tunnelkit/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift

840 lines
31 KiB
Swift
Raw Normal View History

2018-08-23 08:19:25 +00:00
//
// TunnelKitProvider.swift
// TunnelKit
2018-08-23 08:19:25 +00:00
//
// Created by Davide De Rosa on 2/1/17.
2019-03-09 10:44:18 +00:00
// Copyright (c) 2019 Davide De Rosa. All rights reserved.
//
// https://github.com/passepartoutvpn
//
// This file is part of TunnelKit.
//
// TunnelKit is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// TunnelKit is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with TunnelKit. If not, see <http://www.gnu.org/licenses/>.
//
// This file incorporates work covered by the following copyright and
// permission notice:
//
// Copyright (c) 2018-Present Private Internet Access
//
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
2018-08-23 08:19:25 +00:00
import NetworkExtension
import SwiftyBeaver
import __TunnelKitCore
2018-08-23 08:19:25 +00:00
private let log = SwiftyBeaver.self
/**
Provides an all-in-one `NEPacketTunnelProvider` implementation for use in a
Packet Tunnel Provider extension both on iOS and macOS.
*/
open class TunnelKitProvider: NEPacketTunnelProvider {
2018-08-23 08:19:25 +00:00
// MARK: Tweaks
/// An optional string describing host app version on tunnel start.
public var appVersion: String?
/// The log separator between sessions.
public var logSeparator = "--- EOF ---"
/// The maximum number of lines in the log.
public var maxLogLines = 1000
/// The number of milliseconds after which a DNS resolution fails.
public var dnsTimeout = 3000
/// The number of milliseconds after which the tunnel gives up on a connection attempt.
public var socketTimeout = 5000
/// The number of milliseconds after which the tunnel is shut down forcibly.
public var shutdownTimeout = 2000
/// The number of milliseconds after which a reconnection attempt is issued.
public var reconnectionDelay = 1000
/// The number of link failures after which the tunnel is expected to die.
public var maxLinkFailures = 3
/// The number of milliseconds between data count updates. Set to 0 to disable updates (default).
public var dataCountInterval = 0
2019-04-28 08:56:39 +00:00
/// A list of public DNS servers to use as fallback when none are provided (defaults to CloudFlare).
public var fallbackDNSServers = [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
]
2018-08-23 08:19:25 +00:00
// MARK: Constants
private let memoryLog = MemoryDestination()
private let observer = InterfaceObserver()
private let tunnelQueue = DispatchQueue(label: TunnelKitProvider.description())
2018-08-23 08:19:25 +00:00
private let prngSeedLength = 64
private var cachesURL: URL {
guard let appGroup = appGroup else {
fatalError("Accessing cachesURL before parsing app group")
}
guard let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroup) else {
fatalError("No access to app group: \(appGroup)")
}
return containerURL.appendingPathComponent("Library/Caches/")
2018-08-23 08:19:25 +00:00
}
2018-08-23 08:19:25 +00:00
// MARK: Tunnel configuration
private var appGroup: String!
private lazy var defaults = UserDefaults(suiteName: appGroup)
2018-08-23 08:19:25 +00:00
private var cfg: Configuration!
private var strategy: ConnectionStrategy!
// MARK: Internal state
private var proxy: OpenVPNSession?
2018-08-23 08:19:25 +00:00
private var socket: GenericSocket?
private var pendingStartHandler: ((Error?) -> Void)?
private var pendingStopHandler: (() -> Void)?
private var isCountingData = false
2018-08-23 08:19:25 +00:00
// MARK: NEPacketTunnelProvider (XPC queue)
/// :nodoc:
open override func startTunnel(options: [String : NSObject]? = nil, completionHandler: @escaping (Error?) -> Void) {
// required configuration
2018-08-23 08:19:25 +00:00
do {
guard let tunnelProtocol = protocolConfiguration as? NETunnelProviderProtocol else {
2018-10-21 10:58:36 +00:00
throw ProviderConfigurationError.parameter(name: "protocolConfiguration")
2018-08-23 08:19:25 +00:00
}
guard let serverAddress = tunnelProtocol.serverAddress else {
2018-10-21 10:58:36 +00:00
throw ProviderConfigurationError.parameter(name: "protocolConfiguration.serverAddress")
}
2018-08-23 08:19:25 +00:00
guard let providerConfiguration = tunnelProtocol.providerConfiguration else {
2018-10-21 10:58:36 +00:00
throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration")
2018-08-23 08:19:25 +00:00
}
try appGroup = Configuration.appGroup(from: providerConfiguration)
2018-08-23 08:19:25 +00:00
try cfg = Configuration.parsed(from: providerConfiguration)
// inject serverAddress into sessionConfiguration.hostname
if !serverAddress.isEmpty {
var sessionBuilder = cfg.sessionConfiguration.builder()
sessionBuilder.hostname = serverAddress
var cfgBuilder = cfg.builder()
cfgBuilder.sessionConfiguration = sessionBuilder.build()
cfg = cfgBuilder.build()
}
2018-08-23 08:19:25 +00:00
} catch let e {
var message: String?
2018-10-21 10:58:36 +00:00
if let te = e as? ProviderConfigurationError {
2018-08-23 08:19:25 +00:00
switch te {
2018-10-21 10:58:36 +00:00
case .parameter(let name):
message = "Tunnel configuration incomplete: \(name)"
2018-08-23 08:19:25 +00:00
default:
break
}
}
NSLog(message ?? "Unexpected error in tunnel configuration: \(e)")
completionHandler(e)
return
}
// optional credentials
let credentials: OpenVPN.Credentials?
if let username = protocolConfiguration.username, let passwordReference = protocolConfiguration.passwordReference,
let password = try? Keychain.password(for: username, reference: passwordReference) {
credentials = OpenVPN.Credentials(username, password)
} else {
credentials = nil
}
strategy = ConnectionStrategy(configuration: cfg)
2018-08-23 08:19:25 +00:00
if let content = cfg.existingLog(in: appGroup) {
var existingLog = content.components(separatedBy: "\n")
2019-03-30 19:17:02 +00:00
if let i = existingLog.firstIndex(of: logSeparator) {
2018-08-23 08:19:25 +00:00
existingLog.removeFirst(i + 2)
}
existingLog.append("")
existingLog.append(logSeparator)
existingLog.append("")
memoryLog.start(with: existingLog)
}
configureLogging(
debug: cfg.shouldDebug,
customFormat: cfg.debugLogFormat
)
// override library configuration
if let masksPrivateData = cfg.masksPrivateData {
CoreConfiguration.masksPrivateData = masksPrivateData
}
2018-08-23 08:19:25 +00:00
log.info("Starting tunnel...")
cfg.clearLastError(in: appGroup)
2018-08-23 08:19:25 +00:00
guard OpenVPN.EncryptionBridge.prepareRandomNumberGenerator(seedLength: prngSeedLength) else {
2018-10-21 10:58:36 +00:00
completionHandler(ProviderConfigurationError.prngInitialization)
2018-08-23 08:19:25 +00:00
return
}
cfg.print(appVersion: appVersion)
let proxy: OpenVPNSession
2018-08-23 08:19:25 +00:00
do {
proxy = try OpenVPNSession(queue: tunnelQueue, configuration: cfg.sessionConfiguration, cachesURL: cachesURL)
refreshDataCount()
2018-08-23 08:19:25 +00:00
} catch let e {
completionHandler(e)
return
}
proxy.credentials = credentials
2018-08-23 08:19:25 +00:00
proxy.delegate = self
self.proxy = proxy
logCurrentSSID()
pendingStartHandler = completionHandler
tunnelQueue.sync {
self.connectTunnel()
}
}
/// :nodoc:
open override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
pendingStartHandler = nil
log.info("Stopping tunnel...")
cfg.clearLastError(in: appGroup)
2018-08-23 08:19:25 +00:00
guard let proxy = proxy else {
flushLog()
completionHandler()
return
}
pendingStopHandler = completionHandler
tunnelQueue.schedule(after: .milliseconds(shutdownTimeout)) { [weak self] in
guard let weakSelf = self else {
2018-08-23 08:19:25 +00:00
return
}
guard let pendingHandler = weakSelf.pendingStopHandler else {
return
}
log.warning("Tunnel not responding after \(weakSelf.shutdownTimeout) milliseconds, forcing stop")
weakSelf.flushLog()
2018-08-23 08:19:25 +00:00
pendingHandler()
}
tunnelQueue.sync {
proxy.shutdown(error: nil)
}
}
/// :nodoc:
open override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
var response: Data?
