diff options
| author | Andrej Mihajlov <and@mullvad.net> | 2017-08-17 19:35:00 +0100 |
|---|---|---|
| committer | Andrej Mihajlov <and@mullvad.net> | 2017-08-17 19:35:00 +0100 |
| commit | 3416c0c69d33c3247a7e5687dc6778a18d2a693f (patch) | |
| tree | d8dd11c5947b3db9cb663343025e11e37f48732b | |
| parent | d49fb3baa06f482f3e839de7a1cda989b884e8f2 (diff) | |
| parent | ec89d6571d68c07db9b9380aaf4c7bb21ca1b26a (diff) | |
| download | mullvadvpn-3416c0c69d33c3247a7e5687dc6778a18d2a693f.tar.xz mullvadvpn-3416c0c69d33c3247a7e5687dc6778a18d2a693f.zip | |
Merge branch 'spm'
| -rw-r--r-- | Cargo.lock | 267 | ||||
| -rw-r--r-- | mullvad-daemon/src/main.rs | 29 | ||||
| -rw-r--r-- | talpid-core/Cargo.toml | 3 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 150 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 67 | ||||
| -rw-r--r-- | talpid-core/src/firewall/unix.rs | 21 | ||||
| -rw-r--r-- | talpid-core/src/firewall/windows.rs | 21 | ||||
| -rw-r--r-- | talpid-core/src/lib.rs | 6 |
8 files changed, 543 insertions, 21 deletions
diff --git a/Cargo.lock b/Cargo.lock index b4c1afb5e8..6c54d1219c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -39,12 +39,20 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "aster" +version = "0.41.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "atty" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -57,7 +65,7 @@ dependencies = [ "cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", "dbghelp-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "rustc-demangle 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -68,7 +76,27 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "gcc 0.3.51 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "bindgen" +version = "0.29.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "aster 0.41.0 (registry+https://github.com/rust-lang/crates.io-index)", + "cexpr 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", + "clang-sys 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)", + "clap 2.25.0 (registry+https://github.com/rust-lang/crates.io-index)", + "env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", + "peeking_take_while 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", + "quasi 0.32.0 (registry+https://github.com/rust-lang/crates.io-index)", + "quasi_codegen 0.32.0 (registry+https://github.com/rust-lang/crates.io-index)", + "regex 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -78,6 +106,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "bitflags" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "bitflags" version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -96,6 +129,14 @@ dependencies = [ ] [[package]] +name = "cexpr" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "nom 3.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "cfg-if" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -110,6 +151,17 @@ dependencies = [ ] [[package]] +name = "clang-sys" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", + "glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", + "libloading 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "clap" version = "2.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -131,7 +183,7 @@ version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -145,6 +197,25 @@ dependencies = [ ] [[package]] +name = "derive_builder" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "derive_builder_core 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", + "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", + "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "derive_builder_core" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", + "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "dtoa" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -155,7 +226,7 @@ version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "lazycell 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "os_pipe 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", "shared_child 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -170,6 +241,16 @@ dependencies = [ ] [[package]] +name = "errno" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", + "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "error-chain" version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -201,6 +282,11 @@ version = "0.3.51" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "glob" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "globset" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -228,15 +314,25 @@ dependencies = [ ] [[package]] +name = "ioctl-sys" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "iovec" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] +name = "ipnetwork" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "itoa" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -330,8 +426,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "libc" -version = "0.2.24" +version = "0.2.29" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "libloading" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", + "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", +] [[package]] name = "log" @@ -348,7 +454,7 @@ name = "memchr" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -359,7 +465,7 @@ dependencies = [ "iovec 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazycell 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", "miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "net2 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", @@ -442,7 +548,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", "ws2_32-sys 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -454,11 +560,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", "cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] +name = "nom" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "memchr 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "num" version = "0.1.39" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -543,18 +657,57 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", "smallvec 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] +name = "peeking_take_while" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "percent-encoding" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "pfctl" +version = "0.1.0" +source = "git+ssh://git@github.com/mullvad/pfctl-rs.git#19f9b6104cf4ba903b7f1d96cec87779eff7ae08" +dependencies = [ + "bindgen 0.29.0 (registry+https://github.com/rust-lang/crates.io-index)", + "derive_builder 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", + "errno 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", + "error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", + "ioctl-sys 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)", + "ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "quasi" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "syntex_errors 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "quasi_codegen" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "aster 0.41.0 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_errors 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "quote" version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -564,7 +717,7 @@ name = "rand" version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -650,7 +803,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -669,7 +822,7 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "lazy_static 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -711,6 +864,48 @@ dependencies = [ ] [[package]] +name = "syntex" +version = "0.58.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "syntex_errors 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "syntex_errors" +version = "0.58.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", + "rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_pos 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "term 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", + "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "syntex_pos" +version = "0.58.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "syntex_syntax" +version = "0.58.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "bitflags 0.8.2 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", + "rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_errors 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "syntex_pos 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)", + "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "talpid-core" version = "0.1.0" dependencies = [ @@ -720,10 +915,11 @@ dependencies = [ "jsonrpc-core 7.0.1 (git+https://github.com/paritytech/jsonrpc)", "jsonrpc-macros 7.0.1 (git+https://github.com/paritytech/jsonrpc)", "lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", "mktemp 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "openvpn-plugin 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "pfctl 0.1.0 (git+ssh://git@github.com/mullvad/pfctl-rs.git)", "talpid-ipc 0.1.0", ] @@ -745,12 +941,21 @@ dependencies = [ ] [[package]] +name = "term" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "term_size" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -769,7 +974,7 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "redox_syscall 0.1.20 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -788,7 +993,7 @@ version = "0.1.38" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)", "redox_syscall 0.1.20 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -949,30 +1154,41 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum ansi_term 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "23ac7c30002a5accbf7e8987d0632fa6de155b7c3d39d0067317a391e00a2ef6" "checksum app_dirs 1.