diff --git a/Cargo.lock b/Cargo.lock index ef4e8d2746b6..90e8b3e0ba36 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4186,15 +4186,6 @@ version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" -[[package]] -name = "subslice" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0a8e4809a3bb02de01f1f7faf1ba01a83af9e8eabcd4d31dd6e413d14d56aae" -dependencies = [ - "memchr", -] - [[package]] name = "subtle" version = "2.5.0" @@ -4324,7 +4315,6 @@ dependencies = [ "resolv-conf", "serde", "serde_json", - "subslice", "system-configuration", "talpid-dbus", "talpid-macos", diff --git a/talpid-core/Cargo.toml b/talpid-core/Cargo.toml index 0cc71a439950..620e4a696493 100644 --- a/talpid-core/Cargo.toml +++ b/talpid-core/Cargo.toml @@ -46,9 +46,7 @@ duct = "0.13" [target.'cfg(target_os = "macos")'.dependencies] async-trait = "0.1" -duct = "0.13" pfctl = "0.6.1" -subslice = "0.2" system-configuration = "0.5.1" hickory-proto = { workspace = true } hickory-server = { workspace = true, features = ["resolver"] } diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index a45186fa2328..953c4abfe0cf 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -7,7 +7,6 @@ use std::sync::LazyLock; use ipnetwork::IpNetwork; use libc::{c_int, sysctlbyname}; use pfctl::{DropAction, FilterRuleAction, Ip, RedirectRule, Uid}; -use subslice::SubsliceExt; use talpid_types::net::{ AllowedEndpoint, AllowedTunnelTraffic, TransportProtocol, ALLOWED_LAN_MULTICAST_NETS, ALLOWED_LAN_NETS, @@ -936,21 +935,13 @@ impl Firewall { self.pf.try_enable() } - fn is_enabled(&self) -> bool { - let cmd = duct::cmd!("/sbin/pfctl", "-s", "info") - .stderr_null() - .stdout_capture(); - const EXPECTED_OUTPUT: &[u8] = b"Status: Enabled"; - match cmd.run() { - Ok(output) => output.stdout.as_slice().find(EXPECTED_OUTPUT).is_some(), - Err(err) => { - log::error!( - "Failed to execute pfctl, assuming pf is not enabled: {}", - err - ); - false - } - } + fn is_enabled(&mut self) -> bool { + // If we can't know for sure whether pf is enabled or not, err on the side of caution and + // return false. + self.pf + .is_enabled() + .inspect_err(|err| log::error!("Unable to determine if pf is enabled: {err}")) + .unwrap_or(false) } fn restore_state(&mut self) -> Result<()> {