switch Message(messageData) {
case .requestLog:
response = memoryLog.description.data(using: .utf8)
case .dataCount:
if let proxy = proxy, let dataCount = proxy.dataCount() {
2018-08-23 08:19:25 +00:00
response = Data()
response?.append(UInt64(dataCount.0)) // inbound
response?.append(UInt64(dataCount.1)) // outbound
2018-08-23 08:19:25 +00:00
}
default:
break
}
completionHandler?(response)
}
// MARK: Connection (tunnel queue)
private func connectTunnel(upgradedSocket: GenericSocket? = nil, preferredAddress: String? = nil) {
log.info("Creating link session")
// reuse upgraded socket
if let upgradedSocket = upgradedSocket, !upgradedSocket.isShutdown {
log.debug("Socket follows a path upgrade")
connectTunnel(via: upgradedSocket)
return
}
strategy.createSocket(from: self, timeout: dnsTimeout, preferredAddress: preferredAddress, queue: tunnelQueue) { (socket, error) in
guard let socket = socket else {
self.disposeTunnel(error: error)
return
}
self.connectTunnel(via: socket)
}
}
private func connectTunnel(via socket: GenericSocket) {
log.info("Will connect to \(socket)")
cfg.clearLastError(in: appGroup)
2018-08-23 08:19:25 +00:00
log.debug("Socket type is \(type(of: socket))")
self.socket = socket
self.socket?.delegate = self
self.socket?.observe(queue: tunnelQueue, activeTimeout: socketTimeout)
}
private func finishTunnelDisconnection(error: Error?) {
if let proxy = proxy, !(reasserting && proxy.canRebindLink()) {
proxy.cleanup()
}
socket?.delegate = nil
socket?.unobserve()
socket = nil
if let error = error {
log.error("Tunnel did stop (error: \(error))")
setErrorStatus(with: error)
2018-08-23 08:19:25 +00:00
} else {
log.info("Tunnel did stop on request")
}
}
private func disposeTunnel(error: Error?) {
flushLog()
2018-08-23 08:19:25 +00:00
// failed to start
if (pendingStartHandler != nil) {
//
// CAUTION
//
// passing nil to this callback will result in an extremely undesired situation,
// because NetworkExtension would interpret it as "successfully connected to VPN"
//
// if we end up here disposing the tunnel with a pending start handled, we are
// 100% sure that something wrong happened while starting the tunnel. in such
// case, here we then must also make sure that an error object is ALWAYS
// provided, so we do this with optional fallback to .socketActivity
//
// socketActivity makes sense, given that any other error would normally come
// from OpenVPN.stopError. other paths to disposeTunnel() are only coming
2018-08-23 08:19:25 +00:00
// from stopTunnel(), in which case we don't need to feed an error parameter to
// the stop completion handler
//
pendingStartHandler?(error ?? ProviderError.socketActivity)
pendingStartHandler = nil
}
// stopped intentionally
else if (pendingStopHandler != nil) {
pendingStopHandler?()
pendingStopHandler = nil
}
// stopped externally, unrecoverable
else {
cancelTunnelWithError(error)
}
}
// MARK: Data counter (tunnel queue)
private func refreshDataCount() {
guard dataCountInterval > 0 else {
return
}
tunnelQueue.schedule(after: .milliseconds(dataCountInterval)) { [weak self] in
self?.refreshDataCount()
}
guard isCountingData, let proxy = proxy, let dataCount = proxy.dataCount() else {
defaults?.removeDataCountArray()
return
}
defaults?.dataCountArray = [dataCount.0, dataCount.1]
}
2018-08-23 08:19:25 +00:00
}
extension TunnelKitProvider: GenericSocketDelegate {
2018-08-23 08:19:25 +00:00
// MARK: GenericSocketDelegate (tunnel queue)
func socketDidTimeout(_ socket: GenericSocket) {
log.debug("Socket timed out waiting for activity, cancelling...")
