commit bfc4911ea5be797000a662f55fff052f40d1093e
author Hugo Benichi <hugobenichi@google.com> Mon Dec 14 12:54:44 2020 +0900
committer Commit Bot <commit-bot@chromium.org> Tue Jan 12 10:56:03 2021 +0000
tree a7af3c07dd692ec57e56724d9b944bac78273635
parent 3994ea2f01a2cbef239ac6bfc13557be042d333f

patchpanel: route arcbr0 through non-ARC VPNs

This patch sets ARC's arcbr0 routing tags so that traffic originated
through arcbr0 by ARC is routed through any non-ARC VPN connection.

Inside ARC, arcbr0 is used to expose a fake "facade" VPN network
corresponding to the non-ARC VPN established on the host environment.

BUG=b:161507671
BUG=b:161508179
BUG=chromium:1157515
TEST=unit tests. Checked that ARC traffic is correctly routed on the
host when a full tunnel VPN connection is set up on the host.

Change-Id: I7375af1a604bfc6ecb8a729decb55b13a8717af0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2586457
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Taoyu Li <taoyl@chromium.org>

patchpanel/datapath.h

diff --git a/patchpanel/datapath.h b/patchpanel/datapath.h
index 80ae985..1a2965a 100644
--- a/patchpanel/datapath.h
+++ b/patchpanel/datapath.h
@@ -169,7 +169,10 @@
   // Sets up IPv4 SNAT, IP forwarding, and traffic marking for the given
   // virtual device |int_ifname| associated to |source|. if |ext_ifname| is
   // empty, the device is implicitly routed through the highest priority
-  // network.
+  // physical network when |route_on_vpn| is false, or through the highest
+  // priority logical network when |route_on_vpn| is true. If |ext_ifname| is
+  // defined, the device is routed to |ext_ifname| and |route_on_vpn| is
+  // ignored.
   virtual void StartRoutingDevice(const std::string& ext_ifname,
                                   const std::string& int_ifname,
                                   uint32_t int_ipv4_addr,