summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJoakim Hulthe <joakim.hulthe@mullvad.net>2025-06-11 14:16:12 +0200
committerJoakim Hulthe <joakim.hulthe@mullvad.net>2025-06-11 14:16:12 +0200
commit15dfc323d44919d67637b509d91c54bc2d3c7e40 (patch)
tree2032c7f952eb10a1ae064fd4bfa846452f9ba559
parentddfcd72094c3bc3fedce22ce5003b98a8bff2504 (diff)
parentbb7d8820ef9307e29327ccd7fa3799ee37d77be8 (diff)
downloadmullvadvpn-15dfc323d44919d67637b509d91c54bc2d3c7e40.tar.xz
mullvadvpn-15dfc323d44919d67637b509d91c54bc2d3c7e40.zip
Merge branch 'clean-up-workspace-deps'
Diffstat
-rw-r--r--Cargo.lock39
-rw-r--r--Cargo.toml42
-rw-r--r--mullvad-cli/Cargo.toml2
-rw-r--r--mullvad-daemon/Cargo.toml2
-rw-r--r--mullvad-exclude/Cargo.toml2
-rw-r--r--mullvad-jni/Cargo.toml1
-rw-r--r--mullvad-leak-checker/Cargo.toml2
-rw-r--r--mullvad-leak-checker/src/traceroute/unix/linux.rs2
-rw-r--r--mullvad-management-interface/Cargo.toml2
-rw-r--r--talpid-core/Cargo.toml4
-rw-r--r--talpid-net/Cargo.toml2
-rw-r--r--talpid-routing/Cargo.toml2
-rw-r--r--talpid-routing/src/unix/macos/routing_socket.rs5
-rw-r--r--talpid-time/Cargo.toml2
-rw-r--r--talpid-tunnel/src/tun_provider/android/mod.rs15
-rw-r--r--talpid-tunnel/src/tun_provider/unix.rs24
-rw-r--r--talpid-wireguard/Cargo.toml2
-rw-r--r--talpid-wireguard/src/boringtun/mod.rs4
-rw-r--r--talpid-wireguard/src/mtu_detection.rs10
-rw-r--r--talpid-wireguard/src/wireguard_go/mod.rs12
-rw-r--r--talpid-wireguard/src/wireguard_kernel/parsers.rs15
-rw-r--r--talpid-wireguard/src/wireguard_kernel/wg_message.rs41
-rw-r--r--test/Cargo.lock34
-rw-r--r--test/Cargo.toml2
-rw-r--r--tunnel-obfuscation/Cargo.toml2
-rw-r--r--tunnel-obfuscation/src/shadowsocks.rs12
26 files changed, 162 insertions, 120 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 4af995fc7b..58f435756f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -735,7 +735,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
dependencies = [
"lazy_static",
- "windows-sys 0.48.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -2901,7 +2901,7 @@ dependencies = [
"mullvad-types",
"mullvad-version",
"natord",
- "nix 0.29.0",
+ "nix 0.30.1",
"serde",
"serde_json",
"talpid-types",
@@ -2940,7 +2940,7 @@ dependencies = [
"mullvad-types",
"mullvad-update",
"mullvad-version",
- "nix 0.23.2",
+ "nix 0.30.1",
"notify 8.0.0",
"objc2",
"rand 0.8.5",
@@ -2984,7 +2984,7 @@ dependencies = [
name = "mullvad-exclude"
version = "0.0.0"
dependencies = [
- "nix 0.23.2",
+ "nix 0.30.1",
"talpid-types",
"thiserror 2.0.9",
]
@@ -3039,7 +3039,6 @@ dependencies = [
"mullvad-daemon",
"mullvad-problem-report",
"mullvad-types",
- "nix 0.23.2",
"rand 0.8.5",
"talpid-platform-metadata",
"talpid-tunnel",
@@ -3057,7 +3056,7 @@ dependencies = [
"env_logger 0.11.7",
"futures",
"log",
- "nix 0.29.0",
+ "nix 0.30.1",
"pnet_packet 0.35.0",
"reqwest",
"serde",
@@ -3077,7 +3076,7 @@ dependencies = [
"log",
"mullvad-paths",
"mullvad-types",
- "nix 0.23.2",
+ "nix 0.30.1",
"parity-tokio-ipc",
"prost 0.13.3",
"prost-types 0.13.3",
@@ -3446,7 +3445,6 @@ dependencies = [
"cfg-if",
"cfg_aliases 0.1.1",
"libc",
- "memoffset 0.9.1",
]
[[package]]
@@ -3459,6 +3457,18 @@ dependencies = [
"cfg-if",
"cfg_aliases 0.2.1",
"libc",
+]
+
+[[package]]
+name = "nix"
+version = "0.30.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"
+dependencies = [
+ "bitflags 2.9.0",
+ "cfg-if",
+ "cfg_aliases 0.2.1",
+ "libc",
"memoffset 0.9.1",
]
@@ -5328,8 +5338,7 @@ dependencies = [
"memoffset 0.6.5",
"mnl",
"nftnl",
- "nix 0.23.2",
- "nix 0.28.0",
+ "nix 0.30.1",
"once_cell",
"parking_lot",
"pcap",
@@ -5406,7 +5415,7 @@ version = "0.0.0"
dependencies = [
"libc",
"log",
- "nix 0.29.0",
+ "nix 0.30.1",
"socket2 0.5.8",
"talpid-types",
"thiserror 2.0.9",
@@ -5483,7 +5492,7 @@ dependencies = [
"log",
"netlink-packet-route",
"netlink-sys",
- "nix 0.28.0",
+ "nix 0.30.1",
"rtnetlink",
"system-configuration",
"talpid-types",
@@ -5498,7 +5507,7 @@ dependencies = [
name = "talpid-time"
version = "0.0.0"
dependencies = [
- "nix 0.29.0",
+ "nix 0.30.1",
"tokio",
]
@@ -5589,7 +5598,7 @@ dependencies = [
"netlink-packet-route",
"netlink-packet-utils",
"netlink-proto",
- "nix 0.23.2",
+ "nix 0.30.1",
"once_cell",
"parking_lot",
"proptest",
@@ -6124,7 +6133,7 @@ dependencies = [
"async-trait",
"log",
"mullvad-masque-proxy",
- "nix 0.23.2",
+ "nix 0.30.1",
"shadowsocks",
"thiserror 2.0.9",
"tokio",
diff --git a/Cargo.toml b/Cargo.toml
index e3c1c6a29f..47359e3cf3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -83,12 +83,29 @@ undocumented_unsafe_blocks = "warn"
implicit_clone = "warn"
[workspace.dependencies]
-hickory-proto = "0.24.3"
-hickory-resolver = "0.24.3"
-hickory-server = { version = "0.24.3", features = ["resolver"] }
tokio = { version = "1.44" }
parity-tokio-ipc = "0.9"
futures = "0.3.15"
+vec1 = "1.12"
+sha2 = "0.10"
+chrono = { version = "0.4.26", default-features = false }
+clap = { version = "4.4.18", features = ["cargo", "derive"] }
+once_cell = "1.16"
+serde = "1.0.204"
+serde_json = "1.0.122"
+windows-sys = "0.52.0"
+nix = "0.30.1"
+
+# Networking
+pnet_packet = "0.35.0"
+ipnetwork = "0.20"
+tun = { version = "0.5.5", features = ["async"] }
+socket2 = "0.5.7"
+
+# Hickory & DNS
+hickory-proto = "0.24.3"
+hickory-resolver = "0.24.3"
+hickory-server = { version = "0.24.3", features = ["resolver"] }
# Tonic and related crates
tonic = "0.12.3"
@@ -103,32 +120,17 @@ hyper-util = { version = "0.1.8", features = [
"http1",
] }
+# Errors and logging
env_logger = "0.11.7"
thiserror = "2.0"
anyhow = "1.0"
log = "0.4"
fern = { version = "0.6", default-features = false }
+# Shadowsocks
shadowsocks = "1.20.3"
shadowsocks-service = "1.20.3"
-windows-sys = "0.52.0"
-
-chrono = { version = "0.4.26", default-features = false }
-clap = { version = "4.4.18", features = ["cargo", "derive"] }
-once_cell = "1.16"
-serde = "1.0.204"
-serde_json = "1.0.122"
-
-pnet_packet = "0.35.0"
-ipnetwork = "0.20"
-tun = { version = "0.5.5", features = ["async"] }
-socket2 = "0.5.7"
-
-vec1 = "1.12"
-
-sha2 = "0.10"
-
# Test dependencies
proptest = "1.4"
insta = { version = "1.42", features = ["yaml"] }
diff --git a/mullvad-cli/Cargo.toml b/mullvad-cli/Cargo.toml
index 70e7a63e1a..f777e08ed7 100644
--- a/mullvad-cli/Cargo.toml
+++ b/mullvad-cli/Cargo.toml
@@ -34,7 +34,7 @@ serde_json = { workspace = true }
[target.'cfg(all(unix, not(target_os = "android")))'.dependencies]
clap_complete = { version = "4.4.8" }
-nix = { version = "0.29.0", features = ["signal"] }
+nix = { workspace = true, features = ["signal"] }
[target.'cfg(windows)'.build-dependencies]
winres = "0.1"
diff --git a/mullvad-daemon/Cargo.toml b/mullvad-daemon/Cargo.toml
index d2fd29acea..7921bf9c2c 100644
--- a/mullvad-daemon/Cargo.toml
+++ b/mullvad-daemon/Cargo.toml
@@ -64,7 +64,7 @@ android_logger = "0.8"
hickory-resolver = { workspace = true }
[target.'cfg(unix)'.dependencies]
-nix = "0.23"
+nix = { workspace = true, features = ["signal", "user"] }
simple-signal = "1.1"
[target.'cfg(target_os="linux")'.dependencies]
diff --git a/mullvad-exclude/Cargo.toml b/mullvad-exclude/Cargo.toml
index e758aae58e..1507e0cce7 100644
--- a/mullvad-exclude/Cargo.toml
+++ b/mullvad-exclude/Cargo.toml
@@ -11,6 +11,6 @@ rust-version.workspace = true
workspace = true
[target.'cfg(target_os = "linux")'.dependencies]
-nix = "0.23"
+nix = { workspace = true, features = ["process", "user"] }
thiserror = { workspace = true }
talpid-types = { path = "../talpid-types" }
diff --git a/mullvad-jni/Cargo.toml b/mullvad-jni/Cargo.toml
index 9de530c4d9..92e55f87e6 100644
--- a/mullvad-jni/Cargo.toml
+++ b/mullvad-jni/Cargo.toml
@@ -27,7 +27,6 @@ ipnetwork = { workspace = true }
jnix = { version = "0.5.1", features = ["derive"] }
log = { workspace = true }
log-panics = "2"
-nix = "0.23"
rand = "0.8.5"
mullvad-api = { path = "../mullvad-api" }
diff --git a/mullvad-leak-checker/Cargo.toml b/mullvad-leak-checker/Cargo.toml
index b60fb59673..6e5a8af832 100644
--- a/mullvad-leak-checker/Cargo.toml
+++ b/mullvad-leak-checker/Cargo.toml
@@ -28,7 +28,7 @@ env_logger = { workspace = true }
[target.'cfg(unix)'.dependencies]
pnet_packet.workspace = true
-nix = { version = "0.29.0", features = ["net", "socket", "uio"] }
+nix = { workspace = true, features = ["net", "socket", "uio"] }
[target.'cfg(windows)'.dependencies]
windows-sys = { workspace = true, features = ["Win32_NetworkManagement_Ndis"] }
diff --git a/mullvad-leak-checker/src/traceroute/unix/linux.rs b/mullvad-leak-checker/src/traceroute/unix/linux.rs
index 15894e8eac..9713595482 100644
--- a/mullvad-leak-checker/src/traceroute/unix/linux.rs
+++ b/mullvad-leak-checker/src/traceroute/unix/linux.rs
@@ -313,7 +313,7 @@ impl<'a, S> RecvPacket<'a, S> {
fn recvmsg_with_control_message<'a, S: SockaddrLike + Copy>(
socket: RawFd,
io_vec: &'a mut [IoSliceMut<'_>; 1],
- control_buf: &mut Vec<u8>,
+ control_buf: &mut [u8],
) -> anyhow::Result<Option<RecvPacket<'a, S>>> {
// MSG_ERRQUEUE asks linux to tell us if we get any ICMP error replies to
// our Echo packets.
diff --git a/mullvad-management-interface/Cargo.toml b/mullvad-management-interface/Cargo.toml
index 54a3f496ce..e502ddeecf 100644
--- a/mullvad-management-interface/Cargo.toml
+++ b/mullvad-management-interface/Cargo.toml
@@ -28,7 +28,7 @@ tokio = { workspace = true, features = ["rt"] }
parity-tokio-ipc = { workspace = true }
[target.'cfg(unix)'.dependencies]
-nix = "0.23"
+nix = { workspace = true, features = ["user", "fs"] }
[build-dependencies]
tonic-build = { workspace = true, default-features = false, features = ["transport", "prost"] }
diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml
index 4a11e9125d..a0481cfa27 100644
--- a/talpid-core/Cargo.toml
+++ b/talpid-core/Cargo.toml
@@ -37,7 +37,7 @@ triggered = "0.1.1"
jnix = { version = "0.5.1", features = ["derive"] }
[target.'cfg(target_os = "linux")'.dependencies]
-nix = "0.23"
+nix = { workspace = true, features = ["mount"] }
inotify = "0.10"
resolv-conf = "0.7"
nftnl = { version = "0.7.0", features = ["nftnl-1-1-0"] }
@@ -57,7 +57,7 @@ talpid-platform-metadata = { path = "../talpid-platform-metadata" }
pcap = { version = "2.1", features = ["capture-stream"] }
pnet_packet = { workspace = true }
tun = { workspace = true, features = ["async"] }
-nix = { version = "0.28", features = ["socket", "signal", "user"] }
+nix = { workspace = true, features = ["socket", "signal", "user"] }
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
socket2 = { workspace = true }
diff --git a/talpid-net/Cargo.toml b/talpid-net/Cargo.toml
index 485eaa37d0..ec4f795b40 100644
--- a/talpid-net/Cargo.toml
+++ b/talpid-net/Cargo.toml