reasserting = true
socket.shutdown()
// fallback: TCP connection timeout suggests falling back
if let _ = socket as? NETCPSocket {
guard tryNextProtocol() else {
// disposeTunnel
return
}
2018-08-23 08:19:25 +00:00
}
}
func socketDidBecomeActive(_ socket: GenericSocket) {
guard let proxy = proxy else {
return
}
if proxy.canRebindLink() {
proxy.rebindLink(socket.link(withMTU: cfg.mtu))
2018-08-23 08:19:25 +00:00
reasserting = false
} else {
proxy.setLink(socket.link(withMTU: cfg.mtu))
2018-08-23 08:19:25 +00:00
}
}
func socket(_ socket: GenericSocket, didShutdownWithFailure failure: Bool) {
guard let proxy = proxy else {
return
}
var shutdownError: Error?
let didTimeoutNegotiation: Bool
var upgradedSocket: GenericSocket?
// look for error causing shutdown
shutdownError = proxy.stopError
if failure && (shutdownError == nil) {
shutdownError = ProviderError.linkError
2018-08-23 08:19:25 +00:00
}
didTimeoutNegotiation = (shutdownError as? OpenVPNError == .negotiationTimeout)
2018-09-07 20:43:52 +00:00
// only try upgrade on network errors
if shutdownError as? OpenVPNError == nil {
upgradedSocket = socket.upgraded()
}
2018-09-07 20:43:52 +00:00
// clean up
finishTunnelDisconnection(error: shutdownError)
// fallback: UDP is connection-less, treat negotiation timeout as socket timeout
2018-09-07 20:43:52 +00:00
if didTimeoutNegotiation {
guard tryNextProtocol() else {
2018-09-07 20:43:52 +00:00
// disposeTunnel
return
}
2018-08-23 08:19:25 +00:00
}
2018-09-07 20:43:52 +00:00
// reconnect?
2018-08-23 08:19:25 +00:00
if reasserting {
log.debug("Disconnection is recoverable, tunnel will reconnect in \(reconnectionDelay) milliseconds...")
tunnelQueue.schedule(after: .milliseconds(reconnectionDelay)) {
// give up if reasserting cleared in the meantime
guard self.reasserting else {
return
}
2018-08-23 08:19:25 +00:00
self.connectTunnel(upgradedSocket: upgradedSocket, preferredAddress: socket.remoteAddress)
}
return
}
2018-09-07 20:43:52 +00:00
// shut down
2018-08-23 08:19:25 +00:00
disposeTunnel(error: shutdownError)
}
func socketHasBetterPath(_ socket: GenericSocket) {
log.debug("Stopping tunnel due to a new better path")
logCurrentSSID()
proxy?.reconnect(error: ProviderError.networkChanged)
}
}
extension TunnelKitProvider: OpenVPNSessionDelegate {
2018-08-23 08:19:25 +00:00
// MARK: OpenVPNSessionDelegate (tunnel queue)
2018-08-23 08:19:25 +00:00
/// :nodoc:
public func sessionDidStart(_ proxy: OpenVPNSession, remoteAddress: String, options: OpenVPN.Configuration) {
2018-08-23 08:19:25 +00:00
reasserting = false
log.info("Session did start")
log.info("Returned ifconfig parameters:")
2018-10-24 16:06:39 +00:00
log.info("\tRemote: \(remoteAddress.maskedDescription)")
log.info("\tIPv4: \(options.ipv4?.description ?? "not configured")")
log.info("\tIPv6: \(options.ipv6?.description ?? "not configured")")
if let routingPolicies = options.routingPolicies {
log.info("\tGateway: \(routingPolicies.map { $0.rawValue })")
2019-04-27 12:06:30 +00:00
} else {
log.info("\tGateway: not configured")
2019-04-27 12:06:30 +00:00
}
if let dnsServers = options.dnsServers, !dnsServers.isEmpty {
