diff options
| author | Emīls <emils@mullvad.net> | 2021-02-17 10:30:23 +0000 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2021-02-17 10:30:23 +0000 |
| commit | 081a5426279477de06905201642b398970a5bc85 (patch) | |
| tree | df20043bf321387be0a6fd8c7f701f80a05c7ec8 | |
| parent | cee6cdf7e28fea487102a38dbe82888f809a772f (diff) | |
| parent | 5120438b49130fc1c5a5118e7f0974f56b1e98c4 (diff) | |
| download | mullvadvpn-081a5426279477de06905201642b398970a5bc85.tar.xz mullvadvpn-081a5426279477de06905201642b398970a5bc85.zip | |
Merge branch 'linux-fix-ipv6-routing-rules'
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | talpid-core/src/routing/linux.rs | 11 | ||||
| -rw-r--r-- | talpid-core/src/routing/unix.rs | 13 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/openvpn/mod.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/wireguard/config.rs | 5 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/wireguard/mod.rs | 2 |
6 files changed, 24 insertions, 11 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ff77257909..93fa7ade1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,8 @@ Line wrap the file at 100 chars. Th #### Linux - Fix crash when trying to apply IPv6 rotues for OpenVPN when IPv6 is disabled. +- Ignore failure to add IPv6 split-tunneling routing rules when they fail due to IPv6 being + unavailable. ## [2021.1] - 2021-02-10 diff --git a/talpid-core/src/routing/linux.rs b/talpid-core/src/routing/linux.rs index b7cba8091c..afc02eedb2 100644 --- a/talpid-core/src/routing/linux.rs +++ b/talpid-core/src/routing/linux.rs @@ -149,12 +149,15 @@ impl RouteManagerImpl { Ok(monitor) } - async fn create_routing_rules(&mut self) -> Result<()> { + async fn create_routing_rules(&mut self, enable_ipv6: bool) -> Result<()> { use netlink_packet_route::constants::*; self.clear_routing_rules().await?; - for rule in &*ALL_RULES { + for rule in ALL_RULES + .iter() + .filter(|rule| rule.header.family as u16 == AF_INET || enable_ipv6) + { let mut req = NetlinkMessage::from(RtnlMessage::NewRule((*rule).clone())); req.header.flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_REPLACE; @@ -338,8 +341,8 @@ impl RouteManagerImpl { log::debug!("Adding routes: {:?}", routes); let _ = result_tx.send(self.add_required_routes(routes.clone()).await); } - RouteManagerCommand::CreateRoutingRules(result_tx) => { - let _ = result_tx.send(self.create_routing_rules().await); + RouteManagerCommand::CreateRoutingRules(enable_ipv6, result_tx) => { + let _ = result_tx.send(self.create_routing_rules(enable_ipv6).await); } RouteManagerCommand::ClearRoutingRules(result_tx) => { let _ = result_tx.send(self.clear_routing_rules().await); diff --git a/talpid-core/src/routing/unix.rs b/talpid-core/src/routing/unix.rs index d3f684c2fd..c1d2da522b 100644 --- a/talpid-core/src/routing/unix.rs +++ b/talpid-core/src/routing/unix.rs @@ -65,10 +65,13 @@ impl RouteManagerHandle { /// Ensure that packets are routed using the correct tables. #[cfg(target_os = "linux")] - pub fn create_routing_rules(&self) -> Result<(), Error> { + pub fn create_routing_rules(&self, enable_ipv6: bool) -> Result<(), Error> { let (response_tx, response_rx) = oneshot::channel(); self.tx - .unbounded_send(RouteManagerCommand::CreateRoutingRules(response_tx)) + .unbounded_send(RouteManagerCommand::CreateRoutingRules( + enable_ipv6, + response_tx, + )) .map_err(|_| Error::RouteManagerDown)?; self.runtime .block_on(response_rx) @@ -100,7 +103,7 @@ pub(crate) enum RouteManagerCommand { ClearRoutes, Shutdown(oneshot::Sender<()>), #[cfg(target_os = "linux")] - CreateRoutingRules(oneshot::Sender<Result<(), PlatformError>>), + CreateRoutingRules(bool, oneshot::Sender<Result<(), PlatformError>>), #[cfg(target_os = "linux")] ClearRoutingRules(oneshot::Sender<Result<(), PlatformError>>), } @@ -185,8 +188,8 @@ impl RouteManager { /// Ensure that packets are routed using the correct tables. #[cfg(target_os = "linux")] - pub fn create_routing_rules(&mut self) -> Result<(), Error> { - self.handle()?.create_routing_rules() + pub fn create_routing_rules(&mut self, enable_ipv6: bool) -> Result<(), Error> { + self.handle()?.create_routing_rules(enable_ipv6) } /// Remove any routing rules created by [`create_routing_rules`]. diff --git a/talpid-core/src/tunnel/openvpn/mod.rs b/talpid-core/src/tunnel/openvpn/mod.rs index c880ad7546..8f6766cf37 100644 --- a/talpid-core/src/tunnel/openvpn/mod.rs +++ b/talpid-core/src/tunnel/openvpn/mod.rs @@ -314,7 +314,7 @@ impl OpenVpnMonitor<OpenVpnCommand> { } #[cfg(target_os = "linux")] - if let Err(error) = route_manager_handle.create_routing_rules() { + if let Err(error) = route_manager_handle.create_routing_rules(ipv6_enabled) { log::error!("{}", error.display_chain()); panic!("Failed to add routes"); } diff --git a/talpid-core/src/tunnel/wireguard/config.rs b/talpid-core/src/tunnel/wireguard/config.rs index 87c0d2c0f0..eddc51b25b 100644 --- a/talpid-core/src/tunnel/wireguard/config.rs +++ b/talpid-core/src/tunnel/wireguard/config.rs @@ -20,6 +20,9 @@ pub struct Config { /// Firewall mark #[cfg(target_os = "linux")] pub fwmark: u32, + /// Enable IPv6 routing rules + #[cfg(target_os = "linux")] + pub enable_ipv6: bool, } const DEFAULT_MTU: u16 = 1380; @@ -101,6 +104,8 @@ impl Config { mtu, #[cfg(target_os = "linux")] fwmark: crate::linux::TUNNEL_FW_MARK, + #[cfg(target_os = "linux")] + enable_ipv6: generic_options.enable_ipv6, }) } diff --git a/talpid-core/src/tunnel/wireguard/mod.rs b/talpid-core/src/tunnel/wireguard/mod.rs index 9b305a2bcd..5e9cd6704e 100644 --- a/talpid-core/src/tunnel/wireguard/mod.rs +++ b/talpid-core/src/tunnel/wireguard/mod.rs @@ -85,7 +85,7 @@ impl WireguardMonitor { #[cfg(target_os = "linux")] route_manager - .create_routing_rules() + .create_routing_rules(config.enable_ipv6) .map_err(Error::SetupRoutingError)?; route_manager |