Add function to initialize cgroup

2 files changed, 38 insertions, 0 deletions

diff --git a/talpid-core/src/lib.rs b/talpid-core/src/lib.rs
index 9ab260eb9a..f9049dc3f6 100644
--- a/talpid-core/src/lib.rs
+++ b/talpid-core/src/lib.rs
@@ -20,6 +20,9 @@ pub mod routing;
 
 mod offline;
 
+/// Split tunneling
+pub mod split;
+
 /// Working with processes.
 pub mod process;
 
diff --git a/talpid-core/src/split.rs b/talpid-core/src/split.rs
new file mode 100644
index 0000000000..73996dde34
--- /dev/null
+++ b/talpid-core/src/split.rs
@@ -0,0 +1,35 @@
+use std::{
+    fs,
+    io::{self, Write},
+    path::Path,
+};
+
+const NETCLS_DIR: &str = "/sys/fs/cgroup/net_cls/";
+/// Identifies packets coming from the cgroup.
+const NETCLS_CLASSID: u32 = 0x4d9f41;
+const CGROUP_NAME: &str = "mullvad-exclusions";
+
+/// Errors related to split tunneling.
+#[derive(err_derive::Error, Debug)]
+#[error(no_from)]
+pub enum Error {
+    /// Unable to create cgroup.
+    #[error(display = "Unable to create cgroup for excluded processes")]
+    CreateCGroup(#[error(source)] io::Error),
+
+    /// Unable to set class ID for cgroup.
+    #[error(display = "Unable to set cgroup class ID")]
+    SetCGroupClassId(#[error(source)] io::Error),
+}
+
+/// Set up cgroup used to track PIDs for split tunneling.
+pub fn create_cgroup() -> Result<(), Error> {
+    let exclusions_dir = Path::new(NETCLS_DIR).join(CGROUP_NAME);
+
+    if !exclusions_dir.exists() {
+        fs::create_dir(exclusions_dir.clone()).map_err(Error::CreateCGroup)?;
+    }
+
+    let classid_path = exclusions_dir.join("net_cls.classid");
+    fs::write(classid_path, NETCLS_CLASSID.to_string().as_bytes()).map_err(Error::SetCGroupClassId)
+}