Merge branch 'remove-dup-ios'

2 files changed, 12 insertions, 21 deletions

diff --git a/ios/PacketTunnel/WireguardDevice.swift b/ios/PacketTunnel/WireguardDevice.swift
index e45cf6bd4b..6bf6cabfd2 100644
--- a/ios/PacketTunnel/WireguardDevice.swift
+++ b/ios/PacketTunnel/WireguardDevice.swift
@@ -21,10 +21,6 @@ class WireguardDevice {
         /// A failure to obtain the tunnel device file descriptor
         case cannotLocateSocketDescriptor
 
-        /// A failure to duplicate the socket descriptor.
-        /// The associated value contains the `errno` from a syscall to `dup`
-        case cannotDuplicateSocketDescriptor(Int32)
-
         /// A failure to start the Wireguard backend
         case start(Int32)
 
@@ -41,8 +37,6 @@ class WireguardDevice {
             switch self {
             case .cannotLocateSocketDescriptor:
                 return "Cannot locate the socket file descriptor."
-            case .cannotDuplicateSocketDescriptor(let posixErrorCode):
-                return "Cannot duplicate the socket file descriptor. Errno: \(posixErrorCode)"
             case .start(let wgErrorCode):
                 return "Failed to start Wireguard. Return code: \(wgErrorCode)"
             case .notStarted:
@@ -244,28 +238,16 @@ class WireguardDevice {
     private func startWireguardBackend(resolvedConfiguration: WireguardConfiguration) -> Result<(), Error> {
         assert(self.wireguardHandle == nil)
 
-        // Duplicate the tunnel file descriptor to prevent `wgTurnOff` from closing it
-        let duplicateFileDescriptor = dup(self.tunnelFileDescriptor)
-        if duplicateFileDescriptor == -1 {
-            return .failure(.cannotDuplicateSocketDescriptor(errno))
-        }
-
         let handle = resolvedConfiguration
             .uapiConfiguration()
             .toRawWireguardConfigString()
-            .withCString { wgTurnOn($0, duplicateFileDescriptor) }
+            .withCString { wgTurnOn($0, self.tunnelFileDescriptor) }
 
         if handle >= 0 {
             self.wireguardHandle = handle
 
             return .success(())
         } else {
-            // `wgTurnOn` does not cover all of the code paths and may leave the file descriptor
-            // open on failure
-            if close(duplicateFileDescriptor) == -1 {
-                self.logger.warning("Failed to close the duplicate tunnel file descriptor. Error: \(errno)")
-            }
-
             return .failure(.start(handle))
         }
     }
diff --git a/ios/wireguard-go-bridge/api-ios.go b/ios/wireguard-go-bridge/api-ios.go
index 93dd323df7..d6eccd8f28 100644
--- a/ios/wireguard-go-bridge/api-ios.go
+++ b/ios/wireguard-go-bridge/api-ios.go
@@ -90,15 +90,22 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 		Info:  log.New(&CLogger{level: 1}, "", 0),
 		Error: log.New(&CLogger{level: 2}, "", 0),
 	}
+	dupTunFd, err := unix.Dup(int(tunFd))
+	if err != nil {
+		logger.Error.Println(err)
+		return -1
+	}
 
-	err := unix.SetNonblock(int(tunFd), true)
+	err = unix.SetNonblock(dupTunFd, true)
 	if err != nil {
 		logger.Error.Println(err)
+		unix.Close(dupTunFd)
 		return -1
 	}
-	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(tunFd), "/dev/tun"), 0)
+	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
 	if err != nil {
 		logger.Error.Println(err)
+		unix.Close(dupTunFd)
 		return -1
 	}
 	logger.Info.Println("Attaching to interface")
@@ -107,6 +114,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 	setError := device.IpcSetOperation(bufio.NewReader(strings.NewReader(C.GoString(settings))))
 	if setError != nil {
 		logger.Error.Println(setError)
+		unix.Close(dupTunFd)
 		return -1
 	}
 
@@ -120,6 +128,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 		}
 	}
 	if i == math.MaxInt32 {
+		unix.Close(dupTunFd)
 		return -1
 	}
 	tunnelHandles[i] = tunnelHandle{device, logger}