mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 08:41:57 +00:00
60bdbb39cb
At present, listening for DNS server change and network change events is handled in the GUI client. Upon an event, a message is sent to the tunnel service which then applies the new state to `connlib`. We can avoid some of this boilerplate by moving these listeners to the tunnel service as part of the handler. As a result, we get a few improvements: - We don't need to ignore these events if we don't have a session because the lifetime of these listeners is tied to the IPC handler on the service side. - We need fewer IPC messages - We can retry the connection directly from within the tunnel service in case we have no Internet at the time of startup - We can more easily model out the state machine of a connlib session in the tunnel service - On Linux, this means we no longer shell out to `resolvectl` from the GUI process, unifying access to the "resolvers" from the tunnel service - On Windows, we no longer need admin privileges on the GUI client for optimized network-change detection. This now happens in the Tunnel process which already runs as admin. Resolves: #9465
51 lines
1.2 KiB
Rust
51 lines
1.2 KiB
Rust
//! Platform-specific code to control the system's DNS resolution
|
|
//!
|
|
//! On Linux, we use `systemd-resolved` by default. We can also control
|
|
//! `/etc/resolv.conf` or explicitly not control DNS.
|
|
//!
|
|
//! On Windows, we use NRPT by default. We can also explicitly not control DNS.
|
|
|
|
use std::net::IpAddr;
|
|
|
|
#[cfg(target_os = "linux")]
|
|
mod linux;
|
|
#[cfg(target_os = "linux")]
|
|
use linux as platform;
|
|
|
|
#[cfg(target_os = "windows")]
|
|
mod windows;
|
|
#[cfg(target_os = "windows")]
|
|
use windows as platform;
|
|
|
|
#[cfg(target_os = "macos")]
|
|
mod macos;
|
|
#[cfg(target_os = "macos")]
|
|
use macos as platform;
|
|
|
|
use platform::system_resolvers;
|
|
|
|
pub use platform::DnsControlMethod;
|
|
|
|
/// Controls system-wide DNS.
|
|
///
|
|
/// Always call `deactivate` when Firezone starts.
|
|
///
|
|
/// Only one of these should exist on the entire system at a time.
|
|
pub struct DnsController {
|
|
pub dns_control_method: DnsControlMethod,
|
|
}
|
|
|
|
impl Drop for DnsController {
|
|
fn drop(&mut self) {
|
|
if let Err(error) = self.deactivate() {
|
|
tracing::error!("Failed to deactivate DNS control: {error:#}");
|
|
}
|
|
}
|
|
}
|
|
|
|
impl DnsController {
|
|
pub fn system_resolvers(&self) -> Vec<IpAddr> {
|
|
system_resolvers(self.dns_control_method).unwrap_or_default()
|
|
}
|
|
}
|