diff options
Diffstat (limited to 'helper/darwin.go')
| -rw-r--r-- | helper/darwin.go | 82 |
1 files changed, 39 insertions, 43 deletions
diff --git a/helper/darwin.go b/helper/darwin.go index 74fe73b..48caaa4 100644 --- a/helper/darwin.go +++ b/helper/darwin.go @@ -27,11 +27,12 @@ To inspect the rules in the firewall manually, use the bitmask anchor: package main import ( + "errors" "fmt" "log" - "net/http" "os" "os/exec" + "path" "strings" ) @@ -39,7 +40,7 @@ const ( logPath = "/Applications/RiseupVPN.app/Contents/helper/helper.log" openvpnPath = "/Applications/RiseupVPN.app/Contents/Resources/openvpn.leap" - rulefile = "/Applications/RiseupVPN.app/Contents/helper/bitmask.pf.conf" + rulefilePath = "/Applications/RiseupVPN.app/Contents/helper/bitmask.pf.conf" bitmask_anchor = "com.apple/250.BitmaskFirewall" gateways_table = "bitmask_gateways" nameserver = "10.42.0.1" @@ -57,22 +58,18 @@ func kill(cmd *exec.Cmd) error { return cmd.Process.Signal(os.Interrupt) } -type firewallT struct{} - -func (firewall *firewallT) start(w http.ResponseWriter, r *http.Request) { +func firewallStart(gateways []string) error { enablePf() + err := resetGatewaysTable(gateways) + if err != nil { + return err + } - // TODO pass gateways - //resetGatewaysTable(gateways) - resetGatewaysTable() - - loadBitmaskAnchor() - log.Println("Start firewall: firewall started") + return loadBitmaskAnchor() } -func (firewall *firewallT) stop(w http.ResponseWriter, r *http.Request) { - flushBitmaskAnchor() - log.Println("Stop firewall: firewall stopped") +func firewallStop() error { + return exec.Command(pfctl, "-a", bitmask_anchor, "-F", "all").Run() } func enablePf() { @@ -80,13 +77,13 @@ func enablePf() { cmd.Run() } -func resetGatewaysTable() { - // TODO pass gateways as parameter instead - gateways := [2]string{"199.58.81.145", "5.79.86.180"} - +func resetGatewaysTable(gateways []string) error { log.Println("Resetting gateways") cmd := exec.Command(pfctl, "-a", bitmask_anchor, "-t", gateways_table, "-T", "delete") err := cmd.Run() + if err != nil { + return err + } for _, gateway := range gateways { log.Println("Adding Gateway:", gateway) @@ -98,10 +95,7 @@ func resetGatewaysTable() { } cmd = exec.Command(pfctl, "-a", bitmask_anchor, "-t", gateways_table, "-T", "add", nameserver) - err = cmd.Run() - if err != nil { - log.Printf("Error adding nameserver: %v", err) - } + return cmd.Run() } @@ -113,35 +107,37 @@ func getDefaultDevice() string { return strings.TrimSpace(bytesToString(out)) } -func loadBitmaskAnchor() { - // TODO check that rulefile exists - +func loadBitmaskAnchor() error { dev := getDefaultDevice() - cmdline := fmt.Sprintf("%s -D default_device=%s -a %s -f %s", pfctl, dev, bitmask_anchor, rulefile) + rulePath, err := getRulefilePath() + if err != nil { + return err + } + cmdline := fmt.Sprintf("%s -D default_device=%s -a %s -f %s", pfctl, dev, bitmask_anchor, rulePath) log.Println("Loading Bitmask Anchor:", cmdline) - _, err := exec.Command("/bin/sh", "-c", cmdline).Output() - if err != nil { - log.Printf("Error loading Bitmask anchor: %v\n", err) - } + _, err = exec.Command("/bin/sh", "-c", cmdline).Output() + return err } -func flushBitmaskAnchor() { - exec.Command(pfctl, "-a", bitmask_anchor, "-F", "all").Run() +func getRulefilePath() (string, error) { + if _, err := os.Stat(rulefilePath); !os.IsNotExist(err) { + return rulefilePath, nil + } + + gopath := os.Getenv("GOPATH") + if gopath == "" { + gopath = path.Join(os.Getenv("HOME"), "go") + } + rulefile := path.Join(gopath, "0xacab.org", "leap", "riseup_vpn", "osx", "bitmask.pf.conf") + + if _, err := os.Stat(rulefile); !os.IsNotExist(err) { + return rulefile, nil + } + return "", errors.New("Can't find rule file for the firewall") } func bytesToString(data []byte) string { return string(data[:]) } - -// for testing - -/* -func main() { - enablePf() - flushBitmaskAnchor() - resetGatewaysTable() - loadBitmaskAnchor() -} -*/ |