diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-10-28 13:05:50 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-10-28 13:05:50 +0100 |
| commit | e15be1e020a6091ab31408b60bb069a8a120aa8a (patch) | |
| tree | 7162a725fd4986d6f15b00f74503fda450e1cdb6 | |
| parent | c3da53088a3150ab82ffbdb17ceb3a0943a00c6d (diff) | |
| parent | 4f1c42b9312484b7287cf1d021002201fe71c834 (diff) | |
| download | mullvadvpn-e15be1e020a6091ab31408b60bb069a8a120aa8a.tar.xz mullvadvpn-e15be1e020a6091ab31408b60bb069a8a120aa8a.zip | |
Merge branch 'macos-custom-dns'
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | mullvad-cli/src/cmds/mod.rs | 2 | ||||
| -rw-r--r-- | mullvad-daemon/src/lib.rs | 14 | ||||
| -rw-r--r-- | mullvad-daemon/src/management_interface.rs | 10 | ||||
| -rw-r--r-- | mullvad-daemon/src/settings.rs | 4 | ||||
| -rw-r--r-- | mullvad-types/src/settings/mod.rs | 8 | ||||
| -rw-r--r-- | talpid-core/src/firewall/linux.rs | 15 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 128 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 11 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connected_state.rs | 8 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connecting_state.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/disconnected_state.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/disconnecting_state.rs | 6 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/error_state.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/mod.rs | 14 |
15 files changed, 137 insertions, 92 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index fd897c8bb5..459e46fbc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,9 @@ Line wrap the file at 100 chars. Th - Use NetworkManager to create a WireGuard interface. - Add support for custom DNS resolvers (CLI only). +#### macOS +- Add support for custom DNS resolvers (CLI only). + ### Changed - Use the API to fetch API IP addresses instead of DNS. - Remove WireGuard keys during uninstallation after the firewall is unlocked. diff --git a/mullvad-cli/src/cmds/mod.rs b/mullvad-cli/src/cmds/mod.rs index cee2361164..eb999a2936 100644 --- a/mullvad-cli/src/cmds/mod.rs +++ b/mullvad-cli/src/cmds/mod.rs @@ -63,7 +63,7 @@ pub fn get_commands() -> HashMap<&'static str, Box<dyn Command>> { Box::new(Disconnect), Box::new(Reconnect), Box::new(Lan), - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Box::new(CustomDns), Box::new(Relay), Box::new(Reset), diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index fa9f679848..0599cb052a 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -26,7 +26,7 @@ use futures::{ }; use log::{debug, error, info, warn}; use mullvad_rpc::AccountsProxy; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use mullvad_types::settings::DnsOptions; use mullvad_types::{ account::{AccountData, AccountToken, VoucherSubmission}, @@ -43,7 +43,7 @@ use mullvad_types::{ wireguard::KeygenEvent, }; use settings::SettingsPersister; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use std::net::IpAddr; #[cfg(not(target_os = "android"))] use std::path::Path; @@ -197,7 +197,7 @@ pub enum DaemonCommand { /// Set if IPv6 should be enabled in the tunnel SetEnableIpv6(oneshot::Sender<()>, bool), /// Set custom DNS servers to use instead of passing requests to the gateway - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] SetDnsOptions(oneshot::Sender<()>, DnsOptions), /// Set MTU for wireguard tunnels SetWireguardMtu(oneshot::Sender<()>, Option<u16>), @@ -582,7 +582,7 @@ where let tunnel_command_tx = tunnel_state_machine::spawn( settings.allow_lan, settings.block_when_disconnected, - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Self::get_custom_resolvers(&settings.tunnel_options.dns_options), tunnel_parameters_generator, log_dir, @@ -636,7 +636,7 @@ where Ok(daemon) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] fn get_custom_resolvers(dns_options: &DnsOptions) -> Option<Vec<IpAddr>> { if dns_options.custom { Some(dns_options.addresses.clone()) @@ -1056,7 +1056,7 @@ where } SetBridgeState(tx, bridge_state) => self.on_set_bridge_state(tx, bridge_state), SetEnableIpv6(tx, enable_ipv6) => self.on_set_enable_ipv6(tx, enable_ipv6), - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] SetDnsOptions(tx, dns_servers) => self.on_set_dns_options(tx, dns_servers), SetWireguardMtu(tx, mtu) => self.on_set_wireguard_mtu(tx, mtu), SetWireguardRotationInterval(tx, interval) => { @@ -1696,7 +1696,7 @@ where } } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] fn on_set_dns_options(&mut self, tx: oneshot::Sender<()>, dns_options: DnsOptions) { let save_result = self.settings.set_dns_options(dns_options.clone()); match save_result { diff --git a/mullvad-daemon/src/management_interface.rs b/mullvad-daemon/src/management_interface.rs index d248a10dc5..a19179a502 100644 --- a/mullvad-daemon/src/management_interface.rs +++ b/mullvad-daemon/src/management_interface.rs @@ -6,7 +6,7 @@ use mullvad_management_interface::{ }; use mullvad_paths; use mullvad_rpc::{rest::Error as RestError, StatusCode}; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use mullvad_types::settings::DnsOptions; use mullvad_types::{ account::AccountToken, @@ -410,7 +410,7 @@ impl ManagementService for ManagementServiceImpl { .map_err(|_| Status::internal("internal error")) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] async fn set_dns_options(&self, request: Request<types::DnsOptions>) -> ServiceResult<()> { let options = request.into_inner(); log::debug!( @@ -441,7 +441,7 @@ impl ManagementService for ManagementServiceImpl { .map(Response::new) .map_err(|_| Status::internal("internal error")) } - #[cfg(not(any(windows, target_os = "linux")))] + #[cfg(target_os = "android")] async fn set_dns_options(&self, _: Request<types::DnsOptions>) -> ServiceResult<()> { Ok(Response::new(())) } @@ -1179,7 +1179,7 @@ fn convert_tunnel_options(options: &TunnelOptions) -> types::TunnelOptions { generic: Some(types::tunnel_options::GenericOptions { enable_ipv6: options.generic.enable_ipv6, }), - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] dns_options: Some(types::DnsOptions { custom: options.dns_options.custom, addresses: options @@ -1189,7 +1189,7 @@ fn convert_tunnel_options(options: &TunnelOptions) -> types::TunnelOptions { .map(|addr| addr.to_string()) .collect(), }), - #[cfg(not(any(windows, target_os = "linux")))] + #[cfg(target_os = "android")] dns_options: None, } } diff --git a/mullvad-daemon/src/settings.rs b/mullvad-daemon/src/settings.rs index f9986c49a5..d67702c575 100644 --- a/mullvad-daemon/src/settings.rs +++ b/mullvad-daemon/src/settings.rs @@ -1,5 +1,5 @@ use log::{debug, error, info}; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use mullvad_types::settings::DnsOptions; use mullvad_types::{ relay_constraints::{BridgeSettings, BridgeState, RelaySettingsUpdate}, @@ -212,7 +212,7 @@ impl SettingsPersister { self.update(should_save) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] pub fn set_dns_options(&mut self, options: DnsOptions) -> Result<bool, Error> { let should_save = Self::update_field(&mut self.settings.tunnel_options.dns_options, options); diff --git a/mullvad-types/src/settings/mod.rs b/mullvad-types/src/settings/mod.rs index df0d622815..4f09fa480b 100644 --- a/mullvad-types/src/settings/mod.rs +++ b/mullvad-types/src/settings/mod.rs @@ -7,7 +7,7 @@ use jnix::IntoJava; use log::{debug, info}; use serde::{Deserialize, Serialize}; use serde_json; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use std::net::IpAddr; use talpid_types::net::{openvpn, wireguard, GenericTunnelOptions}; @@ -167,12 +167,12 @@ pub struct TunnelOptions { #[cfg_attr(target_os = "android", jnix(skip))] pub generic: GenericTunnelOptions, /// Custom DNS options. - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] pub dns_options: DnsOptions, } /// Custom DNS config -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] #[serde(default)] #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize, Hash)] pub struct DnsOptions { @@ -194,7 +194,7 @@ impl Default for TunnelOptions { // Enable IPv6 be default on Android enable_ipv6: cfg!