@@ -16,4 +16,4 @@ talpid-types = { path = "../talpid-types" }
socket2 = { workspace = true, features = ["all"] }
log = { workspace = true }
thiserror = { workspace = true }
-nix = { version = "0.29", features = ["net"] }
+nix = { workspace = true, features = ["net"] }
diff --git a/talpid-routing/Cargo.toml b/talpid-routing/Cargo.toml
index b4d3e2a747..b46a925488 100644
--- a/talpid-routing/Cargo.toml
+++ b/talpid-routing/Cargo.toml
@@ -28,7 +28,7 @@ netlink-packet-route = { version = "0.13", features = ["rich_nlas"] }
netlink-sys = "0.8.3"
[target.'cfg(target_os = "macos")'.dependencies]
-nix = { version = "0.28", features = ["socket", "fs", "net"] }
+nix = { workspace = true, features = ["socket", "fs", "net"] }
libc = "0.2"
bitflags = "2"
system-configuration = "0.5.1"
diff --git a/talpid-routing/src/unix/macos/routing_socket.rs b/talpid-routing/src/unix/macos/routing_socket.rs
index cfa0f0973f..aa2b6a957a 100644
--- a/talpid-routing/src/unix/macos/routing_socket.rs
+++ b/talpid-routing/src/unix/macos/routing_socket.rs
@@ -158,10 +158,7 @@ struct RoutingSocketInner {
impl RoutingSocketInner {
fn new() -> io::Result<Self> {
let fd = socket(AddressFamily::Route, SockType::Raw, SockFlag::empty(), None)?;
- let _ = fcntl::fcntl(
- fd.as_raw_fd(),
- fcntl::FcntlArg::F_SETFL(fcntl::OFlag::O_NONBLOCK),
- )?;
+ let _ = fcntl::fcntl(&fd, fcntl::FcntlArg::F_SETFL(fcntl::OFlag::O_NONBLOCK))?;
let socket = File::from(fd);
Ok(Self {
socket: AsyncFd::new(socket)?,
diff --git a/talpid-time/Cargo.toml b/talpid-time/Cargo.toml
index 48742abbf3..3b79e3f073 100644
--- a/talpid-time/Cargo.toml
+++ b/talpid-time/Cargo.toml
@@ -19,4 +19,4 @@ test = []
tokio = { workspace = true, features = ["time"] }
[target.'cfg(unix)'.dependencies]
-nix = { version = "0.29", features = ["time"] }
+nix = { workspace = true, features = ["time"] }
diff --git a/talpid-tunnel/src/tun_provider/android/mod.rs b/talpid-tunnel/src/tun_provider/android/mod.rs
index 92e7e73739..7eca3dbba2 100644
--- a/talpid-tunnel/src/tun_provider/android/mod.rs
+++ b/talpid-tunnel/src/tun_provider/android/mod.rs
@@ -13,7 +13,10 @@ use jnix::{
};
use std::{
net::IpAddr,
- os::unix::io::{AsRawFd, RawFd},
+ os::{
+ fd::{AsFd, BorrowedFd},
+ unix::io::{AsRawFd, RawFd},
+ },
sync::Arc,
};
use talpid_routing::Route;
@@ -433,6 +436,16 @@ impl AsRawFd for VpnServiceTun {
}
}
+impl AsFd for VpnServiceTun {
+ fn as_fd(&self) -> BorrowedFd<'_> {
+ // TODO: ensure we uphold the safety requirements of BorrowedFd
+ #[allow(clippy::undocumented_unsafe_blocks)]
+ unsafe {
+ BorrowedFd::borrow_raw(self.as_raw_fd())
+ }
+ }
+}
+
#[derive(FromJava)]
#[jnix(package = "net.mullvad.talpid.model")]
enum CreateTunResult {
diff --git a/talpid-tunnel/src/tun_provider/unix.rs b/talpid-tunnel/src/tun_provider/unix.rs
index 0cee5328c0..82b87fc666 100644
--- a/talpid-tunnel/src/tun_provider/unix.rs
+++ b/talpid-tunnel/src/tun_provider/unix.rs
@@ -7,7 +7,13 @@ mod tun05_imp {
use std::{
net::IpAddr,
ops::Deref,
- os::unix::io::{AsRawFd, RawFd},
+ os::{
+ fd::AsFd,
+ unix::{
+ io::{AsRawFd, RawFd},
+ prelude::BorrowedFd,
+ },
+ },
process::Command,
};
use tun::{Configuration, Device};
@@ -99,6 +105,12 @@ mod tun05_imp {
}
}
+ impl AsFd for UnixTun {
+ fn as_fd(&self) -> BorrowedFd<'_> {
+ self.deref().as_fd()
+ }
+ }
+
/// A tunnel device
pub struct TunnelDevice {
dev: tun::AsyncDevice,
@@ -140,6 +152,16 @@ mod tun05_imp {
}
}
+ impl AsFd for TunnelDevice {
+ fn as_fd(&self) -> BorrowedFd<'_> {
+ // TODO: make sure we uphold safety requirements of BorrowedFd
