From 6e59545a9830c64ac306383f5d25c8763881e18e Mon Sep 17 00:00:00 2001 From: Markus Pettersson Date: Thu, 19 Dec 2024 16:39:48 +0100 Subject: [PATCH] Revert "Force WireGuard handshake before PQ handshake" This reverts commit 3a7b1fbbd6b4409a45146b6a44420158e9dc0508. --- talpid-wireguard/build.rs | 8 --- talpid-wireguard/src/connectivity/mod.rs | 4 +- talpid-wireguard/src/ephemeral.rs | 63 ++---------------------- talpid-wireguard/src/lib.rs | 2 - 4 files changed, 6 insertions(+), 71 deletions(-) diff --git a/talpid-wireguard/build.rs b/talpid-wireguard/build.rs index 0a7360569d70..ab3500330c26 100644 --- a/talpid-wireguard/build.rs +++ b/talpid-wireguard/build.rs @@ -14,14 +14,6 @@ fn main() { // Enable DAITA by default on desktop and android println!("cargo::rustc-check-cfg=cfg(daita)"); println!("cargo::rustc-cfg=daita"); - - // Ensure that the WireGuard tunnel works before exchanging ephemeral peers. - // This is useful after updating the WireGuard config, to force a WireGuard handshake. This - // should reduce the number of PQ timeouts. - println!("cargo::rustc-check-cfg=cfg(force_wireguard_handshake)"); - if matches!(target_os.as_str(), "linux" | "macos" | "windows") { - println!("cargo::rustc-cfg=force_wireguard_handshake"); - } } fn declare_libs_dir(base: &str) { diff --git a/talpid-wireguard/src/connectivity/mod.rs b/talpid-wireguard/src/connectivity/mod.rs index 968263b81720..512d8715f17d 100644 --- a/talpid-wireguard/src/connectivity/mod.rs +++ b/talpid-wireguard/src/connectivity/mod.rs @@ -6,6 +6,8 @@ mod mock; mod monitor; mod pinger; -pub use check::{Cancellable, Check}; +#[cfg(target_os = "android")] +pub use check::Cancellable; +pub use check::Check; pub use error::Error; pub use monitor::Monitor; diff --git a/talpid-wireguard/src/ephemeral.rs b/talpid-wireguard/src/ephemeral.rs index 9b146de66f75..31f3957253e9 100644 --- a/talpid-wireguard/src/ephemeral.rs +++ b/talpid-wireguard/src/ephemeral.rs @@ -1,8 +1,6 @@ //! This module takes care of obtaining ephemeral peers, updating the WireGuard configuration and //! restarting obfuscation and WG tunnels when necessary. -#[cfg(force_wireguard_handshake)] -use super::connectivity; #[cfg(target_os = "android")] // On Android, the Tunnel trait is not imported by default. use super::Tunnel; use super::{config::Config, obfuscation::ObfuscatorHandle, CloseMsg, Error, TunnelType}; @@ -33,9 +31,6 @@ pub async fn config_ephemeral_peers( retry_attempt: u32, obfuscator: Arc>>, close_obfs_sender: sync_mpsc::Sender, - #[cfg(force_wireguard_handshake)] connectivity: &mut connectivity::Check< - connectivity::Cancellable, - >, ) -> std::result::Result<(), CloseMsg> { let iface_name = { let tunnel = tunnel.lock().await; @@ -49,16 +44,8 @@ pub async fn config_ephemeral_peers( log::trace!("Temporarily lowering tunnel MTU before ephemeral peer config"); try_set_ipv4_mtu(&iface_name, talpid_tunnel::MIN_IPV4_MTU); - config_ephemeral_peers_inner( - tunnel, - config, - retry_attempt, - obfuscator, - close_obfs_sender, - #[cfg(force_wireguard_handshake)] - connectivity, - ) - .await?; + config_ephemeral_peers_inner(tunnel, config, retry_attempt, obfuscator, close_obfs_sender) + .await?; log::trace!("Resetting tunnel MTU"); try_set_ipv4_mtu(&iface_name, config.mtu); @@ -88,9 +75,6 @@ pub async fn config_ephemeral_peers( retry_attempt: u32, obfuscator: Arc>>, close_obfs_sender: sync_mpsc::Sender, - #[cfg(force_wireguard_handshake)] connectivity: &mut connectivity::Check< - connectivity::Cancellable, - >, #[cfg(target_os = "android")] tun_provider: Arc>, ) -> Result<(), CloseMsg> { config_ephemeral_peers_inner( @@ -99,8 +83,6 @@ pub async fn config_ephemeral_peers( retry_attempt, obfuscator, close_obfs_sender, - #[cfg(force_wireguard_handshake)] - connectivity, #[cfg(target_os = "android")] tun_provider, ) @@ -113,14 +95,8 @@ async fn config_ephemeral_peers_inner( retry_attempt: u32, obfuscator: Arc>>, close_obfs_sender: sync_mpsc::Sender, - #[cfg(force_wireguard_handshake)] connectivity: &mut connectivity::Check< - connectivity::Cancellable, - >, #[cfg(target_os = "android")] tun_provider: Arc>, ) -> Result<(), CloseMsg> { - #[cfg(force_wireguard_handshake)] - establish_tunnel_connection(tunnel, connectivity).await?; - let ephemeral_private_key = PrivateKey::new_from_random(); let close_obfs_sender = close_obfs_sender.clone(); @@ -158,10 +134,6 @@ async fn config_ephemeral_peers_inner( &tun_provider, ) .await?; - - #[cfg(force_wireguard_handshake)] - establish_tunnel_connection(tunnel, connectivity).await?; - let entry_ephemeral_peer = request_ephemeral_peer( retry_attempt, &entry_config, @@ -242,6 +214,7 @@ async fn reconfigure_tunnel( *obfs_guard = super::obfuscation::apply_obfuscation_config( &mut config, close_obfs_sender, + #[cfg(target_os = "android")] tun_provider.clone(), ) .await @@ -295,36 +268,6 @@ async fn reconfigure_tunnel( Ok(config) } -/// Ensure that the WireGuard tunnel works. This is useful after updating the WireGuard config, to -/// force a WireGuard handshake. This should reduce the number of PQ timeouts. -#[cfg(force_wireguard_handshake)] -async fn establish_tunnel_connection( - tunnel: &Arc>>, - connectivity: &mut connectivity::Check, -) -> Result<(), CloseMsg> { - use talpid_types::ErrorExt; - - let shared_tunnel = tunnel.lock().await; - let tunnel = shared_tunnel.as_ref().expect("tunnel was None"); - let ping_result = connectivity.establish_connectivity(tunnel); - drop(shared_tunnel); - - match ping_result { - Ok(true) => Ok(()), - Ok(false) => { - log::warn!("Timeout while checking tunnel connection"); - Err(CloseMsg::PingErr) - } - Err(error) => { - log::error!( - "{}", - error.display_chain_with_msg("Failed to check tunnel connection") - ); - Err(CloseMsg::PingErr) - } - } -} - async fn request_ephemeral_peer( retry_attempt: u32, config: &Config, diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs index cf0a57e41084..2d282c6315c6 100644 --- a/talpid-wireguard/src/lib.rs +++ b/talpid-wireguard/src/lib.rs @@ -274,8 +274,6 @@ impl WireguardMonitor { args.retry_attempt, obfuscator.clone(), ephemeral_obfs_sender, - #[cfg(force_wireguard_handshake)] - &mut connectivity_monitor, ) .await?;