diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-07-27 10:26:29 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-08-04 10:52:43 +0200 |
| commit | b2e6f7a77b35cddd77b60abe4fd8a7d455d556bd (patch) | |
| tree | f30c9d6834b608d9a4a9b9f14550980d71db50e8 /talpid-core | |
| parent | d56489a33d017ac75b56900abe5ff0097915bf97 (diff) | |
| download | mullvadvpn-b2e6f7a77b35cddd77b60abe4fd8a7d455d556bd.tar.xz mullvadvpn-b2e6f7a77b35cddd77b60abe4fd8a7d455d556bd.zip | |
Return specific firewall policy error to the error state and frontends
Diffstat (limited to 'talpid-core')
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connected_state.rs | 45 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/connecting_state.rs | 49 |
2 files changed, 51 insertions, 43 deletions
diff --git a/talpid-core/src/tunnel_state_machine/connected_state.rs b/talpid-core/src/tunnel_state_machine/connected_state.rs index 7ddc9bedeb..43595a4e79 100644 --- a/talpid-core/src/tunnel_state_machine/connected_state.rs +++ b/talpid-core/src/tunnel_state_machine/connected_state.rs @@ -12,7 +12,7 @@ use futures01::{ }; use talpid_types::{ net::{Endpoint, TunnelParameters}, - tunnel::ErrorStateCause, + tunnel::{ErrorStateCause, FirewallPolicyError}, BoxedError, ErrorExt, }; @@ -51,7 +51,7 @@ impl ConnectedState { fn set_firewall_policy( &self, shared_values: &mut SharedTunnelStateValues, - ) -> Result<(), crate::firewall::Error> { + ) -> Result<(), FirewallPolicyError> { // If a proxy is specified we need to pass it on as the peer endpoint. let peer_endpoint = self.get_endpoint_from_params(); @@ -65,7 +65,24 @@ impl ConnectedState { &self.tunnel_parameters, ), }; - shared_values.firewall.apply_policy(policy) + shared_values + .firewall + .apply_policy(policy) + .map_err(|error| { + log::error!( + "{}", + error.display_chain_with_msg( + "Failed to apply firewall policy for connected state" + ) + ); + #[cfg(windows)] + match error { + crate::firewall::Error::ApplyingConnectedPolicy(policy_error) => policy_error, + _ => FirewallPolicyError::Generic, + } + #[cfg(not(windows))] + FirewallPolicyError::Generic + }) } fn get_endpoint_from_params(&self) -> Endpoint { @@ -140,18 +157,10 @@ impl ConnectedState { } else { match self.set_firewall_policy(shared_values) { Ok(()) => SameState(self), - Err(error) => { - log::error!( - "{}", - error.display_chain_with_msg( - "Failed to apply firewall policy for connected state" - ) - ); - self.disconnect( - shared_values, - AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError), - ) - } + Err(error) => self.disconnect( + shared_values, + AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError(error)), + ), } } } @@ -237,16 +246,12 @@ impl TunnelState for ConnectedState { let tunnel_endpoint = connected_state.tunnel_parameters.get_tunnel_endpoint(); if let Err(error) = connected_state.set_firewall_policy(shared_values) { - log::error!( - "{}", - error.display_chain_with_msg("Failed to apply firewall policy for connected state") - ); DisconnectingState::enter( shared_values, ( connected_state.close_handle, connected_state.tunnel_close_event, - AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError), + AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError(error)), ), ) } else if let Err(error) = connected_state.set_dns(shared_values) { diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs index bb0cd3db19..d206b34a23 100644 --- a/talpid-core/src/tunnel_state_machine/connecting_state.rs +++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs @@ -23,7 +23,7 @@ use std::{ }; use talpid_types::{ net::{openvpn, TunnelParameters}, - tunnel::ErrorStateCause, + tunnel::{ErrorStateCause, FirewallPolicyError}, ErrorExt, }; @@ -47,7 +47,7 @@ impl ConnectingState { fn set_firewall_policy( shared_values: &mut SharedTunnelStateValues, params: &TunnelParameters, - ) -> Result<(), crate::firewall::Error> { + ) -> Result<(), FirewallPolicyError> { let proxy = &get_openvpn_proxy_settings(¶ms); let endpoint = params.get_tunnel_endpoint().endpoint; @@ -63,7 +63,22 @@ impl ConnectingState { #[cfg(windows)] relay_client: TunnelMonitor::get_relay_client(&shared_values.resource_dir, ¶ms), }; - shared_values.firewall.apply_policy(policy) + shared_values + .firewall + .apply_policy(policy) + .map_err(|error| { + error!( + "{}", + error.display_chain_with_msg( + "Failed to apply firewall policy for connecting state" + ) + ); + match error { + #[cfg(windows)] + crate::firewall::Error::ApplyingConnectingPolicy(policy_error) => policy_error, + _ => FirewallPolicyError::Generic, + } + }) } fn start_tunnel( @@ -206,19 +221,10 @@ impl ConnectingState { } else { match Self::set_firewall_policy(shared_values, &self.tunnel_parameters) { Ok(()) => SameState(self), - Err(error) => { - error!( - "{}", - error.display_chain_with_msg( - "Failed to apply firewall policy for connecting state" - ) - ); - - self.disconnect( - shared_values, - AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError), - ) - } + Err(error) => self.disconnect( + shared_values, + AfterDisconnect::Block(ErrorStateCause::SetFirewallPolicyError(error)), + ), } } } @@ -352,13 +358,10 @@ impl TunnelState for ConnectingState { } Ok(tunnel_parameters) => { if let Err(error) = Self::set_firewall_policy(shared_values, &tunnel_parameters) { - error!( - "{}", - error.display_chain_with_msg( - "Failed to apply firewall policy for connecting state" - ) - ); - ErrorState::enter(shared_values, ErrorStateCause::SetFirewallPolicyError) + ErrorState::enter( + shared_values, + ErrorStateCause::SetFirewallPolicyError(error), + ) } else { #[cfg(target_os = "linux")] if let Err(error) = shared_values.route_manager.enable_exclusions_routes() { |