+ #[allow(clippy::undocumented_unsafe_blocks)]
+ unsafe {
+ BorrowedFd::borrow_raw(self.as_raw_fd())
+ }
+ }
+ }
+
impl AsRawFd for TunnelDevice {
fn as_raw_fd(&self) -> RawFd {
self.dev.get_ref().as_raw_fd()
diff --git a/talpid-wireguard/Cargo.toml b/talpid-wireguard/Cargo.toml
index 5e7cbec526..8784837888 100644
--- a/talpid-wireguard/Cargo.toml
+++ b/talpid-wireguard/Cargo.toml
@@ -49,7 +49,7 @@ git = "https://github.com/mullvad/boringtun"
rev = "c29681df54e1c10ba06d9ca7ff98722c9dcb5a81"
[target.'cfg(unix)'.dependencies]
-nix = "0.23"
+nix = { workspace = true, features = ["fs"] }
libc = "0.2.150"
[target.'cfg(any(target_os = "linux", target_os = "macos"))'.dependencies]
diff --git a/talpid-wireguard/src/boringtun/mod.rs b/talpid-wireguard/src/boringtun/mod.rs
index 7482a26301..0c465cba49 100644
--- a/talpid-wireguard/src/boringtun/mod.rs
+++ b/talpid-wireguard/src/boringtun/mod.rs
@@ -299,8 +299,8 @@ pub fn get_tunnel_for_userspace(
.open_tun()
.map_err(TunnelError::SetupTunnelDevice)?;
- match nix::unistd::dup(tunnel_device.as_raw_fd()) {
- Ok(fd) => return Ok((tunnel_device, fd)),
+ match nix::unistd::dup(&tunnel_device) {
+ Ok(fd) => return Ok((tunnel_device, fd.as_raw_fd())),
#[cfg(not(target_os = "macos"))]
Err(error @ nix::errno::Errno::EBADFD) => last_error = Some(error),
Err(error @ nix::errno::Errno::EBADF) => last_error = Some(error),
diff --git a/talpid-wireguard/src/mtu_detection.rs b/talpid-wireguard/src/mtu_detection.rs
index 11c6625f2c..1f270c66ca 100644
--- a/talpid-wireguard/src/mtu_detection.rs
+++ b/talpid-wireguard/src/mtu_detection.rs
@@ -112,10 +112,14 @@ async fn detect_mtu(
#[cfg(target_os = "macos")]
{
use nix::sys::socket::{setsockopt, sockopt};
- let fd = client.get_socket().get_native_sock();
+ use std::os::fd::BorrowedFd;
+
+ // SAFETY: `surge_ping` promises that the socket is open, and won't close as long as we
+ // hold on to `client`.
+ let fd = unsafe { BorrowedFd::borrow_raw(client.get_socket().get_native_sock()) };
let buf_size = linspace.iter().map(|sz| usize::from(*sz)).sum();
- setsockopt(fd, sockopt::SndBuf, &buf_size).map_err(Error::MtuSetBufferSize)?;
- setsockopt(fd, sockopt::RcvBuf, &buf_size).map_err(Error::MtuSetBufferSize)?;
+ setsockopt(&fd, sockopt::SndBuf, &buf_size).map_err(Error::MtuSetBufferSize)?;
+ setsockopt(&fd, sockopt::RcvBuf, &buf_size).map_err(Error::MtuSetBufferSize)?;
}
// Shared buffer to reduce allocations
diff --git a/talpid-wireguard/src/wireguard_go/mod.rs b/talpid-wireguard/src/wireguard_go/mod.rs
index ced16ab9d3..5b172c4f47 100644
--- a/talpid-wireguard/src/wireguard_go/mod.rs
+++ b/talpid-wireguard/src/wireguard_go/mod.rs
@@ -18,7 +18,7 @@ use std::borrow::Cow;
#[cfg(daita)]
use std::ffi::CString;
#[cfg(unix)]
-use std::os::unix::io::{AsRawFd, RawFd};
+use std::os::unix::io::AsRawFd;
#[cfg(unix)]
use std::sync::{Arc, Mutex};
use std::{
@@ -334,7 +334,7 @@ impl WgGoTunnel {
let handle = wireguard_go_rs::Tunnel::turn_on(
mtu,
&wg_config_str,
- tunnel_fd,
+ tunnel_fd.as_raw_fd(),
Some(logging::wg_go_logging_callback),
logging_context.ordinal,
)
@@ -447,7 +447,7 @@ impl WgGoTunnel {
tun_provider: Arc<Mutex<TunProvider>>,
config: &Config,
#[cfg(not(target_os = "android"))] routes: impl Iterator<Item = IpNetwork>,
- ) -> Result<(Tun, RawFd)> {
+ ) -> Result<(Tun, std::os::fd::OwnedFd)> {
let mut last_error = None;
let mut tun_provider = tun_provider.lock().unwrap();
@@ -486,7 +486,7 @@ impl WgGoTunnel {
.open_tun()
.map_err(TunnelError::SetupTunnelDevice)?;
- match nix::unistd::dup(tunnel_device.as_raw_fd()) {
