diff options
| author | David Lönnhager <david.l@mullvad.net> | 2023-01-16 14:02:21 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2023-01-18 16:33:24 +0100 |
| commit | b1950b322454a95400cf6a1fcda763b81a7cae38 (patch) | |
| tree | 4920bc41675e3f1298cc4e72d3c9803d7a45aca7 | |
| parent | bd702b18cf738f0d8449e132d55962201d258b41 (diff) | |
| download | mullvadvpn-b1950b322454a95400cf6a1fcda763b81a7cae38.tar.xz mullvadvpn-b1950b322454a95400cf6a1fcda763b81a7cae38.zip | |
Clear tunnel metadata in connecting state when tunnel goes down
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connecting_state.rs | 14 | ||||
| -rw-r--r-- | talpid-tunnel/src/lib.rs | 2 | ||||
| -rw-r--r-- | talpid-wireguard/src/lib.rs | 5 |
3 files changed, 16 insertions, 5 deletions
diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs index ad91cb184a..d5a49904eb 100644 --- a/talpid-core/src/tunnel_state_machine/connecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs @@ -40,6 +40,8 @@ const MIN_TUNNEL_ALIVE_TIME: Duration = Duration::from_millis(1000); #[cfg(target_os = "windows")] const MAX_ADAPTER_FAIL_RETRIES: u32 = 4; +const INITIAL_ALLOWED_TUNNEL_TRAFFIC: AllowedTunnelTraffic = AllowedTunnelTraffic::None; + /// The tunnel has been started, but it is not established/functional. pub struct ConnectingState { tunnel_events: TunnelEventsReceiver, @@ -208,7 +210,7 @@ impl ConnectingState { tunnel_events: event_rx.fuse(), tunnel_parameters: parameters, tunnel_metadata: None, - allowed_tunnel_traffic: AllowedTunnelTraffic::None, + allowed_tunnel_traffic: INITIAL_ALLOWED_TUNNEL_TRAFFIC, tunnel_close_event: tunnel_close_event_rx.fuse(), tunnel_close_tx, retry_attempt, @@ -441,7 +443,15 @@ impl ConnectingState { shared_values, self.into_connected_state_bootstrap(metadata), )), - Some((TunnelEvent::Down, _)) => SameState(self.into()), + Some((TunnelEvent::Down, _)) => { + // It is important to reset this before the tunnel device is down, + // or else commands that reapply the firewall rules will fail since + // they refer to a non-existent device. + self.allowed_tunnel_traffic = INITIAL_ALLOWED_TUNNEL_TRAFFIC; + self.tunnel_metadata = None; + + SameState(self.into()) + } None => { // The channel was closed log::debug!("The tunnel disconnected unexpectedly"); diff --git a/talpid-tunnel/src/lib.rs b/talpid-tunnel/src/lib.rs index fc964ae82e..8a916c668d 100644 --- a/talpid-tunnel/src/lib.rs +++ b/talpid-tunnel/src/lib.rs @@ -57,6 +57,6 @@ pub enum TunnelEvent { InterfaceUp(TunnelMetadata, AllowedTunnelTraffic), /// Sent when the tunnel comes up and is ready for traffic. Up(TunnelMetadata), - /// Sent when the tunnel goes down. + /// Sent when the tunnel goes down, but before destroying the tunnel device. Down, } diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs index 28e12e0238..8cb85e460e 100644 --- a/talpid-wireguard/src/lib.rs +++ b/talpid-wireguard/src/lib.rs @@ -639,10 +639,11 @@ impl WireguardMonitor { let _ = self.pinger_stop_sender.send(()); - self.stop_tunnel(); - self.runtime .block_on((self.event_callback)(TunnelEvent::Down)); + + self.stop_tunnel(); + wait_result } |