Make sure exclusion table uses physical interface by default

author: David Lönnhager <david.l@mullvad.net> 2020-03-02 13:47:20 +0100
committer: David Lönnhager <david.l@mullvad.net> 2020-06-02 10:05:02 +0200
commit: 444458e588c5b14530d0bfa6872e7cbe3c786e15 (patch)
tree: 87d7626f3dc294214c5608b6e58abbdba529af6c
parent: 222683ef805d3baefe1113be1c597bd9150b0c94 (diff)
download: mullvadvpn-444458e588c5b14530d0bfa6872e7cbe3c786e15.tar.xz
mullvadvpn-444458e588c5b14530d0bfa6872e7cbe3c786e15.zip
1 files changed, 31 insertions, 22 deletions
diff --git a/talpid-core/src/split.rs b/talpid-core/src/split.rs
index 320ca30f37..678197a416 100644
--- a/talpid-core/src/split.rs
+++ b/talpid-core/src/split.rs
@@ -63,10 +63,6 @@ pub enum Error {
     /// Unable to add setup DNS routing.
     #[error(display = "Failed to add routing table DNS rules")]
     SetDns(#[error(source)] io::Error),
-
-    /// Unable to flush routing table.
-    #[error(display = "Failed to clear routing table DNS rules")]
-    FlushDns(#[error(source)] io::Error),
 }
 
 struct DefaultRoute {
@@ -100,6 +96,34 @@ fn get_default_route() -> Result<DefaultRoute, Error> {
     Err(Error::NoDefaultRoute)
 }
 
+fn reset_table() -> Result<(), Error> {
+    // Flush table
+    let mut cmd = Command::new("ip");
+    cmd.args(&["-4", "route", "flush", "table", ROUTING_TABLE_NAME]);
+
+    log::trace!("running cmd - {:?}", &cmd);
+    cmd.output().map_err(Error::RoutingTableSetup)?;
+
+    // Force routing through the physical interface
+    let default_route = get_default_route()?;
+    let mut cmd = Command::new("ip");
+    cmd.args(&[
+        "-4",
+        "route",
+        "add",
+        "default",
+        "via",
+        &default_route.address.to_string(),
+        "dev",
+        &default_route.interface,
+        "table",
+        ROUTING_TABLE_NAME,
+    ]);
+
+    log::trace!("running cmd - {:?}", &cmd);
+    cmd.output().map(|_| ()).map_err(Error::RoutingTableSetup)
+}
+
 /// Route PID-associated packets through the physical interface.
 pub fn route_marked_packets() -> Result<(), Error> {
     // TODO: IPv6
@@ -140,12 +164,7 @@ pub fn route_marked_packets() -> Result<(), Error> {
         cmd.output().map_err(Error::RoutingTableSetup)?;
     }
 
-    // Flush table
-    let mut cmd = Command::new("ip");
-    cmd.args(&["-4", "route", "flush", "table", ROUTING_TABLE_NAME]);
-
-    log::trace!("running cmd - {:?}", &cmd);
-    cmd.output().map(|_| ()).map_err(Error::RoutingTableSetup)
+    reset_table()
 }
 
 /// Stop routing PID-associated packets through the physical interface.
@@ -184,13 +203,7 @@ pub fn disable_routing() -> Result<(), Error> {
 
 /// Route DNS requests through the tunnel interface.
 pub fn route_dns(tunnel_alias: &str, dns_servers: &[IpAddr]) -> Result<(), Error> {
-    // TODO: IPv6
-
-    let mut cmd = Command::new("ip");
-    cmd.args(&["-4", "route", "flush", "table", ROUTING_TABLE_NAME]);
-
-    log::trace!("running cmd - {:?}", &cmd);
-    cmd.output().map_err(Error::SetDns)?;
+    reset_table()?;
 
     for server in dns_servers {
         if let IpAddr::V4(addr) = server {
@@ -221,11 +234,7 @@ pub fn route_dns(tunnel_alias: &str, dns_servers: &[IpAddr]) -> Result<(), Error
 /// Reset DNS rules.
 pub fn flush_dns() -> Result<(), Error> {
     // For now, simply flush it
-    let mut cmd = Command::new("ip");
-    cmd.args(&["-4", "route", "flush", "table", ROUTING_TABLE_NAME]);
-
-    log::trace!("running cmd - {:?}", &cmd);
-    cmd.output().map(|_| ()).map_err(Error::FlushDns)
+    reset_table()
 }
 
 /// Set up policy-based routing for marked packets.
author	David Lönnhager <david.l@mullvad.net>	2020-03-02 13:47:20 +0100
committer	David Lönnhager <david.l@mullvad.net>	2020-06-02 10:05:02 +0200
commit	444458e588c5b14530d0bfa6872e7cbe3c786e15 (patch)
tree	87d7626f3dc294214c5608b6e58abbdba529af6c
parent	222683ef805d3baefe1113be1c597bd9150b0c94 (diff)
download	mullvadvpn-444458e588c5b14530d0bfa6872e7cbe3c786e15.tar.xz mullvadvpn-444458e588c5b14530d0bfa6872e7cbe3c786e15.zip