summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mullvad-daemon/src/lib.rs7
-rw-r--r--talpid-core/src/tunnel_state_machine/blocked_state.rs19
-rw-r--r--talpid-core/src/tunnel_state_machine/connected_state.rs20
-rw-r--r--talpid-core/src/tunnel_state_machine/connecting_state.rs36
-rw-r--r--talpid-core/src/tunnel_state_machine/disconnected_state.rs4
-rw-r--r--talpid-core/src/tunnel_state_machine/disconnecting_state.rs25
-rw-r--r--talpid-core/src/tunnel_state_machine/mod.rs14
7 files changed, 56 insertions, 69 deletions
diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs
index 5362d0805c..76ec9004ba 100644
--- a/mullvad-daemon/src/lib.rs
+++ b/mullvad-daemon/src/lib.rs
@@ -211,9 +211,11 @@ impl Daemon {
let relay_selector =
relays::RelaySelector::new(rpc_handle.clone(), &resource_dir, &cache_dir);
+ let settings = Settings::load().chain_err(|| "Unable to read settings")?;
let (tx, rx) = mpsc::channel();
let tunnel_command_tx = tunnel_state_machine::spawn(
+ settings.get_allow_lan(),
log_dir,
resource_dir,
cache_dir.clone(),
@@ -237,7 +239,7 @@ impl Daemon {
management_interface_broadcaster: management_interface_result.0,
#[cfg(unix)]
management_interface_socket_path: management_interface_result.1,
- settings: Settings::load().chain_err(|| "Unable to read settings")?,
+ settings,
accounts_proxy: AccountsProxy::new(rpc_handle.clone()),
version_proxy: AppVersionProxy::new(rpc_handle),
https_handle,
@@ -622,7 +624,7 @@ impl Daemon {
.map(|parameters| TunnelCommand::Connect(parameters))
.unwrap_or_else(|error| {
error!("{}", error.display_chain());
- TunnelCommand::Block(BlockReason::NoMatchingRelay, self.settings.get_allow_lan())
+ TunnelCommand::Block(BlockReason::NoMatchingRelay)
});
self.send_tunnel_command(command);
}
@@ -648,7 +650,6 @@ impl Daemon {
endpoint,
options: self.settings.get_tunnel_options().clone(),
username: account_token,
- allow_lan: self.settings.get_allow_lan(),
}
}
diff --git a/talpid-core/src/tunnel_state_machine/blocked_state.rs b/talpid-core/src/tunnel_state_machine/blocked_state.rs
index 6c50e2b9f7..33cdd3a1e1 100644
--- a/talpid-core/src/tunnel_state_machine/blocked_state.rs
+++ b/talpid-core/src/tunnel_state_machine/blocked_state.rs
@@ -14,8 +14,10 @@ use security::SecurityPolicy;
pub struct BlockedState;
impl BlockedState {
- fn set_security_policy(shared_values: &mut SharedTunnelStateValues, allow_lan: bool) {
- let policy = SecurityPolicy::Blocked { allow_lan };
+ fn set_security_policy(shared_values: &mut SharedTunnelStateValues) {
+ let policy = SecurityPolicy::Blocked {
+ allow_lan: shared_values.allow_lan,
+ };
if let Err(error) = shared_values
.security
.apply_policy(policy)
@@ -27,13 +29,13 @@ impl BlockedState {
}
impl TunnelState for BlockedState {
- type Bootstrap = (BlockReason, bool);
+ type Bootstrap = BlockReason;
fn enter(
shared_values: &mut SharedTunnelStateValues,
- (block_reason, allow_lan): Self::Bootstrap,
+ block_reason: Self::Bootstrap,
) -> (TunnelStateWrapper, TunnelStateTransition) {
- Self::set_security_policy(shared_values, allow_lan);
+ Self::set_security_policy(shared_values);
(
TunnelStateWrapper::from(BlockedState),
TunnelStateTransition::Blocked(block_reason),
@@ -49,7 +51,8 @@ impl TunnelState for BlockedState {
match try_handle_event!(self, commands.poll()) {
Ok(TunnelCommand::AllowLan(allow_lan)) => {
- Self::set_security_policy(shared_values, allow_lan);
+ shared_values.allow_lan = allow_lan;
+ Self::set_security_policy(shared_values);
SameState(self)
}
Ok(TunnelCommand::Connect(parameters)) => {
@@ -58,8 +61,8 @@ impl TunnelState for BlockedState {
Ok(TunnelCommand::Disconnect) | Err(_) => {
NewState(DisconnectedState::enter(shared_values, ()))
}
- Ok(TunnelCommand::Block(reason, allow_lan)) => {
- NewState(BlockedState::enter(shared_values, (reason, allow_lan)))
