diff options
| -rw-r--r-- | mullvad-daemon/src/tunnel.rs | 2 | ||||
| -rw-r--r-- | mullvad-types/src/custom_tunnel.rs | 2 | ||||
| -rw-r--r-- | talpid-openvpn/src/lib.rs | 24 | ||||
| -rw-r--r-- | talpid-types/src/net/openvpn.rs | 2 |
4 files changed, 30 insertions, 0 deletions
diff --git a/mullvad-daemon/src/tunnel.rs b/mullvad-daemon/src/tunnel.rs index 81e0063166..7cf52a3c5a 100644 --- a/mullvad-daemon/src/tunnel.rs +++ b/mullvad-daemon/src/tunnel.rs @@ -182,6 +182,8 @@ impl InnerParametersGenerator { options: self.tunnel_options.openvpn.clone(), generic_options: self.tunnel_options.generic.clone(), proxy: bridge_settings, + #[cfg(target_os = "linux")] + fwmark: mullvad_types::TUNNEL_FWMARK, } .into()) } diff --git a/mullvad-types/src/custom_tunnel.rs b/mullvad-types/src/custom_tunnel.rs index dfbea72c7d..2dceb7493d 100644 --- a/mullvad-types/src/custom_tunnel.rs +++ b/mullvad-types/src/custom_tunnel.rs @@ -54,6 +54,8 @@ impl CustomTunnelEndpoint { options: tunnel_options.openvpn.clone(), generic_options: tunnel_options.generic, proxy, + #[cfg(target_os = "linux")] + fwmark: crate::TUNNEL_FWMARK, } .into(), ConnectionConfig::Wireguard(connection) => wireguard::TunnelParameters { diff --git a/talpid-openvpn/src/lib.rs b/talpid-openvpn/src/lib.rs index e49cbd121a..decff64b0c 100644 --- a/talpid-openvpn/src/lib.rs +++ b/talpid-openvpn/src/lib.rs @@ -316,6 +316,8 @@ impl OpenVpnMonitor<OpenVpnCommand> { proxy_auth_file, proxy_monitor, tunnel_close_rx, + #[cfg(target_os = "linux")] + fwmark: params.fwmark, }; Self::new_internal( cmd, @@ -380,6 +382,8 @@ struct OpenVpnTunnelInitArgs { proxy_auth_file: Option<mktemp::TempFile>, proxy_monitor: Option<Box<dyn ProxyMonitor>>, tunnel_close_rx: oneshot::Receiver<()>, + #[cfg(target_os = "linux")] + fwmark: u32, } impl<C: OpenVpnBuilder + Send + 'static> OpenVpnMonitor<C> { @@ -408,6 +412,9 @@ impl<C: OpenVpnBuilder + Send + 'static> OpenVpnMonitor<C> { #[cfg(windows)] let wintun = Arc::new(wintun); + #[cfg(target_os = "linux")] + cmd.fwmark(init_args.fwmark); + cmd.plugin(plugin_path, vec![ipc_path]) .log(log_path.as_deref()); let (spawn_task, abort_spawn) = futures::future::abortable(Self::prepare_process( @@ -769,6 +776,10 @@ pub trait OpenVpnBuilder { /// Spawn the subprocess and return a handle. fn start(&self) -> io::Result<Self::ProcessHandle>; + + /// Sets the firewall mark for the connection. + #[cfg(target_os = "linux")] + fn fwmark(&mut self, fwmark: u32) -> &mut Self; } /// Trait for types acting as handles to subprocesses for `OpenVpnMonitor` @@ -798,6 +809,12 @@ impl OpenVpnBuilder for OpenVpnCommand { fn start(&self) -> io::Result<OpenVpnProcHandle> { OpenVpnProcHandle::new(self.build()) } + + #[cfg(target_os = "linux")] + fn fwmark(&mut self, fwmark: u32) -> &mut Self { + self.fwmark(Some(fwmark)); + self + } } impl ProcessHandle for OpenVpnProcHandle { @@ -1196,6 +1213,11 @@ mod tests { self } + #[cfg(target_os = "linux")] + fn fwmark(&mut self, _fwmark: u32) -> &mut Self { + self + } + fn start(&self) -> io::Result<Self::ProcessHandle> { self.process_handle .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "failed to start")) @@ -1246,6 +1268,8 @@ mod tests { proxy_auth_file: None, proxy_monitor: None, tunnel_close_rx: close_rx, + #[cfg(target_os = "linux")] + fwmark: 0, } } diff --git a/talpid-types/src/net/openvpn.rs b/talpid-types/src/net/openvpn.rs index aaf08103c3..54a4feb044 100644 --- a/talpid-types/src/net/openvpn.rs +++ b/talpid-types/src/net/openvpn.rs @@ -13,6 +13,8 @@ pub struct TunnelParameters { pub options: TunnelOptions, pub generic_options: GenericTunnelOptions, pub proxy: Option<ProxySettings>, + #[cfg(target_os = "linux")] + pub fwmark: u32, } /// Connection configuration used by [`TunnelParameters`]. |