Stop tunnels if they are not needed anymore due to verdict change

2022-10-10 11:22:09 +02:00
parent f63df67d23
commit e00131e937
2 changed files with 9 additions and 0 deletions
--- a/firewall/interception.go
+++ b/firewall/interception.go
@@ -163,6 +163,14 @@ func resetAllConnectionVerdicts() {
 			// Apply privacy filter and check tunneling.
 			filterConnection(ctx, conn, nil)

+			// Stop existing SPN tunnel if not needed anymore.
+			if conn.Verdict.Active != network.VerdictRerouteToTunnel && conn.TunnelContext != nil {
+				err := conn.TunnelContext.StopTunnel()
+				if err != nil {
+					log.Debugf("filter: failed to stopped unneeded tunnel: %s", err)
+				}
+			}
+
 			// Save if verdict changed.
 			if conn.Verdict.Firewall != previousVerdict {
 				conn.Save()