Merge branch 'fix-talpid-openvpn'

author: Emīls Piņķis <emils@mullvad.net> 2022-11-08 17:30:39 +0100
committer: Emīls Piņķis <emils@mullvad.net> 2022-11-08 17:30:39 +0100
commit: 17d6905ea16c6bff5647ae698c1591bd32c563be (patch)
tree: 1dcea28cdeaa86e2636514fcd5508e256b395fe0
parent: 55d07cc2f6c600e8e5e49d34f05825eafa37c652 (diff)
parent: 24dd952ae0dbaa36c30884619f11e66db7c61cf2 (diff)
download: mullvadvpn-17d6905ea16c6bff5647ae698c1591bd32c563be.tar.xz
mullvadvpn-17d6905ea16c6bff5647ae698c1591bd32c563be.zip
4 files changed, 30 insertions, 0 deletions
diff --git a/mullvad-daemon/src/tunnel.rs b/mullvad-daemon/src/tunnel.rs
index 81e0063166..7cf52a3c5a 100644
--- a/mullvad-daemon/src/tunnel.rs
+++ b/mullvad-daemon/src/tunnel.rs
@@ -182,6 +182,8 @@ impl InnerParametersGenerator {
                     options: self.tunnel_options.openvpn.clone(),
                     generic_options: self.tunnel_options.generic.clone(),
                     proxy: bridge_settings,
+                    #[cfg(target_os = "linux")]
+                    fwmark: mullvad_types::TUNNEL_FWMARK,
                 }
                 .into())
             }
diff --git a/mullvad-types/src/custom_tunnel.rs b/mullvad-types/src/custom_tunnel.rs
index dfbea72c7d..2dceb7493d 100644
--- a/mullvad-types/src/custom_tunnel.rs
+++ b/mullvad-types/src/custom_tunnel.rs
@@ -54,6 +54,8 @@ impl CustomTunnelEndpoint {
                 options: tunnel_options.openvpn.clone(),
                 generic_options: tunnel_options.generic,
                 proxy,
+                #[cfg(target_os = "linux")]
+                fwmark: crate::TUNNEL_FWMARK,
             }
             .into(),
             ConnectionConfig::Wireguard(connection) => wireguard::TunnelParameters {
diff --git a/talpid-openvpn/src/lib.rs b/talpid-openvpn/src/lib.rs
index e49cbd121a..decff64b0c 100644
--- a/talpid-openvpn/src/lib.rs
+++ b/talpid-openvpn/src/lib.rs
@@ -316,6 +316,8 @@ impl OpenVpnMonitor<OpenVpnCommand> {
             proxy_auth_file,
             proxy_monitor,
             tunnel_close_rx,
+            #[cfg(target_os = "linux")]
+            fwmark: params.fwmark,
         };
         Self::new_internal(
             cmd,
@@ -380,6 +382,8 @@ struct OpenVpnTunnelInitArgs {
     proxy_auth_file: Option<mktemp::TempFile>,
     proxy_monitor: Option<Box<dyn ProxyMonitor>>,
     tunnel_close_rx: oneshot::Receiver<()>,
+    #[cfg(target_os = "linux")]
+    fwmark: u32,
 }
 
 impl<C: OpenVpnBuilder + Send + 'static> OpenVpnMonitor<C> {
@@ -408,6 +412,9 @@ impl<C: OpenVpnBuilder + Send + 'static> OpenVpnMonitor<C> {
         #[cfg(windows)]
         let wintun = Arc::new(wintun);
 
+        #[cfg(target_os = "linux")]
+        cmd.fwmark(init_args.fwmark);
+
         cmd.plugin(plugin_path, vec![ipc_path])
             .log(log_path.as_deref());
         let (spawn_task, abort_spawn) = futures::future::abortable(Self::prepare_process(
@@ -769,6 +776,10 @@ pub trait OpenVpnBuilder {
 
     /// Spawn the subprocess and return a handle.
     fn start(&self) -> io::Result<Self::ProcessHandle>;
+
+    /// Sets the firewall mark for the connection.
+    #[cfg(target_os = "linux")]
+    fn fwmark(&mut self, fwmark: u32) -> &mut Self;
 }
 
 /// Trait for types acting as handles to subprocesses for `OpenVpnMonitor`
@@ -798,6 +809,12 @@ impl OpenVpnBuilder for OpenVpnCommand {
     fn start(&self) -> io::Result<OpenVpnProcHandle> {
         OpenVpnProcHandle::new(self.build())
     }
+
+    #[cfg(target_os = "linux")]
+    fn fwmark(&mut self, fwmark: u32) -> &mut Self {
+        self.fwmark(Some(fwmark));
+        self
+    }
 }
 
 impl ProcessHandle for OpenVpnProcHandle {
@@ -1196,6 +1213,11 @@ mod tests {
             self
         }
 
+        #[cfg(target_os = "linux")]
+        fn fwmark(&mut self, _fwmark: u32) -> &mut Self {
+            self
+        }
+
         fn start(&self) -> io::Result<Self::ProcessHandle> {
             self.process_handle
                 .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "failed to start"))
@@ -1246,6 +1268,8 @@ mod tests {
             proxy_auth_file: None,
             proxy_monitor: None,
             tunnel_close_rx: close_rx,
+            #[cfg(target_os = "linux")]
+            fwmark: 0,
         }
     }
 
diff --git a/talpid-types/src/net/openvpn.rs b/talpid-types/src/net/openvpn.rs
index aaf08103c3..54a4feb044 100644
--- a/talpid-types/src/net/openvpn.rs
+++ b/talpid-types/src/net/openvpn.rs
@@ -13,6 +13,8 @@ pub struct TunnelParameters {
     pub options: TunnelOptions,
     pub generic_options: GenericTunnelOptions,
     pub proxy: Option<ProxySettings>,
+    #[cfg(target_os = "linux")]
+    pub fwmark: u32,
 }
 
 /// Connection configuration used by [`TunnelParameters`].
author	Emīls Piņķis <emils@mullvad.net>	2022-11-08 17:30:39 +0100
committer	Emīls Piņķis <emils@mullvad.net>	2022-11-08 17:30:39 +0100
commit	17d6905ea16c6bff5647ae698c1591bd32c563be (patch)
tree	1dcea28cdeaa86e2636514fcd5508e256b395fe0
parent	55d07cc2f6c600e8e5e49d34f05825eafa37c652 (diff)
parent	24dd952ae0dbaa36c30884619f11e66db7c61cf2 (diff)
download	mullvadvpn-17d6905ea16c6bff5647ae698c1591bd32c563be.tar.xz mullvadvpn-17d6905ea16c6bff5647ae698c1591bd32c563be.zip