+ match nix::unistd::dup(&tunnel_device) {
Ok(fd) => return Ok((tunnel_device, fd)),
#[cfg(not(target_os = "macos"))]
Err(error @ nix::errno::Errno::EBADFD) => last_error = Some(error),
@@ -529,7 +529,7 @@ impl WgGoTunnel {
let handle = wireguard_go_rs::Tunnel::turn_on(
&wg_config_str,
- tunnel_fd,
+ tunnel_fd.as_raw_fd(),
Some(logging::wg_go_logging_callback),
logging_context.ordinal,
)
@@ -611,7 +611,7 @@ impl WgGoTunnel {
&exit_config_str,
&entry_config_str,
&private_ip,
- tunnel_fd,
+ tunnel_fd.as_raw_fd(),
Some(logging::wg_go_logging_callback),
logging_context.ordinal,
)
diff --git a/talpid-wireguard/src/wireguard_kernel/parsers.rs b/talpid-wireguard/src/wireguard_kernel/parsers.rs
index a8c16d7d68..a21155bdf9 100644
--- a/talpid-wireguard/src/wireguard_kernel/parsers.rs
+++ b/talpid-wireguard/src/wireguard_kernel/parsers.rs
@@ -1,9 +1,12 @@
use byteorder::{ByteOrder, NativeEndian};
-use nix::sys::{socket::InetAddr, time::TimeSpec};
+use nix::sys::{
+ socket::{SockaddrIn, SockaddrIn6},
+ time::TimeSpec,
+};
use std::{
ffi::{CStr, CString},
mem::{self, transmute},
- net::IpAddr,
+ net::{IpAddr, SocketAddr},
};
pub use netlink_packet_utils::parsers::*;
@@ -35,7 +38,7 @@ pub fn parse_wg_key(buffer: &[u8]) -> Result<[u8; 32], DecodeError> {
}
}
-pub fn parse_inet_sockaddr(buffer: &[u8]) -> Result<InetAddr, DecodeError> {
+pub fn parse_inet_sockaddr(buffer: &[u8]) -> Result<SocketAddr, DecodeError> {
let wrong_len = || {
format!(
"Unexpected length for sockaddr_in: {}, expected {} or {}",
@@ -59,8 +62,9 @@ pub fn parse_inet_sockaddr(buffer: &[u8]) -> Result<InetAddr, DecodeError> {
// SAFETY: sockaddr_in has a defined repr(C) layout and is valid for all bit patterns
let sockaddr: libc::sockaddr_in = unsafe { transmute(*buffer) };
+ let sockaddr = SockaddrIn::from(sockaddr);
- Ok(InetAddr::V4(sockaddr))
+ Ok(SocketAddr::from(sockaddr))
}
AF_INET6 => {
let buffer: &[u8; size_of::<libc::sockaddr_in6>()] =
@@ -68,8 +72,9 @@ pub fn parse_inet_sockaddr(buffer: &[u8]) -> Result<InetAddr, DecodeError> {
// SAFETY: sockaddr_in6 has a defined repr(C) layout and is valid for all bit patterns
let sockaddr: libc::sockaddr_in6 = unsafe { transmute(*buffer) };
+ let sockaddr = SockaddrIn6::from(sockaddr);
- Ok(InetAddr::V6(sockaddr))
+ Ok(SocketAddr::from(sockaddr))
}
unexpected_addr_family => {
Err(format!("Unexpected address family: {unexpected_addr_family}").into())
diff --git a/talpid-wireguard/src/wireguard_kernel/wg_message.rs b/talpid-wireguard/src/wireguard_kernel/wg_message.rs
index e7f81fdc1f..1c9e206a68 100644
--- a/talpid-wireguard/src/wireguard_kernel/wg_message.rs
+++ b/talpid-wireguard/src/wireguard_kernel/wg_message.rs
@@ -9,8 +9,16 @@ use netlink_packet_utils::{
traits::{Emitable, Parseable},
DecodeError,
};
-use nix::sys::{socket::InetAddr, time::TimeSpec};
-use std::{ffi::CString, io::Write, mem, net::IpAddr};
+use nix::sys::{
+ socket::{SockaddrIn, SockaddrIn6},
+ time::TimeSpec,
+};
+use std::{
+ ffi::CString,
+ io::Write,
+ mem,
+ net::{IpAddr, SocketAddr},
+};
/// WireGuard netlink constants
mod constants {
@@ -78,11 +86,10 @@ impl DeviceMessage {
let mut peers = vec![];
for peer in config.peers() {
- let peer_endpoint = InetAddr::from_std(&peer.endpoint);
let allowed_ips = peer.allowed_ips.iter().map(From::from).collect();
let mut peer_nlas = vec![
PeerNla::PublicKey(*peer.public_key.as_bytes()),
- PeerNla::Endpoint(peer_endpoint),
+ PeerNla::Endpoint(peer.endpoint),
PeerNla::AllowedIps(allowed_ips),
PeerNla::Flags(WGPEER_F_REPLACE_ALLOWEDIPS),
