Implement leak checker in daemon

[hulthe]

---

This change is 

[linear]

DES-1332 Detect leaks and inform user

[dlon]

Reviewed 8 of 24 files at r1.
Reviewable status: 8 of 24 files reviewed, 3 unresolved discussions (waiting on @hulthe)

---

mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

            // Make sure the tunnel state didn't change while we were doing the leak test.
            // If that happened, then our results might be invalid.
            while let Ok(event) = self.events_rx.try_recv() {

Instead of this dance, I wonder if it would be possible to just tokio::spawn the leak check and in Task::run use select!:

select! {
    Some(TaskEvent::NewTunnelState(s)) = next_event => {
        pending_leak_test.abort();
        let TunnelStateTransition::Connected(tunnel) = &s else {
            continue;
        };
        pending_leak_test = tokio::spawn(start_test()).fuse();
    },

    // ...

    result = &mut pending_leak_test => { /* ... */ },
}

---

mullvad-daemon/Cargo.toml line 19 at r2 (raw file):

[dependencies]
anyhow = "*" # TODO: do we want this?
surge-ping = "0.8.0" # TODO: workspace dep?

Unused?

---

leak-checker/Cargo.toml line 20 at r2 (raw file):

futures.workspace = true
serde = { workspace = true, features = ["derive"] }
reqwest = { version = "0.12.9", default-features = false, features = ["json", "rustls-tls"] }

Should we gate am_i_mullvad behind a feature so we don't have to depend on reqwest? Do we plan on using that?

---

Cargo.toml line 87 at r2 (raw file):

    "talpid-wireguard",
    "tunnel-obfuscation",
    "wireguard-go-rs",

Should this include leak-checker?

[hulthe]

Reviewable status: 8 of 24 files reviewed, 3 unresolved discussions (waiting on @dlon)

---

mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

Previously, dlon (David Lönnhager) wrote…

Instead of this dance, I wonder if it would be possible to just tokio::spawn the leak check and in Task::run use select!:

select! {
    Some(TaskEvent::NewTunnelState(s)) = next_event => {
        pending_leak_test.abort();
        let TunnelStateTransition::Connected(tunnel) = &s else {
            continue;
        };
        pending_leak_test = tokio::spawn(start_test()).fuse();
    },

    // ...

    result = &mut pending_leak_test => { /* ... */ },
}

Rewrote it using select. Not sure if it's less dancey, but it's more correct at least :)

Spawning a task wasn't necessary though, selecting on the future directly works just fine, and it's implicitly aborted when we drop it.

[hulthe]

Reviewable status: 8 of 24 files reviewed, 2 unresolved discussions (waiting on @dlon)

---

leak-checker/Cargo.toml line 20 at r2 (raw file):

Previously, dlon (David Lönnhager) wrote…

Should we gate am_i_mullvad behind a feature so we don't have to depend on reqwest? Do we plan on using that?

I'm leaning towards removing that module completely. And maybe also moving the leak-checker lib into the daemon.

[dlon]

Reviewed 4 of 13 files at r6, 6 of 16 files at r7, all commit messages.
Reviewable status: 15 of 26 files reviewed, 5 unresolved discussions (waiting on @hulthe)

---

mullvad-daemon/src/leak_checker/mod.rs line 140 at r2 (raw file):

Previously, hulthe (Joakim Hulthe) wrote…

Rewrote it using select. Not sure if it's less dancey, but it's more correct at least :)

Spawning a task wasn't necessary though, selecting on the future directly works just fine, and it's implicitly aborted when we drop it.

I was hoping that we could get away with handling self.events_rx.recv() in only one place, and in that place cancel any existing check whenever there was a state transition. 😞 Then you also wouldn't have needed this loop.

This is fine, though!

---

leak-checker/src/traceroute/platform/common.rs line 78 at r7 (raw file):

        let packet = &read_buf[..n];
        let result = parse_ipv4(packet)
            .map_err(|e| anyhow!("Ignoring packet: (len={n}, ip.src={source}) {e} ({packet:02x?})"))

We should probably not log any packet contents when this is ready.

---

mullvad-daemon/src/leak_checker/mod.rs line 195 at r7 (raw file):

    // get_default_route in route manager
    #[cfg(target_os = "macos")]
    let interface = todo!("get default interface");

This is just route_manager.get_default_routes() now

---

mullvad-daemon/src/leak_checker/mod.rs line 212 at r7 (raw file):

        let Ok(Some(route)) = talpid_routing::get_best_default_route(family) else {
            todo!("no best default route");

It probably makes sense to just fail and log here?

---

talpid-core/src/firewall/macos.rs line 432 at r7 (raw file):

                // TODO: do we need this?
                //rules.push(self.get_block_relay_rule(peer_endpoint)?);

Only if it currently leaks outside the tunnel. If it is able to reach the relay inside the tunnel, we don't want/need to block it.

[dlon]

Reviewed 1 of 16 files at r7, 1 of 15 files at r8.
Reviewable status: 14 of 33 files reviewed, 6 unresolved discussions (waiting on @hulthe)

---

windows/winfw/src/winfw/fwcontext.cpp line 319 at r8 (raw file):

	));

	ruleset.emplace_back(std::make_unique<baseline::PermitIcmpTtl>(relayClient));

We should revert this now.

[hulthe]

Reviewable status: 14 of 33 files reviewed, 5 unresolved discussions (waiting on @dlon)

---

windows/winfw/src/winfw/fwcontext.cpp line 319 at r8 (raw file):

Previously, dlon (David Lönnhager) wrote…

We should revert this now.

done