diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-11-09 22:47:57 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-11-24 12:29:47 +0100 |
| commit | 503b1e6586f20c205a0be5fb14963799b84fe7eb (patch) | |
| tree | c4ad4c7143a770713120c79ac6d00bc5e35d06b5 | |
| parent | ec4bfb027808b91746223715377c24ec78a9d015 (diff) | |
| download | mullvadvpn-503b1e6586f20c205a0be5fb14963799b84fe7eb.tar.xz mullvadvpn-503b1e6586f20c205a0be5fb14963799b84fe7eb.zip | |
Remove route monitoring for exclusions table
| -rw-r--r-- | talpid-core/src/routing/linux.rs | 395 | ||||
| -rw-r--r-- | talpid-core/src/routing/mod.rs | 18 | ||||
| -rw-r--r-- | talpid-core/src/routing/unix.rs | 119 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/openvpn.rs | 5 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/wireguard/mod.rs | 11 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connected_state.rs | 12 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connecting_state.rs | 8 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/disconnected_state.rs | 7 |
8 files changed, 25 insertions, 550 deletions
diff --git a/talpid-core/src/routing/linux.rs b/talpid-core/src/routing/linux.rs index 858247ced3..0e546d11a4 100644 --- a/talpid-core/src/routing/linux.rs +++ b/talpid-core/src/routing/linux.rs @@ -69,6 +69,22 @@ lazy_static! { v6_rule.header.family = AF_INET6 as u8; v6_rule }; + static ref EXCLUSIONS_RULE_V4: RuleMessage = RuleMessage { + header: RuleHeader { + family: AF_INET as u8, + action: FR_ACT_TO_TBL, + ..RuleHeader::default() + }, + nlas: vec![ + RuleNla::FwMark(split_tunnel::MARK as u32), + RuleNla::Table(RT_TABLE_MAIN as u32), + ], + }; + static ref EXCLUSIONS_RULE_V6: RuleMessage = { + let mut v6_rule = EXCLUSIONS_RULE_V4.clone(); + v6_rule.header.family = AF_INET6 as u8; + v6_rule + }; } @@ -107,17 +123,6 @@ pub enum Error { Shutdown, } -impl Error { - /// Returns true only if it's a netlink error with a code ENETUNREACH - fn is_network_unreachable(&self) -> bool { - match self { - Error::NetlinkError(rtnetlink::Error::NetlinkError(err)) => { - err.code == -libc::ENETUNREACH - } - _ => false, - } - } -} #[derive(Debug, Clone, Copy, Hash, PartialEq, Eq, PartialOrd, Ord)] struct RequiredDefaultRoute { @@ -138,11 +143,6 @@ pub struct RouteManagerImpl { default_routes: HashSet<Route>, best_default_node_v4: Option<Node>, best_default_node_v6: Option<Node>, - - split_table_id: u32, - split_ignored_interface: Option<String>, - - dns_routes: HashSet<Route>, } impl RouteManagerImpl { @@ -160,9 +160,6 @@ impl RouteManagerImpl { tokio::spawn(connection); let iface_map = Self::initialize_link_map(&handle).await?; - let split_table_id = Self::find_free_table_id(&handle).await?; - - log::trace!("Using table id {} for excluded apps", split_table_id); let mut monitor = Self { iface_map, @@ -175,14 +172,8 @@ impl RouteManagerImpl { default_routes: HashSet::new(), best_default_node_v4: None, best_default_node_v6: None, - - split_table_id, - split_ignored_interface: None, - - dns_routes: HashSet::new(), }; - monitor.initialize_exclusions_routes().await?; monitor.clear_routing_rules().await?; monitor.default_routes = monitor.get_default_routes().await?; @@ -196,91 +187,6 @@ impl RouteManagerImpl { Ok(monitor) } - async fn find_free_table_id(handle: &rtnetlink::Handle) -> Result<u32> { - let mut request = handle.route().get(IpVersion::V4).execute(); - let