Davide De Rosa
4dc9539260
Rename OptionsError to ConfigurationError
2019-04-04 18:51:06 +02:00
Davide De Rosa
a2250686b6
Merge OptionsBundle into Configuration
...
FIXME: issues with non-optional .cipher and .compressionFraming
Because:
- No pushed cipher (nil) is NOT .aes128cbc
- No pushed framing (nil) is NOT .disabled
Breaks conditions on pushed cipher/framing via PUSH_REPLY.
2019-04-04 18:51:06 +02:00
Davide De Rosa
7aec0637b2
Move endpoints inside SessionProxy.Configuration
...
Make optional.
TunnelKitProvider still gets hostname from .serverAddress rather
than SessionProxy.Configuration
Also drop useless Equatable implementations.
2019-04-04 13:09:50 +02:00
Davide De Rosa
9876c81de5
Parse PUSH_REPLY options in OptionsBundle
...
- auth-token
- peer-id
- Routing
Reorganize options by semantic.
Reuse OptionsBundle in PushReply.
2019-04-03 13:19:21 +02:00
Davide De Rosa
27901c991b
Skip deinit documentation
2019-04-02 19:18:23 +02:00
Davide De Rosa
44fb5a5b48
Track data count in shared UserDefaults
...
Default disabled (dataCountInterval = 0).
2019-03-30 19:56:26 +01:00
Davide De Rosa
9c4d491a3b
Make floating XXX a FIXME
2019-03-25 10:37:15 +01:00
Davide De Rosa
9c0205614b
Disable rebind-on-float until a solid fix
...
Mitigates #75
2019-03-25 10:10:08 +01:00
Davide De Rosa
79509a1ea1
Fix execution queue in network handler
2019-03-20 18:01:57 +01:00
Davide De Rosa
a5b8907918
Postpone shutdown until notification is written
...
Otherwise socket might be force-closed while sending the packet.
2019-03-20 17:57:56 +01:00
Davide De Rosa
c93461b153
Send explicit exit notification if UDP
...
Implement --explicit-exit-notify by default.
Fixes #29
2019-03-20 17:57:56 +01:00
Davide De Rosa
c6ab3b57db
Fix a few return in wrong scope
2019-03-20 17:57:56 +01:00
Davide De Rosa
4b9ffcfb4e
Accept LZO regardless of framing
2019-03-20 09:04:27 +01:00
Davide De Rosa
0eb0e3e478
Parse compression from several places
...
- PUSH_REPLY
- .ovpn configuration
- TunnelKitProvider
2019-03-19 15:14:29 +01:00
Davide De Rosa
08b04c8e02
Fix not propagated checksEKU flag
2019-03-18 17:27:48 +01:00
Davide De Rosa
7d69e09c53
Update copyright
2019-03-09 11:44:18 +01:00
Davide De Rosa
e3b8a6b16b
Shut down on link error
...
Because it doesn't seem to recover until the tunnel dies.
2019-03-08 13:08:54 +01:00
Davide De Rosa
8fe43269ab
Catch errors on CA MD5 calculation (PIA only)
2019-02-25 23:33:26 +01:00
Davide De Rosa
3aadaf0186
Shut down when server pushes compression enabled
2019-02-25 23:01:21 +01:00
Davide De Rosa
265aca0829
Make EKU verification optional in TLSBox
2019-02-25 11:16:26 +01:00
Davide De Rosa
8f328709c8
Wrap TKP.Configuration fields in SP.Configuration
...
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
Davide De Rosa
d6e27938bc
Make usesPIAPatches optional
...
For compatible decoding.
2018-10-25 18:34:03 +02:00
Davide De Rosa
197d29042c
Take a cache URL in SessionProxy to store PEMs
2018-10-25 18:34:03 +02:00
Davide De Rosa
ae85337e91
Mask log.debug
2018-10-24 18:47:41 +02:00
Davide De Rosa
b1a79d6451
Shut down on server-initiated HARD_RESET
...
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
Davide De Rosa
0b79ce4194
Handle server-initiated SOFT_RESET
2018-10-24 12:22:47 +02:00
Davide De Rosa
c32185b524
Review/complete mapping to ProviderError
...
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
Davide De Rosa
f5d9720b01
Halt TLS on internal failure
2018-10-23 23:44:25 +02:00
Davide De Rosa
f725779e0e
Convert ct pulling to try/catch
2018-10-23 22:47:04 +02:00
Davide De Rosa
28d9f3ee68
Add crypt strategy
2018-10-19 17:06:29 +02:00
Davide De Rosa
8ccc4c08a5
Add auth strategy
2018-10-19 16:20:56 +02:00
Davide De Rosa
66735ec118
Prepare API to enable TLS wrapping
...
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
Davide De Rosa
9b785084e2
Customize HARD_RESET payload when PIA-patched
2018-10-18 13:31:11 +02:00
Davide De Rosa
98c5a015f3
Split endpoint and credentials
...
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
Davide De Rosa
09210b727a
Use compression framing description
2018-09-28 08:40:14 +02:00
Davide De Rosa
668474d75c
Indent negotiated parameters in log
2018-09-21 19:53:38 +02:00
Davide De Rosa
1099d9adbf
Improve control channel log readability
...
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
Davide De Rosa
ce94a594f9
Bring code/key deserialization into serializer
...
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
Davide De Rosa
11cb312c02
Move control channel logic to PlainSerializer
2018-09-19 22:04:52 +02:00
Davide De Rosa
3608860b9d
Move sessionId and remoteSessionId
2018-09-19 22:04:52 +02:00
Davide De Rosa
1573b2070a
Move control queue management
...
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
Davide De Rosa
e6dd4de472
Move control data parsing
2018-09-19 22:04:52 +02:00
Davide De Rosa
19ce7de819
Encapsulate control state into ControlChannel
...
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
Davide De Rosa
d80c0b5460
Move in/out states to a generic struct
2018-09-19 22:04:52 +02:00
Davide De Rosa
2bd9484a43
Move ControlPacket serialization to Obj-C
...
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.
Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
Davide De Rosa
92dbb57666
Revert CommonPacket name to ControlPacket
2018-09-19 22:04:52 +02:00
Davide De Rosa
915638b163
Log negotiated parms at info level
...
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
Davide De Rosa
4af0ce8739
Refactor duplicate keep-alive code
2018-09-09 00:52:16 +02:00
Davide De Rosa
3a02557b5e
Override keep-alive with pushed interval
2018-09-09 00:52:16 +02:00
Davide De Rosa
01f65b2a7e
Always shut down on known tunnel error
...
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00