Switch from ioctl_sys to nix's ioctl

Allows to be built on other platforms like FreeBSD. Needs to stick to nix 0.26 because nix >= 0.27 requires Rust >= 1.65.
mullvad · Jun 11, 2024 · da881c0 · da881c0
1 parent a1d6064
commit da881c0
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 67 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -17,7 +17,7 @@ travis-ci = { repository = "mullvad/pfctl-rs" }
 
 [dependencies]
 error-chain = "0.12.4"
-ioctl-sys = "0.8.0"
+nix = { version = "0.26.4", features = ["ioctl"], default-features = false }
 libc = "0.2.29"
 derive_builder = "0.9"
 ipnetwork = "0.20.0"

diff --git a/src/ffi/mod.rs b/src/ffi/mod.rs
@@ -6,7 +6,7 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-use ioctl_sys::ioctl;
+use nix::{ioctl_none, ioctl_readwrite};
 
 #[allow(non_camel_case_types)]
 #[allow(non_upper_case_globals)]
@@ -32,34 +32,34 @@ pub mod tcp {
 // The documentation describing the order of calls and accepted parameters can be found at:
 // http://man.openbsd.org/pf.4
 // DIOCSTART
-ioctl!(none pf_start with b'D', 1);
+ioctl_none!(pf_start, b'D', 1);
 // DIOCSTOP
-ioctl!(none pf_stop with b'D', 2);
+ioctl_none!(pf_stop, b'D', 2);
 // DIOCADDRULE
-ioctl!(readwrite pf_add_rule with b'D', 4; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_add_rule, b'D', 4, pfvar::pfioc_rule);
 // DIOCGETRULES
-ioctl!(readwrite pf_get_rules with b'D', 6; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_get_rules, b'D', 6, pfvar::pfioc_rule);
 // DIOCGETRULE
-ioctl!(readwrite pf_get_rule with b'D', 7; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_get_rule, b'D', 7, pfvar::pfioc_rule);
 // DIOCCLRSTATES
-ioctl!(readwrite pf_clear_states with b'D', 18; pfvar::pfioc_state_kill);
+ioctl_readwrite!(pf_clear_states, b'D', 18, pfvar::pfioc_state_kill);
 // DIOCGETSTATUS
-ioctl!(readwrite pf_get_status with b'D', 21; pfvar::pf_status);
+ioctl_readwrite!(pf_get_status, b'D', 21, pfvar::pf_status);
 // DIOCGETSTATES
-ioctl!(readwrite pf_get_states with b'D', 25; pfvar::pfioc_states);
+ioctl_readwrite!(pf_get_states, b'D', 25, pfvar::pfioc_states);
 // DIOCCHANGERULE
-ioctl!(readwrite pf_change_rule with b'D', 26; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_change_rule, b'D', 26, pfvar::pfioc_rule);
 // DIOCINSERTRULE
-ioctl!(readwrite pf_insert_rule with b'D', 27; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_insert_rule, b'D', 27, pfvar::pfioc_rule);
 // DIOCDELETERULE
-ioctl!(readwrite pf_delete_rule with b'D', 28; pfvar::pfioc_rule);
+ioctl_readwrite!(pf_delete_rule, b'D', 28, pfvar::pfioc_rule);
 // DIOCKILLSTATES
-ioctl!(readwrite pf_kill_states with b'D', 41; pfvar::pfioc_state_kill);
+ioctl_readwrite!(pf_kill_states, b'D', 41, pfvar::pfioc_state_kill);
 // DIOCBEGINADDRS
-ioctl!(readwrite pf_begin_addrs with b'D', 51; pfvar::pfioc_pooladdr);
+ioctl_readwrite!(pf_begin_addrs, b'D', 51, pfvar::pfioc_pooladdr);
 // DIOCADDADDR
-ioctl!(readwrite pf_add_addr with b'D', 52; pfvar::pfioc_pooladdr);
+ioctl_readwrite!(pf_add_addr, b'D', 52, pfvar::pfioc_pooladdr);
 // DIOCXBEGIN
-ioctl!(readwrite pf_begin_trans with b'D', 81; pfvar::pfioc_trans);
+ioctl_readwrite!(pf_begin_trans, b'D', 81, pfvar::pfioc_trans);
 // DIOCXCOMMIT
-ioctl!(readwrite pf_commit_trans with b'D', 82; pfvar::pfioc_trans);
+ioctl_readwrite!(pf_commit_trans, b'D', 82, pfvar::pfioc_trans);
diff --git a/src/macros.rs b/src/macros.rs
@@ -6,20 +6,16 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-pub const IOCTL_ERROR: i32 = -1;
-
 /// Macro for taking an expression with an ioctl call, perform it and return a Rust ´Result´.
 macro_rules! ioctl_guard {
     ($func:expr) => {
         ioctl_guard!($func, libc::EEXIST)
     };
     ($func:expr, $already_active:expr) => {
-        if unsafe { $func } == $crate::macros::IOCTL_ERROR {
-            let io_error = ::std::io::Error::last_os_error();
-            let error_code = io_error
-                .raw_os_error()
-                .expect("Errors created with last_os_error should have errno");
-            let mut err = Err($crate::ErrorKind::IoctlError(io_error).into());
+        // nix::ioctl calls return error numbers out of box.
+        if let nix::Result::Err(errno) = unsafe { $func } {
+            let error_code = errno as i32;
+            let mut err = Err($crate::ErrorKind::IoctlError(std::io::Error::from_raw_os_error(error_code)).into());
             if error_code == $already_active {
                 err = err.chain_err(|| $crate::ErrorKind::StateAlreadyActive);
             }