Skip to content

Commit

Permalink
Fix bug where allowed ips would not be patched if DAITA was enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
MarkusPettersson98 committed Sep 17, 2024
1 parent e9f0f53 commit 0d2b593
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions talpid-wireguard/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -488,15 +488,17 @@ impl WireguardMonitor {
log_path: Option<&Path>,
args: TunnelArgs<'_, F>,
) -> Result<WireguardMonitor> {
let should_negotiate_ephemeral_peer = config.quantum_resistant || config.daita;
let tunnel = Self::open_tunnel(
args.runtime.clone(),
&config,
log_path,
args.resource_dir,
args.tun_provider.clone(),
// TODO: This seems like a bug! Should `config.quantum_resistant` really be the
// argument for `gateway_only` parameter?
config.quantum_resistant,
// In case we should negotiate an ephemeral peer, we should specify via AllowedIPs
// that we only allows traffic to/from the gateway. This is only needed on Android
// since we lack a firewall there.
should_negotiate_ephemeral_peer,
)?;

let (close_obfs_sender, close_obfs_listener) = sync_mpsc::channel();
Expand Down Expand Up @@ -578,7 +580,7 @@ impl WireguardMonitor {
}
};

if config.quantum_resistant || config.daita {
if should_negotiate_ephemeral_peer {
// Ping before negotiating the ephemeral peer to make sure that the tunnel works.
tokio::task::spawn_blocking(ping()).await.unwrap()?;
let ephemeral_obfs_sender = close_obfs_sender.clone();
Expand Down

0 comments on commit 0d2b593

Please sign in to comment.