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b7d1c0d48a81bbb13043847f957971f4d87c81542d80ece5e84ba3cba4058fd4" "checksum assert_matches 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9e772942dccdf11b368c31e044e4fca9189f80a773d2f0808379de65894cbf57" +"checksum aster 0.41.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4ccfdf7355d9db158df68f976ed030ab0f6578af811f5a7bb6dcf221ec24e0e0" "checksum atty 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "d912da0db7fa85514874458ca3651fe2cddace8d0b0505571dbdcd41ab490159" "checksum backtrace 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "72f9b4182546f4b04ebc4ab7f84948953a118bd6021a1b6a6c909e3e94f6be76" "checksum backtrace-sys 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)" = "3a0d842ea781ce92be2bf78a9b38883948542749640b8378b3b2f03d1fd9f1ff" +"checksum bindgen 0.29.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0c338079dafc81bef7d581f494b906603d12359c4306979eae6ca081925a4984" "checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d" +"checksum bitflags 0.8.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1370e9fc2a6ae53aea8b7a5110edbd08836ed87c88736dfabccade1c2b44bff4" "checksum bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5" "checksum byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c40977b0ee6b9885c9013cd41d9feffdd22deb3bb4dc3a71d901cc7a77de18c8" "checksum bytes 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8b24f16593f445422331a5eed46b72f7f171f910fead4f2ea8f17e727e9c5c14" +"checksum cexpr 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "cdbb21df6ff3497a61df5059994297f746267020ba38ce237aad9c875f7b4313" "checksum cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "d4c819a1287eb618df47cc647173c5c4c66ba19d888a6e50d605672aed3140de" "checksum chrono 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7c20ebe0b2b08b0aeddba49c609fe7957ba2e33449882cb186a180bc60682fa9" +"checksum clang-sys 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)" = "611ec2e3a7623afd8a8c0d027887b6b55759d894abbf5fe11b9dc11b50d5b49a" "checksum clap 2.25.0 (registry+https://github.com/rust-lang/crates.io-index)" = "867a885995b4184be051b70a592d4d70e32d7a188db6e8dff626af286a962771" "checksum ctrlc 3.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1c663ee353d7e03e4f895af66ff7d3537f94c09deaa341a2f450684a3d45cb46" "checksum dbghelp-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "97590ba53bcb8ac28279161ca943a924d1fd4a8fb3fa63302591647c4fc5b850" +"checksum derive_builder 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "03600ae366b6eb2314e54d62adc833d9866da03798acc61c61789654ceaa227a" +"checksum derive_builder_core 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "eed37eae64daa5511467b1a55cebdf472deeaef108d22f62f25e8bbcaffd56ac" "checksum dtoa 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "80c8b71fd71146990a9742fc06dcbbde19161a267e0ad4e572c35162f4578c90" "checksum duct 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e2f3154a9285e24d7c3aba0dca9a13adf2ba6160cce3490b157c8b37a0f80e85" "checksum env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3ddf21e73e016298f5cb37d6ef8e8da8e39f91f9ec8b0df44b7deb16a9f8cd5b" +"checksum errno 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "b2c858c42ac0b88532f48fca88b0ed947cad4f1f64d904bcd6c9f138f7b95d70" "checksum error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8" "checksum fern 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "89273e0d0e210f69600048a209a00e163560b51e3ef51c3942304e9b8aa8b47a" "checksum fnv 1.0.5 (registry+https://github.com/rust-lang/crates.io-index)" = "6cc484842f1e2884faf56f529f960cc12ad8c71ce96cc7abba0a067c98fee344" "checksum futures 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)" = "4b63a4792d4f8f686defe3b39b92127fea6344de5d38202b2ee5a11bbbf29d6a" "checksum gcc 0.3.51 (registry+https://github.com/rust-lang/crates.io-index)" = "120d07f202dcc3f72859422563522b66fe6463a4c513df062874daad05f85f0a" +"checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" "checksum globset 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "90d069fe6beb9be359ef505650b3f73228c5591a3c4b1f32be2f4f44459ffa3a" "checksum httparse 1.