+ Ok(TunnelCommand::Block(reason)) => {
+ NewState(BlockedState::enter(shared_values, reason))
}
}
}
diff --git a/talpid-core/src/tunnel_state_machine/connected_state.rs b/talpid-core/src/tunnel_state_machine/connected_state.rs
index 1308e82032..7d04bf0c3b 100644
--- a/talpid-core/src/tunnel_state_machine/connected_state.rs
+++ b/talpid-core/src/tunnel_state_machine/connected_state.rs
@@ -44,7 +44,7 @@ impl ConnectedState {
let policy = SecurityPolicy::Connected {
relay_endpoint: self.tunnel_parameters.endpoint.to_endpoint(),
tunnel: self.metadata.clone(),
- allow_lan: self.tunnel_parameters.allow_lan,
+ allow_lan: shared_values.allow_lan,
};
shared_values
.security
@@ -53,7 +53,7 @@ impl ConnectedState {
}
fn handle_commands(
- mut self,
+ self,
commands: &mut mpsc::UnboundedReceiver<TunnelCommand>,
shared_values: &mut SharedTunnelStateValues,
) -> EventConsequence<Self> {
@@ -61,7 +61,7 @@ impl ConnectedState {
match try_handle_event!(self, commands.poll()) {
Ok(TunnelCommand::AllowLan(allow_lan)) => {
- self.tunnel_parameters.allow_lan = allow_lan;
+ shared_values.allow_lan = allow_lan;
match self.set_security_policy(shared_values) {
Ok(()) => SameState(self),
@@ -73,10 +73,7 @@ impl ConnectedState {
(
self.close_handle,
self.tunnel_close_event,
- AfterDisconnect::Block(
- BlockReason::SetSecurityPolicyError,
- allow_lan,
- ),
+ AfterDisconnect::Block(BlockReason::SetSecurityPolicyError),
),
))
}
@@ -104,12 +101,12 @@ impl ConnectedState {
AfterDisconnect::Nothing,
),
)),
- Ok(TunnelCommand::Block(reason, allow_lan)) => NewState(DisconnectingState::enter(
+ Ok(TunnelCommand::Block(reason)) => NewState(DisconnectingState::enter(
shared_values,
(
self.close_handle,
self.tunnel_close_event,
- AfterDisconnect::Block(reason, allow_lan),
+ AfterDisconnect::Block(reason),
),
)),
}
@@ -176,10 +173,7 @@ impl TunnelState for ConnectedState {
(
connected_state.close_handle,
connected_state.tunnel_close_event,
- AfterDisconnect::Block(
- BlockReason::SetSecurityPolicyError,
- connected_state.tunnel_parameters.allow_lan,
- ),
+ AfterDisconnect::Block(BlockReason::SetSecurityPolicyError),
),
)
}
diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs
index 1dc057a7e5..d8bc5fea92 100644
--- a/talpid-core/src/tunnel_state_machine/connecting_state.rs
+++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs
@@ -55,11 +55,10 @@ impl ConnectingState {
fn set_security_policy(
shared_values: &mut SharedTunnelStateValues,
endpoint: TunnelEndpoint,
- allow_lan: bool,
) -> Result<()> {
let policy = SecurityPolicy::Connecting {
relay_endpoint: endpoint.to_endpoint(),
- allow_lan,
+ allow_lan: shared_values.allow_lan,
};
shared_values
.security
@@ -172,7 +171,7 @@ impl ConnectingState {
}
fn handle_commands(
- mut self,
+ self,
commands: &mut mpsc::UnboundedReceiver<TunnelCommand>,
shared_values: &mut SharedTunnelStateValues,
) -> EventConsequence<Self> {
@@ -180,12 +179,8 @@ impl ConnectingState {
match try_handle_event!(self, commands.poll()) {
Ok(TunnelCommand::AllowLan(allow_lan)) => {
- self.tunnel_parameters.allow_lan = allow_lan;
- match Self::set_security_policy(
- shared_values,
- self.tunnel_parameters.endpoint,
- allow_lan,
- ) {
+ shared_values.allow_lan = allow_lan;
+ match Self::set_security_policy(shared_values, self.tunnel_parameters.endpoint) {
Ok(()) => SameState(self),
Err(error) => {
error!("{}", error.display_chain());
@@ -195,10 +190,7 @@ impl ConnectingState {
(
self.close_handle,
self.tunnel_close_event,
- AfterDisconnect::Block(
- BlockReason::SetSecurityPolicyError,
- allow_lan,
- ),
+ AfterDisconnect::Block(BlockReason::SetSecurityPolicyError),
),
))
}
@@ -226,12 +218,12 @@ impl ConnectingState {
AfterDisconnect::Nothing,
),
)),
- Ok(TunnelCommand::Block(reason, allow_lan)) => NewState(DisconnectingState::enter(
