), @@ -410,7 +410,7 @@ impl From<&mullvad_types::settings::Settings> for Settings { tunnel_options: Some(TunnelOptions::from(&settings.tunnel_options)), show_beta_releases: settings.show_beta_releases, split_tunnel, - enable_custom_resolver, + allow_macos_network_check, } } } diff --git a/mullvad-types/src/settings/mod.rs b/mullvad-types/src/settings/mod.rs index 202438b930..0705764555 100644 --- a/mullvad-types/src/settings/mod.rs +++ b/mullvad-types/src/settings/mod.rs @@ -80,8 +80,8 @@ pub struct Settings { /// Whether to notify users of beta updates. pub show_beta_releases: bool, #[cfg(target_os = "macos")] - /// Enable custom resolver - pub enable_custom_resolver: bool, + /// Allow leaking some traffic for macOS network check + pub allow_macos_network_check: bool, /// Split tunneling settings #[cfg(windows)] pub split_tunnel: SplitTunnelSettings, @@ -116,7 +116,7 @@ impl Default for Settings { tunnel_options: TunnelOptions::default(), show_beta_releases: false, #[cfg(target_os = "macos")] - enable_custom_resolver: false, + allow_macos_network_check: false, #[cfg(windows)] split_tunnel: SplitTunnelSettings::default(), settings_version: CURRENT_SETTINGS_VERSION, diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index 8306de518f..31fefc7806 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -152,12 +152,12 @@ impl Firewall { allow_lan, allowed_endpoint, allowed_ips, - allow_custom_resolver, + allow_gid_exclusion_traffic, } => { let mut rules = Vec::new(); rules.push(self.get_allowed_endpoint_rule(allowed_endpoint.endpoint)?); - if allow_custom_resolver { + if allow_gid_exclusion_traffic { rules.extend(self.get_allow_excluded_dns_rules()?); rules.extend(self.get_exclusion_rules(&allowed_ips)?); } diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index f8054834f9..80714d8338 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -141,9 +141,9 @@ pub enum FirewallPolicy { /// A list of IPs that can be reached outside the tunnel. #[cfg(target_os = "macos")] allowed_ips: BTreeSet<IpAddr>, - /// A list of resolver IPs that should be reachable on port 53. + /// Enables specific GID exclusion traffic #[cfg(target_os = "macos")] - allow_custom_resolver: bool, + allow_gid_exclusion_traffic: bool, }, } diff --git a/talpid-core/src/resolver/mod.rs b/talpid-core/src/resolver/mod.rs index 6a52d6771f..891f174810 100644 --- a/talpid-core/src/resolver/mod.rs +++ b/talpid-core/src/resolver/mod.rs @@ -289,7 +289,7 @@ impl FilteringResolver { } async fn reset_resolver(&mut self) -> Result<(), Error> { - log::trace!("Resetting custom resolver"); + log::trace!("Resetting filtering resolver"); let (best_interface, resolver_addresses) = self.get_resolver_config(); self.runtime_provider.update_best_interface(best_interface); let resolver_config = ResolverConfig::from_parts( diff --git a/talpid-core/src/tunnel_state_machine/connected_state.rs b/talpid-core/src/tunnel_state_machine/connected_state.rs index 3586b88e48..e8777b5d14 100644 --- a/talpid-core/src/tunnel_state_machine/connected_state.rs +++ b/talpid-core/src/tunnel_state_machine/connected_state.rs @@ -191,8 +191,8 @@ impl ConnectedState { SameState(self.into()) } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let _ = done_tx.send(shared_values.deactivate_custom_resolver(enable)); + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let _ = done_tx.send(shared_values.deactivate_filtering_resolver(enable)); SameState(self.into()) } #[cfg(target_os = "macos")] diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs index 3d8b34a725..28a80260dc 100644 --- a/talpid-core/src/tunnel_state_machine/connecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs @@ -274,8 +274,8 @@ impl ConnectingState { SameState(self.into()) } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let _ = done_tx.send(shared_values.deactivate_custom_resolver(enable)); + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let _ = done_tx.send(shared_values.deactivate_filtering_resolver(enable)); SameState(self.into()) } #[cfg(target_os = "macos")] @@ -494,7 +494,7 @@ impl TunnelState for ConnectingState { return ErrorState::enter(shared_values, ErrorStateCause::IsOffline); } #[cfg(target_os = "macos")] - if let Err(err) = shared_values.disable_custom_resolver() { + if let Err(err) = shared_values.disable_filtering_resolver() { log::error!