mozilla-vpn-client icon indicating copy to clipboard operation
mozilla-vpn-client copied to clipboard

Published 20 hours ago verified publisher icon mozilla-mobile

Experiment: Support split tunneling with cgroups v2

Open oskirby opened this issue 2 years ago • 1 comments

Description

This is an experiment to investigate how to pursue split tunnelling with Linux Control Groups v2. This presents some unique challenges because the support for network traffic classification was dropped in the transitions from Cgroups v1 to v2. And there doesn't appear to be a reliable mechanism to map between control group and application ID.

Roughly speaking, to resolve this issue, we need to accomplish the following tasks:

  • [x] Track the creation and destruction of control groups, as they relate to user applications.
  • [x] Associate control groups with their corresponding desktop application identifier.
  • [x] Update netfilter.go to match traffic originating from cgroups v2 (xt_cgroup)
  • [x] Tweak nftable rules to ensure that marked traffic is routed outside of the VPN when this feature is enabled.
  • [x] Select v1 or v2 split tunnelling implementation depending on which cgroupfs exists.
  • [ ] Update packaging and test installation.

Reference

See: #3283

Checklist

  • [x] My code follows the style guidelines for this project
  • [x] I have not added any packages that contain high risk or unknown licenses (GPL, LGPL, MPL, etc. consult with DevOps if in question)
  • [ ] I have performed a self review of my own code
  • [ ] I have commented my code PARTICULARLY in hard to understand areas
  • [x] I have added thorough tests where needed

oskirby avatar Apr 11 '22 17:04 oskirby

Codecov Report

Merging #3303 (06d4d62) into main (b87803b) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #3303   +/-   ##
=======================================
  Coverage   70.49%   70.49%           
=======================================
  Files         242      242           
  Lines       15080    15080           
  Branches     7682     7682           
=======================================
  Hits        10631    10631           
  Misses       4064     4064           
  Partials      385      385
Flag Coverage Δ
lottie_tests 56.33% <ø> (ø)
qml_tests 8.08% <ø> (ø)
unit_tests 71.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/featureslistcallback.h 20.00% <ø> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Apr 11 '22 17:04 codecov-commenter