diff options
| author | Andrej Mihajlov <and@mullvad.net> | 2020-03-05 18:33:33 +0100 |
|---|---|---|
| committer | Andrej Mihajlov <and@mullvad.net> | 2020-03-06 10:36:37 +0100 |
| commit | 46f7a0cfff15188d01d934880b3e012ffd6f6f6f (patch) | |
| tree | 8030df6b0452f4ce26ca9b323d3fac07eda22bfe | |
| parent | 95f421f2178eaefd2ea46cc94c98628d3ff69cfd (diff) | |
| download | mullvadvpn-46f7a0cfff15188d01d934880b3e012ffd6f6f6f.tar.xz mullvadvpn-46f7a0cfff15188d01d934880b3e012ffd6f6f6f.zip | |
Add keep_state to DNS queries going over TCP to allow the inbound reply traffic
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8719297c50..d08c6c0574 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,10 @@ Line wrap the file at 100 chars. Th ### Fixed - Fix bug that could lead to Javascript error dialog to appear upon the desktop app termination. +#### macOS +- Fix firewall rules to properly handle DNS requests over TCP when "Local network sharing" is + disabled. Previously DNS requests over TCP would timeout. + #### Android - Make sure the settings screen is scrollable so that devices with small screens can access the quit button. diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index 41898f36cd..111bc66bc8 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -113,6 +113,8 @@ impl Firewall { .quick(true) .interface(&tunnel.interface) .proto(pfctl::Proto::Tcp) + .keep_state(pfctl::StatePolicy::Keep) + .tcp_flags(Self::get_tcp_flags()) .to(pfctl::Endpoint::new(tunnel.ipv4_gateway, 53)) .build()?; rules.push(allow_tcp_dns_to_relay_rule); @@ -133,6 +135,8 @@ impl Firewall { .quick(true) .interface(&tunnel.interface) .proto(pfctl::Proto::Tcp) + .keep_state(pfctl::StatePolicy::Keep) + .tcp_flags(Self::get_tcp_flags()) .to(pfctl::Endpoint::new(ipv6_gateway, 53)) .build()?; rules.push(v6_dns_rule_tcp); |