Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nit: More ipv6+splittunnel fixes #10001

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Nit: More ipv6+splittunnel fixes #10001

wants to merge 4 commits into from

Conversation

strseb
Copy link
Collaborator

@strseb strseb commented Oct 30, 2024
edited
Loading 

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Link-local IPv6 Address . . . . . : fe80::e590:7f37:1507:b845%12
   IPv4 Address. . . . . . . . . . . : 192.168.86.103
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.86.1

That is my wifi rn, if we only select the first valid v6 adress we try to convert the link local. That will fail due to the string containing the %12 denoting the adapter, and also split tunneling to link local does not make that much sense, no?
So if we don't get a prefix, let's just assume v6 does not work and return empty.

@strseb strseb requested a review from oskirby October 30, 2024 17:08
@oskirby
Copy link
Collaborator

oskirby commented Oct 30, 2024

This might be going way off on a tangent, but when I was implementing the split tunnel bypass logic in the proxy extension, I ran into a lot of similar difficulties with IPv6 and source address determination as well. I found that things performed pretty badly when my Windows machine had multiple network interfaces or when switching between interfaces.

Some learnings that I found from that work:

  1. An interface can have a lot of IPv6 addresses, lots of which aren't routeable. You probably only want to use global addresses (eg: addr.isGlobal() && !addr.isUniqueLocalUnicast()). Note that ULA addresses (eg: fc00::abcd) are considered global by IPv6 standards, but technically don't route to the internet.
  2. Addresses can change over time, you probably want to make sure we aren't using a stale address by filtering addresses by the DAD state (eg: row->DadState == IpDadStatePreferred). This one caught me out a bunch of times when switching between Wifi and ethernet. Because the routes would change and an otherwise good-looking address stuck around but was marked as stale.
  3. Changing interfaces is also a giant pain in the ass (eg when switching from WiFi to Ethernet) and to make sense of that we also need to hook into the routing table and watch for changes to the default route and then re-run the address selection algorithm.

If you want to see how it is handled over in the socks proxy world, check out WindowsBypass::refreshAddresses() of extension/socks5proxy/bin/windowsbypass.cpp

@strseb strseb marked this pull request as draft November 18, 2024 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oskirby oskirby Awaiting requested review from oskirby

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@strseb @oskirby