diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2018-09-05 16:24:19 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2018-09-06 14:51:58 +0200 |
| commit | 03339b89e914228fce1633935a0113a6ce7bc99a (patch) | |
| tree | fdeafb7673dfa8001c63cafbe5b8f5ead29d6fd2 | |
| parent | 931265d2da0eed4962981f40b65d06cf7ce5b75e (diff) | |
| download | mullvadvpn-03339b89e914228fce1633935a0113a6ce7bc99a.tar.xz mullvadvpn-03339b89e914228fce1633935a0113a6ce7bc99a.zip | |
Add LAN->SSDP multicast on Linux
| -rw-r--r-- | talpid-core/src/security/linux/mod.rs | 9 | ||||
| -rw-r--r-- | talpid-core/src/security/mod.rs | 3 |
2 files changed, 9 insertions, 3 deletions
diff --git a/talpid-core/src/security/linux/mod.rs b/talpid-core/src/security/linux/mod.rs index 455e4cc755..f4de49bfa9 100644 --- a/talpid-core/src/security/linux/mod.rs +++ b/talpid-core/src/security/linux/mod.rs @@ -309,7 +309,6 @@ impl<'a> PolicyBatch<'a> { let mut rule = Rule::new(chain)?; check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; check_net(&mut rule, End::Dst, IpNetwork::V4(*net))?; - add_verdict(&mut rule, Verdict::Accept)?; self.batch.add(&rule, nftnl::MsgType::Add)?; @@ -320,12 +319,18 @@ impl<'a> PolicyBatch<'a> { let mut rule = Rule::new(&self.out_chain)?; check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; check_net(&mut rule, End::Dst, IpNetwork::V4(*super::MULTICAST_NET))?; + add_verdict(&mut rule, Verdict::Accept)?; + + self.batch.add(&rule, nftnl::MsgType::Add)?; + // LAN -> SSDP + WS-Discovery protocols + let mut rule = Rule::new(&self.out_chain)?; + check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; + check_ip(&mut rule, End::Dst, *super::SSDP_IP)?; add_verdict(&mut rule, Verdict::Accept)?; self.batch.add(&rule, nftnl::MsgType::Add)?; } - Ok(()) } } diff --git a/talpid-core/src/security/mod.rs b/talpid-core/src/security/mod.rs index 9e5fadeab9..70da5edea5 100644 --- a/talpid-core/src/security/mod.rs +++ b/talpid-core/src/security/mod.rs @@ -2,7 +2,7 @@ use ipnetwork::Ipv4Network; use std::fmt; #[cfg(unix)] -use std::net::Ipv4Addr; +use std::net::{IpAddr, Ipv4Addr}; use std::path::Path; use talpid_types::net::Endpoint; @@ -31,6 +31,7 @@ lazy_static! { ]; static ref MULTICAST_NET: Ipv4Network = Ipv4Network::new(Ipv4Addr::new(224, 0, 0, 0), 24).unwrap(); + static ref SSDP_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(239, 255, 255, 250)); } /// A enum that describes network security strategy |