mut used_ids = HashSet::new(); - - while let Some(route) = request.try_next().await.map_err(Error::NetlinkError)? { - let mut id_found = false; - for nla in route.nlas { - match nla { - RouteNla::Table(id) => { - used_ids.insert(id); - id_found = true; - break; - } - _ => (), - } - } - - if !id_found { - // Use old header ID - used_ids.insert(u32::from(route.header.table)); - } - } - - for id in 1..u32::MAX { - if id == RT_TABLE_COMPAT as u32 { - continue; - } - if !used_ids.contains(&id) { - return Ok(id); - } - } - - Err(Error::NoFreeRoutingTableId) - } - - async fn purge_exclusions_routes(&mut self) -> Result<()> { - let split_routes = self.get_routes(Some(self.split_table_id)).await?; - for route in split_routes { - if let Err(error) = self.delete_route(&route).await { - log::warn!( - "Failed to delete exclusions route: {}\n{}", - route, - error.display_chain() - ); - } - } - Ok(()) - } - - async fn initialize_exclusions_routes(&mut self) -> Result<()> { - self.purge_exclusions_routes().await?; - - let mut main_routes = self.get_routes(None).await?.into_iter().collect::<Vec<_>>(); - main_routes.sort_by(|a, b| a.prefix.prefix().cmp(&b.prefix.prefix())); - main_routes.sort_by(|a, b| a.prefix.is_ipv4().cmp(&b.prefix.is_ipv4())); - - for mut route in main_routes { - route.table_id = self.split_table_id; - if let Err(err) = self.add_route_direct(route.clone()).await { - // If a rotue can't be added because parts of it's next-hop are unreachable, then - // a gateway route should be added first. Seemingly there's an ARP table per - // routing table, and a route that specifies both a gateway and an output interface - // depends on a route that instructs how to reach the gateway. - if err.is_network_unreachable() { - match (route.device_only_route(), route.node.get_address()) { - (Some(mut gateway_route), Some(address)) => { - gateway_route.prefix = - IpNetwork::new(address, if address.is_ipv4() { 32 } else { 128 }) - .unwrap(); - let add_gateway_route = self.add_route_direct(gateway_route).await; - let add_route_result = self.add_route_direct(route).await; - if let Err(err) = add_gateway_route.and_then(|_| add_route_result) { - log::error!("Failed to add route to split-routing table: {}", err); - }; - continue; - } - _ => (), - }; - } - log::error!("Failed to add route to split-routing table: {}", err); - } - } - Ok(()) - } - async fn create_routing_rules(&mut self) -> Result<()> { use netlink_packet_route::constants::*; @@ -291,6 +197,8 @@ impl RouteManagerImpl { &*NO_FWMARK_RULE_V6, &*SUPPRESS_RULE_V4, &*SUPPRESS_RULE_V6, + &*EXCLUSIONS_RULE_V4, + &*EXCLUSIONS_RULE_V6, ] { let mut req = NetlinkMessage::from(RtnlMessage::NewRule((*rule).clone())); req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_REPLACE; @@ -308,10 +216,12 @@ impl RouteManagerImpl { async fn clear_routing_rules(&mut self) -> Result<()> { for rule in &[ - &*NO_FWMARK_RULE_V4, - &*NO_FWMARK_RULE_V6, + &*EXCLUSIONS_RULE_V4, + &*EXCLUSIONS_RULE_V6, &*SUPPRESS_RULE_V4, &*SUPPRESS_RULE_V6, + &*NO_FWMARK_RULE_V4, + &*NO_FWMARK_RULE_V6, ] { self.delete_rule_if_exists((*rule).clone()).await?; } @@ -336,157 +246,6 @@ impl RouteManagerImpl { Ok(()) } - /// Route PID-associated packets through the physical interface. - async fn enable_exclusions_routes(&mut self) -> Result<()> { - // TODO: IPv6 - use netlink_packet_route::constants::*; - - if let