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "af2f2dd97457e8fb1ae7c5a420db346af389926e36f43768b96f101546b04a07" "checksum idna 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "2233d4940b1f19f0418c158509cd7396b8d70a5db5705ce410914dc8fa603b37" +"checksum ioctl-sys 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)" = "5e2c4b26352496eaaa8ca7cfa9bd99e93419d3f7983dc6e99c2a35fe9e33504a" "checksum iovec 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "29d062ee61fccdf25be172e70f34c9f6efc597e1fb8f6526e8437b2046ab26be" +"checksum ipnetwork 0.12.6 (registry+https://github.com/rust-lang/crates.io-index)" = "232e76922883005380e831068f731ef0305541c9f77b30df3a1635047b16f370" "checksum itoa 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "eb2f404fbc66fd9aac13e998248505e7ecb2ad8e44ab6388684c5fb11c6c251c" "checksum jsonrpc-core 7.0.1 (git+https://github.com/paritytech/jsonrpc)" = "<none>" "checksum jsonrpc-macros 7.0.1 (git+https://github.com/paritytech/jsonrpc)" = "<none>" @@ -984,7 +1200,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "3b37545ab726dd833ec6420aaba8231c5b320814b9029ad585555d2a03e94fbf" "checksum lazycell 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ce12306c4739d86ee97c23139f3a34ddf0387bbf181bc7929d287025a8c3ef6b" "checksum lazycell 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "3b585b7a6811fb03aa10e74b278a0f00f8dd9b45dc681f148bb29fa5cb61859b" -"checksum libc 0.2.24 (registry+https://github.com/rust-lang/crates.io-index)" = "38f5c2b18a287cf78b4097db62e20f43cace381dc76ae5c0a3073067f78b7ddc" +"checksum libc 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)" = "8a014d9226c2cc402676fbe9ea2e15dd5222cd1dd57f576b5b283178c944a264" +"checksum libloading 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "be99f814beb3e9503a786a592c909692bb6d4fc5a695f6ed7987223acfbd5194" "checksum log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)" = "880f77541efa6e5cc74e76910c9884d9859683118839d6a1dc3b11e63512565b" "checksum matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376" "checksum memchr 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1dbccc0e46f1ea47b9f17e6d67c5a96bd27030519c519c9c91327e31275a47b4" @@ -993,6 +1210,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum mktemp 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "77001ceb9eed65439f3dc2a2543f9ba1417d912686bf224a7738d0966e6dcd69" "checksum net2 0.2.29 (registry+https://github.com/rust-lang/crates.io-index)" = "bc01404e7568680f1259aa5729539f221cb1e6d047a0d9053cab4be8a73b5d67" "checksum nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "47e49f6982987135c5e9620ab317623e723bd06738fd85377e8d55f57c8b6487" +"checksum nom 3.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "06989cbd367e06f787a451f3bc67d8c3e0eaa10b461cc01152ffab24261a31b1" "checksum num 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "2c3a3dc9f30bf824141521b30c908a859ab190b76e20435fcd89f35eb6583887" "checksum num-integer 0.1.34 (registry+https://github.com/rust-lang/crates.io-index)" = "ef1a4bf6f9174aa5783a9b4cc892cacd11aebad6c69ad027a0b65c6ca5f8aa37" "checksum num-iter 0.1.33 (registry+https://github.com/rust-lang/crates.io-index)" = "f7d1891bd7b936f12349b7d1403761c8a0b85a18b148e9da4429d5d102c1a41e" @@ -1003,7 +1221,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum owning_ref 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "cdf84f41639e037b484f93433aa3897863b561ed65c6e59c7073d7c561710f37" "checksum parking_lot 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "37f364e2ce5efa24c7d0b6646d5bb61145551a0112f107ffd7499f1a3e322fbd" "checksum parking_lot_core 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0ad2c4d148942b3560034785bf19df586ebba53351e8c78f84984147d5795eef" +"checksum peeking_take_while 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" "checksum percent-encoding 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "de154f638187706bde41d9b4738748933d64e6b37bdbffc0b47a97d16a6ae356" +"checksum pfctl 0.1.0 (git+ssh://git@github.com/mullvad/pfctl-rs.git)" = "<none>" +"checksum quasi 0.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "18c45c4854d6d1cf5d531db97c75880feb91c958b0720f4ec1057135fec358b3" +"checksum quasi_codegen 0.