diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2017-12-19 13:34:15 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2017-12-20 13:00:17 +0100 |
| commit | 0e235327d6794194cddc1c032d44b5411d1f89b3 (patch) | |
| tree | 85e1b45c4323fb763e151830c65f597e80cd145c | |
| parent | 1acfa0ca840a53173ce1f3118fd5380891e395c7 (diff) | |
| download | mullvadvpn-0e235327d6794194cddc1c032d44b5411d1f89b3.tar.xz mullvadvpn-0e235327d6794194cddc1c032d44b5411d1f89b3.zip | |
Add field names to SecurityPolicy
| -rw-r--r-- | mullvad-daemon/src/main.rs | 11 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos/mod.rs | 7 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 12 |
3 files changed, 22 insertions, 8 deletions
diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index f82a668940..ac580cb31c 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -669,10 +669,13 @@ impl Daemon { fn set_security_policy(&mut self) -> Result<()> { let policy = match (self.tunnel_endpoint, self.tunnel_metadata.as_ref()) { - (Some(relay), None) => SecurityPolicy::Connecting(relay.to_endpoint()), - (Some(relay), Some(tunnel_metadata)) => { - SecurityPolicy::Connected(relay.to_endpoint(), tunnel_metadata.clone()) - } + (Some(relay), None) => SecurityPolicy::Connecting { + relay_endpoint: relay.to_endpoint(), + }, + (Some(relay), Some(tunnel_metadata)) => SecurityPolicy::Connected { + relay_endpoint: relay.to_endpoint(), + tunnel: tunnel_metadata.clone(), + }, _ => bail!(ErrorKind::InvalidState), }; debug!("Set security policy: {:?}", policy); diff --git a/talpid-core/src/firewall/macos/mod.rs b/talpid-core/src/firewall/macos/mod.rs index 9065a607d6..0ceab3fc34 100644 --- a/talpid-core/src/firewall/macos/mod.rs +++ b/talpid-core/src/firewall/macos/mod.rs @@ -84,10 +84,13 @@ impl PacketFilter { policy: SecurityPolicy, ) -> Result<Vec<pfctl::FilterRule>> { match policy { - SecurityPolicy::Connecting(relay_endpoint) => { + SecurityPolicy::Connecting { relay_endpoint } => { Ok(vec![Self::get_allow_relay_rule(relay_endpoint)?]) } - SecurityPolicy::Connected(relay_endpoint, tunnel) => { + SecurityPolicy::Connected { + relay_endpoint, + tunnel, + } => { self.dns_monitor.set_dns(vec![tunnel.gateway.to_string()])?; let allow_tcp_dns_to_relay_rule = pfctl::FilterRuleBuilder::default() diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index c3115339f1..98fe1f3e9c 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -36,10 +36,18 @@ error_chain!{ #[derive(Debug, Clone, Eq, PartialEq)] pub enum SecurityPolicy { /// Allow traffic only to relay server - Connecting(Endpoint), + Connecting { + /// The relay endpoint that should be allowed. + relay_endpoint: Endpoint, + }, /// Allow traffic only to relay server and over tunnel interface - Connected(Endpoint, ::tunnel::TunnelMetadata), + Connected { + /// The relay endpoint that should be allowed. + relay_endpoint: Endpoint, + /// Metadata about the tunnel and tunnel interface. + tunnel: ::tunnel::TunnelMetadata, + }, } /// Abstract firewall interaction trait |
