diff options
| author | David Lönnhager <david.l@mullvad.net> | 2021-04-12 13:46:13 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2021-04-16 17:41:48 +0200 |
| commit | de8de4409bcddd62d3e91807b9c209bda6b573c3 (patch) | |
| tree | 9ad075cb89f74048ffdddaf2109a3eeec84b49f5 | |
| parent | b2c03da75a65a441fd8ff0a94a9e278dc021036d (diff) | |
| download | mullvadvpn-de8de4409bcddd62d3e91807b9c209bda6b573c3.tar.xz mullvadvpn-de8de4409bcddd62d3e91807b9c209bda6b573c3.zip | |
Forward DHCP traffic
| -rw-r--r-- | talpid-core/src/firewall/linux.rs | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs index b5f5c1fcfc..27787dffdd 100644 --- a/talpid-core/src/firewall/linux.rs +++ b/talpid-core/src/firewall/linux.rs @@ -476,8 +476,8 @@ impl<'a> PolicyBatch<'a> { fn add_dhcp_client_rules(&mut self) { use self::TransportProtocol::Udp; // Outgoing DHCPv4 request - { - let mut out_v4 = Rule::new(&self.out_chain); + for chain in &[&self.out_chain, &self.forward_chain] { + let mut out_v4 = Rule::new(chain); check_port(&mut out_v4, Udp, End::Src, super::DHCPV4_CLIENT_PORT); check_ip(&mut out_v4, End::Dst, IpAddr::V4(Ipv4Addr::BROADCAST)); check_port(&mut out_v4, Udp, End::Dst, super::DHCPV4_SERVER_PORT); @@ -493,14 +493,16 @@ impl<'a> PolicyBatch<'a> { self.batch.add(&in_v4, nftnl::MsgType::Add); } - for dhcpv6_server in &*super::DHCPV6_SERVER_ADDRS { - let mut out_v6 = Rule::new(&self.out_chain); - check_net(&mut out_v6, End::Src, *super::IPV6_LINK_LOCAL); - check_port(&mut out_v6, Udp, End::Src, super::DHCPV6_CLIENT_PORT); - check_ip(&mut out_v6, End::Dst, *dhcpv6_server); - check_port(&mut out_v6, Udp, End::Dst, super::DHCPV6_SERVER_PORT); - add_verdict(&mut out_v6, &Verdict::Accept); - self.batch.add(&out_v6, nftnl::MsgType::Add); + for chain in &[&self.out_chain, &self.forward_chain] { + for dhcpv6_server in &*super::DHCPV6_SERVER_ADDRS { + let mut out_v6 = Rule::new(chain); + check_net(&mut out_v6, End::Src, *super::IPV6_LINK_LOCAL); + check_port(&mut out_v6, Udp, End::Src, super::DHCPV6_CLIENT_PORT); + check_ip(&mut out_v6, End::Dst, *dhcpv6_server); + check_port(&mut out_v6, Udp, End::Dst, super::DHCPV6_SERVER_PORT); + add_verdict(&mut out_v6, &Verdict::Accept); + self.batch.add(&out_v6, nftnl::MsgType::Add); + } } { let mut in_v6 = Rule::new(&self.in_chain); @@ -512,8 +514,8 @@ impl<'a> PolicyBatch<'a> { self.batch.add(&in_v6, nftnl::MsgType::Add); } // Outgoing Router solicitation (part of NDP) - { - let mut rule = Rule::new(&self.out_chain); + for chain in &[&self.out_chain, &self.forward_chain] { + let mut rule = Rule::new(chain); check_ip( &mut rule, End::Dst, @@ -895,8 +897,8 @@ impl<'a> PolicyBatch<'a> { fn add_dhcp_server_rules(&mut self) { use TransportProtocol::Udp; // Outgoing DHCPv4 response - { - let mut out_v4 = Rule::new(&self.out_chain); + for chain in &[&self.out_chain, &self.forward_chain] { + let mut out_v4 = Rule::new(chain); check_port(&mut out_v4, Udp, End::Src, super::DHCPV4_SERVER_PORT); check_port(&mut out_v4, Udp, End::Dst, super::DHCPV4_CLIENT_PORT); add_verdict(&mut out_v4, &Verdict::Accept); |