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "51b9e25fa23c044c1803f43ca59c98dac608976dd04ce799411edd58ece776d4" "checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a" "checksum rand 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "022e0636ec2519ddae48154b028864bdce4eaf7d35226ab8e65c611be97b189d" "checksum redox_syscall 0.1.20 (registry+https://github.com/rust-lang/crates.io-index)" = "1eb6b797b89e9c92681e837851e906e9788c748391deaba7f5b66f264e390249" @@ -1026,6 +1248,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum strsim 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b4d15c810519a91cf877e7e36e63fe068815c678181439f2f29e2562147c3694" "checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad" "checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" +"checksum syntex 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)" = "a8f5e3aaa79319573d19938ea38d068056b826db9883a5d47f86c1cecc688f0e" +"checksum syntex_errors 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)" = "867cc5c2d7140ae7eaad2ae9e8bf39cb18a67ca651b7834f88d46ca98faadb9c" +"checksum syntex_pos 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)" = "13ad4762fe52abc9f4008e85c4fb1b1fe3aa91ccb99ff4826a439c7c598e1047" +"checksum syntex_syntax 0.58.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6e0e4dbae163dd98989464c23dd503161b338790640e11537686f2ef0f25c791" +"checksum term 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "fa63644f74ce96fbeb9b794f66aff2a52d601cbd5e80f4b97123e3899f4570f1" "checksum term_size 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2b6b55df3198cc93372e85dd2ed817f0e38ce8cc0f22eb32391bfad9c4bf209" "checksum textwrap 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f86300c3e7416ee233abd7cda890c492007a3980f941f79185c753a701257167" "checksum thread-id 3.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2af4d6289a69a35c4d3aea737add39685f2784122c28119a7713165a63d68c9d" diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index 7ec19da7bd..3479a231a1 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -41,6 +41,7 @@ use std::path::PathBuf; use std::sync::{Arc, Mutex, mpsc}; use std::thread; +use talpid_core::firewall::{Firewall, FirewallProxy, SecurityPolicy}; use talpid_core::mpsc::IntoSender; use talpid_core::net::{Endpoint, TransportProtocol}; use talpid_core::tunnel::{self, TunnelEvent, TunnelMonitor}; @@ -60,6 +61,9 @@ error_chain!{ description("Error in the management interface") display("Management interface error: {}", msg) } + FirewallError { + description("Firewall error") + } InvalidSettings(msg: &'static str) { description("Invalid settings") display("Invalid Settings: {}", msg) @@ -147,6 +151,8 @@ struct Daemon { tx: mpsc::Sender<DaemonEvent>, management_interface_broadcaster: management_interface::EventBroadcaster, settings: settings::Settings, + firewall: FirewallProxy, + remote_endpoint: Option<Endpoint>, // Just for testing. A cyclic iterator iterating over the hardcoded remotes, // picking a new one for each retry. @@ -172,7 +178,10 @@ impl Daemon { rx, tx, management_interface_broadcaster, + firewall: FirewallProxy::new() + .chain_err(|| ErrorKind::FirewallError)?, settings: settings::Settings::load().chain_err(|| "Unable to read settings")?, + remote_endpoint: None, remote_iter: REMOTES.iter().cloned().cycle(), }, ) @@ -241,6 +250,9 @@ impl Daemon { fn handle_tunnel_event(&mut self, tunnel_event: TunnelEvent) -> Result<()> { info!("Tunnel event: {:?}", tunnel_event); if self.state == TunnelState::Connecting && tunnel_event == TunnelEvent::Up { + let remote = self.remote_endpoint.unwrap(); + let tunnel_interface = "utun1".to_owned(); + self.set_security_policy(SecurityPolicy::Connected(remote, tunnel_interface))?; self.set_state(TunnelState::Connected) } else if self.state == TunnelState::Connected && tunnel_event == TunnelEvent::Down { self.kill_tunnel() @@ -253,6 +265,8 @@ impl Daemon { if let Err(e) = result.chain_err(|| "Tunnel exited in an unexpected way") { error!