log.info("\tDNS: \(dnsServers.map { $0.maskedDescription })")
} else {
2019-04-18 10:02:23 +00:00
log.info("\tDNS: not configured")
}
if let searchDomain = options.searchDomain, !searchDomain.isEmpty {
log.info("\tDomain: \(searchDomain.maskedDescription)")
} else {
log.info("\tDomain: not configured")
}
2019-04-13 17:03:27 +00:00
if options.httpProxy != nil || options.httpsProxy != nil {
2019-04-13 17:03:27 +00:00
log.info("\tProxy:")
if let proxy = options.httpProxy {
2019-04-13 17:03:27 +00:00
log.info("\t\tHTTP: \(proxy.maskedDescription)")
}
if let proxy = options.httpsProxy {
2019-04-13 17:03:27 +00:00
log.info("\t\tHTTPS: \(proxy.maskedDescription)")
}
if let bypass = options.proxyBypassDomains {
2019-04-13 17:03:27 +00:00
log.info("\t\tBypass domains: \(bypass.maskedDescription)")
}
}
bringNetworkUp(remoteAddress: remoteAddress, localOptions: proxy.configuration, options: options) { (error) in
2018-08-23 08:19:25 +00:00
if let error = error {
log.error("Failed to configure tunnel: \(error)")
self.pendingStartHandler?(error)
self.pendingStartHandler = nil
return
}
log.info("Tunnel interface is now UP")
proxy.setTunnel(tunnel: NETunnelInterface(impl: self.packetFlow, isIPv6: options.ipv6 != nil))
2018-08-23 08:19:25 +00:00
self.pendingStartHandler?(nil)
self.pendingStartHandler = nil
}
isCountingData = true
refreshDataCount()
2018-08-23 08:19:25 +00:00
}
/// :nodoc:
public func sessionDidStop(_: OpenVPNSession, shouldReconnect: Bool) {
2018-08-23 08:19:25 +00:00
log.info("Session did stop")
isCountingData = false
refreshDataCount()
reasserting = shouldReconnect
2018-08-23 08:19:25 +00:00
socket?.shutdown()
}
private func bringNetworkUp(remoteAddress: String, localOptions: OpenVPN.Configuration, options: OpenVPN.Configuration, completionHandler: @escaping (Error?) -> Void) {
let routingPolicies = localOptions.routingPolicies ?? options.routingPolicies
let isIPv4Gateway = routingPolicies?.contains(.IPv4) ?? false
let isIPv6Gateway = routingPolicies?.contains(.IPv6) ?? false
let isGateway = isIPv4Gateway || isIPv6Gateway
var ipv4Settings: NEIPv4Settings?
if let ipv4 = options.ipv4 {
var routes: [NEIPv4Route] = []
// route all traffic to VPN?
if isIPv4Gateway {
let defaultRoute = NEIPv4Route.default()
defaultRoute.gatewayAddress = ipv4.defaultGateway
routes.append(defaultRoute)
// for network in ["0.0.0.0", "128.0.0.0"] {
// let route = NEIPv4Route(destinationAddress: network, subnetMask: "128.0.0.0")
// route.gatewayAddress = ipv4.defaultGateway
// routes.append(route)
// }
log.info("Routing.IPv4: Setting default gateway to \(ipv4.defaultGateway.maskedDescription)")
}
for r in ipv4.routes {
let ipv4Route = NEIPv4Route(destinationAddress: r.destination, subnetMask: r.mask)
ipv4Route.gatewayAddress = r.gateway
routes.append(ipv4Route)
log.info("Routing.IPv4: Adding route \(r.destination.maskedDescription)/\(r.mask) -> \(r.gateway)")
}
ipv4Settings = NEIPv4Settings(addresses: [ipv4.address], subnetMasks: [ipv4.addressMask])
ipv4Settings?.includedRoutes = routes
ipv4Settings?.excludedRoutes = []
}
var ipv6Settings: NEIPv6Settings?
if let ipv6 = options.ipv6 {
var routes: [NEIPv6Route] = []
// route all traffic to VPN?