+ Ok(TunnelCommand::Block(reason)) => NewState(DisconnectingState::enter(
shared_values,
(
self.close_handle,
self.tunnel_close_event,
- AfterDisconnect::Block(reason, allow_lan),
+ AfterDisconnect::Block(reason),
),
)),
}
@@ -249,10 +241,7 @@ impl ConnectingState {
(
self.close_handle,
self.tunnel_close_event,
- AfterDisconnect::Block(
- BlockReason::AuthFailed(reason),
- self.tunnel_parameters.allow_lan,
- ),
+ AfterDisconnect::Block(BlockReason::AuthFailed(reason)),
),
)),
Ok(TunnelEvent::Up(metadata)) => NewState(ConnectedState::enter(
@@ -299,12 +288,9 @@ impl TunnelState for ConnectingState {
shared_values: &mut SharedTunnelStateValues,
parameters: Self::Bootstrap,
) -> (TunnelStateWrapper, TunnelStateTransition) {
- let allow_lan = parameters.allow_lan;
- if let Err(error) =
- Self::set_security_policy(shared_values, parameters.endpoint, parameters.allow_lan)
- {
+ if let Err(error) = Self::set_security_policy(shared_values, parameters.endpoint) {
error!("{}", error.display_chain());
- return BlockedState::enter(shared_values, (BlockReason::StartTunnelError, allow_lan));
+ return BlockedState::enter(shared_values, BlockReason::StartTunnelError);
}
match Self::start_tunnel(
@@ -327,7 +313,7 @@ impl TunnelState for ConnectingState {
let chained_error = error.chain_err(|| "Failed to start tunnel");
error!("{}", chained_error.display_chain());
- BlockedState::enter(shared_values, (block_reason, allow_lan))
+ BlockedState::enter(shared_values, block_reason)
}
}
}
diff --git a/talpid-core/src/tunnel_state_machine/disconnected_state.rs b/talpid-core/src/tunnel_state_machine/disconnected_state.rs
index d65f8f63de..7074e7c961 100644
--- a/talpid-core/src/tunnel_state_machine/disconnected_state.rs
+++ b/talpid-core/src/tunnel_state_machine/disconnected_state.rs
@@ -45,8 +45,8 @@ impl TunnelState for DisconnectedState {
Ok(TunnelCommand::Connect(parameters)) => {
NewState(ConnectingState::enter(shared_values, parameters))
}
- Ok(TunnelCommand::Block(reason, allow_lan)) => {
- NewState(BlockedState::enter(shared_values, (reason, allow_lan)))
+ Ok(TunnelCommand::Block(reason)) => {
+ NewState(BlockedState::enter(shared_values, reason))
}
Ok(_) => SameState(self),
Err(_) => Finished,
diff --git a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs
index 47467e3090..429c3ef07b 100644
--- a/talpid-core/src/tunnel_state_machine/disconnecting_state.rs
+++ b/talpid-core/src/tunnel_state_machine/disconnecting_state.rs
@@ -24,6 +24,7 @@ impl DisconnectingState {
fn handle_commands(
mut self,
commands: &mut mpsc::UnboundedReceiver<TunnelCommand>,
+ shared_values: &mut SharedTunnelStateValues,
) -> EventConsequence<Self> {
use self::AfterDisconnect::*;
@@ -33,25 +34,23 @@ impl DisconnectingState {
self.after_disconnect = match after_disconnect {
AfterDisconnect::Nothing => match event {
Ok(TunnelCommand::Connect(parameters)) => Reconnect(parameters),
- Ok(TunnelCommand::Block(reason, allow_lan)) => Block(reason, allow_lan),
+ Ok(TunnelCommand::Block(reason)) => Block(reason),
_ => Nothing,
},
- AfterDisconnect::Block(reason, allow_lan) => match event {
+ AfterDisconnect::Block(reason) => match event {
Ok(TunnelCommand::Connect(parameters)) => Reconnect(parameters),
Ok(TunnelCommand::Disconnect) => Nothing,
- Ok(TunnelCommand::Block(new_reason, new_allow_lan)) => {
- Block(new_reason, new_allow_lan)
- }
- _ => Block(reason, allow_lan),
+ Ok(TunnelCommand::Block(new_reason)) => Block(new_reason),
+ _ => Block(reason),
},
- AfterDisconnect::Reconnect(mut tunnel_parameters) => match event {
+ AfterDisconnect::Reconnect(tunnel_parameters) => match event {
Ok(TunnelCommand::AllowLan(allow_lan)) => {
- tunnel_parameters.allow_lan = allow_lan;
+ shared_values.allow_lan = allow_lan;
Reconnect(tunnel_parameters)
}
Ok(TunnelCommand::Connect(parameters)) => Reconnect(parameters),
