Clean up

- Fix outdated comment
- Remove unused go function
- Remove outdated TODO comment
- Run `go fmt` on `libwg_android.go`
- Document `AllowedTunnelTraffic`, `get_socket_v4` and `get_socket_v6`

4 files changed, 21 insertions, 87 deletions

diff --git a/talpid-types/src/net/mod.rs b/talpid-types/src/net/mod.rs
index 1ec8ba46c5..e53b3fa54a 100644
--- a/talpid-types/src/net/mod.rs
+++ b/talpid-types/src/net/mod.rs
@@ -435,15 +435,26 @@ impl AllowedClients {
     }
 }
 
+/// What [`Endpoint`]s to allow the client to send traffic to and receive from.
+///
+/// In some cases we want to restrict what IP addresses the client may communicate with even
+/// inside of the tunnel, for example while negotiating a PQ-safe PSK with an ephemeral peer.
 #[derive(Debug, Clone, Eq, PartialEq, Hash)]
 pub enum AllowedTunnelTraffic {
+    /// Block all traffic inside the tunnel.
     None,
+    /// Allow all traffic inside the tunnel. This is the normal mode of operation.
     All,
+    /// Only allow communication with this specific endpoint. This will usually be a relay during a
+    /// short amount of time.
     One(Endpoint),
+    /// Only allow communication with these two specific endpoints. The intended use case for this
+    /// is while negotiating for example a PSK with both the entry & exit relays in a multihop setup.
     Two(Endpoint, Endpoint),
 }
 
 impl AllowedTunnelTraffic {
+    /// Do we currently allow traffic to all endpoints?
     pub fn all(&self) -> bool {
         matches!(self, AllowedTunnelTraffic::All)
     }
diff --git a/talpid-wireguard/src/wireguard_go/mod.rs b/talpid-wireguard/src/wireguard_go/mod.rs
index e94f786fd1..97e88ba7af 100644
--- a/talpid-wireguard/src/wireguard_go/mod.rs
+++ b/talpid-wireguard/src/wireguard_go/mod.rs
@@ -121,9 +121,9 @@ impl WgGoTunnel {
             let private_ip = private_ip(config);
 
             let handle = wireguard_go_rs::Tunnel::turn_on_multihop(
-                exit_config_str,
-                entry_config_str,
-                private_ip,
+                &exit_config_str,
+                &entry_config_str,
+                &private_ip,
                 tunnel_fd,
                 Some(logging::wg_go_logging_callback),
                 logging_context.0,
diff --git a/wireguard-go-rs/libwg/libwg_android.go b/wireguard-go-rs/libwg/libwg_android.go
index a439bce3fb..9f488230a9 100644
--- a/wireguard-go-rs/libwg/libwg_android.go
+++ b/wireguard-go-rs/libwg/libwg_android.go
@@ -167,9 +167,9 @@ func wgTurnOnMultihop(cExitSettings *C.char, cEntrySettings *C.char, privateIp *
 	// Create the stuff that needs
 
 	context := tunnelcontainer.Context{
-		Device: exitDevice,
+		Device:      exitDevice,
 		EntryDevice: entryDevice,
-		Logger: logger,
+		Logger:      logger,
 	}
 
 	handle, err := tunnels.Insert(context)
@@ -184,82 +184,6 @@ func wgTurnOnMultihop(cExitSettings *C.char, cEntrySettings *C.char, privateIp *
 
