summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorLinus Färnstrand <linus@mullvad.net>2017-12-19 13:34:15 +0100
committerLinus Färnstrand <linus@mullvad.net>2017-12-20 13:00:17 +0100
commit0e235327d6794194cddc1c032d44b5411d1f89b3 (patch)
tree85e1b45c4323fb763e151830c65f597e80cd145c
parent1acfa0ca840a53173ce1f3118fd5380891e395c7 (diff)
downloadmullvadvpn-0e235327d6794194cddc1c032d44b5411d1f89b3.tar.xz
mullvadvpn-0e235327d6794194cddc1c032d44b5411d1f89b3.zip
Add field names to SecurityPolicy
-rw-r--r--mullvad-daemon/src/main.rs11
-rw-r--r--talpid-core/src/firewall/macos/mod.rs7
-rw-r--r--talpid-core/src/firewall/mod.rs12
3 files changed, 22 insertions, 8 deletions
diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs
index f82a668940..ac580cb31c 100644
--- a/mullvad-daemon/src/main.rs
+++ b/mullvad-daemon/src/main.rs
@@ -669,10 +669,13 @@ impl Daemon {
fn set_security_policy(&mut self) -> Result<()> {
let policy = match (self.tunnel_endpoint, self.tunnel_metadata.as_ref()) {
- (Some(relay), None) => SecurityPolicy::Connecting(relay.to_endpoint()),
- (Some(relay), Some(tunnel_metadata)) => {
- SecurityPolicy::Connected(relay.to_endpoint(), tunnel_metadata.clone())
- }
+ (Some(relay), None) => SecurityPolicy::Connecting {
+ relay_endpoint: relay.to_endpoint(),
+ },
+ (Some(relay), Some(tunnel_metadata)) => SecurityPolicy::Connected {
+ relay_endpoint: relay.to_endpoint(),
+ tunnel: tunnel_metadata.clone(),
+ },
_ => bail!(ErrorKind::InvalidState),
};
debug!("Set security policy: {:?}", policy);
diff --git a/talpid-core/src/firewall/macos/mod.rs b/talpid-core/src/firewall/macos/mod.rs
index 9065a607d6..0ceab3fc34 100644
--- a/talpid-core/src/firewall/macos/mod.rs
+++ b/talpid-core/src/firewall/macos/mod.rs
@@ -84,10 +84,13 @@ impl PacketFilter {
policy: SecurityPolicy,
) -> Result<Vec<pfctl::FilterRule>> {
match policy {
- SecurityPolicy::Connecting(relay_endpoint) => {
+ SecurityPolicy::Connecting { relay_endpoint } => {
Ok(vec![Self::get_allow_relay_rule(relay_endpoint)?])
}
- SecurityPolicy::Connected(relay_endpoint, tunnel) => {
+ SecurityPolicy::Connected {
+ relay_endpoint,
+ tunnel,
+ } => {
self.dns_monitor.set_dns(vec![tunnel.gateway.to_string()])?;
let allow_tcp_dns_to_relay_rule = pfctl::FilterRuleBuilder::default()
diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs
index c3115339f1..98fe1f3e9c 100644
--- a/talpid-core/src/firewall/mod.rs
+++ b/talpid-core/src/firewall/mod.rs
@@ -36,10 +36,18 @@ error_chain!{
#[derive(Debug, Clone, Eq, PartialEq)]
pub enum SecurityPolicy {
/// Allow traffic only to relay server
- Connecting(Endpoint),
+ Connecting {
+ /// The relay endpoint that should be allowed.
+ relay_endpoint: Endpoint,
+ },
/// Allow traffic only to relay server and over tunnel interface
- Connected(Endpoint, ::tunnel::TunnelMetadata),
+ Connected {
+ /// The relay endpoint that should be allowed.
+ relay_endpoint: Endpoint,
+ /// Metadata about the tunnel and tunnel interface.
+ tunnel: ::tunnel::TunnelMetadata,
+ },
}
/// Abstract firewall interaction trait