( "{}", err.display_chain_with_msg("Failed to disable custom resolver") diff --git a/talpid-core/src/tunnel_state_machine/disconnected_state.rs b/talpid-core/src/tunnel_state_machine/disconnected_state.rs index aaccf9ab21..048c635792 100644 --- a/talpid-core/src/tunnel_state_machine/disconnected_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnected_state.rs @@ -34,7 +34,7 @@ impl DisconnectedState { #[cfg(target_os = "macos")] allowed_ips: self.allowed_ips.clone(), #[cfg(target_os = "macos")] - allow_custom_resolver: shared_values.enable_custom_resolver, + allow_gid_exclusion_traffic: shared_values.enable_filtering_resolver, }; let firewall_result = shared_values.firewall.apply_policy(policy).map_err(|e| { @@ -89,7 +89,7 @@ impl DisconnectedState { } #[cfg(target_os = "macos")] - fn start_custom_resolver( + fn start_filtering_resolver( &mut self, shared_values: &mut SharedTunnelStateValues, ) -> Result<(), either::Either<resolver::Error, dns::Error>> { @@ -101,7 +101,7 @@ impl DisconnectedState { shared_values .runtime - .block_on(shared_values.custom_resolver.set_active(system_config)) + .block_on(shared_values.filtering_resolver.set_active(system_config)) .map_err(Either::Left)?; shared_values .dns_monitor @@ -124,18 +124,18 @@ impl TunnelState for DisconnectedState { }; #[cfg(target_os = "macos")] - if shared_values.enable_custom_resolver { - if let Err(err) = disconnected_state.start_custom_resolver(shared_values) { + if shared_values.enable_filtering_resolver { + if let Err(err) = disconnected_state.start_filtering_resolver(shared_values) { log::error!( "{}", - err.display_chain_with_msg("Failed to start custom resolver:") + err.display_chain_with_msg("Failed to start filtering resolver:") ); } } else { - if let Err(error) = shared_values.disable_custom_resolver() { + if let Err(error) = shared_values.disable_filtering_resolver() { log::error!( "{}", - error.display_chain_with_msg("Unable to disable custom resolver") + error.display_chain_with_msg("Unable to disable filtering resolver") ); } } @@ -200,8 +200,8 @@ impl TunnelState for DisconnectedState { Self::register_split_tunnel_addresses(shared_values, true); #[cfg(target_os = "macos")] if block_when_disconnected { - if let Err(err) = self.start_custom_resolver(shared_values) { - let block_reason = map_custom_resolver_start(&err); + if let Err(err) = self.start_filtering_resolver(shared_values) { + let block_reason = map_filtering_resolver_start(&err); return NewState(ErrorState::enter(shared_values, block_reason)); } } else { @@ -230,27 +230,33 @@ impl TunnelState for DisconnectedState { SameState(self.into()) } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { if !enable { - if let Err(err) = shared_values.deactivate_custom_resolver(enable) { + if let Err(err) = shared_values.dns_monitor.reset() { + log::error!( + "{}", + err.display_chain_with_msg("Failed to reset DNS config") + ); + } + if let Err(err) = shared_values.deactivate_filtering_resolver(enable) { let _ = done_tx.send(Err(err)); - if shared_values.enable_custom_resolver { + if shared_values.enable_filtering_resolver { self.set_firewall_policy(shared_values, false); } return SameState(self.into()); }; } - if shared_values.enable_custom_resolver != enable { - shared_values.enable_custom_resolver = enable; + if shared_values.enable_filtering_resolver != enable { + shared_values.enable_filtering_resolver = enable; self.set_firewall_policy(shared_values, false); if shared_values.block_when_disconnected && enable { - if let Err(err) = self.start_custom_resolver(shared_values) { + if let Err(err) = self.start_filtering_resolver(shared_values) { log::error!