Enable Encrypted DNS proxy access method in the daemon

author: Markus Pettersson <markus.pettersson@mullvad.net> 2024-10-18 11:08:31 +0200
committer: Markus Pettersson <markus.pettersson@mullvad.net> 2024-10-23 14:59:43 +0200
commit: 9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20 (patch)
tree: 269885bcb0735cf3ac1a3538e4619d69ed0387bd /mullvad-daemon/src
parent: 4d51fe6c0df45ee6ec911a67421d7994d9993cc5 (diff)
download: mullvadvpn-9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20.tar.xz
mullvadvpn-9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20.zip
1 files changed, 47 insertions, 8 deletions
diff --git a/mullvad-daemon/src/api.rs b/mullvad-daemon/src/api.rs
index 930bba42c6..87bf660a79 100644
--- a/mullvad-daemon/src/api.rs
+++ b/mullvad-daemon/src/api.rs
@@ -15,6 +15,7 @@ use mullvad_api::{
     proxy::{ApiConnectionMode, ConnectionModeProvider, ProxyConfig},
     AddressCache,
 };
+use mullvad_encrypted_dns_proxy::state::EncryptedDnsProxyState;
 use mullvad_relay_selector::RelaySelector;
 use mullvad_types::access_method::{
     AccessMethod, AccessMethodSetting, BuiltInAccessMethod, Id, Settings,
@@ -239,6 +240,8 @@ pub struct AccessModeSelector {
     cache_dir: PathBuf,
     /// Used for selecting a Bridge when the `Mullvad Bridges` access method is used.
     relay_selector: RelaySelector,
+    /// Used for selecting a config for the 'Encrypted DNS proxy' access method.
+    encrypted_dns_proxy_cache: EncryptedDnsProxyState,
     access_method_settings: Settings,
     address_cache: AddressCache,
     access_method_event_sender: DaemonEventSender<(AccessMethodEvent, oneshot::Sender<()>)>,
@@ -267,10 +270,26 @@ impl AccessModeSelector {
             }
         }
 
+        // Initialize the Encrypted DNS cache
+        let mut encrypted_dns_proxy_cache = {
+            // Initialize an empty cache
+            let mut cache = EncryptedDnsProxyState::default();
+            // Hydrate the cache by fetching new proxy configs.
+            if let Err(_error) = cache.fetch_configs().await {
+                // TODO: What should we do if we initially fail to fetch configs? Handle later.
+            }
+            cache
+        };
+
         // Always start looking from the position of `Direct`.
         let (index, next) = Self::find_next_active(0, &access_method_settings);
-        let initial_connection_mode =
-            Self::resolve_inner(next, &relay_selector, &address_cache).await;
+        let initial_connection_mode = Self::resolve_inner(
+            next,
+            &relay_selector,
+            &mut encrypted_dns_proxy_cache,
+            &address_cache,
+        )
+        .await;
 
         let (change_tx, change_rx) = mpsc::unbounded();
 
@@ -280,6 +299,7 @@ impl AccessModeSelector {
             cmd_rx,
             cache_dir,
             relay_selector,
+            encrypted_dns_proxy_cache,
             access_method_settings,
             address_cache,
             access_method_event_sender,
@@ -496,16 +516,28 @@ impl AccessModeSelector {
     }
 
     async fn resolve(&mut self, access_method: AccessMethodSetting) -> ResolvedConnectionMode {
-        Self::resolve_inner(access_method, &self.relay_selector, &self.address_cache).await
+        // TODO: Should we fetch new configs here everytime?
+        // self.encrypted_dns_proxy_cache.fetch_configs().await;
+        Self::resolve_inner(
+            access_method,
+            &self.relay_selector,
+            &mut self.encrypted_dns_proxy_cache,
+            &self.address_cache,
+        )
+        .await
     }
 
     async fn resolve_inner(
         access_method: AccessMethodSetting,
         relay_selector: &RelaySelector,
+        encrypted_dns_proxy_cache: &mut EncryptedDnsProxyState,
         address_cache: &AddressCache,
     ) -> ResolvedConnectionMode {
-        let connection_mode =
-            resolve_connection_mode(access_method.access_method.clone(), relay_selector);
+        let connection_mode = resolve_connection_mode(
+            access_method.access_method.clone(),
+            relay_selector,
+            encrypted_dns_proxy_cache,
+        );
         let endpoint =
             resolve_allowed_endpoint(&connection_mode, address_cache.get_address().await);
         ResolvedConnectionMode {
@@ -523,6 +555,7 @@ impl AccessModeSelector {
 fn resolve_connection_mode(
     access_method: AccessMethod,
     relay_selector: &RelaySelector,
+    encrypted_dns_proxy_cache: &mut EncryptedDnsProxyState,
 ) -> ApiConnectionMode {
     match access_method {
         AccessMethod::BuiltIn(BuiltInAccessMethod::Direct) => ApiConnectionMode::Direct,
@@ -536,9 +569,15 @@ fn resolve_connection_mode(
                 );
                 ApiConnectionMode::Direct
             }),
-        AccessMethod::BuiltIn(BuiltInAccessMethod::EncryptedDnsProxy) => {
-            todo!("Implement me!")
-        }
+        AccessMethod::BuiltIn(BuiltInAccessMethod::EncryptedDnsProxy) => encrypted_dns_proxy_cache
+            .next_configuration()
+            .map(ProxyConfig::EncryptedDnsProxy)
+            .map(ApiConnectionMode::Proxied)
+            .unwrap_or_else(|| {
+                log::error!("Could not select next Encrypted DNS proxy config");
+                log::error!("Defaulting to direct API connection");
+                ApiConnectionMode::Direct
+            }),
         AccessMethod::Custom(config) => ApiConnectionMode::Proxied(ProxyConfig::from(config)),
     }
 }
author	Markus Pettersson <markus.pettersson@mullvad.net>	2024-10-18 11:08:31 +0200
committer	Markus Pettersson <markus.pettersson@mullvad.net>	2024-10-23 14:59:43 +0200
commit	9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20 (patch)
tree	269885bcb0735cf3ac1a3538e4619d69ed0387bd /mullvad-daemon/src
parent	4d51fe6c0df45ee6ec911a67421d7994d9993cc5 (diff)
download	mullvadvpn-9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20.tar.xz mullvadvpn-9e99d2aa2d9df2d39002c15e75ccf44ccb7ead20.zip