summaryrefslogtreecommitdiffhomepage
path: root/talpid-core/src
diff options
context:
space:
mode:
authorAndrej Mihajlov <and@mullvad.net>2017-08-15 22:17:05 +0100
committerAndrej Mihajlov <and@mullvad.net>2017-08-17 19:05:56 +0100
commitad59695517f40d4c3c90a222212232d309d37edc (patch)
tree45298c47aa595770594b94be43a381872aa68211 /talpid-core/src
parentd49fb3baa06f482f3e839de7a1cda989b884e8f2 (diff)
downloadmullvadvpn-ad59695517f40d4c3c90a222212232d309d37edc.tar.xz
mullvadvpn-ad59695517f40d4c3c90a222212232d309d37edc.zip
Add firewall abstractions
Diffstat (limited to 'talpid-core/src')
-rw-r--r--talpid-core/src/firewall/macos.rs21
-rw-r--r--talpid-core/src/firewall/mod.rs67
-rw-r--r--talpid-core/src/firewall/unix.rs21
-rw-r--r--talpid-core/src/firewall/windows.rs21
-rw-r--r--talpid-core/src/lib.rs3
5 files changed, 133 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs
new file mode 100644
index 0000000000..d55150a2a1
--- /dev/null
+++ b/talpid-core/src/firewall/macos.rs
@@ -0,0 +1,21 @@
+use super::{Firewall, SecurityPolicy};
+
+// alias used to instantiate firewall implementation
+pub type ConcreteFirewall = PacketFilter;
+
+error_chain!{}
+
+pub struct PacketFilter;
+impl Firewall<Error> for PacketFilter {
+ fn new() -> Result<Self> {
+ Ok(PacketFilter)
+ }
+
+ fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> {
+ Ok(())
+ }
+
+ fn reset_policy(&mut self) -> Result<()> {
+ Ok(())
+ }
+}
diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs
new file mode 100644
index 0000000000..16b8139453
--- /dev/null
+++ b/talpid-core/src/firewall/mod.rs
@@ -0,0 +1,67 @@
+use net::Endpoint;
+
+#[cfg(target_os = "macos")]
+#[path = "macos.rs"]
+mod imp;
+
+#[cfg(all(unix, not(target_os = "macos")))]
+#[path = "unix.rs"]
+mod imp;
+
+#[cfg(windows)]
+#[path = "windows.rs"]
+mod imp;
+
+error_chain!{
+ errors {
+ /// Initialization error
+ FirewallInitError {
+ description("Failed to initialize firewall")
+ }
+ /// Firewall configuration error
+ FirewallConfigurationError {
+ description("Failed to configure firewall")
+ }
+ }
+}
+
+/// A enum that describes firewall rules strategy
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub enum SecurityPolicy {
+ /// Allow traffic only to relay server
+ Connecting(Endpoint),
+
+ /// Allow traffic only to relay server and over tunnel interface
+ Connected(Endpoint, String),
+}
+
+/// Abstract firewall interaction trait
+pub trait Firewall<E: ::std::error::Error> {
+ /// Create new instance of Firewall
+ fn new() -> ::std::result::Result<Self, E> where Self: Sized;
+
+ /// Enable firewall and set firewall rules based on SecurityPolicy
+ fn apply_policy(&mut self, policy: SecurityPolicy) -> ::std::result::Result<(), E>;
+
+ /// Remove firewall rules applied by active SecurityPolicy and
+ /// revert firewall to its original state
+ fn reset_policy(&mut self) -> ::std::result::Result<(), E>;
+}
+
+/// An abstraction around platform specific firewall implementation
+pub struct FirewallProxy(Box<Firewall<imp::Error>>);
+
+impl Firewall<Error> for FirewallProxy {
+ fn new() -> Result<Self> {
+ let firewall = imp::ConcreteFirewall::new().chain_err(|| ErrorKind::FirewallInitError)?;
+ Ok(FirewallProxy(Box::new(firewall) as Box<Firewall<_>>))
+ }
+
+ fn apply_policy(&mut self, policy: SecurityPolicy) -> Result<()> {
+ self.0.apply_policy(policy).chain_err(|| ErrorKind::FirewallConfigurationError)
+ }
+
+ fn reset_policy(&mut self) -> Result<()> {
+ self.0.reset_policy().chain_err(|| ErrorKind::FirewallConfigurationError)
+ }
+}
diff --git a/talpid-core/src/firewall/unix.rs b/talpid-core/src/firewall/unix.rs
new file mode 100644
index 0000000000..7550c3c051
--- /dev/null
+++ b/talpid-core/src/firewall/unix.rs
@@ -0,0 +1,21 @@
+use super::{Firewall, SecurityPolicy};
+
+// alias used to instantiate firewall implementation
+pub type ConcreteFirewall = Netfilter;
+
+error_chain!{}
+
+pub struct Netfilter;
+impl Firewall<Error> for Netfilter {
+ fn new() -> Result<Self> {
+ Ok(Netfilter)
+ }
+
+ fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> {
+ Ok(())
+ }
+
+ fn reset_policy(&mut self) -> Result<()> {
+ Ok(())
+ }
+}
diff --git a/talpid-core/src/firewall/windows.rs b/talpid-core/src/firewall/windows.rs
new file mode 100644
index 0000000000..3405ba12c0
--- /dev/null
+++ b/talpid-core/src/firewall/windows.rs
@@ -0,0 +1,21 @@
+use super::{Firewall, SecurityPolicy};
+
+// alias used to instantiate firewall implementation
+pub type ConcreteFirewall = WindowsFirewall;
+
+error_chain!{}
+
+pub struct WindowsFirewall;
+impl Firewall<Error> for WindowsFirewall {
+ fn new() -> Result<Self> {
+ Ok(WindowsFirewall)
+ }
+
+ fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> {
+ Ok(())
+ }
+
+ fn reset_policy(&mut self) -> Result<()> {
+ Ok(())
+ }
+}
diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs
index 29ab0377e5..9c78ef02e8 100644
--- a/talpid-core/src/lib.rs
+++ b/talpid-core/src/lib.rs
@@ -34,3 +34,6 @@ pub mod tunnel;
/// Abstractions and extra features on `std::mpsc`
pub mod mpsc;
+
+/// Abstractions over different firewalls
+pub mod firewall;