tools.pid_vpn_route_tools module

Per-process VPN policy routing: cgroup + iptables MARK + ip rule / ip route.

Steers IPv4 traffic from a PID into a dedicated routing table that defaults via a VPN interface (WireGuard wg0, OpenVPN tun0, VTI, etc.). Uses the same cgroup leaf as tor_transproxy_tools: stargazer-pid-net/<pid> (see _stargazer_pid_cgroup).

IPv4 only (MVP). Requires UNSANDBOXED_EXEC, cgroup v2, and iptables cgroup match. WireGuard should use Table=off (see vpn_tools); OpenVPN route-nopull; IPsec needs a routable tunnel interface.

If tor_transproxy still manages the same PID, disabling this tool skips moving the process out of the cgroup so Tor rules keep working.