Ok(true) = self.exclusions_rule_exists().await { - return Ok(()); - } - - let mut req = NetlinkMessage::from(RtnlMessage::NewRule(self.fwmark_rule_message())); - req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_REPLACE; - - let mut response = self.handle.request(req).map_err(Error::NetlinkError)?; - - while let Some(message) = response.next().await { - if let NetlinkPayload::Error(error) = message.payload { - return Err(Error::NetlinkError(rtnetlink::Error::NetlinkError(error))); - } - } - - Ok(()) - } - - /// Stop routing PID-associated packets through the physical interface. - async fn disable_exclusions_routes(&mut self) { - // TODO: IPv6 - use netlink_packet_route::constants::*; - - let mut req = NetlinkMessage::from(RtnlMessage::DelRule(self.fwmark_rule_message())); - req.header.flags = NLM_F_REQUEST | NLM_F_ACK; - - match self.handle.request(req).map_err(Error::NetlinkError) { - Ok(mut response) => { - while let Some(message) = response.next().await { - if let NetlinkPayload::Error(error) = message.payload { - if error.to_io().kind() != io::ErrorKind::NotFound { - log::warn!("Failed to delete routing policy: {}", error); - } - } - } - } - Err(error) => log::warn!("Failed to delete routing policy: {}", error), - } - } - - async fn exclusions_rule_exists(&mut self) -> Result<bool> { - use netlink_packet_route::constants::*; - - let mut req = NetlinkMessage::from(RtnlMessage::GetRule(RuleMessage { - header: RuleHeader { - family: AF_INET as u8, - ..RuleHeader::default() - }, - nlas: vec![], - })); - req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP; - - let mut response = self.handle.request(req).map_err(Error::NetlinkError)?; - - while let Some(message) = response.next().await { - match message.payload { - NetlinkPayload::InnerMessage(inner) => { - if let RtnlMessage::NewRule(rule) = RtnlMessage::from(inner) { - let mut match_mark = false; - let mut match_table = false; - for nla in &rule.nlas { - match nla { - _x if _x == &RuleNla::FwMark(split_tunnel::MARK as u32) => { - match_mark = true; - } - _x if _x == &RuleNla::Table(self.split_table_id) => { - match_table = true; - } - _ => (), - } - } - if match_mark && match_table { - return Ok(true); - } - } - } - NetlinkPayload::Error(error) => { - return Err(Error::NetlinkError(rtnetlink::Error::NetlinkError(error))); - } - _ => (), - } - } - Ok(false) - } - - fn fwmark_rule_message(&self) -> RuleMessage { - use netlink_packet_route::constants::*; - - RuleMessage { - header: RuleHeader { - family: AF_INET as u8, - action: FR_ACT_TO_TBL, - src_len: 0, - ..RuleHeader::default() - }, - nlas: vec![ - RuleNla::Source(ip_to_bytes(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)))), - RuleNla::FwMark(split_tunnel::MARK as u32), - RuleNla::Table(self.split_table_id as u32), - ], - } - } - - async fn clear_exclusions_dns(&mut self) -> Result<()> { - for route in self.dns_routes.clone() { - self.delete_route_if_exists(&route).await?; - self.dns_routes.remove(&route); - self.added_routes.remove(&route); - } - self.dns_routes.clear(); - - Ok(()) - } - - /// Route DNS requests through the tunnel interface. - async fn route_exclusions_dns( - &mut self, - tunnel_alias: &str, - dns_servers: &[IpAddr], - ) -> Result<()> { - self.clear_exclusions_dns().await?; - - let mut dns_routes = HashSet::new(); - - for server in dns_servers { - dns_routes.insert( - Route::new( - Node::device(tunnel_alias.to_string()), - IpNetwork::from(*server), - ) - .table(self.split_table_id), - ); - } - - if let Some(capacity_needed) = dns_routes.len().checked_sub(self.dns_routes.capacity()) { - self.dns_routes.reserve(capacity_needed); - } - - for route in dns_routes { - self.add_route(route.clone()).await?; - self.dns_routes.insert(route); - } - - Ok(()) - } - async fn add_required_default_routes( &mut self, required_default_routes: HashSet<RequiredDefaultRoute>, @@ -550,48 +309,6 @@ impl RouteManagerImpl { Ok(()) } - async fn get_routes(&self, table_id: Option<u32>) -> Result<HashSet<Route>> { - let mut routes = self.get_routes_inner(IpVersion::V4, table_id).await?; - routes.extend(self.get_routes_inner(IpVersion::V6, table_id).await?); - Ok(routes) - } - - async fn get_routes_inner( - &self, - version: IpVersion, - table_id: Option<u32>, - ) -> Result<HashSet<Route>> { - let mut routes = HashSet::new(); - let table_id = table_id.unwrap_or(RT_TABLE_MAIN as u32); - let mut route_request = self.handle.route().get(version).execute(); - - let mut num_ignored_loopback_interfaces: u32 = 0; - while let Some(route) = route_request - .try_next() - .await - .map_err(Error::NetlinkError)? - { - if let Some(route) = self.parse_route_message_inner(route)? { - if route.table_id != table_id { - continue; - } - // Ignore loopback routes - we don't want to mess with those anyway - if route.is_loopback() { - num_ignored_loopback_interfaces += 1; - continue; - } - routes.insert(route); - } - } - if num_ignored_loopback_interfaces != 0 { - log::debug!( - "Ignored {} loopback routes", - num_ignored_loopback_interfaces - ); - } - Ok(routes) - } - async fn get_default_routes(&self) -> Result<HashSet<Route>> { let mut routes = self.get_default_routes_inner(IpVersion::V4).await?; routes.extend(self.get_default_routes_inner(IpVersion::V6).await?); @@ -639,20 +356,6 @@ impl RouteManagerImpl { async fn process_new_route(&mut self, route: Route) -> Result<()> { - if self.split_ignored_interface.is_none() - || route.node.device != self.split_ignored_interface - { - let mut exclusions_route = route.clone(); - exclusions_route.table_id = self.split_table_id; - if let Err(error) = self.add_route_direct(exclusions_route.clone()).await { - log::warn!( - "Failed to add exclusions route: {}\n{}", - exclusions_route, - error.display_chain(), - ); - } - } - if route.prefix.prefix() == 0 { self.default_routes.insert(route); self.update_default_routes().await?; @@ -661,40 +364,11 @@ impl RouteManagerImpl { } async fn process_deleted_route(&mut self, route: Route) -> Result<()> { - if self.split_ignored_interface.is_none() - || route.node.device != self.split_ignored_interface - { - let mut exclusions_route = route.clone(); - exclusions_route.table_id = self.split_table_id; - if let Err(error) = self.delete_route(&exclusions_route).await { - match error { - Error::NetlinkError(rtnetlink::Error::NetlinkError(error)) => { - // Not finding the route is expected if the link goes down - if error.code != -libc::ESRCH { - log::error!( - "Failed to remove exclusions route: {}\n{}", - exclusions_route, - error - ); - } - } - error => { - log::error!( - "Failed to remove exclusions route: {}\n{}", - exclusions_route, - error.display_chain() - ); - } - } - } - } - if route.prefix.prefix() == 0 { self.default_routes.remove(&route); self.update_default_routes().await?; } self.added_routes.remove(&route); - self.dns_routes.remove(&route); Ok(()) } @@ -807,7 +481,6 @@ impl RouteManagerImpl { if let Err(e) = self.delete_route_if_exists(&route).await { log::error!