From 32c304dc1b16bc8aebf95e2cfa35a07da0f8fa59 Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Wed, 18 Oct 2023 17:44:28 -0400
Subject: [PATCH] WG/AWG SplitTunnel for desktop

---
 client/mozilla/localsocketcontroller.cpp      | 53 +++++++++++++++----
 .../linux/daemon/linuxroutemonitor.cpp        | 14 ++---
 client/vpnconnection.cpp                      |  2 +-
 3 files changed, 51 insertions(+), 18 deletions(-)

diff --git a/client/mozilla/localsocketcontroller.cpp b/client/mozilla/localsocketcontroller.cpp
index 2f6fe371..b7012dd8 100644
--- a/client/mozilla/localsocketcontroller.cpp
+++ b/client/mozilla/localsocketcontroller.cpp
@@ -115,8 +115,12 @@ void LocalSocketController::daemonConnected() {
 }
 
 void LocalSocketController::activate(const QJsonObject &rawConfig) {
+
   QString protocolName = rawConfig.value("protocol").toString();
 
+  int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
+  QJsonArray splitTunnelSites = rawConfig.value("splitTunnelSites").toArray();
+
   QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();
 
   QJsonObject json;
@@ -137,23 +141,52 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   QJsonArray jsAllowedIPAddesses;
 
-  QJsonObject range_ipv4;
-  range_ipv4.insert("address", "0.0.0.0");
-  range_ipv4.insert("range", 0);
-  range_ipv4.insert("isIpv6", false);
-  jsAllowedIPAddesses.append(range_ipv4);
+  if (splitTunnelType == 0 || splitTunnelType == 2) {
+      QJsonObject range_ipv4;
+      range_ipv4.insert("address", "0.0.0.0");
+      range_ipv4.insert("range", 0);
+      range_ipv4.insert("isIpv6", false);
+      jsAllowedIPAddesses.append(range_ipv4);
 
-  QJsonObject range_ipv6;
-  range_ipv6.insert("address", "::");
-  range_ipv6.insert("range", 0);
-  range_ipv6.insert("isIpv6", true);
-  jsAllowedIPAddesses.append(range_ipv6);
+      QJsonObject range_ipv6;
+      range_ipv6.insert("address", "::");
+      range_ipv6.insert("range", 0);
+      range_ipv6.insert("isIpv6", true);
+      jsAllowedIPAddesses.append(range_ipv6);
+  }
+
+  if (splitTunnelType == 1) {
+      for (auto v : splitTunnelSites) {
+          QString ipRange = v.toString();
+          qDebug() << "ipRange " << ipRange;
+          if (ipRange.split('/').size() > 1){
+              QJsonObject range;
+              range.insert("address", ipRange.split('/')[0]);
+              range.insert("range", atoi(ipRange.split('/')[1].toLocal8Bit()));
+              range.insert("isIpv6", false);
+              jsAllowedIPAddesses.append(range);
+          } else {
+              QJsonObject range;
+              range.insert("address",ipRange);
+              range.insert("range", 32);
+              range.insert("isIpv6", false);
+              jsAllowedIPAddesses.append(range);
+          }
+      }
+  }
 
   json.insert("allowedIPAddressRanges", jsAllowedIPAddesses);
 
 
   QJsonArray jsExcludedAddresses;
   jsExcludedAddresses.append(wgConfig.value(amnezia::config_key::hostName));
+  if (splitTunnelType == 2) {
+    for (auto v : splitTunnelSites) {
+          QString ipRange = v.toString();
+          jsExcludedAddresses.append(ipRange);
+      }
+  }
+
   json.insert("excludedAddresses", jsExcludedAddresses);
 
 
diff --git a/client/platforms/linux/daemon/linuxroutemonitor.cpp b/client/platforms/linux/daemon/linuxroutemonitor.cpp
index f0c49eb6..38f2c56c 100644
--- a/client/platforms/linux/daemon/linuxroutemonitor.cpp
+++ b/client/platforms/linux/daemon/linuxroutemonitor.cpp
@@ -158,15 +158,15 @@ bool LinuxRouteMonitor::rtmSendRoute(int action, int flags, int type,
         return false;
     }
     nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 1);
     }
 
     if (rtm->rtm_type == RTN_THROW) {
-    int index = if_nametoindex(getgatewayandiface().toUtf8());
-    if (index <= 0) {
-        logger.error() << "if_nametoindex() failed:" << strerror(errno);
-        return false;
-    }
-    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    struct in_addr ip4;
+    inet_pton(AF_INET, getgatewayandiface().toUtf8(), &ip4);
+    nlmsg_append_attr(nlmsg, sizeof(buf), RTA_GATEWAY, &ip4, sizeof(ip4));
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 0);
+    rtm->rtm_type = RTN_UNICAST;
     }
 
     struct sockaddr_nl nladdr;
@@ -334,7 +334,7 @@ QString LinuxRouteMonitor::getgatewayandiface()
     }
     }
     close(sock);
-    return interface;
+    return gateway_address;
 }
 
 static bool buildAllowedIp(wg_allowedip* ip,
diff --git a/client/vpnconnection.cpp b/client/vpnconnection.cpp
index c73df444..878a1cde 100644
--- a/client/vpnconnection.cpp
+++ b/client/vpnconnection.cpp
@@ -68,7 +68,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
                 // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
             }
             QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
-            QString dns2 = m_vpnConfiguration.value(config_key::dns1).toString();
+            QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
 
             IpcClient::Interface()->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);