Remove pointless firewall update

mullvad · Jun 26, 2024 · 09ed36a · 09ed36a
1 parent f511be6
commit 09ed36a
Showing 1 changed file with 10 additions and 43 deletions.
diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs
@@ -370,14 +370,20 @@ impl WireguardMonitor {
                     &tunnel,
                     &mut config,
                     args.retry_attempt,
-                    args.on_event.clone(),
-                    &iface_name,
                     obfuscator.clone(),
                     ephemeral_obfs_sender,
                     #[cfg(target_os = "android")]
                     args.tun_provider,
                 )
                 .await?;
+
+                // Allow all in-tunnel traffic again
+                let metadata = Self::tunnel_metadata(&iface_name, &config);
+                (on_event)(TunnelEvent::InterfaceUp(
+                    metadata,
+                    AllowedTunnelTraffic::All,
+                ))
+                .await;
             }
 
             #[cfg(not(target_os = "android"))]
@@ -471,49 +477,17 @@ impl WireguardMonitor {
         Ok(monitor)
     }
 
-    #[allow(clippy::too_many_arguments)]
-    async fn config_ephemeral_peers<F>(
+    async fn config_ephemeral_peers(
         tunnel: &Arc<AsyncMutex<Option<Box<dyn Tunnel>>>>,
         config: &mut Config,
         retry_attempt: u32,
-        on_event: F,
-        iface_name: &str,
         obfuscator: Arc<AsyncMutex<Option<ObfuscatorHandle>>>,
         close_obfs_sender: sync_mpsc::Sender<CloseMsg>,
         #[cfg(target_os = "android")] tun_provider: Arc<Mutex<TunProvider>>,
-    ) -> std::result::Result<(), CloseMsg>
-    where
-        F: (Fn(TunnelEvent) -> Pin<Box<dyn std::future::Future<Output = ()> + Send>>)
-            + Send
-            + Sync
-            + Clone
-            + 'static,
-    {
+    ) -> std::result::Result<(), CloseMsg> {
         let ephemeral_private_key = PrivateKey::new_from_random();
         let close_obfs_sender = close_obfs_sender.clone();
 
-        let allowed_traffic = Endpoint::new(
-            config.ipv4_gateway,
-            talpid_tunnel_config_client::CONFIG_SERVICE_PORT,
-            TransportProtocol::Tcp,
-        );
-        let allowed_traffic = if config.is_multihop() {
-            // NOTE: We need to let traffic meant for the exit IP through the firewall. This
-            // should not allow any non-PQ traffic to leak since you can only reach the
-            // exit peer with these rules and not the broader internet.
-            AllowedTunnelTraffic::Two(
-                allowed_traffic,
-                Endpoint::from_socket_address(
-                    config.exit_peer_mut().endpoint,
-                    TransportProtocol::Udp,
-                ),
-            )
-        } else {
-            AllowedTunnelTraffic::One(allowed_traffic)
-        };
-        let metadata = Self::tunnel_metadata(iface_name, config);
-        (on_event)(TunnelEvent::InterfaceUp(metadata, allowed_traffic.clone())).await;
-
         let exit_should_have_daita = config.daita && !config.is_multihop();
         let exit_psk = Self::request_ephemeral_peer(
             retry_attempt,
@@ -588,13 +562,6 @@ impl WireguardMonitor {
             }
         }
 
-        let metadata = Self::tunnel_metadata(iface_name, config);
-        (on_event)(TunnelEvent::InterfaceUp(
-            metadata,
-            AllowedTunnelTraffic::All,
-        ))
-        .await;
-
         Ok(())
     }