Remove DNS proxy code from macOS impl

author: Linus Färnstrand <linus@mullvad.net> 2017-11-27 16:00:50 +0100
committer: Linus Färnstrand <linus@mullvad.net> 2017-12-04 10:26:49 +0100
commit: 3951c0be4dfdbb0240bd2f39716010ad3257512e (patch)
tree: 3a58c006e6d01f4a3f2457ec0c1138a025767799
parent: 08530bb297f5f1faff0ca5f6b68d33af03b217ea (diff)
download: mullvadvpn-3951c0be4dfdbb0240bd2f39716010ad3257512e.tar.xz
mullvadvpn-3951c0be4dfdbb0240bd2f39716010ad3257512e.zip
5 files changed, 5 insertions, 94 deletions
diff --git a/Cargo.lock b/Cargo.lock
index bb9982afc7..933db585cf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1142,18 +1142,6 @@ version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
-name = "socket-relay"
-version = "0.1.0"
-dependencies = [
- "env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
- "error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "futures 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)",
- "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)",
- "tokio-core 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)",
- "tokio-timer 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
-[[package]]
 name = "stable_deref_trait"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index 0082f61236..1bed44a013 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,5 +7,4 @@ members = [
     "talpid-openvpn-plugin",
     "talpid-core",
     "talpid-ipc",
-    "socket-relay",
 ]
diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml
index a7dfc01aa9..9ef9999560 100644
--- a/talpid-core/Cargo.toml
+++ b/talpid-core/Cargo.toml
@@ -24,6 +24,4 @@ libc = "0.2.20"
 
 [target.'cfg(target_os = "macos")'.dependencies]
 pfctl = { git = "https://github.com/mullvad/pfctl-rs", rev = "dae436f6ee4e3529fc995c5192b314f1cc8dccec" }
-socket-relay = { path = "../socket-relay" }
 tokio-core = "0.1"
-
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs
index fdef40ed9e..40f841aa81 100644
--- a/talpid-core/src/firewall/macos.rs
+++ b/talpid-core/src/firewall/macos.rs
@@ -1,27 +1,22 @@
-extern crate socket_relay;
+extern crate pfctl;
 extern crate tokio_core;
 
 use super::{Firewall, SecurityPolicy};
-use pfctl;
 
-use std::net::{IpAddr, Ipv4Addr, SocketAddr};
-use std::sync::mpsc;
-use std::thread;
+use std::net::Ipv4Addr;
 
-use self::socket_relay::udp::{Relay, RelayCloseHandle};
 use talpid_types::net;
-use tunnel::TunnelMetadata;
 
 // alias used to instantiate firewall implementation
 pub type ConcreteFirewall = PacketFilter;
-pub use pfctl::{Error, ErrorKind, Result, ResultExt};
+pub use self::pfctl::{Error, ErrorKind, Result, ResultExt};
 
 const ANCHOR_NAME: &'static str = "mullvad";
 
 pub struct PacketFilter {
     pf: pfctl::PfCtl,
     pf_was_enabled: Option<bool>,
-    dns_proxy_close_handle: Option<RelayCloseHandle>,
+
 }
 
 impl Firewall<Error> for PacketFilter {
@@ -29,7 +24,6 @@ impl Firewall<Error> for PacketFilter {
         Ok(PacketFilter {
             pf: pfctl::PfCtl::new()?,
             pf_was_enabled: None,
-            dns_proxy_close_handle: None,
         })
     }
 
@@ -40,7 +34,6 @@ impl Firewall<Error> for PacketFilter {
     }
 
     fn reset_policy(&mut self) -> Result<()> {
-        self.stop_dns_proxy();
         vec![
             self.remove_rules(),
             self.remove_anchor(),
@@ -82,12 +75,9 @@ impl PacketFilter {
     ) -> Result<(Vec<pfctl::FilterRule>, Vec<pfctl::RedirectRule>)> {
         match policy {
             SecurityPolicy::Connecting(relay_endpoint) => {
-                self.stop_dns_proxy();
                 Ok((vec![Self::get_allow_relay_rule(relay_endpoint)?], vec![]))
             }
             SecurityPolicy::Connected(relay_endpoint, tunnel) => {
-                let dns_proxy_listen_addr = self.start_dns_proxy(&tunnel)?;
-
                 let allow_dns_to_relay_rule = pfctl::FilterRuleBuilder::default()
                     .action(pfctl::FilterRuleAction::Pass)
                     .direction(pfctl::Direction::Out)
@@ -112,14 +102,6 @@ impl PacketFilter {
                     .to(pfctl::Port::from(53))
                     .build()?;
 