( "{}", - err.display_chain_with_msg("Failed to start custom resolver:") + err.display_chain_with_msg("Failed to start filtering resolver:") ); - let error_cause = map_custom_resolver_start(&err); + let error_cause = map_filtering_resolver_start(&err); let _ = done_tx.send(Err(err.left_or_else(resolver::Error::from))); return NewState(ErrorState::enter(shared_values, error_cause)); } @@ -261,18 +267,19 @@ impl TunnelState for DisconnectedState { } #[cfg(target_os = "macos")] Some(TunnelCommand::HostDnsConfig(host_config)) => { - if shared_values.block_when_disconnected && shared_values.enable_custom_resolver { + if shared_values.block_when_disconnected && shared_values.enable_filtering_resolver + { if let Err(err) = shared_values .runtime - .block_on(shared_values.custom_resolver.set_active(host_config)) + .block_on(shared_values.filtering_resolver.set_active(host_config)) { log::error!( "{}", - err.display_chain_with_msg("Failed to activate custom resolver") + err.display_chain_with_msg("Failed to activate filtering resolver") ); return NewState(ErrorState::enter( shared_values, - ErrorStateCause::CustomResolverError, + ErrorStateCause::FilteringResolverError, )); } } @@ -299,12 +306,14 @@ impl TunnelState for DisconnectedState { } #[cfg(target_os = "macos")] -fn map_custom_resolver_start(err: &either::Either<resolver::Error, dns::Error>) -> ErrorStateCause { +fn map_filtering_resolver_start( + err: &either::Either<resolver::Error, dns::Error>, +) -> ErrorStateCause { match err { either::Either::Right(_dns_err) => ErrorStateCause::SetDnsError, either::Either::Left(resolver::Error::SystemDnsError(_)) => { ErrorStateCause::ReadSystemDnsConfig } - either::Either::Left(_other_err) => ErrorStateCause::CustomResolverError, + either::Either::Left(_other_err) => ErrorStateCause::FilteringResolverError, } } diff --git a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs index 27f33bf04f..e1fab84ffc 100644 --- a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs @@ -34,8 +34,8 @@ impl DisconnectingState { AfterDisconnect::Nothing } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let _ = done_tx.send(shared_values.deactivate_custom_resolver(enable)); + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let _ = done_tx.send(shared_values.deactivate_filtering_resolver(enable)); AfterDisconnect::Nothing } #[cfg(target_os = "macos")] @@ -85,8 +85,8 @@ impl DisconnectingState { } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let _ = done_tx.send(shared_values.deactivate_custom_resolver(enable)); + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let _ = done_tx.send(shared_values.deactivate_filtering_resolver(enable)); AfterDisconnect::Block(reason) } #[cfg(target_os = "macos")] @@ -140,8 +140,8 @@ impl DisconnectingState { AfterDisconnect::Reconnect(retry_attempt) } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let _ = done_tx.send(shared_values.deactivate_custom_resolver(enable)); + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let _ = done_tx.send(shared_values.deactivate_filtering_resolver(enable)); AfterDisconnect::Reconnect(retry_attempt) } #[cfg(target_os = "macos")] diff --git a/talpid-core/src/tunnel_state_machine/error_state.rs b/talpid-core/src/tunnel_state_machine/error_state.rs index f4c837a31d..52e12d1baa 100644 --- a/talpid-core/src/tunnel_state_machine/error_state.rs +++ b/talpid-core/src/tunnel_state_machine/error_state.rs @@ -33,14 +33,14 @@ impl ErrorState { #[cfg(target_os = "macos")] self.allowed_ips.clone(), #[cfg(target_os = "macos")] - shared_values.enable_custom_resolver, + shared_values.enable_filtering_resolver, ) } fn set_firewall_policy( shared_values: &mut SharedTunnelStateValues, #[cfg(target_os = "macos")] allowed_ips: BTreeSet<IpAddr>, - #[cfg(target_os = "macos")] allow_custom_resolver: bool, + #[cfg(target_os = "macos")] allow_gid_exclusion_traffic: bool, ) -> Result<(), FirewallPolicyError> { let policy = FirewallPolicy::Blocked { allow_lan: shared_values.allow_lan, @@ -48,7 +48,7 @@ impl ErrorState { #[cfg(target_os = "macos")] allowed_ips, #[cfg(target_os = "macos")] - allow_custom_resolver, + allow_gid_exclusion_traffic, }; #[cfg(target_os = "linux")] @@ -114,31 +114,34 @@ impl TunnelState for ErrorState { } #[cfg(target_os = "macos")] - let host_config = - if shared_values.enable_custom_resolver && !block_reason.prevents_custom_resolver() { - if let Err(err) = shared_values - .dns_monitor - .set("lo", &[Ipv4Addr::LOCALHOST.into()]) - { + let host_config = if shared_values.enable_filtering_resolver + && !block_reason.prevents_filtering_resolver() + { + if let Err(err) = shared_values + .dns_monitor + .set("lo", &[Ipv4Addr::LOCALHOST.into()]) + { + log::error!( + "{}", + err.display_chain_with_msg( + "Failed to configure system to use filtering resolver" + ) + ); + return Self::enter(shared_values, ErrorStateCause::SetDnsError); + } + match shared_values.get_filtering_resolver_config() { + Ok(host_config) => host_config, + Err(err) => { log::error!( "{}", - err.display_chain_with_msg("Failed to configure custom resolver") + err.display_chain_with_msg("Failed to start filtering resolver") ); - return Self::enter(shared_values, ErrorStateCause::SetDnsError); - } - match shared_values.get_custom_resolver_config() { - Ok(host_config) => host_config, - Err(err) => { - log::error!( - "{}", - err.display_chain_with_msg("Failed to start custom resolver") - ); - return Self::enter(shared_values, ErrorStateCause::CustomResolverError); - } + return Self::enter(shared_values, ErrorStateCause::FilteringResolverError); } - } else { - None - }; + } + } else { + None + }; #[cfg(not(target_os = "android"))] let block_failure = Self::set_firewall_policy( @@ -146,21 +149,22 @@ impl TunnelState for ErrorState { #[cfg(target_os = "macos")] BTreeSet::new(), #[cfg(target_os = "macos")] - shared_values.enable_custom_resolver, + shared_values.enable_filtering_resolver, ) .err(); #[cfg(target_os = "macos")] if let Some(dns_config) = host_config { - if let Err(err) = shared_values - .runtime - .block_on(shared_values.custom_resolver.set_active(Some(dns_config))) - { + if let Err(err) = shared_values.runtime.block_on( + shared_values + .filtering_resolver + .set_active(Some(dns_config)), + ) { log::error!( "{}", - err.display_chain_with_msg("Failed to activate custom resolver") + err.display_chain_with_msg("Failed to activate filtering resolver") ); - return Self::enter(shared_values, ErrorStateCause::CustomResolverError); + return Self::enter(shared_values, ErrorStateCause::FilteringResolverError); } } @@ -209,9 +213,9 @@ impl TunnelState for ErrorState { } #[cfg(target_os = "macos")] - Some(TunnelCommand::SetCustomResolver(enable, done_tx)) => { - let result = if enable && !shared_values.enable_custom_resolver { - shared_values.enable_custom_resolver = enable; + Some(TunnelCommand::AllowMacosNetworkCheck(enable, done_tx)) => { + let result = if enable && !shared_values.enable_filtering_resolver { + shared_values.enable_filtering_resolver = enable; if let Err(err) = self.set_firewall(shared_values) { return NewState(ErrorState::enter( shared_values, @@ -223,7 +227,7 @@ impl TunnelState for ErrorState { Ok(current_system_config) => { match shared_values.runtime.block_on( shared_values - .custom_resolver + .filtering_resolver .set_active(current_system_config), ) { Ok(_) => { @@ -234,7 +238,7 @@ impl TunnelState for ErrorState { log::error!( "{}", err.display_chain_with_msg( - "Failed to configure system to use custom resolver" + "Failed to configure system to use filtering resolver" ) ); let _ = @@ -251,7 +255,7 @@ impl TunnelState for ErrorState { log::error!