("Failed to remove route - {} - {}", route, e); } - self.dns_routes.remove(&route); } } @@ -850,24 +523,6 @@ impl RouteManagerImpl { RouteManagerCommand::ClearRoutingRules(result_tx) => { let _ = result_tx.send(self.clear_routing_rules().await); } - RouteManagerCommand::EnableExclusionsRoutes(result_tx) => { - let _ = result_tx.send(self.enable_exclusions_routes().await); - } - RouteManagerCommand::DisableExclusionsRoutes => { - self.disable_exclusions_routes().await; - } - RouteManagerCommand::SetTunnelLink(interface_name, result_tx) => { - log::debug!( - "Exclusions: Ignoring route changes for dev {}", - &interface_name - ); - self.split_ignored_interface = Some(interface_name); - let _ = result_tx.send(()); - } - RouteManagerCommand::RouteExclusionsDns(tunnel_alias, dns_servers, result_tx) => { - let _ = - result_tx.send(self.route_exclusions_dns(&tunnel_alias, &dns_servers).await); - } RouteManagerCommand::ClearRoutes => { log::debug!("Clearing routes"); self.cleanup_routes().await; @@ -1214,12 +869,6 @@ impl RouteManagerImpl { } async fn destructor(&mut self) { - if let Err(error) = self.purge_exclusions_routes().await { - log::error!( - "{}", - error.display_chain_with_msg("Failed to flush exclusions routes") - ); - } self.cleanup_routes().await; if let Err(error) = self.clear_routing_rules().await { diff --git a/talpid-core/src/routing/mod.rs b/talpid-core/src/routing/mod.rs index 9fa5d28737..e8b43a5d2d 100644 --- a/talpid-core/src/routing/mod.rs +++ b/talpid-core/src/routing/mod.rs @@ -40,29 +40,11 @@ impl Route { } } - /// Returns route that only contains the device node if a device node exists. - #[cfg(target_os = "linux")] - fn device_only_route(&self) -> Option<Self> { - if let Some(device) = self.node.get_device() { - Some(Self { - node: Node::device(device.to_string()), - ..self.clone() - }) - } else { - None - } - } - #[cfg(target_os = "linux")] fn table(mut self, new_id: u32) -> Self { self.table_id = new_id; self } - - #[cfg(target_os = "linux")] - fn is_loopback(&self) -> bool { - self.node.ip.map(|ip| ip.is_loopback()).unwrap_or(false) - } } impl fmt::Display for Route { diff --git a/talpid-core/src/routing/unix.rs b/talpid-core/src/routing/unix.rs index 4db258b3a5..d3f684c2fd 100644 --- a/talpid-core/src/routing/unix.rs +++ b/talpid-core/src/routing/unix.rs @@ -9,9 +9,6 @@ use futures::channel::{ }; use std::{collections::HashSet, io}; -#[cfg(target_os = "linux")] -use std::net::IpAddr; - #[cfg(target_os = "macos")] #[path = "macos.rs"] mod imp; @@ -66,22 +63,6 @@ impl RouteManagerHandle { .map_err(Error::PlatformError) } - /// Set the link to be ignored by the exclusions routing table. - #[cfg(target_os = "linux")] - pub fn set_tunnel_link(&self, interface: &str) -> Result<(), Error> { - let (response_tx, response_rx) = oneshot::channel(); - self.tx - .unbounded_send(RouteManagerCommand::SetTunnelLink( - interface.to_string(), - response_tx, - )) - .map_err(|_| Error::RouteManagerDown)?; - Ok(self - .runtime - .block_on(response_rx) - .map_err(|_| Error::ManagerChannelDown)?) - } - /// Ensure that packets are routed using the correct tables. #[cfg(target_os = "linux")] pub fn create_routing_rules(&self) -> Result<(), Error> { @@ -122,18 +103,6 @@ pub(crate) enum RouteManagerCommand { CreateRoutingRules(oneshot::Sender<Result<(), PlatformError>>), #[cfg(target_os = "linux")] ClearRoutingRules(oneshot::Sender<Result<(), PlatformError>>), - #[cfg(target_os = "linux")] - EnableExclusionsRoutes(oneshot::Sender<Result<(), PlatformError>>), - #[cfg(target_os = "linux")] - DisableExclusionsRoutes, - #[cfg(target_os = "linux")] - SetTunnelLink(String, oneshot::Sender<()>), - #[cfg(target_os = "linux")] - RouteExclusionsDns( - String, - Vec<IpAddr>, - oneshot::Sender<Result<(), PlatformError>>, - ), } /// RouteManager applies a set of routes to the route table. @@ -226,65 +195,6 @@ impl RouteManager { self.handle()?.clear_routing_rules() } - /// Route PID-associated packets through the physical interface. - #[cfg(target_os = "linux")] - pub fn enable_exclusions_routes(&mut self) -> Result<(), Error> { - if let Some(tx) = &self.manage_tx { - let (result_tx, result_rx) = oneshot::channel(); - if tx - .unbounded_send(RouteManagerCommand::EnableExclusionsRoutes(result_tx)) - .is_err() - { - return Err(Error::RouteManagerDown); - } - - self.runtime - .block_on(result_rx) - .map_err(|_| Error::ManagerChannelDown)? - .map_err(Error::PlatformError) - } else { - Err(Error::RouteManagerDown) - } - } - - /// Stop routing PID-associated packets through the physical interface. - #[cfg(target_os = "linux")] - pub fn disable_exclusions_routes(&self) -> Result<(), Error> { - if let Some(tx) = &self.manage_tx { - if tx - .unbounded_send(RouteManagerCommand::DisableExclusionsRoutes) - .is_err() - { - return Err(Error::RouteManagerDown); - } - Ok(()) - } else { - Err(Error::RouteManagerDown) - } - } - - /// Set the link to be ignored by the exclusions routing table. - #[cfg(target_os = "linux")] - pub fn set_tunnel_link(&mut self, tunnel_alias: &str) -> Result<(), Error> { - if let Some(tx) = &self.manage_tx { - let (result_tx, result_rx) = oneshot::channel(); - if tx - .unbounded_send(RouteManagerCommand::SetTunnelLink( - tunnel_alias.to_string(), - result_tx, - )) - .is_err() - { - return Err(Error::RouteManagerDown); - } - self.runtime - .block_on(result_rx) - .map_err(|_| Error::ManagerChannelDown) - } else { - Err(Error::RouteManagerDown) - } - } - /// Retrieve a sender directly to the command channel. pub fn handle(&self) -> Result<RouteManagerHandle, Error> { if let Some(tx) = &self.manage_tx { @@ -302,35 +212,6 @@ impl RouteManager { pub fn runtime_handle(&self) -> tokio::runtime::Handle { self.runtime.clone() } - - /// Route DNS requests through the tunnel interface. - #[cfg(target_os = "linux")] - pub fn route_exclusions_dns( - &mut self, - tunnel_alias: &str, - dns_servers: &[IpAddr], - ) -> Result<(), Error> { - if let Some(tx) = &self.manage_tx { - let (result_tx, result_rx) = oneshot::channel(); - if tx - .unbounded_send(RouteManagerCommand::RouteExclusionsDns( - tunnel_alias.to_string(), - dns_servers.to_vec(), - result_tx, - )) - .is_err() - { - return Err(Error::RouteManagerDown); - } - - self.runtime - .block_on(result_rx) - .map_err(|_| Error::ManagerChannelDown)? - .map_err(Error::PlatformError) - } else { - Err(Error::RouteManagerDown) - } - } } impl Drop for RouteManager { diff --git a/talpid-core/src/tunnel/openvpn.rs b/talpid-core/src/tunnel/openvpn.rs index 312572e9ae..5966b56d7a 100644 --- a/talpid-core/src/tunnel/openvpn.rs +++ b/talpid-core/src/tunnel/openvpn.rs @@ -213,12 +213,7 @@ impl OpenVpnMonitor<OpenVpnCommand> { let on_openvpn_event = move |event, env: HashMap<String, String>| { #[cfg(target_os = "linux")] if event == openvpn_plugin::EventType::Up { - let interface = env.get("dev").unwrap(); tokio::task::block_in_place(|| { - route_manager_handle - .clone() - .set_tunnel_link(interface) - .unwrap(); let routes = extract_routes(&env).unwrap(); let route_manager_handle = route_manager_handle.clone(); if let Err(error) = route_manager_handle.add_routes(routes) { diff --git a/talpid-core/src/tunnel/wireguard/mod.rs b/talpid-core/src/tunnel/wireguard/mod.rs index f74fd22a1c..ef93b20a2d 100644 --- a/talpid-core/src/tunnel/wireguard/mod.rs +++ b/talpid-core/src/tunnel/wireguard/mod.rs @@ -84,14 +84,9 @@ impl WireguardMonitor { let iface_name = tunnel.get_interface_name().to_string(); #[cfg(target_os = "linux")] - { - route_manager - .set_tunnel_link(&iface_name) - .map_err(Error::SetupRoutingError)?; - route_manager - .create_routing_rules() - .map_err(Error::SetupRoutingError)?; - } + route_manager + .create_routing_rules() + .map_err(Error::SetupRoutingError)?; route_manager .add_routes(Self::get_routes(&iface_name, &config)) diff --git a/talpid-core/src/tunnel_state_machine/connected_state.rs b/talpid-core/src/tunnel_state_machine/connected_state.rs index 4034092f84..432ff1b4d7 100644 --- a/talpid-core/src/tunnel_state_machine/connected_state.rs +++ b/talpid-core/src/tunnel_state_machine/connected_state.rs @@ -124,18 +124,6 @@ impl ConnectedState { .set(&self.metadata.interface, &dns_ips) .map_err(BoxedError::new)?; - #[cfg(target_os = "linux")] - { - let mut dns_routes = vec![IpAddr::V4(self.metadata.ipv4_gateway)]; - if let Some(gateway) = self.metadata.ipv6_gateway { - dns_routes.push(IpAddr::V6(gateway)); - } - shared_values - .route_manager - .route_exclusions_dns(&self.metadata.interface, &dns_routes) - .map_err(BoxedError::new)?; - } - Ok(()) } diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs index 85ddb87617..60f87787a2 100644 --- a/talpid-core/src/tunnel_state_machine/connecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs @@ -361,14 +361,6 @@ impl TunnelState for ConnectingState { ErrorStateCause::SetFirewallPolicyError(error), ) } else { - #[cfg(target_os = "linux")] - if let Err(error) = shared_values.route_manager.enable_exclusions_routes() { - error!( - "{}", - error.display_chain_with_msg("Failed to set up split tunneling") - ); - } - #[cfg(target_os = "android")] { if retry_attempt > 0 && retry_attempt % MAX_ATTEMPTS_WITH_SAME_TUN == 0 { diff --git a/talpid-core/src/tunnel_state_machine/disconnected_state.rs b/talpid-core/src/tunnel_state_machine/disconnected_state.rs index 440949a920..fb55000a9a 100644 --- a/talpid-core/src/tunnel_state_machine/disconnected_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnected_state.rs @@ -44,13 +44,6 @@ impl TunnelState for DisconnectedState { shared_values: &mut SharedTunnelStateValues, should_reset_firewall: Self::Bootstrap, ) -> (TunnelStateWrapper, TunnelStateTransition) { - #[cfg(target_os = "linux")] - if let Err(error) = shared_values.route_manager.disable_exclusions_routes() { - log::error!( - "{}", - error.display_chain_with_msg("Failed to disable exclusions routes") - ); - } Self::set_firewall_policy(shared_values, should_reset_firewall); #[cfg(target_os = "linux")] shared_values.reset_connectivity_check(); |