("{}", e.display()); } + self.remote_endpoint = None; + self.reset_security_policy()?; self.tunnel_close_handle = None; self.set_state(TunnelState::NotRunning) } @@ -411,10 +425,13 @@ impl Daemon { let account_token = self.settings .get_account_token() .ok_or(ErrorKind::InvalidSettings("No account token"))?; + self.set_security_policy(SecurityPolicy::Connecting(remote))?; let tunnel_monitor = self.spawn_tunnel_monitor(remote, &account_token)?; self.tunnel_close_handle = Some(tunnel_monitor.close_handle()); self.spawn_tunnel_monitor_wait_thread(tunnel_monitor); - self.set_state(TunnelState::Connecting) + self.set_state(TunnelState::Connecting)?; + self.remote_endpoint = Some(remote); + Ok(()) } fn spawn_tunnel_monitor(&self, remote: Endpoint, account_token: &str) -> Result<TunnelMonitor> { @@ -459,6 +476,16 @@ impl Daemon { pub fn shutdown_handle(&self) -> DaemonShutdownHandle { DaemonShutdownHandle { tx: self.tx.clone() } } + + fn set_security_policy(&mut self, policy: SecurityPolicy) -> Result<()> { + debug!("Set security policy: {:?}", policy); + self.firewall.apply_policy(policy).chain_err(|| ErrorKind::FirewallError) + } + + fn reset_security_policy(&mut self) -> Result<()> { + debug!("Reset security policy"); + self.firewall.reset_policy().chain_err(|| ErrorKind::FirewallError) + } } struct DaemonShutdownHandle { diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml index 96c30924e2..d8541001d1 100644 --- a/talpid-core/Cargo.toml +++ b/talpid-core/Cargo.toml @@ -19,5 +19,8 @@ talpid-ipc = { path = "../talpid-ipc" } [target.'cfg(unix)'.dependencies] libc = "0.2.20" +[target.'cfg(target_os = "macos")'.dependencies] +pfctl = { git = "ssh://git@github.com/mullvad/pfctl-rs.git" } + [dev-dependencies] assert_matches = "1.0" diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs new file mode 100644 index 0000000000..3bf6bc8db6 --- /dev/null +++ b/talpid-core/src/firewall/macos.rs @@ -0,0 +1,150 @@ +use super::{Firewall, SecurityPolicy}; +use net; +use pfctl; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = PacketFilter; +pub use pfctl::{Error, ErrorKind, Result}; + +const ANCHOR_NAME: &'static str = "talpid_core"; + +impl From<net::Endpoint> for pfctl::Endpoint { + fn from(endpoint: net::Endpoint) -> Self { + pfctl::Endpoint( + pfctl::Ip::from(endpoint.address.ip()), + pfctl::Port::from(endpoint.address.port()), + ) + } +} + +impl From<net::Endpoint> for pfctl::Proto { + fn from(endpoint: net::Endpoint) -> Self { + match endpoint.protocol { + net::TransportProtocol::Udp => pfctl::Proto::Udp, + net::TransportProtocol::Tcp => pfctl::Proto::Tcp, + } + } +} + +pub struct PacketFilter { + pf: pfctl::PfCtl, + pf_was_enabled: Option<bool>, +} + +impl Firewall<Error> for PacketFilter { + fn new() -> Result<Self> { + Ok( + PacketFilter { + pf: pfctl::PfCtl::new()?, + pf_was_enabled: None, + }, + ) + } + + fn apply_policy(&mut self, policy: SecurityPolicy) -> Result<()> { + self.enable()?; + self.add_anchor()?; + self.set_rules(policy) + } + + fn reset_policy(&mut self) -> Result<()> { + vec![ + self.remove_rules(), + self.remove_anchor(), + self.restore_state(), + ] + .into_iter() + .collect::<Result<Vec<_>>>() + .map(|_| ()) + } +} + +impl PacketFilter { + fn set_rules(&mut self, policy: SecurityPolicy) -> Result<()> { + let drop_all_rule = pfctl::FilterRuleBuilder::default() + .action(pfctl::RuleAction::Drop) + .quick(true) + .build()?; + let allow_dns_rule = pfctl::FilterRuleBuilder::default() + .action(pfctl::RuleAction::Pass) + .direction(pfctl::Direction::Out) + .quick(true) + .to(pfctl::Port::One(53, pfctl::PortUnaryModifier::Equal)) + .keep_state(pfctl::StatePolicy::Keep) + .build()?; + let mut new_rules = self.get_loopback_rules()?; + + match policy { + SecurityPolicy::Connecting(relay_endpoint) => { + new_rules.push(Self::get_relay_rule(relay_endpoint)?); + } + SecurityPolicy::Connected(relay_endpoint, tunnel_interface) => { + new_rules.push(Self::get_relay_rule(relay_endpoint)?); + new_rules.push(Self::get_tunnel_rule(tunnel_interface)?); + } + }; + + new_rules.push(allow_dns_rule); + new_rules.push(drop_all_rule); + + self.pf.set_rules(ANCHOR_NAME, &new_rules) + } + + fn get_relay_rule(relay_endpoint: net::Endpoint) -> Result<pfctl::FilterRule> { + pfctl::FilterRuleBuilder::default() + .action(pfctl::RuleAction::Pass) + .direction(pfctl::Direction::Out) + .to(relay_endpoint) + .proto(relay_endpoint) + .keep_state(pfctl::StatePolicy::Keep) + .quick(true) + .build() + } + + fn get_tunnel_rule(tunnel_interface: String) -> Result<pfctl::FilterRule> { + pfctl::FilterRuleBuilder::default() + .action(pfctl::RuleAction::Pass) + .interface(tunnel_interface) + .keep_state(pfctl::StatePolicy::Keep) + .quick(true) + .build() + } + + fn get_loopback_rules(&self) -> Result<Vec<pfctl::FilterRule>> { + let lo0_rule = pfctl::FilterRuleBuilder::default() + .action(pfctl::RuleAction::Pass) + .interface("lo0") + .keep_state(pfctl::StatePolicy::Keep) + .quick(true) + .build()?; + Ok(vec![lo0_rule]) + } + + fn remove_rules(&mut