simplify logic

mhils · mhils · commit 78c8b2cba3bb · 2025-05-29T02:55:49.000+02:00
diff --git a/src/packet_sources/tun.rs b/src/packet_sources/tun.rs
@@ -4,7 +4,7 @@ use crate::messages::{
 use crate::network::{add_network_layer, MAX_PACKET_SIZE};
 use crate::packet_sources::{PacketSourceConf, PacketSourceTask};
 use crate::shutdown;
-use anyhow::{Context, Result};
+use anyhow::{bail, Context, Result};
 use std::cmp::max;
 use std::{fs, io::ErrorKind};
 use tokio::sync::mpsc::Sender;
@@ -47,59 +47,63 @@ impl PacketSourceConf for TunConf {
 }
 
 pub fn create_tun_device(tun_name: Option<String>) -> Result<(tun::AsyncDevice, String)> {
-    let mut persistent_config = tun::Configuration::default();
-    if let Some(tun_name) = &tun_name {
-        persistent_config.tun_name(tun_name);
-    }
-    let mut config = persistent_config.clone();
+    let mut config = tun::Configuration::default();
     config.mtu(MAX_PACKET_SIZE as u16);
     // Setting a local address and a destination is required on Linux.
     config.address("169.254.0.1");
     // config.netmask("0.0.0.0");
     // config.destination("169.254.0.1");
     config.up();
+    if let Some(tun_name) = &tun_name {
+        config.tun_name(tun_name);
+    }
 
-    let (device_result, is_new_device) = match tun::create_as_async(&config) {
-        // If we are instructed to create a tun device with a specific name, it is possible that the
-        // user wants us to reuse an existing persistent tun interface. A persistent tun interface
-        // is usually pre-configured, so that mitmproxy does not need to perform configuration, and
-        // therefore does not need CAP_NET_ADMIN or sudo.
-        //
-        // The default `config` will set MTU and address etc which *do* require CAP_NET_ADMIN, which
-        // will result in PermissionDenied in the non-privileged context. To deal with the case of
-        // pre-configured persistent interface, we retry `create_as_async` without the MTU/address
-        // settings.
-        Err(tun::Error::Io(e)) if e.kind() == ErrorKind::PermissionDenied && tun_name.is_some() => {
-            (tun::create_as_async(&persistent_config), false)
-        }
-        result => (result, true),
-    };
-    let device = device_result.context("Failed to create TUN device")?;
-    let tun_name = device.tun_name().context("Failed to get TUN name")?;
-
-    if is_new_device {
-        // In case of a persistent tun device, these are supposed to be pre-configured,
-        // and we should not have permission to write these. So don't try.
-
-        if let Err(e) = disable_rp_filter(&tun_name) {
-            log::error!("failed to set rp_filter: {e}");
+    match tun::create_as_async(&config) {
+        Ok(device) => {
+            let tun_name = device.tun_name().context("Failed to get TUN name")?;
+            configure_device(&tun_name);
+            Ok((device, tun_name))
         }
-        if let Err(e) = fs::write(
-            format!("/proc/sys/net/ipv4/conf/{tun_name}/route_localnet"),
-            "1",
-        ) {
-            log::error!("Failed to enable route_localnet: {e}");
-        }
-        // Update accept_local so that injected packets with a local address (e.g. 127.0.0.1)
-        // as source address are accepted.
-        if let Err(e) = fs::write(
-            format!("/proc/sys/net/ipv4/conf/{tun_name}/accept_local"),
-            "1",
-        ) {
-            log::error!("Failed to enable accept_local: {e}");
+        Err(tun::Error::Io(e)) if e.kind() == ErrorKind::PermissionDenied => {
+            // If we are instructed to create a tun device with a specific name, it is possible that the
+            // user wants us to reuse an existing persistent tun interface. A persistent tun interface
+            // is usually pre-configured, so that mitmproxy does not need to perform configuration, and
+            // therefore does not need CAP_NET_ADMIN or sudo.
+            //
+            // The default `config` will set MTU and address etc which *do* require CAP_NET_ADMIN, which
+            // will result in PermissionDenied in the non-privileged context. To deal with the case of
+            // pre-configured persistent interface, we retry `create_as_async` without the MTU/address
+            // settings.
+            if let Some(tun_name) = tun_name {
+                tun::create_as_async(tun::Configuration::default().tun_name(&tun_name))
+                    .map(|d| (d, tun_name))
+            } else {
+                Err(tun::Error::Io(e))
+            }
         }
+        Err(e) => Err(e),
+    }
+    .context("Failed to create TUN device")
+}
+
+fn configure_device(tun_name: &str) {
+    if let Err(e) = disable_rp_filter(&tun_name) {
+        log::error!("failed to set rp_filter: {e}");
+    }
+    if let Err(e) = fs::write(
+        format!("/proc/sys/net/ipv4/conf/{tun_name}/route_localnet"),
+        "1",
+    ) {
+        log::error!("Failed to enable route_localnet: {e}");
+    }
+    // Update accept_local so that injected packets with a local address (e.g. 127.0.0.1)
+    // as source address are accepted.
+    if let Err(e) = fs::write(
+        format!("/proc/sys/net/ipv4/conf/{tun_name}/accept_local"),
+        "1",
+    ) {
+        log::error!("Failed to enable accept_local: {e}");
     }
-    Ok((device, tun_name))
 }
 
 pub struct TunTask {
