passepartoutvpn/tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Halt TLS on internal failure

Browse Source
This commit is contained in:
Davide De Rosa 2018-10-23 22:44:35 +02:00
parent f725779e0e
commit f5d9720b01
2 changed files with 42 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
TunnelKit/Sources/Core/SessionError.swift
View File

@ -36,6 +36,7 @@
//
import Foundation
import __TunnelKitNative
/// The possible errors raised/thrown during `SessionProxy` operation.
public enum SessionError: String, Error {
@ -73,3 +74,18 @@ public enum SessionError: String, Error {
/// The server couldn't ping back before timeout.
case pingTimeout
}
extension Error {
func isTunnelKitError() -> Bool {
let te = self as NSError
return te.domain == TunnelKitErrorDomain
}
func tunnelKitErrorCode() -> TunnelKitErrorCode? {
let te = self as NSError
guard te.domain == TunnelKitErrorDomain else {
return nil
}
return TunnelKitErrorCode(rawValue: te.code)
}
}

44
TunnelKit/Sources/Core/SessionProxy.swift
View File

@ -41,18 +41,6 @@ import __TunnelKitNative
private let log = SwiftyBeaver.self
private extension Error {
func isTunnelError() -> Bool {
let te = self as NSError
return te.domain == TunnelKitErrorDomain
}
func isDataPathOverflow() -> Bool {
let te = self as NSError
return te.domain == TunnelKitErrorDomain && te.code == TunnelKitErrorCode.dataPathOverflow.rawValue
}
}
/// Observes major events notified by a `SessionProxy`.
public protocol SessionProxyDelegate: class {
@ -617,7 +605,12 @@ public class SessionProxy {
let cipherTextOut: Data
do {
cipherTextOut = try negotiationKey.tls.pullCipherText()
} catch {
} catch let e {
if let _ = e.tunnelKitErrorCode() {
log.error("TLS.auth: Failed pulling ciphertext (error: \(e))")
shutdown(error: e)
return
}
log.verbose("TLS.auth: Still can't pull ciphertext")
return
}
@ -643,7 +636,12 @@ public class SessionProxy {
let cipherTextOut: Data
do {
cipherTextOut = try negotiationKey.tls.pullCipherText()
} catch {
} catch let e {
if let _ = e.tunnelKitErrorCode() {
log.error("TLS.auth: Failed pulling ciphertext (error: \(e))")
shutdown(error: e)
return
}
log.verbose("TLS.ifconfig: Still can't pull ciphertext")
return
}
@ -726,7 +724,12 @@ public class SessionProxy {
let cipherTextOut: Data
do {
cipherTextOut = try negotiationKey.tls.pullCipherText()
} catch {
} catch let e {
if let _ = e.tunnelKitErrorCode() {
log.error("TLS.connect: Failed pulling ciphertext (error: \(e))")
shutdown(error: e)
return
}
deferStop(.shutdown, SessionError.tlsError)
return
}
@ -759,7 +762,12 @@ public class SessionProxy {
cipherTextOut = try negotiationKey.tls.pullCipherText()
log.debug("TLS.connect: Send pulled ciphertext (\(cipherTextOut.count) bytes)")
enqueueControlPackets(code: .controlV1, key: negotiationKey.id, payload: cipherTextOut)
} catch {
} catch let e {
if let _ = e.tunnelKitErrorCode() {
log.error("TLS.connect: Failed pulling ciphertext (error: \(e))")
shutdown(error: e)
return
}
log.verbose("TLS.connect: No available ciphertext to pull")
}
@ -989,7 +997,7 @@ public class SessionProxy {
tunnel?.writePackets(decryptedPackets, completionHandler: nil)
} catch let e {
guard !e.isTunnelError() else {
guard !e.isTunnelKitError() else {
deferStop(.shutdown, e)
return
}
@ -1024,7 +1032,7 @@ public class SessionProxy {
// log.verbose("Data: \(encryptedPackets.count) packets successfully written to LINK")
}
} catch let e {
guard !e.isTunnelError() else {
guard !e.isTunnelKitError() else {
deferStop(.shutdown, e)
return
}