Log important settings

5 files changed, 146 insertions, 10 deletions

diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs
index 9f9ce5c4af..0561d645ca 100644
--- a/mullvad-daemon/src/lib.rs
+++ b/mullvad-daemon/src/lib.rs
@@ -894,9 +894,12 @@ where
             }
         }
 
-        match tunnel_state {
+        match &tunnel_state {
             TunnelState::Disconnected => self.state.disconnected(),
-            TunnelState::Error(ref error_state) => {
+            TunnelState::Connecting { .. } => {
+                log::debug!("Settings: {}", self.settings.summary());
+            }
+            TunnelState::Error(error_state) => {
                 if error_state.is_blocking() {
                     log::info!(
                         "Blocking all network connections, reason: {}",
diff --git a/mullvad-daemon/src/settings.rs b/mullvad-daemon/src/settings.rs
index ecf2e4db7e..ec73aabbe5 100644
--- a/mullvad-daemon/src/settings.rs
+++ b/mullvad-daemon/src/settings.rs
@@ -1,11 +1,16 @@
 #[cfg(not(target_os = "android"))]
 use futures::TryFutureExt;
-use mullvad_types::settings::Settings;
+use mullvad_types::{
+    relay_constraints::{RelayConstraints, RelaySettings, WireguardConstraints},
+    settings::{DnsState, Settings},
+};
 use rand::Rng;
 use std::{
+    fmt::{self, Display},
     ops::Deref,
     path::{Path, PathBuf},
 };
+use talpid_core::firewall::is_local_address;
 use talpid_types::ErrorExt;
 use tokio::{
     fs,
@@ -194,6 +199,13 @@ impl SettingsPersister {
         self.settings = new_settings;
         Ok(true)
     }
+
+    /// Return a compact summary of important settings
+    pub fn summary(&self) -> SettingsSummary<'_> {
+        SettingsSummary {
+            settings: &self.settings,
+        }
+    }
 }
 
 impl Deref for SettingsPersister {
@@ -204,6 +216,127 @@ impl Deref for SettingsPersister {
     }
 }
 
