diff options
| -rw-r--r-- | talpid-core/Cargo.toml | 3 | ||||
| -rw-r--r-- | talpid-core/src/firewall/macos/mod.rs | 25 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 12 | ||||
| -rw-r--r-- | talpid-core/src/lib.rs | 4 |
4 files changed, 33 insertions, 11 deletions
diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml index 16de588b31..cf0c8b6ea8 100644 --- a/talpid-core/Cargo.toml +++ b/talpid-core/Cargo.toml @@ -9,8 +9,11 @@ license = "GPL-3.0" atty = "0.2" duct = "0.10" error-chain = "0.12" +ipnetwork = "0.13" jsonrpc-core = { git = "https://github.com/paritytech/jsonrpc", tag = "v8.0.1" } jsonrpc-macros = { git = "https://github.com/paritytech/jsonrpc", tag = "v8.0.1" } +lazy_static = "1.0" +libc = "0.2.20" log = "0.4" os_pipe = "0.6" uuid = { version = "0.6", features = ["v4"] } diff --git a/talpid-core/src/firewall/macos/mod.rs b/talpid-core/src/firewall/macos/mod.rs index 394fd916d3..3ee77a22ac 100644 --- a/talpid-core/src/firewall/macos/mod.rs +++ b/talpid-core/src/firewall/macos/mod.rs @@ -1,9 +1,10 @@ extern crate pfctl; extern crate tokio_core; -use self::pfctl::ipnetwork::{IpNetwork, Ipv4Network}; use super::{Firewall, SecurityPolicy}; +use ipnetwork::IpNetwork; + use std::net::Ipv4Addr; use std::path::Path; @@ -183,25 +184,21 @@ impl PacketFilter { } fn get_allow_lan_rules() -> Result<Vec<pfctl::FilterRule>> { - let private_nets = [ - Ipv4Network::new(Ipv4Addr::new(10, 0, 0, 0), 8).unwrap(), - Ipv4Network::new(Ipv4Addr::new(172, 16, 0, 0), 12).unwrap(), - Ipv4Network::new(Ipv4Addr::new(192, 168, 0, 0), 16).unwrap(), - ]; - let multicast_net = Ipv4Network::new(Ipv4Addr::new(224, 0, 0, 0), 24).unwrap(); let mut rules = vec![]; - for net in &private_nets { + for net in &*super::PRIVATE_NETS { let mut rule_builder = pfctl::FilterRuleBuilder::default(); rule_builder .action(pfctl::FilterRuleAction::Pass) .quick(true) .af(pfctl::AddrFamily::Ipv4) - .from(pfctl::Ip::from(IpNetwork::V4(*net))); + .from(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V4(*net)))); let allow_net = rule_builder - .to(pfctl::Ip::from(IpNetwork::V4(*net))) + .to(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V4(*net)))) .build()?; let allow_multicast = rule_builder - .to(pfctl::Ip::from(IpNetwork::V4(multicast_net))) + .to(pfctl::Ip::from(ipnetwork_compat(IpNetwork::V4( + *super::MULTICAST_NET, + )))) .build()?; rules.push(allow_net); rules.push(allow_multicast); @@ -288,3 +285,9 @@ fn as_pfctl_proto(protocol: net::TransportProtocol) -> pfctl::Proto { net::TransportProtocol::Tcp => pfctl::Proto::Tcp, } } + +/// Converts a network from the struct version that talpid-core uses to the version pfctl uses. +fn ipnetwork_compat(net: ::ipnetwork::IpNetwork) -> pfctl::ipnetwork::IpNetwork { + pfctl::ipnetwork::IpNetwork::new(net.ip(), net.prefix()) + .expect("IpNetwork versions not compatible") +} diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index 2902e24ccd..78befd68af 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -1,6 +1,18 @@ use std::path::Path; +use ipnetwork::Ipv4Network; +use std::net::Ipv4Addr; use talpid_types::net::Endpoint; +#[cfg(unix)] +lazy_static! { + static ref PRIVATE_NETS: [Ipv4Network; 3] = [ + Ipv4Network::new(Ipv4Addr::new(10, 0, 0, 0), 8).unwrap(), + Ipv4Network::new(Ipv4Addr::new(172, 16, 0, 0), 12).unwrap(), + Ipv4Network::new(Ipv4Addr::new(192, 168, 0, 0), 16).unwrap(), + ]; + static ref MULTICAST_NET: Ipv4Network = + Ipv4Network::new(Ipv4Addr::new(224, 0, 0, 0), 24).unwrap(); +} /// A enum that describes firewall rules strategy #[derive(Debug, Clone, Eq, PartialEq)] diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs index ea8e9dd890..be46de881b 100644 --- a/talpid-core/src/lib.rs +++ b/talpid-core/src/lib.rs @@ -17,9 +17,13 @@ extern crate log; #[macro_use] extern crate error_chain; +extern crate ipnetwork; extern crate jsonrpc_core; #[macro_use] extern crate jsonrpc_macros; +#[macro_use] +extern crate lazy_static; +extern crate libc; extern crate shell_escape; extern crate uuid; |