( "{}", err.display_chain_with_msg( - "Failed to start custom resolver" + "Failed to start filtering resolver" ) ); Err(err) @@ -272,7 +276,13 @@ impl TunnelState for ErrorState { } } } else { - shared_values.deactivate_custom_resolver(enable) + if let Err(err) = shared_values.dns_monitor.reset() { + log::error!( + "{}", + err.display_chain_with_msg("Failed to reset DNS config") + ); + } + shared_values.deactivate_filtering_resolver(enable) }; let _ = done_tx.send(result); SameState(self.into()) @@ -280,18 +290,18 @@ impl TunnelState for ErrorState { #[cfg(target_os = "macos")] Some(TunnelCommand::HostDnsConfig(host_config)) => { - if shared_values.enable_custom_resolver { + if shared_values.enable_filtering_resolver { if let Err(err) = shared_values .runtime - .block_on(shared_values.custom_resolver.set_active(host_config)) + .block_on(shared_values.filtering_resolver.set_active(host_config)) { log::error!( - "Failed to set apply new DNS config to custom resolver: {}", + "Failed to set apply new DNS config to filtering resolver: {}", err ); return NewState(Self::enter( shared_values, - ErrorStateCause::CustomResolverError, + ErrorStateCause::FilteringResolverError, )); } } @@ -352,8 +362,8 @@ impl TunnelState for ErrorState { shared_values.reset_connectivity_check(); #[cfg(target_os = "macos")] if !shared_values.block_when_disconnected { - if let Err(err) = shared_values.disable_custom_resolver() { - log::error!("Failed to disable custom resolver: {}", err); + if let Err(err) = shared_values.disable_filtering_resolver() { + log::error!("Failed to disable filtering resolver: {}", err); } } Self::reset_dns(shared_values); diff --git a/talpid-core/src/tunnel_state_machine/mod.rs b/talpid-core/src/tunnel_state_machine/mod.rs index e11450a357..a48a17a25f 100644 --- a/talpid-core/src/tunnel_state_machine/mod.rs +++ b/talpid-core/src/tunnel_state_machine/mod.rs @@ -64,10 +64,10 @@ pub enum Error { #[error(display = "Failed to initialize the route manager")] InitRouteManagerError(#[error(source)] crate::routing::Error), - /// Failed to initialize custom resolver + /// Failed to initialize filtering resolver #[cfg(target_os = "macos")] - #[error(display = "Failed to initialize custom resolver")] - InitCustomResolver(#[error(source)] crate::resolver::Error), + #[error(display = "Failed to initialize filtering resolver")] + InitFilteringResolver(#[error(source)] crate::resolver::Error), /// Failed to initialize tunnel state machine event loop executor #[error(display = "Failed to initialize tunnel state machine event loop executor")] @@ -76,10 +76,6 @@ pub enum Error { /// Failed to send state change event to listener #[error(display = "Failed to send state change event to listener")] SendStateChange, - - /// Failed to initialize custom resolver - #[error(display = "Failed to initialize custom resolver")] - CustomResolverError, } /// Settings used to initialize the tunnel state machine. @@ -187,9 +183,9 @@ pub enum TunnelCommand { /// Sets IP addresses which should be allowed to pass through the firewall. #[cfg(target_os = "macos")] AddAllowedIps(BTreeSet<IpAddr>, oneshot::Sender<()>), - /// Toggles custom resolver + /// Toggles filtering resolver #[cfg(target_os = "macos")] - SetCustomResolver(bool, oneshot::Sender<Result<(), crate::resolver::Error>>), + AllowMacosNetworkCheck(bool, oneshot::Sender<Result<(), crate::resolver::Error>>), /// Receive up-to-date system DNS config. It should never contain our changes to the DNS. #[cfg(target_os = "macos")] HostDnsConfig(Option<(String, Vec<IpAddr>)>), @@ -263,7 +259,7 @@ impl TunnelStateMachine { .map_err(Error::InitDnsMonitorError)?; #[cfg(target_os = "macos")] - let custom_resolver = crate::resolver::start_resolver(command_tx.clone()).await?; + let filtering_resolver = crate::resolver::start_resolver(command_tx.clone()).await?; let (offline_tx, mut offline_rx) = mpsc::unbounded(); let initial_offline_state_tx = offline_state_tx.clone(); @@ -316,9 +312,9 @@ impl TunnelStateMachine { #[cfg(target_os = "linux")] connectivity_check_was_enabled: None, #[cfg(target_os = "macos")] - custom_resolver, + filtering_resolver, #[cfg(target_os = "macos")] - enable_custom_resolver: enable_resolver, + enable_filtering_resolver: enable_resolver, }; tokio::task::spawn_blocking(move || { @@ -411,12 +407,12 @@ struct SharedTunnelStateValues { #[cfg(target_os = "linux")] connectivity_check_was_enabled: Option<bool>, - /// Custom resolver handle + /// Filtering resolver handle #[cfg(target_os = "macos")] - custom_resolver: crate::resolver::ResolverHandle, - /// Whether custom resolver is active and enabled + filtering_resolver: crate::resolver::ResolverHandle, + /// Whether filtering resolver should be enabled #[cfg(target_os = "macos")] - enable_custom_resolver: bool, + enable_filtering_resolver: bool, } impl SharedTunnelStateValues { @@ -443,24 +439,23 @@ impl SharedTunnelStateValues { } #[cfg(target_os = "macos")] - pub fn deactivate_custom_resolver( + pub fn deactivate_filtering_resolver( &mut self, enable_resolver: bool, ) -> Result<(), crate::resolver::Error> { - self.enable_custom_resolver = enable_resolver; - self.disable_custom_resolver() + self.enable_filtering_resolver = enable_resolver; + self.disable_filtering_resolver() } #[cfg(target_os = "macos")] - pub fn disable_custom_resolver(&mut self) -> Result<(), crate::resolver::Error> { - if self.enable_custom_resolver { - self.runtime.block_on(self.custom_resolver.set_inactive())?; + pub fn disable_filtering_resolver(&mut self) -> Result<(), crate::resolver::Error> { + if self.enable_filtering_resolver { + self.runtime + .block_on(self.filtering_resolver.set_inactive())?; } else { - self.runtime.block_on(self.custom_resolver.shutdown())?; + self.runtime.block_on(self.filtering_resolver.shutdown())?; } - self.dns_monitor - .reset() - .map_err(crate::resolver::Error::SystemDnsError) + Ok(()) } pub fn set_allowed_endpoint(&mut self, endpoint: AllowedEndpoint) -> bool { @@ -538,10 +533,10 @@ impl SharedTunnelStateValues { } #[cfg(target_os = "macos")] - pub fn get_custom_resolver_config( + pub fn get_filtering_resolver_config( &mut self, ) -> Result<Option<(String, Vec<IpAddr>)>, crate::dns::Error> { - if self.enable_custom_resolver { + if self.enable_filtering_resolver { self.dns_monitor.get_system_config() } else { Ok(None) diff --git a/talpid-types/src/tunnel.rs b/talpid-types/src/tunnel.rs index 8b63295693..9edf45e07f 100644 --- a/talpid-types/src/tunnel.rs +++ b/talpid-types/src/tunnel.rs @@ -106,9 +106,9 @@ pub enum ErrorStateCause { /// Error reported by split tunnel module. #[cfg(target_os = "windows")] SplitTunnelError, - /// Failed to set set custom resolver + /// Failed to start filtering resolver #[cfg(target_os = "macos")] - CustomResolverError, + FilteringResolverError, /// Failed read system DNS config #[cfg(target_os = "macos")] ReadSystemDnsConfig, @@ -116,9 +116,9 @@ pub enum ErrorStateCause { impl ErrorStateCause { #[cfg(target_os = "macos")] - pub fn prevents_custom_resolver(&self) -> bool { + pub fn prevents_filtering_resolver(&self) -> bool { match self { - Self::CustomResolverError | Self::ReadSystemDnsConfig | Self::SetDnsError => true, + Self::FilteringResolverError | Self::ReadSystemDnsConfig | Self::SetDnsError => true, _ => false, } } @@ -215,7 +215,7 @@ impl fmt::Display for ErrorStateCause { #[cfg(target_os = "windows")] SplitTunnelError => "The split tunneling module reported an error", #[cfg(target_os = "macos")] - CustomResolverError => "Failed to set up custom resolver", + FilteringResolverError => "Failed to set up custom resolver", #[cfg(target_os = "macos")] ReadSystemDnsConfig => "Failed to read system DNS config", }; |