];
@@ -333,7 +340,7 @@ pub enum PeerNla {
PublicKey(PublicKey),
PresharedKey(PresharedKey),
Flags(u32),
- Endpoint(InetAddr),
+ Endpoint(SocketAddr),
PersistentKeepaliveInterval(u16),
LastHandshakeTime(TimeSpec),
RxBytes(u64),
@@ -348,8 +355,8 @@ impl Nla for PeerNla {
match self {
PublicKey(key) | PresharedKey(key) => key.len(),
Endpoint(endpoint) => match &endpoint {
- InetAddr::V4(_) => mem::size_of::<libc::sockaddr_in>(),
- InetAddr::V6(_) => mem::size_of::<libc::sockaddr_in6>(),
+ SocketAddr::V4(_) => mem::size_of::<libc::sockaddr_in>(),
+ SocketAddr::V6(_) => mem::size_of::<libc::sockaddr_in6>(),
},
PersistentKeepaliveInterval(_) => 2,
LastHandshakeTime(_) => mem::size_of::<libc::timespec>(),
@@ -384,14 +391,18 @@ impl Nla for PeerNla {
let _ = buffer.write(key).expect("Buffer too small for a key");
}
Flags(value) | ProtocolVersion(value) => NativeEndian::write_u32(buffer, *value),
- Endpoint(endpoint) => match &endpoint {
- InetAddr::V4(sockaddr_in) => {
+ &Endpoint(endpoint) => match endpoint {
+ SocketAddr::V4(addr) => {
+ let sockaddr_in = SockaddrIn::from(addr);
+ let sockaddr_in: &libc::sockaddr_in = sockaddr_in.as_ref();
buffer
// SAFETY: `sockaddr_in` has no padding bytes
.write_all(unsafe { struct_as_slice(sockaddr_in) })
.expect("Buffer too small for sockaddr_in");
}
- InetAddr::V6(sockaddr_in6) => {
+ SocketAddr::V6(addr) => {
+ let sockaddr_in6 = SockaddrIn6::from(addr);
+ let sockaddr_in6: &libc::sockaddr_in6 = sockaddr_in6.as_ref();
buffer
// SAFETY: `sockaddr_in` has no padding bytes
.write_all(unsafe { struct_as_slice(sockaddr_in6) })
@@ -589,7 +600,7 @@ fn ip_addr_to_bytes(addr: &IpAddr) -> Vec<u8> {
mod test {
use super::*;
use nix::sys::time::TimeValLike;
- use std::net::Ipv4Addr;
+ use std::{net::Ipv4Addr, str::FromStr};
#[test]
fn deserialize_netlink_message() {
@@ -721,7 +732,7 @@ mod test {
TxBytes(0),
RxBytes(0),
ProtocolVersion(1),
- Endpoint(InetAddr::from_std(&"192.168.40.1:9797".parse().unwrap())),
+ Endpoint(SocketAddr::from_str("192.168.40.1:9797").unwrap()),
AllowedIps(vec![AllowedIpMessage(vec![
CidrMask(32),
AddressFamily(2),
@@ -743,7 +754,7 @@ mod test {
TxBytes(0),
RxBytes(0),
ProtocolVersion(1),
- Endpoint(InetAddr::from_std(&"192.168.40.2:9797".parse().unwrap())),
+ Endpoint(SocketAddr::from_str("192.168.40.2:9797").unwrap()),
AllowedIps(vec![AllowedIpMessage(vec![
CidrMask(32),
AddressFamily(2),
@@ -784,7 +795,7 @@ mod test {
32, 224, 68, 5, 23, 136, 103, 229, 206, 59, 34, 231, 215, 139, 214, 236, 80, 81,
187, 7, 154, 197, 251, 36, 171, 156, 48, 73, 145, 47, 134, 54,
]),
- Endpoint(InetAddr::from_std(&"192.168.40.1:9797".parse().unwrap())),
+ Endpoint(SocketAddr::from_str("192.168.40.1:9797").unwrap()),
PeerNla::Flags(WGPEER_F_REPLACE_ALLOWEDIPS),
AllowedIps(vec![AllowedIpMessage(vec![
AddressFamily(2),
@@ -798,7 +809,7 @@ mod test {
244, 28, 206, 12, 79, 36, 88, 183, 194, 157, 54, 38, 54, 183, 127, 32, 142, 24,
251, 158, 217, 56, 12, 146, 208, 21, 132, 157, 162, 68, 2, 44,
]),
- Endpoint(InetAddr::from_std(&"192.168.40.2:9797".parse().unwrap())),
+ Endpoint(SocketAddr::from_str("192.168.40.2:9797").unwrap()),
PeerNla::Flags(WGPEER_F_REPLACE_ALLOWEDIPS),
AllowedIps(vec![AllowedIpMessage(vec![
AddressFamily(2),
diff --git a/test/Cargo.lock b/test/Cargo.lock
index dee10ed1cb..0c6560ef46 100644
--- a/test/Cargo.lock
+++ b/test/Cargo.lock
@@ -2009,15 +2009,6 @@ checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
[[package]]
name = "memoffset"
-version = "0.6.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
