commit 3a9162b0f6c76fdcbbe98a50c0b28bbb7d5ea0fd
author Hugo Benichi <hugobenichi@google.com> Wed Sep 09 15:47:40 2020 +0900
committer Commit Bot <commit-bot@chromium.org> Thu Nov 26 11:06:30 2020 +0000
tree bee6e2554d5e4b5007e21168c4f4be7c9705122d
parent fdd115e1c7729131519528ee58b23682fec560c8

patchpanel: add a chain for tagging local traffic

This patch adds a mangle chain for tagging locally originated traffic
from processes running on the host with the fwmark source tag and the
fwmark VPN policy bit.

Instead of directly tagging local traffic with the fwmark VPN routing
tag, tagging first the traffic with the VPN intent bit (0x00008000)
allows to separate the rules for classifying all the local
traffic that should be routed through a VPN from the rules that
effectively pins local traffic to the VPN network.

A follow up patch will add that logic for connection pinning for locally
originated traffic.

BUG=b:154183305
BUG=b:161508179
TEST=unit tests

Change-Id: I2f29263d51e05a67f47fecba24540d5ad0264344
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2409840
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Taoyu Li <taoyl@chromium.org>

patchpanel/routing_service_test.cc

diff --git a/patchpanel/routing_service_test.cc b/patchpanel/routing_service_test.cc
index a08d155..0349424 100644
--- a/patchpanel/routing_service_test.cc
+++ b/patchpanel/routing_service_test.cc
@@ -260,4 +260,29 @@
   EXPECT_TRUE(svc->SetFwmark(6, fwmark(0x1), fwmark(0x01)));
 }
 
+TEST_F(RoutingServiceTest, LocalSourceSpecsPrettyPrinting) {
+  struct {
+    LocalSourceSpecs source;
+    std::string expected_output;
+  } testcases[] = {
+      {{}, "{source: UNKNOWN, uid: , classid: 0, is_on_vpn: false}"},
+      {{TrafficSource::CHROME, kUidChronos, 0, true},
+       "{source: CHROME, uid: chronos, classid: 0, is_on_vpn: true}"},
+      {{TrafficSource::USER, kUidDebugd, 0, true},
+       "{source: USER, uid: debugd, classid: 0, is_on_vpn: true}"},
+      {{TrafficSource::SYSTEM, kUidTlsdate, 0, true},
+       "{source: SYSTEM, uid: tlsdate, classid: 0, is_on_vpn: true}"},
+      {{TrafficSource::USER, kUidPluginvm, 0, true},
+       "{source: USER, uid: pluginvm, classid: 0, is_on_vpn: true}"},
+      {{TrafficSource::UPDATE_ENGINE, "", 1234, false},
+       "{source: UPDATE_ENGINE, uid: , classid: 1234, is_on_vpn: false}"},
+  };
+
+  for (const auto& tt : testcases) {
+    std::ostringstream stream;
+    stream << tt.source;
+    EXPECT_EQ(tt.expected_output, stream.str());
+  }
+}
+
 }  // namespace patchpanel