summaryrefslogtreecommitdiffstats
path: root/letmeind/src/firewall_client.rs
blob: 0d5f1f3c361a7e90131939ad4812dd1152a0c9ff (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// -*- coding: utf-8 -*-
//
// Copyright (C) 2024 Michael Büsch <m@bues.ch>
//
// Licensed under the Apache License version 2.0
// or the MIT license, at your option.
// SPDX-License-Identifier: Apache-2.0 OR MIT

use anyhow::{self as ah, format_err as err, Context as _};
use letmein_fwproto::{FirewallMessage, FirewallOperation, SOCK_FILE};
use std::{net::IpAddr, path::Path};
use tokio::net::UnixStream;

pub use letmein_fwproto::PortType;

pub struct FirewallClient {
    stream: UnixStream,
}

impl FirewallClient {
    /// Connect to the firewall daemon via Unix socket.
    pub async fn new(rundir: &Path) -> ah::Result<Self> {
        let sock_path = rundir.join("letmeinfwd").join(SOCK_FILE);
        let stream = UnixStream::connect(sock_path)
            .await
            .context("Connect to Unix socket")?;
        Ok(Self { stream })
    }

    /// Send a request to open a firewall `port` for the specified `addr`.
    pub async fn open_port(
        &mut self,
        addr: IpAddr,
        port_type: PortType,
        port: u16,
    ) -> ah::Result<()> {
        // Send an open-port request to the firewall daemon.
        FirewallMessage::new_open(addr, port_type, port)
            .send(&mut self.stream)
            .await
            .context("Send port-open message")?;

        // Receive the open-port reply.
        let Some(msg_reply) = FirewallMessage::recv(&mut self.stream)
            .await
            .context("Receive port-open reply")?
        else {
            return Err(err!("Connection terminated"));
        };

        match msg_reply.operation() {
            FirewallOperation::Ack => Ok(()),
            FirewallOperation::Nack => Err(err!("The firewall rejected the port-open request")),
            FirewallOperation::Open => Err(err!("Received invalid reply")),
        }
    }
}

// vim: ts=4 sw=4 expandtab
bues.ch cgit interface