if isIPv6Gateway {
let defaultRoute = NEIPv6Route.default()
defaultRoute.gatewayAddress = ipv6.defaultGateway
routes.append(defaultRoute)
// for network in ["2000::", "3000::"] {
// let route = NEIPv6Route(destinationAddress: network, networkPrefixLength: 4)
// route.gatewayAddress = ipv6.defaultGateway
// routes.append(route)
// }
log.info("Routing.IPv6: Setting default gateway to \(ipv6.defaultGateway.maskedDescription)")
}
for r in ipv6.routes {
let ipv6Route = NEIPv6Route(destinationAddress: r.destination, networkPrefixLength: r.prefixLength as NSNumber)
ipv6Route.gatewayAddress = r.gateway
routes.append(ipv6Route)
log.info("Routing.IPv6: Adding route \(r.destination.maskedDescription)/\(r.prefixLength) -> \(r.gateway)")
}
ipv6Settings = NEIPv6Settings(addresses: [ipv6.address], networkPrefixLengths: [ipv6.addressPrefixLength as NSNumber])
ipv6Settings?.includedRoutes = routes
ipv6Settings?.excludedRoutes = []
}
2019-05-11 14:33:08 +00:00
// shut down if default gateway is not attainable
var hasGateway = false
if isIPv4Gateway && (ipv4Settings != nil) {
hasGateway = true
}
if isIPv6Gateway && (ipv6Settings != nil) {
hasGateway = true
}
guard !isGateway || hasGateway else {
proxy?.shutdown(error: ProviderError.gatewayUnattainable)
return
}
var dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? []
// fall back
if dnsServers.isEmpty {
log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)")
dnsServers = fallbackDNSServers
}
let dnsSettings = NEDNSSettings(servers: dnsServers)
if !isGateway {
dnsSettings.matchDomains = [""]
}
if let searchDomain = cfg.sessionConfiguration.searchDomain ?? options.searchDomain {
dnsSettings.domainName = searchDomain
dnsSettings.searchDomains = [searchDomain]
if !isGateway {
dnsSettings.matchDomains = dnsSettings.searchDomains
}
}
// add direct routes to DNS servers
if !isGateway {
for server in dnsServers {
if server.contains(":") {
ipv6Settings?.includedRoutes?.insert(NEIPv6Route(destinationAddress: server, networkPrefixLength: 128), at: 0)
} else {
ipv4Settings?.includedRoutes?.insert(NEIPv4Route(destinationAddress: server, subnetMask: "255.255.255.255"), at: 0)
}
}
}
var proxySettings: NEProxySettings?
if let httpsProxy = cfg.sessionConfiguration.httpsProxy ?? options.httpsProxy {
proxySettings = NEProxySettings()
proxySettings?.httpsServer = httpsProxy.neProxy()
proxySettings?.httpsEnabled = true
log.info("Routing: Setting HTTPS proxy \(httpsProxy.address.maskedDescription):\(httpsProxy.port)")
2019-04-13 15:55:08 +00:00
}
if let httpProxy = cfg.sessionConfiguration.httpProxy ?? options.httpProxy {
2019-04-13 15:55:08 +00:00
if proxySettings == nil {
proxySettings = NEProxySettings()
}
proxySettings?.httpServer = httpProxy.neProxy()
proxySettings?.httpEnabled = true
log.info("Routing: Setting HTTP proxy \(httpProxy.address.maskedDescription):\(httpProxy.port)")
}
2019-04-13 17:03:27 +00:00
// only set if there is a proxy (proxySettings set to non-nil above)
if let bypass = cfg.sessionConfiguration.proxyBypassDomains ?? options.proxyBypassDomains {
proxySettings?.exceptionList = bypass
log.info("Routing: Setting proxy by-pass list: \(bypass.maskedDescription)")
}
// block LAN if desired
if routingPolicies?.contains(.blockLocal) ?? false {
let table = RoutingTable()
if isIPv4Gateway,
let gateway = table.defaultGateway4()?.gateway(),
let route = table.broadestRoute4(matchingDestination: gateway) {
route.partitioned().forEach {
let destination = $0.network()
guard let netmask = $0.networkMask() else {
return
}
log.info("Block local: Suppressing IPv4 route \(destination)/\($0.prefix())")
let included = NEIPv4Route(destinationAddress: destination, subnetMask: netmask)
included.gatewayAddress = options.ipv4?.defaultGateway
