search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
3.03k stars 154 forks source link

split tunnel incorrectly identified? #1703

Open samthesamman opened 2 months ago

samthesamman commented 2 months ago

Looks like you are just looking for the presence of 0.0.0.0 in allowedIps to determine if it's a full tunnel. But if I set something like allowedIps=0.0.0.0/5, then this should be detected as split tunnel. Not sure if this is just a UI thing or if you have logic that depends on this detection.

ignoramous commented 2 months ago

allowedIps=0.0.0.0/5

We rely on net/netip:IPPrefix.Contains: https://go.dev/play/p/RIcrz4KtOGD

samthesamman commented 2 months ago

But if allowedIps is set to 0.0.0.0/5, shouldn't this be considered a split tunnel? Your code example considers this full.