diff options
| author | Emīls Piņķis <emils@mullvad.net> | 2019-05-07 17:34:06 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2019-05-14 22:23:50 +0200 |
| commit | 514d2e6532afed867cb7f7dedf4a77182672496d (patch) | |
| tree | 907053bd30df5478b37c96fea882a9066478244f | |
| parent | b2ef81298070ac01f61515700925cc61647d7232 (diff) | |
| download | mullvadvpn-514d2e6532afed867cb7f7dedf4a77182672496d.tar.xz mullvadvpn-514d2e6532afed867cb7f7dedf4a77182672496d.zip | |
Allow being a DHCPv4 server on Linux
| -rw-r--r-- | talpid-core/src/firewall/linux.rs | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs index 244b320098..a49d0ce578 100644 --- a/talpid-core/src/firewall/linux.rs +++ b/talpid-core/src/firewall/linux.rs @@ -218,7 +218,7 @@ impl<'a> PolicyBatch<'a> { /// policy. pub fn finalize(mut self, policy: &FirewallPolicy) -> Result<FinalizedBatch> { self.add_loopback_rules()?; - self.add_dhcp_rules(); + self.add_dhcp_client_rules(); self.add_policy_specific_rules(policy)?; Ok(self.batch.finalize()) @@ -237,8 +237,9 @@ impl<'a> PolicyBatch<'a> { Ok(()) } - fn add_dhcp_rules(&mut self) { + fn add_dhcp_client_rules(&mut self) { use self::TransportProtocol::Udp; + // Outgoing DHCPv4 request { let mut out_v4 = Rule::new(&self.out_chain); check_port(&mut out_v4, Udp, End::Src, super::DHCPV4_CLIENT_PORT); @@ -247,6 +248,7 @@ impl<'a> PolicyBatch<'a> { add_verdict(&mut out_v4, &Verdict::Accept); self.batch.add(&out_v4, nftnl::MsgType::Add); } + // Incoming DHCPv4 response { let mut in_v4 = Rule::new(&self.in_chain); check_port(&mut in_v4, Udp, End::Src, super::DHCPV4_SERVER_PORT); @@ -254,6 +256,7 @@ impl<'a> PolicyBatch<'a> { add_verdict(&mut in_v4, &Verdict::Accept); self.batch.add(&in_v4, nftnl::MsgType::Add); } + for dhcpv6_server in &*super::DHCPV6_SERVER_ADDRS { let mut out_v6 = Rule::new(&self.out_chain); check_net(&mut out_v6, End::Src, *super::IPV6_LINK_LOCAL); @@ -486,6 +489,31 @@ impl<'a> PolicyBatch<'a> { add_verdict(&mut rule, &Verdict::Accept); self.batch.add(&rule, nftnl::MsgType::Add); } + self.add_dhcp_server_rules(); + } + + fn add_dhcp_server_rules(&mut self) { + use TransportProtocol::Udp; + // Outgoing DHCPv4 response + { + let mut out_v4 = Rule::new(&self.out_chain); + check_port(&mut out_v4, Udp, End::Src, super::DHCPV4_SERVER_PORT); + check_port(&mut out_v4, Udp, End::Dst, super::DHCPV4_CLIENT_PORT); + add_verdict(&mut out_v4, &Verdict::Accept); + self.batch.add(&out_v4, nftnl::MsgType::Add); + } + // Incoming DHCPv4 request + { + let mut in_v4 = Rule::new(&self.in_chain); + check_port(&mut in_v4, Udp, End::Src, super::DHCPV4_CLIENT_PORT); + check_endpoint( + &mut in_v4, + End::Dst, + &Endpoint::new(Ipv4Addr::BROADCAST, super::DHCPV4_SERVER_PORT, Udp), + ); + add_verdict(&mut in_v4, &Verdict::Accept); + self.batch.add(&in_v4, nftnl::MsgType::Add); + } } } |