diff options
| author | David Lönnhager <david.l@mullvad.net> | 2023-04-17 10:15:58 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2023-04-17 10:15:58 +0200 |
| commit | c7294cd2cb88c9a4ba26240bcf042933f42dfb29 (patch) | |
| tree | 129aa1b0364f8bdd04ccec14ddc2ee23d405af09 | |
| parent | 8a04ce4108b5385da663d42d5014854e08bbfedd (diff) | |
| parent | efc1a49f659a6d837fe6d8b628941b6715c6ae46 (diff) | |
| download | mullvadvpn-c7294cd2cb88c9a4ba26240bcf042933f42dfb29.tar.xz mullvadvpn-c7294cd2cb88c9a4ba26240bcf042933f42dfb29.zip | |
Merge branch 'log-settings-connection-des-119' into main
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | mullvad-daemon/src/lib.rs | 7 | ||||
| -rw-r--r-- | mullvad-daemon/src/settings.rs | 135 | ||||
| -rw-r--r-- | mullvad-types/src/relay_constraints.rs | 34 | ||||
| -rw-r--r-- | mullvad-types/src/wireguard.rs | 10 | ||||
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 2 | ||||
| -rw-r--r-- | talpid-wireguard/src/config.rs | 10 | ||||
| -rw-r--r-- | talpid-wireguard/src/lib.rs | 2 |
8 files changed, 178 insertions, 24 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 85ece5a70f..6299f2b656 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,8 @@ Line wrap the file at 100 chars. Th ## [Unreleased] ### Added +- Log select settings on each connection attempt. + #### Android - Add DNS content blockers. diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index 9f9ce5c4af..0561d645ca 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -894,9 +894,12 @@ where } } - match tunnel_state { + match &tunnel_state { TunnelState::Disconnected => self.state.disconnected(), - TunnelState::Error(ref error_state) => { + TunnelState::Connecting { .. } => { + log::debug!("Settings: {}", self.settings.summary()); + } + TunnelState::Error(error_state) => { if error_state.is_blocking() { log::info!( "Blocking all network connections, reason: {}", diff --git a/mullvad-daemon/src/settings.rs b/mullvad-daemon/src/settings.rs index ecf2e4db7e..ec73aabbe5 100644 --- a/mullvad-daemon/src/settings.rs +++ b/mullvad-daemon/src/settings.rs @@ -1,11 +1,16 @@ #[cfg(not(target_os = "android"))] use futures::TryFutureExt; -use mullvad_types::settings::Settings; +use mullvad_types::{ + relay_constraints::{RelayConstraints, RelaySettings, WireguardConstraints}, + settings::{DnsState, Settings}, +}; use rand::Rng; use std::{ + fmt::{self, Display}, ops::Deref, path::{Path, PathBuf}, }; +use talpid_core::firewall::is_local_address; use talpid_types::ErrorExt; use tokio::{ fs, @@ -194,6 +199,13 @@ impl SettingsPersister { self.settings = new_settings; Ok(true) } + + /// Return a compact summary of important settings + pub fn summary(&self) -> SettingsSummary<'_> { + SettingsSummary { + settings: &self.settings, + } + } } impl Deref for SettingsPersister { @@ -204,6 +216,127 @@ impl Deref for SettingsPersister { } } +/// A compact summary of important settings +pub struct SettingsSummary<'a> { + settings: &'a Settings, +} + +impl<'a> Display for SettingsSummary<'a> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + let bool_to_label = |state| { + if state { + "on" + } else { + "off" + } + }; + + let relay_settings = self.settings.get_relay_settings(); + + write!(f, "openvpn mssfix: ")?; + Self::fmt_option(f, self.settings.tunnel_options.openvpn.mssfix)?; + write!(f, ", wg mtu: ")?; + Self::fmt_option(f, self.settings.tunnel_options.wireguard.mtu)?; + + if let RelaySettings::Normal(RelayConstraints { + wireguard_constraints: WireguardConstraints { ip_version, .. }, + .. + }) = relay_settings + { + write!(f, ", wg ip version: {ip_version}")?; + } + + let multihop = matches!( + relay_settings, + RelaySettings::Normal(RelayConstraints { + wireguard_constraints: WireguardConstraints { + use_multihop: true, + .. + }, + .. + }) + ); + + write!