summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.md3
-rw-r--r--talpid-core/src/security/linux/mod.rs26
-rw-r--r--talpid-core/src/security/macos/mod.rs17
-rw-r--r--talpid-core/src/security/mod.rs8
4 files changed, 50 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3bd82da208..aa34d0602a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,9 @@ Line wrap the file at 100 chars. Th
### Added
- Replace repeated `Disconnecting` followed by `Connecting` notifications with a single
`Reconnecting` notification.
+- Allow packets to the fe80::/10 and fe02::/16 IPv6 networks when local network sharing is enabled.
+ Should allow IPv6 over the LAN, and mDNS host discovery which in turn should allow Apple AirDrop
+ and Handover.
#### Linux
- Add support for DNS configuration using resolvconf.
diff --git a/talpid-core/src/security/linux/mod.rs b/talpid-core/src/security/linux/mod.rs
index ecf9e671b5..e336fe21bd 100644
--- a/talpid-core/src/security/linux/mod.rs
+++ b/talpid-core/src/security/linux/mod.rs
@@ -311,7 +311,13 @@ impl<'a> PolicyBatch<'a> {
check_net(&mut rule, End::Src, IpNetwork::V4(*net))?;
check_net(&mut rule, End::Dst, IpNetwork::V4(*net))?;
add_verdict(&mut rule, Verdict::Accept)?;
-
+ self.batch.add(&rule, nftnl::MsgType::Add)?;
+ }
+ for net in &*super::LOCAL_INET6_NETS {
+ let mut rule = Rule::new(chain)?;
+ check_net(&mut rule, End::Src, IpNetwork::V6(*net))?;
+ check_net(&mut rule, End::Dst, IpNetwork::V6(*net))?;
+ add_verdict(&mut rule, Verdict::Accept)?;
self.batch.add(&rule, nftnl::MsgType::Add)?;
}
}
@@ -332,6 +338,17 @@ impl<'a> PolicyBatch<'a> {
self.batch.add(&rule, nftnl::MsgType::Add)?;
}
+ for net in &*super::LOCAL_INET6_NETS {
+ let mut rule = Rule::new(&self.out_chain)?;
+ check_net(&mut rule, End::Src, IpNetwork::V6(*net))?;
+ check_net(
+ &mut rule,
+ End::Dst,
+ IpNetwork::V6(*super::MULTICAST_INET6_NET),
+ )?;
+ add_verdict(&mut rule, Verdict::Accept)?;
+ self.batch.add(&rule, nftnl::MsgType::Add)?;
+ }
Ok(())
}
}
@@ -404,7 +421,12 @@ fn check_net(rule: &mut Rule, end: End, net: IpNetwork) -> Result<()> {
(IpNetwork::V6(_), End::Src) => nft_expr!(payload ipv6 saddr),
(IpNetwork::V6(_), End::Dst) => nft_expr!(payload ipv6 daddr),
})?;
- rule.add_expr(&nft_expr!(bitwise mask net.mask(), xor 0))?;
+ match net {
+ IpNetwork::V4(_) => rule.add_expr(&nft_expr!(bitwise mask net.mask(), xor 0u32))?,
+ IpNetwork::V6(_) => {
+ rule.add_expr(&nft_expr!(bitwise mask net.mask(), xor &[0u16; 8][..]))?
+ }
+ };
rule.add_expr(&nft_expr!(cmp == net.ip()))?;
Ok(())
diff --git a/talpid-core/src/security/macos/mod.rs b/talpid-core/src/security/macos/mod.rs
index e5dd68b872..2d53ace804 100644
--- a/talpid-core/src/security/macos/mod.rs
+++ b/talpid-core/src/security/macos/mod.rs
@@ -212,6 +212,23 @@ impl NetworkSecurity {
rules.push(allow_multicast);
rules.push(allow_ssdp);
}
+ for net in &*super::LOCAL_INET6_NETS {
+ let mut rule_builder = pfctl::FilterRuleBuilder::default();
+ rule_builder
+ .action(pfctl::FilterRuleAction::Pass)
+ .quick(true)
+ .af(pfctl::AddrFamily::Ipv6)
+ .from(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V6(*net))));
+ let allow_net = rule_builder
+ .to(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V6(*net))))
+ .build()?;
+ let allow_multicast = rule_builder
+ .to(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V6(
+ *super::MULTICAST_INET6_NET,
+ )))).build()?;
+ rules.push(allow_net);
+ rules.push(allow_multicast);
+ }
Ok(rules)
}
diff --git a/talpid-core/src/security/mod.rs b/talpid-core/src/security/mod.rs
index 70da5edea5..36b058e5e1 100644
--- a/talpid-core/src/security/mod.rs
+++ b/talpid-core/src/security/mod.rs
@@ -1,8 +1,8 @@
#[cfg(unix)]
-use ipnetwork::Ipv4Network;
+use ipnetwork::{Ipv4Network, Ipv6Network};
use std::fmt;
#[cfg(unix)]
-use std::net::{IpAddr, Ipv4Addr};
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::path::Path;
use talpid_types::net::Endpoint;
@@ -29,8 +29,12 @@ lazy_static! {
Ipv4Network::new(Ipv4Addr::new(172, 16, 0, 0), 12).unwrap(),
Ipv4Network::new(Ipv4Addr::new(192, 168, 0, 0), 16).unwrap(),
];
+ static ref LOCAL_INET6_NETS: [Ipv6Network; 1] =
+ [Ipv6Network::new(Ipv6Addr::new(0xfe80, 0, 0, 0, 0, 0, 0, 0), 10).unwrap(),];
static ref MULTICAST_NET: Ipv4Network =
Ipv4Network::new(Ipv4Addr::new(224, 0, 0, 0), 24).unwrap();
+ static ref MULTICAST_INET6_NET: Ipv6Network =
+ Ipv6Network::new(Ipv6Addr::new(0xfe02, 0, 0, 0, 0, 0, 0, 0), 16).unwrap();
static ref SSDP_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(239, 255, 255, 250));
}