(target_os = "android"), }, - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] dns_options: DnsOptions::default(), } } diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs index f7efcb6fba..5ab02db6ef 100644 --- a/talpid-core/src/firewall/linux.rs +++ b/talpid-core/src/firewall/linux.rs @@ -565,7 +565,7 @@ impl<'a> PolicyBatch<'a> { ) -> Result<()> { let (local_resolvers, remote_resolvers): (Vec<IpAddr>, Vec<IpAddr>) = dns_servers.iter().partition(|server| { - is_local_address(server) + super::is_local_address(server) && *server != &tunnel.ipv4_gateway && !tunnel .ipv6_gateway @@ -854,16 +854,3 @@ fn add_verdict(rule: &mut Rule<'_>, verdict: &expr::Verdict) { } rule.add_expr(verdict); } - -fn is_local_address(address: &IpAddr) -> bool { - let address = address.clone(); - for net in (&*super::ALLOWED_LAN_NETS) - .iter() - .chain(&*super::LOOPBACK_NETS) - { - if net.contains(address) { - return true; - } - } - false -} diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index 140829a10a..dfdc1e31fc 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -114,50 +114,12 @@ impl Firewall { peer_endpoint, tunnel, allow_lan, + dns_servers, } => { let mut rules = vec![]; - let allow_tcp_dns_to_relay_rule = self - .create_rule_builder(FilterRuleAction::Pass) - .direction(pfctl::Direction::Out) - .quick(true) - .interface(&tunnel.interface) - .proto(pfctl::Proto::Tcp) - .keep_state(pfctl::StatePolicy::Keep) - .tcp_flags(Self::get_tcp_flags()) - .to(pfctl::Endpoint::new(tunnel.ipv4_gateway, 53)) - .build()?; - rules.push(allow_tcp_dns_to_relay_rule); - let allow_udp_dns_to_relay_rule = self - .create_rule_builder(FilterRuleAction::Pass) - .direction(pfctl::Direction::Out) - .quick(true) - .interface(&tunnel.interface) - .proto(pfctl::Proto::Udp) - .to(pfctl::Endpoint::new(tunnel.ipv4_gateway, 53)) - .build()?; - rules.push(allow_udp_dns_to_relay_rule); - if let Some(ipv6_gateway) = tunnel.ipv6_gateway { - let v6_dns_rule_tcp = self - .create_rule_builder(FilterRuleAction::Pass) - .direction(pfctl::Direction::Out) - .quick(true) - .interface(&tunnel.interface) - .proto(pfctl::Proto::Tcp) - .keep_state(pfctl::StatePolicy::Keep) - .tcp_flags(Self::get_tcp_flags()) - .to(pfctl::Endpoint::new(ipv6_gateway, 53)) - .build()?; - rules.push(v6_dns_rule_tcp); - let v6_dns_rule_udp = self - .create_rule_builder(FilterRuleAction::Pass) - .direction(pfctl::Direction::Out) - .quick(true) - .interface(&tunnel.interface) - .proto(pfctl::Proto::Udp) - .to(pfctl::Endpoint::new(ipv6_gateway, 53)) - .build()?; - rules.push(v6_dns_rule_udp); + for server in &dns_servers { + rules.append(&mut self.get_allow_dns_rules(&tunnel, *server)?); } rules.push(self.get_allow_relay_rule(peer_endpoint)?); @@ -186,6 +148,90 @@ impl Firewall { } } + fn get_allow_dns_rules( + &self, + tunnel: &crate::tunnel::TunnelMetadata, + server: IpAddr, + ) -> Result<Vec<pfctl::FilterRule>> { + let mut rules = Vec::with_capacity(4); + + let is_local = super::is_local_address(&server) + && server != tunnel.ipv4_gateway + && !tunnel + .ipv6_gateway + .map(|ref gateway| &server == gateway) + .unwrap_or(false); + + if is_local { + // Block requests on the tunnel interface + let block_tunnel_tcp = self + .create_rule_builder(FilterRuleAction::Drop(DropAction::Return)) + .direction(pfctl::Direction::Out) + .quick(true) + .interface(&tunnel.interface) + .proto(pfctl::Proto::Tcp) + .keep_state(pfctl::StatePolicy::None) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(block_tunnel_tcp); + let block_tunnel_udp = self + .create_rule_builder(FilterRuleAction::Drop(DropAction::Return)) + .direction(pfctl::Direction::Out) + .quick(true) + .interface(&tunnel.interface) + .proto(pfctl::Proto::Udp) + .keep_state(pfctl::StatePolicy::None) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(block_tunnel_udp); + + // Allow requests on other interfaces + let allow_nontunnel_tcp = self + .create_rule_builder(FilterRuleAction::Pass) + .direction(pfctl::Direction::Out) + .quick(true) + .proto(pfctl::Proto::Tcp) + .keep_state(pfctl::StatePolicy::Keep) + .tcp_flags(Self::get_tcp_flags()) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(allow_nontunnel_tcp); + let allow_nontunnel_udp = self + .create_rule_builder(FilterRuleAction::Pass) + .direction(pfctl::Direction::Out) + .quick(true) + .proto(pfctl::Proto::Udp) + .keep_state(pfctl::StatePolicy::Keep) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(allow_nontunnel_udp); + } else { + // Allow outgoing requests on the tunnel interface only + let allow_tunnel_tcp = self + .create_rule_builder(FilterRuleAction::Pass) + .direction(pfctl::Direction::Out) + .quick(true) + .interface(&tunnel.interface) + .proto(pfctl::Proto::Tcp) + .keep_state(pfctl::StatePolicy::Keep) + .tcp_flags(Self::get_tcp_flags()) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(allow_tunnel_tcp); + let allow_tunnel_udp = self + .create_rule_builder(FilterRuleAction::Pass) + .direction(pfctl::Direction::Out) + .quick(true) + .interface(&tunnel.interface) + .proto(pfctl::Proto::Udp) + .to(pfctl::Endpoint::new(server, 53)) + .build()?; + rules.push(allow_tunnel_udp); + }; + + Ok(rules) + } + fn get_allow_relay_rule(&self, relay_endpoint: net::Endpoint) -> Result<pfctl::FilterRule> { let pfctl_proto = as_pfctl_proto(relay_endpoint.protocol); diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index 4ae51a73a2..b467f37d98 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -82,6 +82,15 @@ const DHCPV6_SERVER_PORT: u16 = 547; const DHCPV6_CLIENT_PORT: u16 = 546; +#[cfg(all(unix, not(target_os = "android")))] +fn is_local_address(address: &IpAddr) -> bool { + let address = address.clone(); + (&*ALLOWED_LAN_NETS) + .iter() + .chain(&*LOOPBACK_NETS) + .any(|net| net.contains(address)) +} + /// A enum that describes network security strategy /// /// # Firewall block/allow specification. @@ -116,7 +125,7 @@ pub enum FirewallPolicy { /// Flag setting if communication with LAN networks should be possible. allow_lan: bool, /// Servers that are allowed to respond to DNS requests. - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] dns_servers: Vec<IpAddr>, /// A process that is allowed to send packets to the relay. #[cfg(windows)] diff --git a/talpid-core/src/tunnel_state_machine/connected_state.rs b/talpid-core/src/tunnel_state_machine/connected_state.rs index 2ef41b4a91..9e2d00f34d 100644 --- a/talpid-core/src/tunnel_state_machine/connected_state.rs +++ b/talpid-core/src/tunnel_state_machine/connected_state.rs @@ -78,7 +78,7 @@ impl ConnectedState { #[allow(unused_variables)] fn get_dns_servers(&self, shared_values: &SharedTunnelStateValues) -> Vec<IpAddr> { - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] if let Some(ref servers) = shared_values.custom_dns { servers.clone() } else { @@ -89,7 +89,7 @@ impl ConnectedState { }; dns_ips } - #[cfg(not(any(windows, target_os = "linux")))] + #[cfg(target_os = "android")] { let mut dns_ips = vec![]; dns_ips.push(self.metadata.ipv4_gateway.into()); @@ -105,7 +105,7 @@ impl ConnectedState { peer_endpoint: self.tunnel_parameters.get_next_hop_endpoint(), tunnel: self.metadata.clone(), allow_lan: shared_values.allow_lan, - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] dns_servers: self.get_dns_servers(shared_values), #[cfg(windows)] relay_client: TunnelMonitor::get_relay_client( @@ -182,7 +182,7 @@ impl ConnectedState { } } } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { if shared_values.custom_dns != servers { shared_values.custom_dns = servers; diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs index 036e4356cd..f1799b5b03 100644 --- a/talpid-core/src/tunnel_state_machine/connecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs @@ -227,7 +227,7 @@ impl ConnectingState { } } } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; SameState(self.into()) diff --git a/talpid-core/src/tunnel_state_machine/disconnected_state.rs