diff options
| -rw-r--r-- | mullvad-daemon/src/main.rs | 16 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 4 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/mod.rs | 34 |
4 files changed, 39 insertions, 17 deletions
diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index f252d762d3..2eea1a704b 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -63,7 +63,7 @@ use std::thread; use talpid_core::firewall::{Firewall, FirewallProxy, SecurityPolicy}; use talpid_core::mpsc::IntoSender; -use talpid_core::tunnel::{self, TunnelEvent, TunnelMonitor}; +use talpid_core::tunnel::{self, TunnelEvent, TunnelMonitor, TunnelMetadata}; use talpid_types::net::{Endpoint, TransportProtocol}; error_chain!{ @@ -177,7 +177,7 @@ struct Daemon { accounts_proxy: AccountsProxy<HttpHandle>, firewall: FirewallProxy, relay_endpoint: Option<Endpoint>, - tunnel_interface: Option<String>, + tunnel_metadata: Option<TunnelMetadata>, // Just for testing. A cyclic iterator iterating over the hardcoded relays, // picking a new one for each retry. @@ -207,7 +207,7 @@ impl Daemon { .chain_err(|| "Unable to bootstrap RPC client")?, firewall: FirewallProxy::new().chain_err(|| ErrorKind::FirewallError)?, relay_endpoint: None, - tunnel_interface: None, + tunnel_metadata: None, relay_iter: RELAYS.iter().cloned().cycle(), }) } @@ -278,8 +278,8 @@ impl Daemon { fn handle_tunnel_event(&mut self, tunnel_event: TunnelEvent) -> Result<()> { debug!("Tunnel event: {:?}", tunnel_event); if self.state == TunnelState::Connecting { - if let TunnelEvent::Up { tunnel_interface } = tunnel_event { - self.tunnel_interface = Some(tunnel_interface); + if let TunnelEvent::Up(metadata) = tunnel_event { + self.tunnel_metadata = Some(metadata); self.set_security_policy()?; self.set_state(TunnelState::Connected) } else { @@ -297,7 +297,7 @@ impl Daemon { error!("{}", e.display_chain()); } self.relay_endpoint = None; - self.tunnel_interface = None; + self.tunnel_metadata = None; self.reset_security_policy()?; self.tunnel_close_handle = None; self.set_state(TunnelState::NotRunning) @@ -567,9 +567,9 @@ impl Daemon { } fn set_security_policy(&mut self) -> Result<()> { - let policy = match (self.relay_endpoint, self.tunnel_interface.as_ref()) { + let policy = match (self.relay_endpoint, self.tunnel_metadata.as_ref()) { (Some(relay), None) => SecurityPolicy::Connecting(relay), - (Some(relay), Some(interface)) => SecurityPolicy::Connected(relay, interface.clone()), + (Some(relay), Some(tunnel_metadata)) => SecurityPolicy::Connected(relay, tunnel_metadata.clone()), _ => bail!(ErrorKind::InvalidState), }; debug!("Set security policy: {:?}", policy); diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index 14c9fb5033..4b9e05f6b0 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -59,9 +59,9 @@ impl PacketFilter { SecurityPolicy::Connecting(relay_endpoint) => { new_rules.push(Self::get_relay_rule(relay_endpoint)?); } - SecurityPolicy::Connected(relay_endpoint, tunnel_interface) => { + SecurityPolicy::Connected(relay_endpoint, tunnel_metadata) => { new_rules.push(Self::get_relay_rule(relay_endpoint)?); - new_rules.push(Self::get_tunnel_rule(tunnel_interface)?); + new_rules.push(Self::get_tunnel_rule(tunnel_metadata.interface)?); } }; diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index a1fa7edbc3..6ac63e2493 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -32,7 +32,7 @@ pub enum SecurityPolicy { Connecting(Endpoint), /// Allow traffic only to relay server and over tunnel interface - Connected(Endpoint, String), + Connected(Endpoint, ::tunnel::TunnelMetadata), } /// Abstract firewall interaction trait diff --git a/talpid-core/src/tunnel/mod.rs b/talpid-core/src/tunnel/mod.rs index 5f73e5be20..0ed7e86960 100644 --- a/talpid-core/src/tunnel/mod.rs +++ b/talpid-core/src/tunnel/mod.rs @@ -10,6 +10,8 @@ use std::ffi::{OsStr, OsString}; use std::fs; use std::io::{self, Write}; use std::path::{Path, PathBuf}; +use std::net::Ipv4Addr; + use talpid_types::net; /// A module for all OpenVPN related tunnel management. @@ -46,14 +48,22 @@ pub use self::errors::*; #[derive(Debug, Clone, Eq, PartialEq, Hash)] pub enum TunnelEvent { /// Sent when the tunnel comes up and is ready for traffic. - Up { - /// The name of the device which the tunnel is running on. - tunnel_interface: String, - }, + Up(TunnelMetadata), /// Sent when the tunnel goes down. Down, } +/// Information about a VPN tunnel. +#[derive(Debug, Clone, Eq, PartialEq, Hash)] +pub struct TunnelMetadata { + /// The name of the device which the tunnel is running on. + pub interface: String, + /// The local IP on the tunnel interface. + pub ip: Ipv4Addr, + /// The IP to the default gateway on the tunnel interface. + pub gateway: Ipv4Addr, +} + impl TunnelEvent { /// Converts an `OpenVpnPluginEvent` to a `TunnelEvent`. /// Returns `None` if there is no corresponding `TunnelEvent`. @@ -63,10 +73,22 @@ impl TunnelEvent { ) -> Option<TunnelEvent> { match *event { OpenVpnPluginEvent::Up => { - let tunnel_interface = env.get("dev") + let interface = env.get("dev") .expect("No \"dev\" in tunnel up event") .to_owned(); - Some(TunnelEvent::Up { tunnel_interface }) + let ip = env.get("ifconfig_local") + .expect("No \"ifconfig_local\" in tunnel up event") + .parse() + .expect("Tunnel IP not in valid format"); + let gateway = env.get("route_vpn_gateway") + .expect("No \"route_vpn_gateway\" in tunnel up event") + .parse() + .expect("Tunnel gateway IP not in valid format"); + Some(TunnelEvent::Up(TunnelMetadata { + interface, + ip, + gateway, + })) } OpenVpnPluginEvent::RoutePredown => Some(TunnelEvent::Down), _ => None, |