 }
 
-//export wgTurnOnMultihop
-/*func wgTurnOnMultihop(mtu int, exitSettings *C.char, entrySettings *C.char, privateIp *C.char, fd int32, logSink LogSink, logContext LogContext) C.int32_t {
-	logger := logging.NewLogger(logSink, logging.LogContext(logContext))
-
-	if exitSettings == nil {
-		logger.Errorf("exitSettings is null\n")
-		return ERROR_INVALID_ARGUMENT
-	}
-
-	if entrySettings == nil {
-		logger.Errorf("exitSettings is null\n")
-		return ERROR_INVALID_ARGUMENT
-	}
-
-	// OLD
-	// settings := goStringFixed(cSettings)
-	// NEW
-	exitConfigString := goStringFixed(exitSettings)
-	entryConfigString := goStringFixed(entrySettings)
-	exitEndpoint := parseEndpointFromConfig(exitConfigString)
-	if exitEndpoint == nil {
-		return -10 // TODO: Define this error, previously '' errNoEndpointInConfig
-	}
-
-	ip, err := netip.ParseAddr(goStringFixed(privateIp))
-	if err != nil {
-		logger.Errorf("Failed to parse private IP: %v", err)
-		return -10 // TODO: Define this error, previously '' errBadIPString
-	}
-
-	// OLD
-	// device := device.NewDevice(tunDevice, conn.NewStdNetBind(), logger)
-	// NEW
-	// ip: First hop
-	// exitEndpoint: Last hop
-	// TODO: Is this mtu the correct one?
-	singleTunMtu := mtu - 80
-	singletun := multihoptun.NewMultihopTun(ip, exitEndpoint.Addr(), exitEndpoint.Port(), singleTunMtu)
-	entryDev := device.NewDevice(&singletun, conn.NewStdNetBind(), logger)
-
-	tunDevice, _, err := tun.CreateUnmonitoredTUNFromFD(fd)
-	if err != nil {
-		logger.Errorf("%s\n", err)
-		unix.Close(fd)
-		if err.Error() == "bad file descriptor" {
-			return ERROR_INTERMITTENT_FAILURE
-		}
-		return ERROR_GENERAL_FAILURE
-	}
-	exitDev := device.NewDevice(tunDevice, singletun.Binder(), logger)
-
-	setErr := device.IpcSetOperation(bufio.NewReader(strings.NewReader(settings)))
-	if setErr != nil {
-		logger.Errorf("%s\n", setErr)
-		device.Close()
-		return ERROR_INTERMITTENT_FAILURE
-	}
-
-	device.DisableSomeRoamingForBrokenMobileSemantics()
-	device.Up()
-
-	// context := tunnelcontainer.Context{
-	// 	Device: device,
-	// 	Logger: logger,
-	// }
-
-	handle, err := addTunnelFromDevice(exitDev, entryDev, exitSettings, entrySettings, logger)
-	if err != nil {
-		logger.Errorf("%s\n", err)
-		device.Close()
-		return ERROR_GENERAL_FAILURE
-	}
-
-	return C.int32_t(handle)
-}*/
-
 func addTunnelFromDevice(exitDev *device.Device, entryDev *device.Device, exitSettings string, entrySettings string, logger *device.Logger) (*tunnelHandle, error) {
 	err := bringUpDevice(exitDev, exitSettings, logger)
 	if err != nil {
@@ -321,7 +245,7 @@ func wgGetSocketV4(tunnelHandle int32) C.int32_t {
 	device := tunnel.EntryDevice
 	if device == nil {
 		device = tunnel.Device
-	} 
+	}
 	peek := device.Bind().(conn.PeekLookAtSocketFd)
 	fd, err := peek.PeekLookAtSocketFd4()
 	if err != nil {
diff --git a/wireguard-go-rs/src/lib.rs b/wireguard-go-rs/src/lib.rs
index 321189ff5c..8049498107 100644
--- a/wireguard-go-rs/src/lib.rs
+++ b/wireguard-go-rs/src/lib.rs
@@ -6,8 +6,6 @@
 //!
 //! The [`Tunnel`] type provides a safe Rust wrapper around the C FFI.
 
-// TODO: Add a new function wgTurnOnMultihop for android.
-
 #![cfg(unix)]
 
 use core::{
@@ -212,12 +210,14 @@ impl Tunnel {
     /// Get the file descriptor of the tunnel IPv4 socket.
     #[cfg(target_os = "android")]
     pub fn get_socket_v4(&self) -> Fd {
+        // SAFETY: self.handle is a valid pointer to an active wireguard-go tunnel.
         unsafe { ffi::wgGetSocketV4(self.handle) }
     }
 
     /// Get the file descriptor of the tunnel IPv6 socket.
     #[cfg(target_os = "android")]
     pub fn get_socket_v6(&self) -> Fd {
+        // SAFETY: self.handle is a valid pointer to an active wireguard-go tunnel.
         unsafe { ffi::wgGetSocketV6(self.handle) }
     }
 }
@@ -290,11 +290,11 @@ mod ffi {
         ) -> i32;
 
         /// Creates a new wireguard tunnel, uses the specific interface name, and file descriptors
-        /// for the tunnel device and logging. For targets other than android, this also takes an
-        /// MTU value.
+        /// for the tunnel device and logging.
         ///
         /// Positive return values are tunnel handles for this specific wireguard tunnel instance.
         /// Negative return values signify errors.
+        #[cfg(target_os = "android")]
         pub fn wgTurnOnMultihop(
             exit_settings: *const c_char,
             entry_settings: *const c_char,
@@ -304,7 +304,6 @@ mod ffi {
             logging_context: LoggingContext,
         ) -> i32;
 
-
         /// Pass a handle that was created by wgTurnOn to stop a wireguard tunnel.
         ///
         /// Negative return values signify errors.