NE link writes are blocking and don't support timeout. When shutting
down a UDP session, the OCCPacket may fail to send and lock the session
in a stale state ("Active" but dead), with an infinite loop of "Failed
TUN read" messages in the log.
- First, [add cancellation handlers to NE UDP/TCP
sockets](https://github.com/passepartoutvpn/passepartoutkit-source/pull/464)
- Then, rather than writing the exit packet in the foreground and
scheduling cancellation:
- Write the packet in a background task
- Wait until timeout in the actor
- Cancel the pending write and go ahead
This may still leak if NE socket cancellation doesn't work, but will
prevent deadlock.
The new OpenVPN parser was painfully slow due to allocating
NSRegularExpression zillion times, which resulted in poor performance
(4x time!) when processing long PUSH_REPLY messages. This is a hard
regression from v2 because [TunnelKit created the regexes
statically](339b509ddf/Sources/TunnelKitOpenVPNCore/ConfigurationParser.swift (L42)).
Solution: pre-allocate the regular expressions at parser creation time.
Optimize long fragmented replies further by catching PUSH_REPLY
continuations early, rather than parsing line by line.
Clean up the naive abuse of async/await in OpenVPNSession. Encapsulate
the instances of ControlChannel/DataChannel inside the Negotiator actor,
so that actor-isolation for them becomes automatically unnecessary.
Synchronous methods inside the actor are the way to go.
After that, handle control packets in orderly fashion, because this is
not being done and may spoil negotiation very easily. Probably also
happening in TunnelKit.
Ultimately, skip some unnecessary XOR processing in UDP when no XOR
method is actually set.
URL.startAccessingSecurityScopedResource() fails in that case, but
permission is not required at all.
Could reproduce by importing .ovpn file from a Telegram chat.
- Move availableLogs() / purgeLogs() to library
- Append and rotate logs by size (500k)
- Add marker between app/tunnel launches
- Purge logs on each save (3 days)
- Unify debug log content view across platforms
- macOS: Table + inspect full line
- iOS/tvOS: Use List
- Scroll to bottom onLoad()
- Simplify build/version updates by moving MARKETING_VERSION and
CURRENT_PROJECT_VERSION to Config.xcconfig
- Provide Ruby (for fastlane) and Bash (for CI) versions of
xconfig-get/set
- Copy release notes atomically inside the lane to guarantee they are
included in the version commit
- Add -nt to skip the build tag
Eligibility is ensured on iOS/macOS "remote" apps and profiles are not editable on TV. The day they can be edited, this will need a rework, but today it should be fine.
Regression due to BuildProducts not being credited on Apple TV.
The delegate was lost due to not being retained anywhere, and the
WireGuard adapter was therefore not finalizing the connection (i.e. set
tunnel settings).
Regression in #1057
### OpenVPN
- Make CPassepartoutCryptoOpenSSL agnostic of PassepartoutKit
- Move Allocation/ZeroingData from PassepartoutKit to package for
internal use
- Rename ZeroingData.count to .length for consistency with NSData
- Duplicate some Data manipulation code in CryptoOpenSSL
- Retain a simplified version of ZeroingData in PassepartoutKit
(AutoerasingData)
### WireGuard
- Make WireGuardKit imports `internal`
Simplify development and maintenance immensely by making this a
monorepository:
- Convert PassepartoutKit and VPN bindings to local packages
- OpenVPN/OpenSSL
- WireGuard/Go
- Make PassepartoutKit available via
- Source submodule for production (private)
- [Binary XCFramework for
development](https://github.com/passepartoutvpn/passepartoutkit)
- Add PassepartoutKit Demo in root
- Deploy package later