b/talpid-core/src/tunnel_state_machine/disconnected_state.rs index 9fc8aa781f..7f8bdc6602 100644 --- a/talpid-core/src/tunnel_state_machine/disconnected_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnected_state.rs @@ -82,7 +82,7 @@ impl TunnelState for DisconnectedState { } SameState(self.into()) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; SameState(self.into()) diff --git a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs index 2ea612e26e..35278901e1 100644 --- a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs @@ -32,7 +32,7 @@ impl DisconnectingState { let _ = shared_values.set_allow_lan(allow_lan); AfterDisconnect::Nothing } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; AfterDisconnect::Nothing @@ -54,7 +54,7 @@ impl DisconnectingState { let _ = shared_values.set_allow_lan(allow_lan); AfterDisconnect::Block(reason) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; AfterDisconnect::Block(reason) @@ -81,7 +81,7 @@ impl DisconnectingState { let _ = shared_values.set_allow_lan(allow_lan); AfterDisconnect::Reconnect(retry_attempt) } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; AfterDisconnect::Reconnect(retry_attempt) diff --git a/talpid-core/src/tunnel_state_machine/error_state.rs b/talpid-core/src/tunnel_state_machine/error_state.rs index 91abf34688..875f3c0833 100644 --- a/talpid-core/src/tunnel_state_machine/error_state.rs +++ b/talpid-core/src/tunnel_state_machine/error_state.rs @@ -102,7 +102,7 @@ impl TunnelState for ErrorState { SameState(self.into()) } } - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] Some(TunnelCommand::CustomDns(servers)) => { shared_values.custom_dns = servers; SameState(self.into()) diff --git a/talpid-core/src/tunnel_state_machine/mod.rs b/talpid-core/src/tunnel_state_machine/mod.rs index d4d337925f..b98eb820d1 100644 --- a/talpid-core/src/tunnel_state_machine/mod.rs +++ b/talpid-core/src/tunnel_state_machine/mod.rs @@ -24,7 +24,7 @@ use futures::{ channel::{mpsc, oneshot}, stream, StreamExt, }; -#[cfg(any(windows, target_os = "linux"))] +#[cfg(not(target_os = "android"))] use std::net::IpAddr; use std::{ collections::HashSet, @@ -76,7 +76,7 @@ pub enum Error { pub async fn spawn( allow_lan: bool, block_when_disconnected: bool, - #[cfg(any(windows, target_os = "linux"))] custom_dns: Option<Vec<IpAddr>>, + #[cfg(not(target_os = "android"))] custom_dns: Option<Vec<IpAddr>>, tunnel_parameters_generator: impl TunnelParametersGenerator, log_dir: Option<PathBuf>, resource_dir: PathBuf, @@ -112,7 +112,7 @@ pub async fn spawn( allow_lan, block_when_disconnected, is_offline, - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] custom_dns, tunnel_parameters_generator, tun_provider, @@ -153,7 +153,7 @@ pub enum TunnelCommand { /// Enable or disable LAN access in the firewall. AllowLan(bool), /// Set custom DNS servers to use. - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] CustomDns(Option<Vec<IpAddr>>), /// Enable or disable the block_when_disconnected feature. BlockWhenDisconnected(bool), @@ -192,7 +192,7 @@ impl TunnelStateMachine { allow_lan: bool, block_when_disconnected: bool, is_offline: bool, - #[cfg(any(windows, target_os = "linux"))] custom_dns: Option<Vec<IpAddr>>, + #[cfg(not(target_os = "android"))] custom_dns: Option<Vec<IpAddr>>, tunnel_parameters_generator: impl TunnelParametersGenerator, tun_provider: TunProvider, log_dir: Option<PathBuf>, @@ -217,7 +217,7 @@ impl TunnelStateMachine { allow_lan, block_when_disconnected, is_offline, - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] custom_dns, tunnel_parameters_generator: Box::new(tunnel_parameters_generator), tun_provider, @@ -289,7 +289,7 @@ struct SharedTunnelStateValues { /// True when the computer is known to be offline. is_offline: bool, /// Custom DNS servers to use. - #[cfg(any(windows, target_os = "linux"))] + #[cfg(not(target_os = "android"))] custom_dns: Option<Vec<IpAddr>>, /// The generator of new `TunnelParameter`s tunnel_parameters_generator: Box<dyn TunnelParametersGenerator>, |