-dependencies = [
- "autocfg",
-]
-
-[[package]]
-name = "memoffset"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
@@ -2152,7 +2143,7 @@ dependencies = [
"log",
"mullvad-paths",
"mullvad-types",
- "nix 0.23.2",
+ "nix 0.30.1",
"parity-tokio-ipc",
"prost 0.13.3",
"prost-types 0.13.3",
@@ -2245,19 +2236,6 @@ checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03"
[[package]]
name = "nix"
-version = "0.23.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f3790c00a0150112de0f4cd161e3d7fc4b2d8a5542ffc35f099a2562aecb35c"
-dependencies = [
- "bitflags 1.3.2",
- "cc",
- "cfg-if",
- "libc",
- "memoffset 0.6.5",
-]
-
-[[package]]
-name = "nix"
version = "0.26.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "598beaf3cc6fdd9a5dfb1630c2800c7acd31df7aaf0f565796fba2b53ca1af1b"
@@ -2271,9 +2249,9 @@ dependencies = [
[[package]]
name = "nix"
-version = "0.29.0"
+version = "0.30.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"
+checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"
dependencies = [
"bitflags 2.6.0",
"cfg-if",
@@ -3653,7 +3631,7 @@ dependencies = [
name = "talpid-time"
version = "0.0.0"
dependencies = [
- "nix 0.29.0",
+ "nix 0.30.1",
"tokio",
]
@@ -3756,7 +3734,7 @@ dependencies = [
"mullvad-relay-selector",
"mullvad-types",
"mullvad-version",
- "nix 0.29.0",
+ "nix 0.30.1",
"pcap",
"pnet_base",
"pnet_packet",
@@ -3817,7 +3795,7 @@ dependencies = [
"libc",
"log",
"mullvad-paths",
- "nix 0.29.0",
+ "nix 0.30.1",
"parity-tokio-ipc",
"plist",
"rand 0.8.5",
diff --git a/test/Cargo.toml b/test/Cargo.toml
index a46acb7237..26e716df24 100644
--- a/test/Cargo.toml
+++ b/test/Cargo.toml
@@ -84,4 +84,4 @@ bytes = "1.3.0"
async-trait = "0.1.58"
socket2 = "0.5.7"
surge-ping = "0.8"
-nix = { version = "0.29", features = ["ioctl", "socket", "net"] }
+nix = { version = "0.30.1", features = ["ioctl", "socket", "net"] }
diff --git a/tunnel-obfuscation/Cargo.toml b/tunnel-obfuscation/Cargo.toml
index 5ebd2c8d4e..1bee10199b 100644
--- a/tunnel-obfuscation/Cargo.toml
+++ b/tunnel-obfuscation/Cargo.toml
@@ -20,4 +20,4 @@ shadowsocks = { workspace = true }
mullvad-masque-proxy = { path = "../mullvad-masque-proxy" }
[target.'cfg(target_os="linux")'.dependencies]
-nix = "0.23"
+nix = { workspace = true }
diff --git a/tunnel-obfuscation/src/shadowsocks.rs b/tunnel-obfuscation/src/shadowsocks.rs
index f838f96e6e..4f3435184e 100644
--- a/tunnel-obfuscation/src/shadowsocks.rs
+++ b/tunnel-obfuscation/src/shadowsocks.rs
@@ -5,8 +5,6 @@
use super::Obfuscator;
use async_trait::async_trait;
-#[cfg(target_os = "linux")]
-use nix::sys::socket::{setsockopt, sockopt};
use shadowsocks::{
config::{ServerConfig, ServerType},
context::Context,
@@ -17,11 +15,15 @@ use shadowsocks::{
},
ProxySocket,
};
-#[cfg(any(target_os = "android", target_os = "linux"))]
-use std::os::fd::AsRawFd;
use std::{io, net::SocketAddr, sync::Arc};
use tokio::{net::UdpSocket, sync::oneshot};
+#[cfg(target_os = "linux")]
+use nix::sys::socket::{setsockopt, sockopt};
+
+#[cfg(target_os = "android")]
+use std::os::fd::AsRawFd;
+
const SHADOWSOCKS_CIPHER: CipherKind = CipherKind::AES_256_GCM;
const SHADOWSOCKS_PASSWORD: &str = "mullvad";
@@ -181,7 +183,7 @@ async fn create_shadowsocks_socket(
.map_err(Error::BindRemoteUdp)?;
#[cfg(target_os = "linux")]
if let Some(fwmark) = fwmark {
- setsockopt(socket.as_raw_fd(), sockopt::Mark, &fwmark).map_err(Error::SetFwmark)?;
+ setsockopt(&socket, sockopt::Mark, &fwmark).map_err(Error::SetFwmark)?;
}
Ok(socket)
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.