( + f, + ", multihop: {}, ipv6 (tun): {}, lan: {}, pq: {}, obfs: {}", + bool_to_label(multihop), + bool_to_label(self.settings.tunnel_options.generic.enable_ipv6), + bool_to_label(self.settings.allow_lan), + self.settings.tunnel_options.wireguard.quantum_resistant, + self.settings.obfuscation_settings.selected_obfuscation, + )?; + + // Print DNS options + + write!(f, ", dns: ")?; + + match self.settings.tunnel_options.dns_options.state { + DnsState::Default => { + let mut content = vec![]; + let default_options = &self.settings.tunnel_options.dns_options.default_options; + + if default_options.block_ads { + content.push("ads"); + } + if default_options.block_trackers { + content.push("trackers"); + } + if default_options.block_malware { + content.push("malware"); + } + if default_options.block_adult_content { + content.push("adult"); + } + if default_options.block_gambling { + content.push("gambling"); + } + if content.is_empty() { + content.push("default"); + } + write!(f, "{}", content.join(" "))?; + } + DnsState::Custom => { + // NOTE: Technically inaccurate, as the gateway IP is a local IP but isn't treated as one. + let contains_local = self + .settings + .tunnel_options + .dns_options + .custom_options + .addresses + .iter() + .any(is_local_address); + let contains_public = self + .settings + .tunnel_options + .dns_options + .custom_options + .addresses + .iter() + .any(|addr| !is_local_address(addr)); + + match (contains_public, contains_local) { + (true, true) => f.write_str("custom, public, local")?, + (true, false) => f.write_str("custom, public")?, + (false, false) => f.write_str("custom, no addrs")?, + (false, true) => f.write_str("custom, local")?, + } + } + } + Ok(()) + } +} + +impl<'a> SettingsSummary<'a> { + fn fmt_option<T: Display>(f: &mut fmt::Formatter<'_>, val: Option<T>) -> fmt::Result { + if let Some(inner) = &val { + inner.fmt(f) + } else { + f.write_str("unset") + } + } +} + #[cfg(test)] mod test { use super::SettingsPersister; diff --git a/mullvad-types/src/relay_constraints.rs b/mullvad-types/src/relay_constraints.rs index ed3239c8c0..79a95ff031 100644 --- a/mullvad-types/src/relay_constraints.rs +++ b/mullvad-types/src/relay_constraints.rs @@ -26,12 +26,21 @@ pub trait Set<T> { #[cfg_attr(target_os = "android", derive(FromJava, IntoJava))] #[cfg_attr(target_os = "android", jnix(package = "net.mullvad.mullvadvpn.model"))] #[cfg_attr(target_os = "android", jnix(bounds = "T: android.os.Parcelable"))] -pub enum Constraint<T: fmt::Debug + Clone + Eq + PartialEq> { +pub enum Constraint<T> { Any, Only(T), } -impl<T: fmt::Debug + Clone + Eq + PartialEq> Constraint<T> { +impl<T: fmt::Display> fmt::Display for Constraint<T> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + match self { + Constraint::Any => "any".fmt(f), + Constraint::Only(value) => fmt::Display::fmt(value, f), + } + } +} + +impl<T> Constraint<T> { pub fn unwrap(self) -> T { match self { Constraint::Any => panic!("called `Constraint::unwrap()` on an `Any` value"), @@ -53,10 +62,7 @@ impl<T: fmt::Debug + Clone + Eq + PartialEq> Constraint<T> { } } - pub fn map<U: fmt::Debug + Clone + Eq + PartialEq, F: FnOnce(T) -> U>( - self, - f: F, - ) -> Constraint<U> { + pub fn map<U, F: FnOnce(T) -> U>(self, f: F) -> Constraint<U> { match self { Constraint::Any => Constraint::Any, Constraint::Only(value) => Constraint::Only(f(value)), @@ -87,7 +93,9 @@ impl<T: fmt::Debug + Clone + Eq + PartialEq> Constraint<T> { Constraint::Only(value) => Some(value), } } +} +impl<T: PartialEq> Constraint<T> { pub fn matches_eq(&self, other: &T) -> bool { match self { Constraint::Any => true, @@ -98,15 +106,15 @@ impl<T: fmt::Debug + Clone + Eq + PartialEq> Constraint<T> { // Using the default attribute fails on Android #[allow(clippy::derivable_impls)] -impl<T: fmt::Debug + Clone + Eq + PartialEq> Default for Constraint<T> { +impl<T> Default