traffic: add per-app runtime app routing via cgroup marks

2026-02-14 16:58:30 +03:00
parent 1fec4a51da
commit 90907219dc
10 changed files with 819 additions and 7 deletions
--- a/selective-vpn-api/app/config.go
+++ b/selective-vpn-api/app/config.go
@@ -58,10 +58,14 @@ const (
 	heartbeatFile       = stateDir + "/heartbeat"
 	lockFile            = "/run/lock/selective-vpn.lock"
 	MARK                = "0x66"
-	defaultDNS1         = "94.140.14.14"
-	defaultDNS2         = "94.140.15.15"
-	defaultMeta1        = "46.243.231.30"
-	defaultMeta2        = "46.243.231.41"
+	// EN: Extra marks reserved for per-app routing (systemd scope / cgroup-based).
+	// RU: Дополнительные метки для per-app маршрутизации (systemd scope / cgroup).
+	MARK_DIRECT  = "0x67" // force direct (bypass VPN table even in full tunnel)
+	MARK_APP     = "0x68" // force VPN for app-scoped traffic (works even in traffic-mode=direct)
+	defaultDNS1  = "94.140.14.14"
+	defaultDNS2  = "94.140.15.15"
+	defaultMeta1 = "46.243.231.30"
+	defaultMeta2 = "46.243.231.41"

 	smartDNSDefaultAddr = "127.0.0.1#6053"
 	smartDNSAddrEnv     = "SVPN_SMARTDNS_ADDR"