From 70bd66157db7eec80cd62524ce68c7a92c6e1b7a Mon Sep 17 00:00:00 2001 From: Bartosz Zbytniewski Date: Thu, 19 Dec 2024 16:17:46 +0100 Subject: [PATCH] Mark fileshare as forbidden only when there was no error when blocking --- networker/networker.go | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/networker/networker.go b/networker/networker.go index dc4291a8..37ce3cff 100644 --- a/networker/networker.go +++ b/networker/networker.go @@ -45,6 +45,9 @@ var ( // connection to be canceled ErrNothingToCancel = errors.New("nothing to cancel") defaultMeshSubnet = netip.MustParsePrefix("100.64.0.0/10") + // ErrNoSuchRule is returned when networker tried to remove + // a rule, but such rule does not exist + ErrNoSuchRule = errors.New("such rule does not exist") ) const ( @@ -1651,7 +1654,7 @@ func (netw *Combined) removeRule(ruleName string) error { ruleIndex := slices.Index(netw.rules, ruleName) if ruleIndex == -1 { - return fmt.Errorf("allow rule does not exist for %s", ruleName) + return ErrNoSuchRule } if err := netw.fw.Delete([]string{ruleName}); err != nil { @@ -1668,15 +1671,26 @@ func (netw *Combined) ForbidFileshare() error { if !netw.isFilesharePermitted { return nil } - defer func() { netw.isFilesharePermitted = false }() - return netw.blockFileshareAll() + + err := netw.blockFileshareAll() + // NOTE: Mark fileshare as forbidden only when there was no error here, so it + // can be tried again. + if err == nil { + netw.isFilesharePermitted = false + } + + return err } func (netw *Combined) blockFileshareAll() error { var allErrors []error for _, peer := range netw.cfg.Peers { err := netw.blockFileshare(peer.PublicKey, peer.Address) - allErrors = append(allErrors, err) + // NOTE: It's fine to have the rule already removed which returns [ErrNoSuchRule]. + // It's not fine to have any other errors, so keep those. + if !errors.Is(err, ErrNoSuchRule) { + allErrors = append(allErrors, err) + } } return errors.Join(allErrors...) }