diff --git a/Demo/BasicTunnel-iOS/ViewController.swift b/Demo/BasicTunnel-iOS/ViewController.swift index 1496058..a48939d 100644 --- a/Demo/BasicTunnel-iOS/ViewController.swift +++ b/Demo/BasicTunnel-iOS/ViewController.swift @@ -99,6 +99,7 @@ extension ViewController { builder.endpointProtocols = [EndpointProtocol(socketType, port)] builder.mtu = 1350 builder.shouldDebug = true + builder.masksPrivateData = false let configuration = builder.build() return try! configuration.generatedTunnelProtocol( diff --git a/Demo/BasicTunnel-macOS/ViewController.swift b/Demo/BasicTunnel-macOS/ViewController.swift index d34efd3..657d84d 100644 --- a/Demo/BasicTunnel-macOS/ViewController.swift +++ b/Demo/BasicTunnel-macOS/ViewController.swift @@ -100,6 +100,7 @@ extension ViewController { builder.endpointProtocols = [EndpointProtocol(socketType, port)] builder.mtu = 1350 builder.shouldDebug = true + builder.masksPrivateData = false let configuration = builder.build() return try! configuration.generatedTunnelProtocol( diff --git a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift index cc9b55e..48801db 100644 --- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift +++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift @@ -70,7 +70,8 @@ extension TunnelKitProvider { dnsServers: nil ), shouldDebug: false, - debugLogFormat: nil + debugLogFormat: nil, + masksPrivateData: true ) /// Prefers resolved addresses over DNS resolution. `resolvedAddresses` must be set and non-empty. Default is `false`. @@ -98,6 +99,9 @@ extension TunnelKitProvider { /// Optional debug log format (SwiftyBeaver format). public var debugLogFormat: String? + /// Mask private data in debug log (default is `true`). + public var masksPrivateData: Bool + // MARK: Building /** @@ -113,6 +117,7 @@ extension TunnelKitProvider { self.sessionConfiguration = sessionConfiguration shouldDebug = ConfigurationBuilder.defaults.shouldDebug debugLogFormat = ConfigurationBuilder.defaults.debugLogFormat + masksPrivateData = ConfigurationBuilder.defaults.masksPrivateData } fileprivate init(providerConfiguration: [String: Any]) throws { @@ -187,10 +192,11 @@ extension TunnelKitProvider { sessionConfigurationBuilder.dnsServers = providerConfiguration[S.dnsServers] as? [String] sessionConfiguration = sessionConfigurationBuilder.build() - shouldDebug = providerConfiguration[S.debug] as? Bool ?? false + shouldDebug = providerConfiguration[S.debug] as? Bool ?? ConfigurationBuilder.defaults.shouldDebug if shouldDebug { debugLogFormat = providerConfiguration[S.debugLogFormat] as? String } + masksPrivateData = providerConfiguration[S.masksPrivateData] as? Bool ?? ConfigurationBuilder.defaults.masksPrivateData guard !prefersResolvedAddresses || !(resolvedAddresses?.isEmpty ?? true) else { throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.prefersResolvedAddresses)] is true but no [\(S.resolvedAddresses)]") @@ -210,7 +216,8 @@ extension TunnelKitProvider { mtu: mtu, sessionConfiguration: sessionConfiguration, shouldDebug: shouldDebug, - debugLogFormat: shouldDebug ? debugLogFormat : nil + debugLogFormat: shouldDebug ? debugLogFormat : nil, + masksPrivateData: masksPrivateData ) } } @@ -259,6 +266,8 @@ extension TunnelKitProvider { static let debug = "Debug" static let debugLogFormat = "DebugLogFormat" + + static let masksPrivateData = "MasksPrivateData" } /// - Seealso: `TunnelKitProvider.ConfigurationBuilder.prefersResolvedAddresses` @@ -282,6 +291,9 @@ extension TunnelKitProvider { /// - Seealso: `TunnelKitProvider.ConfigurationBuilder.debugLogFormat` public let debugLogFormat: String? + /// - Seealso: `TunnelKitProvider.ConfigurationBuilder.masksPrivateData` + public let masksPrivateData: Bool + // MARK: Shortcuts static let debugLogFilename = "debug.log" @@ -384,7 +396,8 @@ extension TunnelKitProvider { S.digestAlgorithm: sessionConfiguration.digest.rawValue, S.ca: sessionConfiguration.ca.pem, S.mtu: mtu, - S.debug: shouldDebug + S.debug: shouldDebug, + S.masksPrivateData: masksPrivateData ] if let clientCertificate = sessionConfiguration.clientCertificate { dict[S.clientCertificate] = clientCertificate.pem @@ -494,6 +507,7 @@ extension TunnelKitProvider { log.info("\tCustom DNS servers: \(dnsServers.maskedDescription)") } log.info("\tDebug: \(shouldDebug)") + log.info("\tMasks private data: \(masksPrivateData)") } } } diff --git a/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift b/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift index cca2912..347b7e1 100644 --- a/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift +++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift @@ -176,6 +176,9 @@ open class TunnelKitProvider: NEPacketTunnelProvider { customFormat: cfg.debugLogFormat ) + // override library configuration + CoreConfiguration.masksPrivateData = cfg.masksPrivateData + log.info("Starting tunnel...") cfg.clearLastError(in: appGroup) diff --git a/TunnelKit/Sources/Core/CoreConfiguration.swift b/TunnelKit/Sources/Core/CoreConfiguration.swift index d4cc9d7..19db18e 100644 --- a/TunnelKit/Sources/Core/CoreConfiguration.swift +++ b/TunnelKit/Sources/Core/CoreConfiguration.swift @@ -57,11 +57,12 @@ struct CoreConfiguration { }() // MARK: Session + + // configurable + static var masksPrivateData = true static let logsSensitiveData = false - static let masksPrivateData = true - static let usesReplayProtection = true static let tickInterval = 0.2