-                let dns_redirect_rule = pfctl::RedirectRuleBuilder::default()
-                    .action(pfctl::RedirectRuleAction::Redirect)
-                    .interface("lo0")
-                    .proto(pfctl::Proto::Udp)
-                    .to(pfctl::Port::from(53))
-                    .redirect_to(dns_proxy_listen_addr)
-                    .build()?;
-
                 Ok((
                     vec![
                         allow_dns_to_relay_rule,
@@ -128,7 +110,7 @@ impl PacketFilter {
                         Self::get_allow_relay_rule(relay_endpoint)?,
                         Self::get_allow_tunnel_rule(tunnel.interface.as_str())?,
                     ],
-                    vec![dns_redirect_rule],
+                    vec![],
                 ))
             }
         }
@@ -231,19 +213,6 @@ impl PacketFilter {
         self.pf
             .try_remove_anchor(ANCHOR_NAME, pfctl::AnchorKind::Redirect)
     }
-
-    fn start_dns_proxy(&mut self, tunnel: &TunnelMetadata) -> Result<SocketAddr> {
-        self.stop_dns_proxy();
-        let (listen_addr, close_handle) = spawn_dns_proxy(tunnel.ip, tunnel.gateway)?;
-        self.dns_proxy_close_handle = Some(close_handle);
-        Ok(listen_addr)
-    }
-
-    fn stop_dns_proxy(&mut self) {
-        if let Some(close_handle) = self.dns_proxy_close_handle.take() {
-            close_handle.close();
-        }
-    }
 }
 
 fn as_pfctl_proto(protocol: net::TransportProtocol) -> pfctl::Proto {
@@ -252,43 +221,3 @@ fn as_pfctl_proto(protocol: net::TransportProtocol) -> pfctl::Proto {
         net::TransportProtocol::Tcp => pfctl::Proto::Tcp,
     }
 }
-
-fn spawn_dns_proxy(
-    tunnel_ip: Ipv4Addr,
-    tunnel_gateway: Ipv4Addr,
-) -> Result<(SocketAddr, RelayCloseHandle)> {
-    let (tx, rx) = mpsc::channel();
-    thread::spawn(move || {
-        match spawn_dns_proxy_helper(tunnel_ip, tunnel_gateway) {
-            Ok((mut core, relay)) => {
-                tx.send(Ok((relay.listen_addr(), relay.close_handle())))
-                    .unwrap();
-                match core.run(relay) {
-                    Err(e) => error!("DNS proxy died with an error: {}", e),
-                    Ok(_) => info!("DNS proxy exiting"),
-                }
-            }
-            Err(e) => {
-                tx.send(Err(e)).unwrap();
-            }
-        }
-    });
-    rx.recv().unwrap()
-}
-
-fn spawn_dns_proxy_helper(
-    tunnel_ip: Ipv4Addr,
-    tunnel_gateway: Ipv4Addr,
-) -> Result<(tokio_core::reactor::Core, Relay)> {
-    let core = tokio_core::reactor::Core::new().chain_err(|| "Unable to init Tokio event loop")?;
-
-    let relay = Relay::new(
-        "127.0.0.1:0".parse().unwrap(),
-        IpAddr::V4(tunnel_ip),
-        SocketAddr::from((tunnel_gateway, 53)),
-        core.handle(),
-    ).chain_err(|| "Unable to create DNS proxy socket relay")?;
-    info!("DNS proxy listening on {}", relay.listen_addr());
-
-    Ok((core, relay))
-}
diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs
index 1af5587def..fc85584267 100644
--- a/talpid-core/src/lib.rs
+++ b/talpid-core/src/lib.rs
@@ -29,9 +29,6 @@ extern crate openvpn_plugin;
 extern crate talpid_ipc;
 extern crate talpid_types;
 
-#[cfg(target_os = "macos")]
-extern crate pfctl;
-
 /// Working with processes.
 pub mod process;
author	Linus Färnstrand <linus@mullvad.net>	2017-11-27 16:00:50 +0100
committer	Linus Färnstrand <linus@mullvad.net>	2017-12-04 10:26:49 +0100
commit	3951c0be4dfdbb0240bd2f39716010ad3257512e (patch)
tree	3a58c006e6d01f4a3f2457ec0c1138a025767799
parent	08530bb297f5f1faff0ca5f6b68d33af03b217ea (diff)
download	mullvadvpn-3951c0be4dfdbb0240bd2f39716010ad3257512e.tar.xz mullvadvpn-3951c0be4dfdbb0240bd2f39716010ad3257512e.zip