for Constraint<T> { fn default() -> Self { Constraint::Any } } -impl<T: Copy + fmt::Debug + Clone + Eq + PartialEq> Copy for Constraint<T> {} +impl<T: Copy> Copy for Constraint<T> {} -impl<T: fmt::Debug + Clone + Eq + Match<U>, U> Match<U> for Constraint<T> { +impl<T: Match<U>, U> Match<U> for Constraint<T> { fn matches(&self, other: &U) -> bool { match *self { Constraint::Any => true, @@ -115,12 +123,10 @@ impl<T: fmt::Debug + Clone + Eq + Match<U>, U> Match<U> for Constraint<T> { } } -impl<T: fmt::Debug + Clone + Eq + Set<U>, U: fmt::Debug + Clone + Eq> Set<Constraint<U>> - for Constraint<T> -{ +impl<T: Set<U>, U> Set<Constraint<U>> for Constraint<T> { fn is_subset(&self, other: &Constraint<U>) -> bool { match self { - Constraint::Any => *other == Constraint::Any, + Constraint::Any => other.is_any(), Constraint::Only(ref constraint) => match other { Constraint::Only(ref other_constraint) => constraint.is_subset(other_constraint), _ => true, @@ -129,7 +135,7 @@ impl<T: fmt::Debug + Clone + Eq + Set<U>, U: fmt::Debug + Clone + Eq> Set<Constr } } -impl<T: fmt::Debug + Clone + Eq + PartialEq> From<Option<T>> for Constraint<T> { +impl<T> From<Option<T>> for Constraint<T> { fn from(value: Option<T>) -> Self { match value { Some(value) => Constraint::Only(value), diff --git a/mullvad-types/src/wireguard.rs b/mullvad-types/src/wireguard.rs index 36a560e7b2..7f12ed42f1 100644 --- a/mullvad-types/src/wireguard.rs +++ b/mullvad-types/src/wireguard.rs @@ -22,6 +22,16 @@ pub enum QuantumResistantState { Off, } +impl fmt::Display for QuantumResistantState { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + QuantumResistantState::Auto => f.write_str("auto"), + QuantumResistantState::On => f.write_str("on"), + QuantumResistantState::Off => f.write_str("off"), + } + } +} + /// Contains account specific wireguard data #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)] pub struct WireguardData { diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index 5167685a10..2def49bc17 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -1,6 +1,5 @@ use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network}; use lazy_static::lazy_static; -#[cfg(not(target_os = "android"))] use std::net::IpAddr; #[cfg(windows)] use std::path::PathBuf; @@ -81,7 +80,6 @@ const DHCPV6_CLIENT_PORT: u16 = 546; #[cfg(all(unix, not(target_os = "android")))] const ROOT_UID: u32 = 0; -#[cfg(any(all(unix, not(target_os = "android")), target_os = "windows"))] /// Returns whether an address belongs to a private subnet. pub fn is_local_address(address: &IpAddr) -> bool { let address = *address; diff --git a/talpid-wireguard/src/config.rs b/talpid-wireguard/src/config.rs index fc1333b631..358aa5d64a 100644 --- a/talpid-wireguard/src/config.rs +++ b/talpid-wireguard/src/config.rs @@ -31,13 +31,13 @@ pub struct Config { pub obfuscator_config: Option<ObfuscatorConfig>, } -#[cfg(not(target_os = "android"))] -const DEFAULT_MTU: u16 = 1380; - /// Set the MTU to the lowest possible whilst still allowing for IPv6 to help with wireless /// carriers that do a lot of encapsulation. -#[cfg(target_os = "android")] -const DEFAULT_MTU: u16 = 1280; +const DEFAULT_MTU: u16 = if cfg!(target_os = "android") { + 1280 +} else { + 1380 +}; /// Configuration errors #[derive(err_derive::Error, Debug)] diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs index cdac2b8a51..85b4c5a6df 100644 --- a/talpid-wireguard/src/lib.rs +++ b/talpid-wireguard/src/lib.rs @@ -676,6 +676,8 @@ impl WireguardMonitor { #[cfg(windows)] route_manager_handle: crate::routing::RouteManagerHandle, #[cfg(windows)] setup_done_tx: mpsc::Sender<std::result::Result<(), BoxedError>>, ) -> Result<Box<dyn Tunnel>> { + log::debug!("Tunnel MTU: {}", config.mtu); + #[cfg(target_os = "linux")] if !*FORCE_USERSPACE_WIREGUARD { if will_nm_manage_dns() { |