diff options
| author | Andrej Mihajlov <and@mullvad.net> | 2017-08-15 22:17:05 +0100 |
|---|---|---|
| committer | Andrej Mihajlov <and@mullvad.net> | 2017-08-17 19:05:56 +0100 |
| commit | ad59695517f40d4c3c90a222212232d309d37edc (patch) | |
| tree | 45298c47aa595770594b94be43a381872aa68211 /talpid-core/src | |
| parent | d49fb3baa06f482f3e839de7a1cda989b884e8f2 (diff) | |
| download | mullvadvpn-ad59695517f40d4c3c90a222212232d309d37edc.tar.xz mullvadvpn-ad59695517f40d4c3c90a222212232d309d37edc.zip | |
Add firewall abstractions
Diffstat (limited to 'talpid-core/src')
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 21 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 67 | ||||
| -rw-r--r-- | talpid-core/src/firewall/unix.rs | 21 | ||||
| -rw-r--r-- | talpid-core/src/firewall/windows.rs | 21 | ||||
| -rw-r--r-- | talpid-core/src/lib.rs | 3 |
5 files changed, 133 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs new file mode 100644 index 0000000000..d55150a2a1 --- /dev/null +++ b/talpid-core/src/firewall/macos.rs @@ -0,0 +1,21 @@ +use super::{Firewall, SecurityPolicy}; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = PacketFilter; + +error_chain!{} + +pub struct PacketFilter; +impl Firewall<Error> for PacketFilter { + fn new() -> Result<Self> { + Ok(PacketFilter) + } + + fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> { + Ok(()) + } + + fn reset_policy(&mut self) -> Result<()> { + Ok(()) + } +} diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs new file mode 100644 index 0000000000..16b8139453 --- /dev/null +++ b/talpid-core/src/firewall/mod.rs @@ -0,0 +1,67 @@ +use net::Endpoint; + +#[cfg(target_os = "macos")] +#[path = "macos.rs"] +mod imp; + +#[cfg(all(unix, not(target_os = "macos")))] +#[path = "unix.rs"] +mod imp; + +#[cfg(windows)] +#[path = "windows.rs"] +mod imp; + +error_chain!{ + errors { + /// Initialization error + FirewallInitError { + description("Failed to initialize firewall") + } + /// Firewall configuration error + FirewallConfigurationError { + description("Failed to configure firewall") + } + } +} + +/// A enum that describes firewall rules strategy +#[derive(Debug, Clone, Eq, PartialEq)] +pub enum SecurityPolicy { + /// Allow traffic only to relay server + Connecting(Endpoint), + + /// Allow traffic only to relay server and over tunnel interface + Connected(Endpoint, String), +} + +/// Abstract firewall interaction trait +pub trait Firewall<E: ::std::error::Error> { + /// Create new instance of Firewall + fn new() -> ::std::result::Result<Self, E> where Self: Sized; + + /// Enable firewall and set firewall rules based on SecurityPolicy + fn apply_policy(&mut self, policy: SecurityPolicy) -> ::std::result::Result<(), E>; + + /// Remove firewall rules applied by active SecurityPolicy and + /// revert firewall to its original state + fn reset_policy(&mut self) -> ::std::result::Result<(), E>; +} + +/// An abstraction around platform specific firewall implementation +pub struct FirewallProxy(Box<Firewall<imp::Error>>); + +impl Firewall<Error> for FirewallProxy { + fn new() -> Result<Self> { + let firewall = imp::ConcreteFirewall::new().chain_err(|| ErrorKind::FirewallInitError)?; + Ok(FirewallProxy(Box::new(firewall) as Box<Firewall<_>>)) + } + + fn apply_policy(&mut self, policy: SecurityPolicy) -> Result<()> { + self.0.apply_policy(policy).chain_err(|| ErrorKind::FirewallConfigurationError) + } + + fn reset_policy(&mut self) -> Result<()> { + self.0.reset_policy().chain_err(|| ErrorKind::FirewallConfigurationError) + } +} diff --git a/talpid-core/src/firewall/unix.rs b/talpid-core/src/firewall/unix.rs new file mode 100644 index 0000000000..7550c3c051 --- /dev/null +++ b/talpid-core/src/firewall/unix.rs @@ -0,0 +1,21 @@ +use super::{Firewall, SecurityPolicy}; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = Netfilter; + +error_chain!{} + +pub struct Netfilter; +impl Firewall<Error> for Netfilter { + fn new() -> Result<Self> { + Ok(Netfilter) + } + + fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> { + Ok(()) + } + + fn reset_policy(&mut self) -> Result<()> { + Ok(()) + } +} diff --git a/talpid-core/src/firewall/windows.rs b/talpid-core/src/firewall/windows.rs new file mode 100644 index 0000000000..3405ba12c0 --- /dev/null +++ b/talpid-core/src/firewall/windows.rs @@ -0,0 +1,21 @@ +use super::{Firewall, SecurityPolicy}; + +// alias used to instantiate firewall implementation +pub type ConcreteFirewall = WindowsFirewall; + +error_chain!{} + +pub struct WindowsFirewall; +impl Firewall<Error> for WindowsFirewall { + fn new() -> Result<Self> { + Ok(WindowsFirewall) + } + + fn apply_policy(&mut self, _policy: SecurityPolicy) -> Result<()> { + Ok(()) + } + + fn reset_policy(&mut self) -> Result<()> { + Ok(()) + } +} diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs index 29ab0377e5..9c78ef02e8 100644 --- a/talpid-core/src/lib.rs +++ b/talpid-core/src/lib.rs @@ -34,3 +34,6 @@ pub mod tunnel; /// Abstractions and extra features on `std::mpsc` pub mod mpsc; + +/// Abstractions over different firewalls +pub mod firewall; |
