vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2026-05-05 07:09:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

feat: Add Split Tunnel feature (Windows PoC)

Browse source 
Implement initial proof-of-concept for split tunnel functionality on Windows,
allowing applications to route traffic through a designated network interface
while bypassing default system routing.

Features:
- Split tunnel module with TCP/UDP proxy infrastructure
- Firewall integration with split tunnel verdict handling
- SplitTunneling context attached to connections
- Configuration options: enable toggle, interface selection, and policy rules
- UI display of split tunnel connection details in connection info panel
- Subsystem configuration for user-level access

Windows-specific implementation:
- Uses proxy-based interface routing on Windows
- Automatic or manual interface detection and binding
- Support for IPv4 and IPv6 traffic

Note: Linux implementation is under development. SPN takes precedence over
split tunnel when both are enabled, ensuring SPN connections bypass this feature.
This commit is contained in:
Alexandr Stelnykovych 2026-04-24 18:04:01 +03:00
parent 29cc58fecb
commit ee8cde31f6
17 changed files with 682 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
desktop/angular/src/app/shared/config/config-settings.ts
View file

@ -427,11 +427,16 @@ export class ConfigSettingsViewComponent
(s) => s.Key === subsys.ToggleOptionKey
);
if (!!toggleOption) {
if (
(toggleOption.Value !== undefined && !toggleOption.Value) ||
(toggleOption.Value === undefined &&
!toggleOption.DefaultValue)
) {
// Determine the effective enabled state: per-app value takes
// priority, then the globally-configured value (GlobalDefault),
// and finally the hardcoded DefaultValue.
const effectiveEnabled =
toggleOption.Value !== undefined
? !!toggleOption.Value
: toggleOption.GlobalDefault !== undefined
? !!toggleOption.GlobalDefault
: !!toggleOption.DefaultValue;
if (!effectiveEnabled) {
subsys.isDisabled = true;
// remove all settings for all subsystem categories

27
desktop/angular/src/app/shared/config/subsystems.ts
View file

@ -7,7 +7,7 @@ export interface SubsystemWithExpertise extends Subsystem {
hasUserDefinedValues: boolean;
}
export var subsystems : SubsystemWithExpertise[] = [
export const subsystems : SubsystemWithExpertise[] = [
{
minimumExpertise: ExpertiseLevelNumber.developer,
isDisabled: false,
@ -268,5 +268,30 @@ export var subsystems : SubsystemWithExpertise[] = [
Deleted: 0,
Key: "runtime:subsystems/spn"
}
},
{
minimumExpertise: ExpertiseLevelNumber.user, // User level since UI is user-facing
isDisabled: false,
hasUserDefinedValues: false,
ID: "splittun",
Name: "Split Tunnel",
Description: "Route traffic through specified interface to bypass default routing",
Modules: [
{
Name: "splittun",
Enabled: true
}
],
ToggleOptionKey: "splittun/use", // Links to the boolean enable/disable option
ExpertiseLevel: "user",
ReleaseLevel: 0,
ConfigKeySpace: "config:splittun/",
_meta: {
Created: 0,
Modified: 0,
Expires: 0,
Deleted: 0,
Key: "runtime:subsystems/splittun"
}
}
];

11
desktop/angular/src/app/shared/netquery/connection-details/conn-details.html
View file

@ -255,6 +255,17 @@
</ng-container>
</div>
<div *ngIf="!!conn.extra_data?.split_tun">
<h3 class="text-primary text-xxs">Split Tunnel</h3>
<div *ngIf="conn.extra_data?.split_tun as splitTun" class="meta">
<span class="inline-flex items-center gap-1 flex-wrap">
<span class="text-secondary">This connection is forcibly routed through interface</span>
<span>{{ splitTun.Interface }}</span>
<span class="text-secondary">({{ splitTun.IP }})</span>
</span>
</div>
</div>
<div *ngIf="!!bwData.length" class="col-span-3 block border-t border-gray-400 py-2">
<h2 class="text-secondary uppercase w-full text-center text-xxs">Data Usage</h2>
<sfng-netquery-line-chart class="block w-full !h-36" [data]="bwData" [config]="{