Ok(TunnelCommand::Disconnect) | Err(_) => Nothing,
- Ok(TunnelCommand::Block(reason, allow_lan)) => Block(reason, allow_lan),
+ Ok(TunnelCommand::Block(reason)) => Block(reason),
},
};
@@ -76,9 +75,7 @@ impl DisconnectingState {
) -> (TunnelStateWrapper, TunnelStateTransition) {
match self.after_disconnect {
AfterDisconnect::Nothing => DisconnectedState::enter(shared_values, ()),
- AfterDisconnect::Block(reason, allow_lan) => {
- BlockedState::enter(shared_values, (reason, allow_lan))
- }
+ AfterDisconnect::Block(reason) => BlockedState::enter(shared_values, reason),
AfterDisconnect::Reconnect(tunnel_parameters) => {
ConnectingState::enter(shared_values, tunnel_parameters)
}
@@ -119,7 +116,7 @@ impl TunnelState for DisconnectingState {
commands: &mut mpsc::UnboundedReceiver<TunnelCommand>,
shared_values: &mut SharedTunnelStateValues,
) -> EventConsequence<Self> {
- self.handle_commands(commands)
+ self.handle_commands(commands, shared_values)
.or_else(Self::handle_exit_event, shared_values)
}
}
@@ -127,7 +124,7 @@ impl TunnelState for DisconnectingState {
/// Which state should be transitioned to after disconnection is complete.
pub enum AfterDisconnect {
Nothing,
- Block(BlockReason, bool),
+ Block(BlockReason),
Reconnect(TunnelParameters),
}
diff --git a/talpid-core/src/tunnel_state_machine/mod.rs b/talpid-core/src/tunnel_state_machine/mod.rs
index 20d58c05d4..91ca9aa7ad 100644
--- a/talpid-core/src/tunnel_state_machine/mod.rs
+++ b/talpid-core/src/tunnel_state_machine/mod.rs
@@ -43,6 +43,7 @@ error_chain! {
/// Spawn the tunnel state machine thread, returning a channel for sending tunnel commands.
pub fn spawn<P, T>(
+ allow_lan: bool,
log_dir: Option<PathBuf>,
resource_dir: PathBuf,
cache_dir: P,
@@ -57,6 +58,7 @@ where
thread::spawn(move || {
match create_event_loop(
+ allow_lan,
log_dir,
resource_dir,
cache_dir,
@@ -89,6 +91,7 @@ where
}
fn create_event_loop<T>(
+ allow_lan: bool,
log_dir: Option<PathBuf>,
resource_dir: PathBuf,
cache_dir: impl AsRef<Path>,
@@ -99,7 +102,8 @@ where
T: From<TunnelStateTransition> + Send + 'static,
{
let reactor = Core::new().chain_err(|| ErrorKind::ReactorError)?;
- let state_machine = TunnelStateMachine::new(log_dir, resource_dir, cache_dir, commands)?;
+ let state_machine =
+ TunnelStateMachine::new(allow_lan, log_dir, resource_dir, cache_dir, commands)?;
let future = state_machine.for_each(move |state_change_event| {
state_change_listener
@@ -119,7 +123,7 @@ pub enum TunnelCommand {
/// Close tunnel connection.
Disconnect,
/// Disconnect any open tunnel and block all network access
- Block(BlockReason, bool),
+ Block(BlockReason),
}
/// Information necessary to open a tunnel.
@@ -131,8 +135,6 @@ pub struct TunnelParameters {
pub options: TunnelOptions,
/// Username to use for setting up the tunnel.
pub username: String,
- /// Should LAN access be allowed outside the tunnel.
- pub allow_lan: bool,
}
/// Asynchronous handling of the tunnel state machine.
@@ -149,6 +151,7 @@ struct TunnelStateMachine {
impl TunnelStateMachine {
fn new(
+ allow_lan: bool,
log_dir: Option<PathBuf>,
resource_dir: PathBuf,
cache_dir: impl AsRef<Path>,
@@ -158,6 +161,7 @@ impl TunnelStateMachine {
NetworkSecurity::new(cache_dir).chain_err(|| ErrorKind::NetworkSecurityError)?;
let mut shared_values = SharedTunnelStateValues {
security,
+ allow_lan,
log_dir,
resource_dir,
};
@@ -225,6 +229,8 @@ impl<T: TunnelState> From<EventConsequence<T>> for TunnelStateMachineAction {
/// Values that are common to all tunnel states.
struct SharedTunnelStateValues {
security: NetworkSecurity,
+ /// Should LAN access be allowed outside the tunnel.
+ allow_lan: bool,
/// Directory to store tunnel log file.
log_dir: Option<PathBuf>,
/// Resource directory path.
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.