5 files changed, 105 insertions, 1 deletions

diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs
index eeb0f5755a..e65c5e898c 100644
--- a/mullvad-daemon/src/lib.rs
+++ b/mullvad-daemon/src/lib.rs
@@ -429,6 +429,9 @@ impl Daemon {
             SetOpenVpnMssfix(tx, mssfix_arg) => self.on_set_openvpn_mssfix(tx, mssfix_arg),
             SetOpenVpnProxy(tx, proxy) => self.on_set_openvpn_proxy(tx, proxy),
             SetEnableIpv6(tx, enable_ipv6) => self.on_set_enable_ipv6(tx, enable_ipv6),
+            #[cfg(target_os = "linux")]
+            SetWireguardFwmark(tx, fwmark) => self.on_set_wireguard_fwmark(tx, fwmark),
+            SetWireguardMtu(tx, mtu) => self.on_set_wireguard_mtu(tx, mtu),
             GetSettings(tx) => self.on_get_settings(tx),
             GetVersionInfo(tx) => self.on_get_version_info(tx),
             GetCurrentVersion(tx) => self.on_get_current_version(tx),
@@ -723,6 +726,39 @@ impl Daemon {
         }
     }
 
+    #[cfg(target_os = "linux")]
+    fn on_set_wireguard_fwmark(&mut self, tx: oneshot::Sender<()>, fwmark: i32) {
+        let save_result = self.settings.set_wireguard_fwmark(fwmark);
+        match save_result.chain_err(|| "Unable to save settings") {
+            Ok(settings_changed) => {
+                Self::oneshot_send(tx, (), "set_wireguard_fwmark response");
+                if settings_changed {
+                    self.management_interface_broadcaster
+                        .notify_settings(&self.settings);
+                    info!("Initiating tunnel restart because the WireGuard fwmark setting changed");
+                    self.reconnect_tunnel();
+                }
+            }
+            Err(e) => error!("{}", e.display_chain()),
+        }
+    }
+
+    fn on_set_wireguard_mtu(&mut self, tx: oneshot::Sender<()>, mtu: Option<u16>) {
+        let save_result = self.settings.set_wireguard_mtu(mtu);
+        match save_result.chain_err(|| "Unable to save settings") {
+            Ok(settings_changed) => {
+                Self::oneshot_send(tx, (), "set_wireguard_mtu response");
+                if settings_changed {
+                    self.management_interface_broadcaster
+                        .notify_settings(&self.settings);
+                    info!("Initiating tunnel restart because the WireGuard MTU setting changed");
+                    self.reconnect_tunnel();
+                }
+            }
+            Err(e) => error!("{}", e.display_chain()),
+        }
+    }
+
     fn on_get_settings(&self, tx: oneshot::Sender<Settings>) {
         Self::oneshot_send(tx, self.settings.clone(), "get_settings response");
     }
diff --git a/mullvad-daemon/src/management_interface.rs b/mullvad-daemon/src/management_interface.rs
index cea4d6a75d..aeeda483a7 100644
--- a/mullvad-daemon/src/management_interface.rs
+++ b/mullvad-daemon/src/management_interface.rs
@@ -121,6 +121,14 @@ build_rpc_trait! {
         #[rpc(meta, name = "set_enable_ipv6")]
         fn set_enable_ipv6(&self, Self::Metadata, bool) -> BoxFuture<(), Error>;
 
+        /// Set firewall marker for wireguard tunnels on Linux
+        #[rpc(meta, name = "set_wireguard_fwmark")]
+        fn set_wireguard_fwmark(&self, Self::Metadata, i32) -> BoxFuture<(), Error>;
+
+        /// Set MTU for wireguard tunnels
+        #[rpc(meta, name = "set_wireguard_mtu")]
+        fn set_wireguard_mtu(&self, Self::Metadata, Option<u16>) -> BoxFuture<(), Error>;
+
         /// Returns the current daemon settings
         #[rpc(meta, name = "get_settings")]
         fn get_settings(&self, Self::Metadata) -> BoxFuture<Settings, Error>;
@@ -198,6 +206,11 @@ pub enum ManagementCommand {
     ),
     /// Set if IPv6 should be enabled in the tunnel
     SetEnableIpv6(OneshotSender<()>, bool),
+    #[cfg(target_os = "linux")]
+    /// Set wireguard firewall mark
+    SetWireguardFwmark(OneshotSender<()>, i32),
+    /// Set MTU for wireguard tunnels
+    SetWireguardMtu(OneshotSender<()>, Option<u16>),
     /// Get the daemon settings
     GetSettings(OneshotSender<Settings>),
     /// Get information about the currently running and latest app versions
@@ -616,6 +629,34 @@ impl<T: From<ManagementCommand> + 'static + Send> ManagementInterfaceApi
         Box::new(future)
     }
 
