From 60213bafb8a189cbf88bdf92cf09c2037f9c0923 Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Fri, 8 May 2020 20:30:17 +0200
Subject: [PATCH] Fix and improve #169

- Use constants
- Check packet length for OOB read
- Replace assertion with logging
---
 CHANGELOG.md                                  |  4 +++
 .../Transport/NETunnelInterface.swift         | 33 +++++++++++++------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1e7a49..5c0ee31 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+- Fix IPv6 traffic broken on Mojave. [#146](https://github.com/passepartoutvpn/tunnelkit/issues/146), [#169](https://github.com/passepartoutvpn/tunnelkit/pull/169)
+
 ## 2.2.3 (2019-04-21)
 
 ### Changed
diff --git a/TunnelKit/Sources/AppExtension/Transport/NETunnelInterface.swift b/TunnelKit/Sources/AppExtension/Transport/NETunnelInterface.swift
index f9d03dd..e4845fb 100644
--- a/TunnelKit/Sources/AppExtension/Transport/NETunnelInterface.swift
+++ b/TunnelKit/Sources/AppExtension/Transport/NETunnelInterface.swift
@@ -36,14 +36,25 @@
 
 import Foundation
 import NetworkExtension
+import SwiftyBeaver
+
+private let log = SwiftyBeaver.self
 
 /// `TunnelInterface` implementation via NetworkExtension.
 public class NETunnelInterface: TunnelInterface {
+    private static let ipV4: UInt8 = 4
+    
+    private static let ipV6: UInt8 = 6
+    
+    private static let protocolNumbers: [UInt8: NSNumber] = [
+        ipV4: NSNumber(value: AF_INET),
+        ipV6: NSNumber(value: AF_INET6)
+    ]
+
+    private static let fallbackProtocolNumber = protocolNumbers[ipV4]!
+
     private weak var impl: NEPacketTunnelFlow?
     
-    private static let protocolNumberForIPv4 = NSNumber(value: AF_INET)
-    private static let protocolNumberForIPv6 = NSNumber(value: AF_INET6)
-
     /// :nodoc:
     public init(impl: NEPacketTunnelFlow) {
         self.impl = impl
@@ -91,16 +102,18 @@ public class NETunnelInterface: TunnelInterface {
     }
 
     private static func ipProtocolNumber(inPacket packet: Data) -> NSNumber {
+        guard !packet.isEmpty else {
+            return fallbackProtocolNumber
+        }
+
         // 'packet' contains the decrypted incoming IP packet data
 
         // The first 4 bits identify the IP version
-        let ipVersion = ((packet[0] & 0xf0) >> 4)
-        assert(ipVersion == 4 || ipVersion == 6)
-
-        if ipVersion == 6 {
-            return NETunnelInterface.protocolNumberForIPv6
-        } else {
-            return NETunnelInterface.protocolNumberForIPv4
+        let ipVersion = (packet[0] & 0xf0) >> 4
+        guard let protocolNumber = protocolNumbers[ipVersion] else {
+            log.warning("Unrecognized IP version (\(ipVersion))")
+            return fallbackProtocolNumber
         }
+        return protocolNumber
     }
 }