Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement leak checker in daemon #7344

Draft
wants to merge 32 commits into
base: main
Choose a base branch
from

Conversation

hulthe
Copy link
Contributor

@hulthe hulthe commented Dec 13, 2024


This change is Reviewable

Copy link

linear bot commented Dec 13, 2024

@hulthe hulthe requested a review from dlon December 13, 2024 13:52
Copy link
Member

@dlon dlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 8 of 24 files at r1.
Reviewable status: 8 of 24 files reviewed, 3 unresolved discussions (waiting on @hulthe)


mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

            // Make sure the tunnel state didn't change while we were doing the leak test.
            // If that happened, then our results might be invalid.
            while let Ok(event) = self.events_rx.try_recv() {

Instead of this dance, I wonder if it would be possible to just tokio::spawn the leak check and in Task::run use select!:

select! {
    Some(TaskEvent::NewTunnelState(s)) = next_event => {
        pending_leak_test.abort();
        let TunnelStateTransition::Connected(tunnel) = &s else {
            continue;
        };
        pending_leak_test = tokio::spawn(start_test()).fuse();
    },

    // ...

    result = &mut pending_leak_test => { /* ... */ },
}

mullvad-daemon/Cargo.toml line 19 at r2 (raw file):

[dependencies]
anyhow = "*" # TODO: do we want this?
surge-ping = "0.8.0" # TODO: workspace dep?

Unused?


leak-checker/Cargo.toml line 20 at r2 (raw file):

futures.workspace = true
serde = { workspace = true, features = ["derive"] }
reqwest = { version = "0.12.9", default-features = false, features = ["json", "rustls-tls"] }

Should we gate am_i_mullvad behind a feature so we don't have to depend on reqwest? Do we plan on using that?


Cargo.toml line 87 at r2 (raw file):

    "talpid-wireguard",
    "tunnel-obfuscation",
    "wireguard-go-rs",

Should this include leak-checker?

Copy link
Contributor Author

@hulthe hulthe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 8 of 24 files reviewed, 3 unresolved discussions (waiting on @dlon)


mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

Previously, dlon (David Lönnhager) wrote…

Instead of this dance, I wonder if it would be possible to just tokio::spawn the leak check and in Task::run use select!:

select! {
    Some(TaskEvent::NewTunnelState(s)) = next_event => {
        pending_leak_test.abort();
        let TunnelStateTransition::Connected(tunnel) = &s else {
            continue;
        };
        pending_leak_test = tokio::spawn(start_test()).fuse();
    },

    // ...

    result = &mut pending_leak_test => { /* ... */ },
}

Rewrote it using select. Not sure if it's less dancey, but it's more correct at least :)

Spawning a task wasn't necessary though, selecting on the future directly works just fine, and it's implicitly aborted when we drop it.

Copy link
Contributor Author

@hulthe hulthe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 8 of 24 files reviewed, 2 unresolved discussions (waiting on @dlon)


leak-checker/Cargo.toml line 20 at r2 (raw file):

Previously, dlon (David Lönnhager) wrote…

Should we gate am_i_mullvad behind a feature so we don't have to depend on reqwest? Do we plan on using that?

I'm leaning towards removing that module completely. And maybe also moving the leak-checker lib into the daemon.

Copy link
Member

@dlon dlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 13 files at r6, 6 of 16 files at r7, all commit messages.
Reviewable status: 15 of 26 files reviewed, 5 unresolved discussions (waiting on @hulthe)


mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

Previously, hulthe (Joakim Hulthe) wrote…

Rewrote it using select. Not sure if it's less dancey, but it's more correct at least :)

Spawning a task wasn't necessary though, selecting on the future directly works just fine, and it's implicitly aborted when we drop it.

I was hoping that we could get away with handling self.events_rx.recv() in only one place, and in that place cancel any existing check whenever there was a state transition. 😞 Then you also wouldn't have needed this loop.

This is fine, though!


leak-checker/src/traceroute/platform/common.rs line 78 at r7 (raw file):

        let packet = &read_buf[..n];
        let result = parse_ipv4(packet)
            .map_err(|e| anyhow!("Ignoring packet: (len={n}, ip.src={source}) {e} ({packet:02x?})"))

We should probably not log any packet contents when this is ready.


mullvad-daemon/src/leak_checker/mod.rs line 195 at r7 (raw file):

    // get_default_route in route manager
    #[cfg(target_os = "macos")]
    let interface = todo!("get default interface");

This is just route_manager.get_default_routes() now


mullvad-daemon/src/leak_checker/mod.rs line 212 at r7 (raw file):

        let Ok(Some(route)) = talpid_routing::get_best_default_route(family) else {
            todo!("no best default route");

It probably makes sense to just fail and log here?


talpid-core/src/firewall/macos.rs line 432 at r7 (raw file):

                // TODO: do we need this?
                //rules.push(self.get_block_relay_rule(peer_endpoint)?);

Only if it currently leaks outside the tunnel. If it is able to reach the relay inside the tunnel, we don't want/need to block it.

Copy link
Member

@dlon dlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 16 files at r7, 1 of 15 files at r8.
Reviewable status: 14 of 33 files reviewed, 6 unresolved discussions (waiting on @hulthe)


windows/winfw/src/winfw/fwcontext.cpp line 319 at r8 (raw file):

	));

	ruleset.emplace_back(std::make_unique<baseline::PermitIcmpTtl>(relayClient));

We should revert this now.

@hulthe hulthe force-pushed the detect-leaks-and-inform-user-des-1332 branch from 03fa5eb to 087d0f2 Compare December 20, 2024 17:30
Copy link
Contributor Author

@hulthe hulthe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 14 of 33 files reviewed, 5 unresolved discussions (waiting on @dlon)


windows/winfw/src/winfw/fwcontext.cpp line 319 at r8 (raw file):

Previously, dlon (David Lönnhager) wrote…

We should revert this now.

done

@hulthe hulthe force-pushed the detect-leaks-and-inform-user-des-1332 branch from 087d0f2 to 8dd8d19 Compare January 7, 2025 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants