diff options
| author | David Lönnhager <david.l@mullvad.net> | 2024-04-04 15:46:37 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2024-04-30 16:22:52 +0200 |
| commit | df2c3e83e550ae020baf885479ea2800a19997fe (patch) | |
| tree | 06d75fde7c1af503d10c3a1d70a1757cbc04e1e6 | |
| parent | a1da9e64b657f95dc2690a1ac4c4e5293b83d1e5 (diff) | |
| download | mullvadvpn-df2c3e83e550ae020baf885479ea2800a19997fe.tar.xz mullvadvpn-df2c3e83e550ae020baf885479ea2800a19997fe.zip | |
Add macOS 13 support by filtering direction from pktap header
| -rw-r--r-- | talpid-core/src/split_tunnel/macos/bindings.rs | 1 | ||||
| -rwxr-xr-x | talpid-core/src/split_tunnel/macos/generate-bindings.sh | 1 | ||||
| -rw-r--r-- | talpid-core/src/split_tunnel/macos/tun.rs | 18 |
3 files changed, 17 insertions, 3 deletions
diff --git a/talpid-core/src/split_tunnel/macos/bindings.rs b/talpid-core/src/split_tunnel/macos/bindings.rs index 311158b610..1ff1727892 100644 --- a/talpid-core/src/split_tunnel/macos/bindings.rs +++ b/talpid-core/src/split_tunnel/macos/bindings.rs @@ -1,5 +1,6 @@ /* automatically generated by rust-bindgen 0.69.2 */ +pub const PTH_FLAG_DIR_OUT: u32 = 2; pub const PCAP_ERRBUF_SIZE: u32 = 256; pub type __int32_t = ::std::os::raw::c_int; pub type __darwin_pid_t = __int32_t; diff --git a/talpid-core/src/split_tunnel/macos/generate-bindings.sh b/talpid-core/src/split_tunnel/macos/generate-bindings.sh index e78e03fde2..a56fe69d2d 100755 --- a/talpid-core/src/split_tunnel/macos/generate-bindings.sh +++ b/talpid-core/src/split_tunnel/macos/generate-bindings.sh @@ -18,4 +18,5 @@ bindgen "include/bindings.h" -o ./bindings.rs \ --allowlist-item "^pktap_header" \ --allowlist-item "PCAP_ERRBUF_SIZE" \ --allowlist-item "^BIOCSWANTPKTAP" \ + --allowlist-item "^PTH_FLAG_DIR_OUT" \ --allowlist-item "^bpf_stat" diff --git a/talpid-core/src/split_tunnel/macos/tun.rs b/talpid-core/src/split_tunnel/macos/tun.rs index 7263f6c7bd..1121bdb2df 100644 --- a/talpid-core/src/split_tunnel/macos/tun.rs +++ b/talpid-core/src/split_tunnel/macos/tun.rs @@ -2,7 +2,9 @@ //! either the default interface or a VPN tunnel interface. use super::{ - bindings::{pcap_create, pcap_set_want_pktap, pktap_header, PCAP_ERRBUF_SIZE}, + bindings::{ + pcap_create, pcap_set_want_pktap, pktap_header, PCAP_ERRBUF_SIZE, PTH_FLAG_DIR_OUT, + }, bpf, default::DefaultInterface, }; @@ -663,8 +665,10 @@ fn capture_outbound_packets( .open() .map_err(Error::CaptureSplitTunnelDevice)?; - cap.direction(pcap::Direction::Out) - .map_err(Error::SetDirection)?; + // TODO: This is unsupported on macOS 13 and lower, so we determine the direction using the + // pktap header flags. Once macOS 13 is no longer supported, this can be uncommented. + //cap.direction(pcap::Direction::Out) + // .map_err(Error::SetDirection)?; let cap = cap.setnonblock().map_err(Error::EnableNonblock)?; let stream = cap @@ -709,6 +713,14 @@ impl PacketCodec for PktapCodec { _ => return None, }; + // TODO: `Capture::direction` is unsupported on macOS 13 and lower, so we determine the + // direction using the pktap header. Once macOS 13 is no longer supported, this can + // be removed. + if header.pth_flags ^ PTH_FLAG_DIR_OUT == 0 { + // Ignore incoming packets + return None; + } + let iface = unsafe { CStr::from_ptr(header.pth_ifname.as_ptr() as *const _) }; if iface.to_bytes() != self.interface.as_bytes() { return None; |