ipv4Settings?.includedRoutes?.append(included)
}
}
if isIPv6Gateway,
let gateway = table.defaultGateway6()?.gateway(),
let route = table.broadestRoute6(matchingDestination: gateway) {
route.partitioned().forEach {
let destination = $0.network()
let prefix = $0.prefix()
log.info("Block local: Suppressing IPv6 route \(destination)/\($0.prefix())")
let included = NEIPv6Route(destinationAddress: destination, networkPrefixLength: prefix as NSNumber)
included.gatewayAddress = options.ipv6?.defaultGateway
ipv6Settings?.includedRoutes?.append(included)
}
}
}
let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
newSettings.ipv4Settings = ipv4Settings
newSettings.ipv6Settings = ipv6Settings
2018-08-23 08:19:25 +00:00
newSettings.dnsSettings = dnsSettings
newSettings.proxySettings = proxySettings
2018-08-23 08:19:25 +00:00
setTunnelNetworkSettings(newSettings, completionHandler: completionHandler)
}
}
extension TunnelKitProvider {
private func tryNextProtocol() -> Bool {
guard strategy.tryNextProtocol() else {
disposeTunnel(error: ProviderError.exhaustedProtocols)
return false
}
return true
}
2018-08-23 08:19:25 +00:00
// MARK: Logging
2018-08-23 08:19:25 +00:00
private func configureLogging(debug: Bool, customFormat: String? = nil) {
let logLevel: SwiftyBeaver.Level = (debug ? .debug : .info)
let logFormat = customFormat ?? "$Dyyyy-MM-dd HH:mm:ss.SSS$d $L $N.$F:$l - $M"
if debug {
let console = ConsoleDestination()
console.useNSLog = true
console.minLevel = logLevel
console.format = logFormat
log.addDestination(console)
}
let memory = memoryLog
memory.minLevel = logLevel
memory.format = logFormat
memory.maxLines = maxLogLines
log.addDestination(memoryLog)
}
private func flushLog() {
log.debug("Flushing log...")
if let url = cfg.urlForLog(in: appGroup) {
memoryLog.flush(to: url)
2018-08-23 08:19:25 +00:00
}
}
private func logCurrentSSID() {
if let ssid = observer.currentWifiNetworkName() {
2018-10-24 16:25:04 +00:00
log.debug("Current SSID: '\(ssid.maskedDescription)'")
} else {
log.debug("Current SSID: none (disconnected from WiFi)")
}
}
// private func anyPointer(_ object: Any?) -> UnsafeMutableRawPointer {
// let anyObject = object as AnyObject
// return Unmanaged<AnyObject>.passUnretained(anyObject).toOpaque()
// }
// MARK: Errors
private func setErrorStatus(with error: Error) {
defaults?.set(unifiedError(from: error).rawValue, forKey: Configuration.lastErrorKey)
}
private func unifiedError(from error: Error) -> ProviderError {
if let te = error.tunnelKitErrorCode() {
switch te {
2019-05-19 10:03:46 +00:00
case .cryptoRandomGenerator, .cryptoAlgorithm:
return .encryptionInitialization
2019-05-19 10:03:46 +00:00
case .cryptoEncryption, .cryptoHMAC:
return .encryptionData
2019-05-19 10:03:46 +00:00
case .tlsCertificateAuthority, .tlsClientCertificate, .tlsClientKey:
return .tlsInitialization
2019-05-19 10:03:46 +00:00
case .tlsServerCertificate, .tlsServerEKU:
return .tlsServerVerification
2019-05-19 10:03:46 +00:00
case .tlsHandshake:
return .tlsHandshake
case .dataPathOverflow, .dataPathPeerIdMismatch:
return .unexpectedReply
case .dataPathCompression:
return .serverCompression
case .LZO:
return .lzo
2019-03-30 19:23:09 +00:00
default:
break
}
} else if let se = error as? OpenVPNError {
switch se {
case .negotiationTimeout, .pingTimeout, .staleSession:
return .timeout
case .badCredentials:
return .authentication
case .serverCompression:
return .serverCompression
case .failedLinkWrite:
return .linkError
case .noRouting:
return .routing
default:
return .unexpectedReply
}
2018-08-23 08:19:25 +00:00
}
return error as? ProviderError ?? .linkError
2018-08-23 08:19:25 +00:00
}
}
private extension Proxy {
func neProxy() -> NEProxyServer {
return NEProxyServer(address: address, port: Int(port))
}
}