Skip to content

Commit

Permalink
Test leaking TCP/UDP/ICMP packets in split tunnel
Browse files Browse the repository at this point in the history
  • Loading branch information
hulthe committed Mar 18, 2024
1 parent 4219b70 commit 51d4661
Show file tree
Hide file tree
Showing 16 changed files with 717 additions and 162 deletions.
4 changes: 0 additions & 4 deletions mullvad-management-interface/src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -631,7 +631,6 @@ impl MullvadProxyClient {
Ok(())
}

//#[cfg(target_os = "windows")]
pub async fn add_split_tunnel_app<P: AsRef<Path>>(&mut self, path: P) -> Result<()> {
let path = path.as_ref().to_str().ok_or(Error::PathMustBeUtf8)?;
self.0
Expand All @@ -641,7 +640,6 @@ impl MullvadProxyClient {
Ok(())
}

//#[cfg(target_os = "windows")]
pub async fn remove_split_tunnel_app<P: AsRef<Path>>(&mut self, path: P) -> Result<()> {
let path = path.as_ref().to_str().ok_or(Error::PathMustBeUtf8)?;
self.0
Expand All @@ -651,7 +649,6 @@ impl MullvadProxyClient {
Ok(())
}

//#[cfg(target_os = "windows")]
pub async fn clear_split_tunnel_apps(&mut self) -> Result<()> {
self.0
.clear_split_tunnel_apps(())
Expand All @@ -660,7 +657,6 @@ impl MullvadProxyClient {
Ok(())
}

//#[cfg(target_os = "windows")]
pub async fn set_split_tunnel_state(&mut self, state: bool) -> Result<()> {
self.0
.set_split_tunnel_state(state)
Expand Down
53 changes: 34 additions & 19 deletions test/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion test/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ members = [
"test-runner",
"test-rpc",
"socks-server",
"am-i-mullvad",
"connection-checker",
]

[workspace.lints.rust]
Expand Down
33 changes: 0 additions & 33 deletions test/am-i-mullvad/src/main.rs

This file was deleted.

4 changes: 2 additions & 2 deletions test/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ if [[ $TARGET == x86_64-unknown-linux-gnu ]]; then
-e CARGO_HOME=/root/.cargo/registry \
-e CARGO_TARGET_DIR=/src/test/target \
mullvadvpn-app-tests \
/bin/bash -c "cd /src/test/; cargo build --bin test-runner --release --target ${TARGET}"
/bin/bash -c "cd /src/test/; cargo build --bin test-runner --bin connection-checker --release --target ${TARGET}"
else
cargo build \
--bin test-runner \
--bin am-i-mullvad \
--bin connection-checker \
--release --target "${TARGET}"
fi

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[package]
name = "am-i-mullvad"
name = "connection-checker"
description = "Simple cli for testing Mullvad VPN connections"
authors.workspace = true
repository.workspace = true
Expand All @@ -11,7 +11,10 @@ rust-version.workspace = true
workspace = true

[dependencies]
clap = { workspace = true, features = ["derive"] }
color-eyre = "0.6.2"
eyre = "0.6.12"
ping = "0.5.2"
reqwest = { version = "0.11.24", default-features = false, features = ["blocking", "rustls-tls", "json"] }
serde = { version = "1.0.197", features = ["derive"] }
socket2 = { version = "0.5.3", features = ["all"] }
32 changes: 32 additions & 0 deletions test/connection-checker/src/cli.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
use std::net::SocketAddr;

use clap::Parser;

/// CLI tool that queries <https://am.i.mullvad.net> to check if the machine is connected to
/// Mullvad VPN.
#[derive(Parser)]
pub struct Opt {
/// Interactive mode, press enter to check if you are Mullvad.
#[clap(short, long)]
pub interactive: bool,

/// Timeout for network connections (in millis).
#[clap(short, long, default_value = "2000")]
pub timeout: u64,

/// Try to send some junk data over TCP to <leak>.
#[clap(long, requires = "leak")]
pub leak_tcp: bool,

/// Try to send some junk data over UDP to <leak>.
#[clap(long, requires = "leak")]
pub leak_udp: bool,

/// Try to send ICMP request to <leak>.
#[clap(long, requires = "leak")]
pub leak_icmp: bool,

/// Target of <leak_tcp>, <leak_udp> or <leak_icmp>.
#[clap(long)]
pub leak: Option<SocketAddr>,
}
2 changes: 2 additions & 0 deletions test/connection-checker/src/lib.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
pub mod cli;
pub mod net;
73 changes: 73 additions & 0 deletions test/connection-checker/src/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
use clap::Parser;
use eyre::{eyre, Context};
use reqwest::blocking::Client;
use serde::Deserialize;
use std::{io::stdin, time::Duration};

use connection_checker::cli::Opt;
use connection_checker::net::{send_ping, send_tcp, send_udp};

fn main() -> eyre::Result<()> {
let opt = Opt::parse();
color_eyre::install()?;

if opt.interactive {
let stdin = stdin();
for line in stdin.lines() {
let _ = line.wrap_err("Failed to read from stdin")?;
test_connection(&opt)?;
}
} else {
test_connection(&opt)?;
}

Ok(())
}

fn test_connection(opt: &Opt) -> eyre::Result<bool> {
if let Some(destination) = opt.leak {
if opt.leak_tcp {
let _ = send_tcp(opt, destination);
}
if opt.leak_udp {
let _ = send_udp(opt, destination);
}
if opt.leak_icmp {
let _ = send_ping(opt, destination.ip());
}
}
am_i_mullvad(opt)
}

/// Check if connected to Mullvad and print the result to stdout
fn am_i_mullvad(opt: &Opt) -> eyre::Result<bool> {
#[derive(Debug, Deserialize)]
struct Response {
ip: String,
mullvad_exit_ip_hostname: Option<String>,
}

let url = "https://am.i.mullvad.net/json";

let client = Client::new();
let response: Response = client
.get(url)
.timeout(Duration::from_millis(opt.timeout))
.send()
.and_then(|r| r.json())
.wrap_err_with(|| eyre!("Failed to GET {url}"))?;

if let Some(server) = &response.mullvad_exit_ip_hostname {
println!(
"You are connected to Mullvad (server {}). Your IP address is {}",
server, response.ip
);
Ok(true)
} else {
println!(
"You are not connected to Mullvad. Your IP address is {}",
response.ip
);
Ok(false)
}
}
Loading

0 comments on commit 51d4661

Please sign in to comment.