+    /// Set firewall marker for wireguard tunnels on Linux
+    fn set_wireguard_fwmark(&self, _: Self::Metadata, fwmark: i32) -> BoxFuture<(), Error> {
+        #[cfg(target_os = "linux")]
+        {
+            log::debug!("set_wireguard_fwmark({:?})", fwmark);
+            let (tx, rx) = sync::oneshot::channel();
+            let future = self
+                .send_command_to_daemon(ManagementCommand::SetWireguardFwmark(tx, fwmark))
+                .and_then(|_| rx.map_err(|_| Error::internal_error()));
+
+            Box::new(future)
+        }
+        #[cfg(any(windows, target_os = "macos"))]
+        {
+            return Box::new(future::err(Error::method_not_found()));
+        }
+    }
+
+    /// Set MTU for wireguard tunnels
+    fn set_wireguard_mtu(&self, _: Self::Metadata, mtu: Option<u16>) -> BoxFuture<(), Error> {
+        log::debug!("set_wireguard_mtu({:?})", mtu);
+        let (tx, rx) = sync::oneshot::channel();
+        let future = self
+            .send_command_to_daemon(ManagementCommand::SetWireguardMtu(tx, mtu))
+            .and_then(|_| rx.map_err(|_| Error::internal_error()));
+        Box::new(future)
+    }
+
     fn get_settings(&self, _: Self::Metadata) -> BoxFuture<Settings, Error> {
         log::debug!("get_settings");
         let (tx, rx) = sync::oneshot::channel();
diff --git a/mullvad-ipc-client/src/lib.rs b/mullvad-ipc-client/src/lib.rs
index d7eaf653ef..05d96d9dee 100644
--- a/mullvad-ipc-client/src/lib.rs
+++ b/mullvad-ipc-client/src/lib.rs
@@ -189,6 +189,14 @@ impl DaemonRpcClient {
         self.call("set_enable_ipv6", &[enabled])
     }
 
+    pub fn set_wireguard_mtu(&mut self, mtu: Option<u16>) -> Result<()> {
+        self.call("set_wireguard_mtu", &[mtu])
+    }
+
+    pub fn set_wireguard_fwmark(&mut self, fwmark: i32) -> Result<()> {
+        self.call("set_wireguard_fwmark", &[fwmark])
+    }
+
     pub fn set_openvpn_mssfix(&mut self, mssfix: Option<u16>) -> Result<()> {
         self.call("set_openvpn_mssfix", &[mssfix])
     }
diff --git a/mullvad-types/src/endpoint.rs b/mullvad-types/src/endpoint.rs
index 311ca267ba..da0d5b5394 100644
--- a/mullvad-types/src/endpoint.rs
+++ b/mullvad-types/src/endpoint.rs
@@ -103,7 +103,7 @@ impl TunnelEndpointData {
     }
 }
 
-fn all_of_the_internet() -> Vec<IpNetwork> {
+pub fn all_of_the_internet() -> Vec<IpNetwork> {
     vec![
         "0.0.0.0/0".parse().expect("Failed to parse ipv6 network"),
         "::0/0".parse().expect("Failed to parse ipv6 network"),
diff --git a/mullvad-types/src/settings.rs b/mullvad-types/src/settings.rs
index cfc445b3c9..92be2b83df 100644
--- a/mullvad-types/src/settings.rs
+++ b/mullvad-types/src/settings.rs
@@ -225,6 +225,25 @@ impl Settings {
         }
     }
 
+    #[cfg(target_os = "linux")]
+    pub fn set_wireguard_fwmark(&mut self, fwmark: i32) -> Result<bool> {
+        if self.tunnel_options.wireguard.fwmark != fwmark {
+            self.tunnel_options.wireguard.fwmark = fwmark;
+            self.save().map(|_| true)
+        } else {
+            Ok(false)
+        }
+    }
+
+    pub fn set_wireguard_mtu(&mut self, mtu: Option<u16>) -> Result<bool> {
+        if self.tunnel_options.wireguard.mtu != mtu {
+            self.tunnel_options.wireguard.mtu = mtu;
+            self.save().map(|_| true)
+        } else {
+            Ok(false)
+        }
+    }
+
     pub fn get_tunnel_options(&self) -> &TunnelOptions {
         &self.tunnel_options
     }