+/// A compact summary of important settings
+pub struct SettingsSummary<'a> {
+    settings: &'a Settings,
+}
+
+impl<'a> Display for SettingsSummary<'a> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let bool_to_label = |state| {
+            if state {
+                "on"
+            } else {
+                "off"
+            }
+        };
+
+        let relay_settings = self.settings.get_relay_settings();
+
+        write!(f, "openvpn mssfix: ")?;
+        Self::fmt_option(f, self.settings.tunnel_options.openvpn.mssfix)?;
+        write!(f, ", wg mtu: ")?;
+        Self::fmt_option(f, self.settings.tunnel_options.wireguard.mtu)?;
+
+        if let RelaySettings::Normal(RelayConstraints {
+            wireguard_constraints: WireguardConstraints { ip_version, .. },
+            ..
+        }) = relay_settings
+        {
+            write!(f, ", wg ip version: {ip_version}")?;
+        }
+
+        let multihop = matches!(
+            relay_settings,
+            RelaySettings::Normal(RelayConstraints {
+                wireguard_constraints: WireguardConstraints {
+                    use_multihop: true,
+                    ..
+                },
+                ..
+            })
+        );
+
+        write!(
+            f,
+            ", multihop: {}, ipv6 (tun): {}, lan: {}, pq: {}, obfs: {}",
+            bool_to_label(multihop),
+            bool_to_label(self.settings.tunnel_options.generic.enable_ipv6),
+            bool_to_label(self.settings.allow_lan),
+            self.settings.tunnel_options.wireguard.quantum_resistant,
+            self.settings.obfuscation_settings.selected_obfuscation,
+        )?;
+
+        // Print DNS options
+
+        write!(f, ", dns: ")?;
+
+        match self.settings.tunnel_options.dns_options.state {
+            DnsState::Default => {
+                let mut content = vec![];
+                let default_options = &self.settings.tunnel_options.dns_options.default_options;
+
+                if default_options.block_ads {
+                    content.push("ads");
+                }
+                if default_options.block_trackers {
+                    content.push("trackers");
+                }
+                if default_options.block_malware {
+                    content.push("malware");
+                }
+                if default_options.block_adult_content {
+                    content.push("adult");
+                }
+                if default_options.block_gambling {
+                    content.push("gambling");
+                }
+                if content.is_empty() {
+                    content.push("default");
+                }
+                write!(f, "{}", content.join(" "))?;
+            }
+            DnsState::Custom => {
+                // NOTE: Technically inaccurate, as the gateway IP is a local IP but isn't treated as one.
+                let contains_local = self
+                    .settings
+                    .tunnel_options
+                    .dns_options
+                    .custom_options
+                    .addresses
+                    .iter()
+                    .any(is_local_address);
+                let contains_public = self
+                    .settings
+                    .tunnel_options
+                    .dns_options
+                    .custom_options
+                    .addresses
+                    .iter()
+                    .any(|addr| !is_local_address(addr));
+
+                match (contains_public, contains_local) {
+                    (true, true) => f.write_str("custom, public, local")?,
+                    (true, false) => f.write_str("custom, public")?,
+                    (false, false) => f.write_str("custom, no addrs")?,
+                    (false, true) => f.write_str("custom, local")?,
+                }
+            }
+        }
+        Ok(())
+    }
+}
+
+impl<'a> SettingsSummary<'a> {
+    fn fmt_option<T: Display>(f: &mut fmt::Formatter<'_>, val: Option<T>) -> fmt::Result {
+        if let Some(inner) = &val {
+            inner.fmt(f)
+        } else {
+            f.write_str("unset")
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
     use super::SettingsPersister;
diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs
index 5167685a10..2def49bc17 100644
--- a/talpid-core/src/firewall/mod.rs
+++ b/talpid-core/src/firewall/mod.rs
@@ -1,6 +1,5 @@
 use ipnetwork::{IpNetwork, Ipv4Network, Ipv6Network};
 use lazy_static::lazy_static;
-#[cfg(not(target_os = "android"))]
 use std::net::IpAddr;
 #[cfg(windows)]
 use std::path::PathBuf;
@@ -81,7 +80,6 @@ const DHCPV6_CLIENT_PORT: u16 = 546;
 #[cfg(all(unix, not(target_os = "android")))]
 const ROOT_UID: u32 = 0;
 
-#[cfg(any(all(unix, not(target_os = "android")), target_os = "windows"))]
 /// Returns whether an address belongs to a private subnet.
 pub fn is_local_address(address: &IpAddr) -> bool {
     let address = *address;
diff --git a/talpid-wireguard/src/config.rs b/talpid-wireguard/src/config.rs
index fc1333b631..358aa5d64a 100644
--- a/talpid-wireguard/src/config.rs
+++ b/talpid-wireguard/src/config.rs
@@ -31,13 +31,13 @@ pub struct Config {
     pub obfuscator_config: Option<ObfuscatorConfig>,
 }
 
-#[cfg(not(target_os = "android"))]
-const DEFAULT_MTU: u16 = 1380;
-
 /// Set the MTU to the lowest possible whilst still allowing for IPv6 to help with wireless
 /// carriers that do a lot of encapsulation.
-#[cfg(target_os = "android")]
-const DEFAULT_MTU: u16 = 1280;
+const DEFAULT_MTU: u16 = if cfg!(target_os = "android") {
+    1280
+} else {
+    1380
+};
 
 /// Configuration errors
 #[derive(err_derive::Error, Debug)]
diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs
index cdac2b8a51..85b4c5a6df 100644
--- a/talpid-wireguard/src/lib.rs
+++ b/talpid-wireguard/src/lib.rs
@@ -676,6 +676,8 @@ impl WireguardMonitor {
         #[cfg(windows)] route_manager_handle: crate::routing::RouteManagerHandle,
         #[cfg(windows)] setup_done_tx: mpsc::Sender<std::result::Result<(), BoxedError>>,
     ) -> Result<Box<dyn Tunnel>> {
+        log::debug!("Tunnel MTU: {}", config.mtu);
+
         #[cfg(target_os = "linux")]
         if !*FORCE_USERSPACE_WIREGUARD {
             if will_nm_manage_dns() {