diff options
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 4 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/disconnected_state.rs | 3 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/error_state.rs | 10 | ||||
| -rw-r--r-- | talpid-core/src/tunnel_state_machine/mod.rs | 14 |
4 files changed, 19 insertions, 12 deletions
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index d0b7092e68..a10f82bc69 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -172,6 +172,8 @@ impl Firewall { } } + /// Constructs rules that allow DNS traffic coming from processes that belong to the excluded + /// group ID to leak. fn get_allow_excluded_dns_rules(&self) -> Result<[pfctl::FilterRule; 2]> { let mut builder = self.create_rule_builder(FilterRuleAction::Pass); @@ -344,6 +346,8 @@ impl Firewall { Ok(vec![lo0_rule]) } + /// Constructs firewall rules that allow traffic to a set of allowed IP addresses coming from + /// UID 0 processes to leak. fn get_exclusion_rules( &self, allowed_ips: &BTreeSet<IpAddr>, diff --git a/talpid-core/src/tunnel_state_machine/disconnected_state.rs b/talpid-core/src/tunnel_state_machine/disconnected_state.rs index 544da58f55..58e5aa23ac 100644 --- a/talpid-core/src/tunnel_state_machine/disconnected_state.rs +++ b/talpid-core/src/tunnel_state_machine/disconnected_state.rs @@ -88,6 +88,7 @@ impl DisconnectedState { } } + /// Starts the filtering resolver and configures host to use it. #[cfg(target_os = "macos")] fn start_filtering_resolver( &mut self, @@ -303,6 +304,8 @@ impl TunnelState for DisconnectedState { } } +/// Maps a DNS or a resovler error to an [ErrorStateCause] to be used when failing to start a +/// filtering resolver. #[cfg(target_os = "macos")] fn map_filtering_resolver_start( err: &either::Either<resolver::Error, dns::Error>, diff --git a/talpid-core/src/tunnel_state_machine/error_state.rs b/talpid-core/src/tunnel_state_machine/error_state.rs index a7f3e1ce2f..6a32ec157c 100644 --- a/talpid-core/src/tunnel_state_machine/error_state.rs +++ b/talpid-core/src/tunnel_state_machine/error_state.rs @@ -129,13 +129,21 @@ impl TunnelState for ErrorState { ); return Self::enter(shared_values, ErrorStateCause::SetDnsError); } - match shared_values.get_filtering_resolver_config() { + match shared_values.dns_monitor.get_system_config() { Ok(host_config) => host_config, Err(err) => { log::error!( "{}", err.display_chain_with_msg("Failed to start filtering resolver") ); + if let Err(err) = shared_values.dns_monitor.reset() { + log::error!( + "{}", + err.display_chain_with_msg( + "Faield to reset DNS after failing to obtain host config" + ) + ); + } return Self::enter(shared_values, ErrorStateCause::FilteringResolverError); } } diff --git a/talpid-core/src/tunnel_state_machine/mod.rs b/talpid-core/src/tunnel_state_machine/mod.rs index a48a17a25f..dd6ee01e52 100644 --- a/talpid-core/src/tunnel_state_machine/mod.rs +++ b/talpid-core/src/tunnel_state_machine/mod.rs @@ -438,6 +438,8 @@ impl SharedTunnelStateValues { Ok(()) } + /// Sets the filtering resolver setting and toggles it's state to either inactive or shutdown + /// state. #[cfg(target_os = "macos")] pub fn deactivate_filtering_resolver( &mut self, @@ -447,6 +449,7 @@ impl SharedTunnelStateValues { self.disable_filtering_resolver() } + /// Toggles filtering resolver state to either inactive or shutdown. #[cfg(target_os = "macos")] pub fn disable_filtering_resolver(&mut self) -> Result<(), crate::resolver::Error> { if self.enable_filtering_resolver { @@ -531,17 +534,6 @@ impl SharedTunnelStateValues { } let _ = tx.send(()); } - - #[cfg(target_os = "macos")] - pub fn get_filtering_resolver_config( - &mut self, - ) -> Result<Option<(String, Vec<IpAddr>)>, crate::dns::Error> { - if self.enable_filtering_resolver { - self.dns_monitor.get_system_config() - } else { - Ok(None) - } - } } /// Asynchronous result of an attempt to progress a state. |