self) -> Result<()> { + // remove_anchor() does not deactivate active rules + self.pf.flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Filter) + } + + fn enable(&mut self) -> Result<()> { + if self.pf_was_enabled.is_none() { + self.pf_was_enabled = Some(self.pf.is_enabled()?); + } + self.pf.try_enable() + } + + fn restore_state(&mut self) -> Result<()> { + match self.pf_was_enabled.take() { + Some(true) => self.pf.try_enable(), + Some(false) => self.pf.try_disable(), + None => Ok(()), + } + } + + fn add_anchor(&mut self) -> Result<()> { + self.pf.try_add_anchor(ANCHOR_NAME, pfctl::AnchorKind::Filter) + } + + fn remove_anchor(&mut self) -> Result<()> { + self.pf.try_remove_anchor(ANCHOR_NAME, pfctl::AnchorKind::Filter) + } +} diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs new file mode 100644 index 0000000000..16b8139453 --- /dev/null +++ b/talpid-core/src/firewall/mod.rs @@ -0,0 +1,67 @@ +use net::Endpoint; + +#[cfg(target_os = "macos")] +#[path = "macos.rs"] +mod imp; + +#[cfg(all(unix, not(target_os = "macos")))] +#[path = "unix.rs"] +mod imp; + +#[cfg(windows)] +#[path = "windows.rs"] +mod imp; + +error_chain!{ + errors { + /// Initialization error + FirewallInitError { + description("Failed to initialize firewall") + } + /// Firewall configuration error + FirewallConfigurationError { + description("Failed to configure firewall") + } + } +} + +/// A enum that describes firewall rules strategy +#[derive(Debug, Clone, Eq, PartialEq)] +pub enum SecurityPolicy { + /// Allow traffic only to relay server + Connecting(Endpoint), + + /// Allow traffic only to relay server and over tunnel interface + Connected(Endpoint, String), +} + +/// Abstract firewall interaction trait +pub trait Firewall<E: ::std::error::Error> { + /// Create new instance of Firewall + fn new() -> ::std::result::Result<Self, E> where Self: Sized; + + /// Enable firewall and set firewall rules based on SecurityPolicy + fn apply_policy(&mut self, policy: SecurityPolicy) -> ::std::result::Result<(), E>; + + /// Remove firewall rules applied by active SecurityPolicy and + /// revert firewall to its original state + fn reset_policy(&mut self) -> ::std::result::Result<(), E>; +} + +/// An abstraction around platform specific firewall implementation +pub struct FirewallProxy(Box<Firewall<imp::Error>>); + +impl Firewall<Error> for FirewallProxy { + fn new() -> Result<Self> { + let firewall = imp::ConcreteFirewall::new().chain_err(|| ErrorKind::FirewallInitError)?; + Ok(FirewallProxy(Box::new(firewall) as Box<Firewall<_>>)) + } + + fn apply_policy(&mut self, policy: SecurityPolicy) -> Result<()> { + self.0.apply_policy(policy).chain_err(|| ErrorKind::FirewallConfigurationError) + } + + fn reset_policy(&mut self) -> Result<()> { + self.0.reset_policy().chain_err(|| ErrorKind::FirewallConfigurationError) + } +} diff --git a/talpid-core/src/firewall/unix.rs b/talpid-core/src/firewall/unix.rs new file mode 100644 index 0000000000..7550c3c051 --- /dev/null +++ b/talpid-core/src/firewall/unix.rs @@ -0,0 +1,21 @@ +use super::{Firewall, SecurityPolicy}; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = Netfilter; + +error_chain!{} + +pub struct Netfilter; +impl Firewall<Error> for Netfilter { + fn new() -> Result<Self> { + Ok(Netfilter) + } + + fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> { + Ok(()) + } + + fn reset_policy(&mut self) -> Result<()> { + Ok(()) + } +} diff --git a/talpid-core/src/firewall/windows.rs b/talpid-core/src/firewall/windows.rs new file mode 100644 index 0000000000..3405ba12c0 --- /dev/null +++ b/talpid-core/src/firewall/windows.rs @@ -0,0 +1,21 @@ +use super::{Firewall, SecurityPolicy}; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = WindowsFirewall; + +error_chain!{} + +pub struct WindowsFirewall; +impl Firewall<Error> for WindowsFirewall { + fn new() -> Result<Self> { + Ok(WindowsFirewall) + } + + fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> { + Ok(()) + } + + fn reset_policy(&mut self) -> Result<()> { + Ok(()) + } +} diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs index 29ab0377e5..cbdc08886e 100644 --- a/talpid-core/src/lib.rs +++ b/talpid-core/src/lib.rs @@ -23,6 +23,9 @@ extern crate jsonrpc_macros; extern crate talpid_ipc; extern crate openvpn_plugin; +#[cfg(target_os = "macos")] +extern crate pfctl; + /// Working with processes. pub mod process; @@ -34,3 +37,6 @@ pub mod tunnel; /// Abstractions and extra features on `std::mpsc` pub mod mpsc; + +/// Abstractions over different firewalls +pub mod firewall; |