From a579f49c828c28c9cf3806778389529e497a3e7f Mon Sep 17 00:00:00 2001 From: Joakim Hulthe Date: Fri, 13 Dec 2024 16:17:22 +0100 Subject: [PATCH] fixup: remove some old stuff --- mullvad-daemon/src/leak_checker/mod.rs | 57 -------------------------- talpid-core/src/firewall/macos.rs | 2 + 2 files changed, 2 insertions(+), 57 deletions(-) diff --git a/mullvad-daemon/src/leak_checker/mod.rs b/mullvad-daemon/src/leak_checker/mod.rs index 045d69deeff4..9a5d25345f60 100644 --- a/mullvad-daemon/src/leak_checker/mod.rs +++ b/mullvad-daemon/src/leak_checker/mod.rs @@ -65,16 +65,6 @@ impl LeakChecker { panic!("LeakChecker unexpectedly closed"); } } - - ///// Wait until the leak detector detects a leak. - ///// - ///// Ideally, this should never return. - //pub async fn wait_for_leak(&self) -> LeakInfo { - // self.leak_rx - // .recv() - // .await - // .expect("LeakChecker unexpectedly closed") - //} } impl Task { @@ -104,7 +94,6 @@ impl Task { mut tunnel_state: TunnelStateTransition, ) -> ControlFlow<()> { 'leak_test: loop { - //let TunnelStateTransition::Connected(tunnel) = &tunnel_state else { let TunnelStateTransition::Connected(tunnel) = &tunnel_state else { return ControlFlow::Continue(()); }; @@ -190,52 +179,6 @@ async fn check_for_leaks(interface: &str, destination: IpAddr) -> anyhow::Result }) } -// async fn check_for_leaks(interface: &str, destination: IpAddr) -> anyhow::Result> { -// use std::mem::ManuallyDrop; -// use std::os::fd::FromRawFd; -// let client = surge_ping::Client::new(&surge_ping::Config { -// sock_type_hint: socket2::Type::DGRAM, -// kind: surge_ping::ICMP::V4, -// -// // On desktop linux, we can bind directly to the interface. -// interface: cfg!(target_os = "linux").then(|| interface.to_string()), -// -// // On other systems, we resord to binding to the interfaces IP address instead. -// bind: cfg!(not(target_os = "linux")).then(|| get_interface_ip(interface)), -// -// ttl: None, -// fib: None, -// }) -// .context("Failed to create ping client")?; -// -// // TODO: additional configuration? -// let socket = client.get_socket(); -// -// // SAFETY: socket.get_native_sock returns an open fd. -// // The socket2 socket is not used after we drop the client. -// // We wrap the socket2 socket in a ManuallyDrop to prevent it from dropping the socket. -// let socket = unsafe { socket2::Socket::from_raw_fd(socket.get_native_sock()) }; -// let socket = ManuallyDrop::new(socket); -// let mut pinger = client.pinger(destination, PingIdentifier(12345)).await; -// -// for ttl in 1..=5u16 { -// let ping_seq = ttl; -// -// socket -// .set_ttl(u32::from(ttl)) -// .context("Failed to set TTL")?; -// -// let (reply, _duration) = pinger -// .ping(PingSequence(ping_seq), b"ABCDEFGHIJKLMNOP") -// .await -// .context("Failed to send ping")?; -// -// println!("icmp_reply: {reply:?}"); -// } -// -// todo!() -// } - impl LeakCheckerCallback for T where T: FnMut(LeakInfo) -> bool + Send + 'static, diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index e038c92bc75d..ae7f153b6353 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -439,6 +439,8 @@ impl Firewall { } rules.push(self.get_allow_relay_rule(peer_endpoint)?); + + // TODO: do we need this? //rules.push(self.get_block_relay_rule(peer_endpoint)?); // Important to block DNS *before* we allow the tunnel and allow LAN. So DNS