2018-11-06 18:04:53 +00:00
|
|
|
// SPDX-License-Identifier: MIT
|
2023-02-14 15:10:32 +00:00
|
|
|
// Copyright © 2018-2023 WireGuard LLC. All Rights Reserved.
|
2018-06-22 06:23:39 +00:00
|
|
|
|
2018-11-29 10:16:21 +00:00
|
|
|
import Foundation
|
2018-12-11 22:12:04 +00:00
|
|
|
import NetworkExtension
|
2020-11-19 12:29:31 +00:00
|
|
|
import os
|
2018-06-22 06:23:39 +00:00
|
|
|
|
|
|
|
class PacketTunnelProvider: NEPacketTunnelProvider {
|
2018-12-21 22:34:56 +00:00
|
|
|
|
2020-12-02 12:48:24 +00:00
|
|
|
private lazy var adapter: WireGuardAdapter = {
|
2024-03-23 19:25:41 +00:00
|
|
|
return WireGuardAdapter(with: self, backend: WireGuardBackendGo()) { logLevel, message in
|
2020-12-02 12:48:24 +00:00
|
|
|
wg_log(logLevel.osLogLevel, message: message)
|
|
|
|
}
|
|
|
|
}()
|
2020-06-19 10:51:55 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
|
|
|
|
let activationAttemptId = options?["activationAttemptId"] as? String
|
|
|
|
let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId)
|
2018-09-26 09:22:54 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
Logger.configureGlobal(tagged: "NET", withFilePath: FileManager.logFileURL?.path)
|
2018-12-22 04:41:54 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
wg_log(.info, message: "Starting tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
|
2020-06-19 10:51:55 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
|
|
|
|
let tunnelConfiguration = tunnelProviderProtocol.asTunnelConfiguration() else {
|
|
|
|
errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
|
|
|
|
completionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
|
|
|
|
return
|
|
|
|
}
|
2020-06-19 10:37:34 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
// Start the tunnel
|
|
|
|
adapter.start(tunnelConfiguration: tunnelConfiguration) { adapterError in
|
|
|
|
guard let adapterError = adapterError else {
|
|
|
|
let interfaceName = self.adapter.interfaceName ?? "unknown"
|
2020-06-19 10:51:55 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
wg_log(.info, message: "Tunnel interface is \(interfaceName)")
|
|
|
|
|
|
|
|
completionHandler(nil)
|
2020-06-19 10:51:55 +00:00
|
|
|
return
|
|
|
|
}
|
2020-11-19 12:29:31 +00:00
|
|
|
|
|
|
|
switch adapterError {
|
2020-12-02 12:42:15 +00:00
|
|
|
case .cannotLocateTunnelFileDescriptor:
|
|
|
|
wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
|
2020-11-19 12:29:31 +00:00
|
|
|
errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
|
|
|
|
completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
|
|
|
|
|
|
|
|
case .dnsResolution(let dnsErrors):
|
|
|
|
let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
|
|
|
|
.joined(separator: ", ")
|
|
|
|
wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
|
|
|
|
errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
|
|
|
|
completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
|
|
|
|
|
|
|
|
case .setNetworkSettings(let error):
|
|
|
|
wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
|
|
|
|
errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
|
|
|
|
completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
|
|
|
|
|
|
|
|
case .startWireGuardBackend(let errorCode):
|
|
|
|
wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
|
|
|
|
errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
|
|
|
|
completionHandler(PacketTunnelProviderError.couldNotStartBackend)
|
|
|
|
|
|
|
|
case .invalidState:
|
|
|
|
// Must never happen
|
|
|
|
fatalError()
|
2018-08-27 20:32:47 +00:00
|
|
|
}
|
2018-07-07 20:54:44 +00:00
|
|
|
}
|
2018-06-22 06:23:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
|
2020-11-19 12:29:31 +00:00
|
|
|
wg_log(.info, staticMessage: "Stopping tunnel")
|
2018-12-13 20:54:53 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
adapter.stop { error in
|
2020-12-02 12:43:09 +00:00
|
|
|
ErrorNotifier.removeLastErrorFile()
|
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
if let error = error {
|
|
|
|
wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
|
2020-06-19 10:51:55 +00:00
|
|
|
}
|
|
|
|
completionHandler()
|
|
|
|
|
|
|
|
#if os(macOS)
|
|
|
|
// HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
|
|
|
|
// Remove it when they finally fix this upstream and the fix has been rolled out to
|
|
|
|
// sufficient quantities of users.
|
|
|
|
exit(0)
|
|
|
|
#endif
|
2018-08-27 20:32:47 +00:00
|
|
|
}
|
2018-06-22 06:23:39 +00:00
|
|
|
}
|
|
|
|
|
2019-01-23 23:00:46 +00:00
|
|
|
override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
|
2020-11-19 12:29:31 +00:00
|
|
|
guard let completionHandler = completionHandler else { return }
|
2020-06-19 10:51:55 +00:00
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
if messageData.count == 1 && messageData[0] == 0 {
|
|
|
|
adapter.getRuntimeConfiguration { settings in
|
|
|
|
var data: Data?
|
|
|
|
if let settings = settings {
|
|
|
|
data = settings.data(using: .utf8)!
|
2020-06-19 10:51:55 +00:00
|
|
|
}
|
2020-11-19 12:29:31 +00:00
|
|
|
completionHandler(data)
|
2018-08-28 12:03:53 +00:00
|
|
|
}
|
2020-11-19 12:29:31 +00:00
|
|
|
} else {
|
|
|
|
completionHandler(nil)
|
2018-08-28 12:03:53 +00:00
|
|
|
}
|
|
|
|
}
|
2020-11-19 12:29:31 +00:00
|
|
|
}
|
2018-08-28 12:03:53 +00:00
|
|
|
|
2024-03-25 21:51:50 +00:00
|
|
|
extension PacketTunnelProvider: WireGuardAdapterDelegate {
|
|
|
|
public func adapterShouldReassert(_ adapter: WireGuardAdapter, reasserting: Bool) {
|
|
|
|
self.reasserting = reasserting
|
|
|
|
}
|
|
|
|
|
|
|
|
public func adapterShouldSetNetworkSettings(_ adapter: WireGuardAdapter, settings: Any?, completionHandler: ((Error?) -> Void)?) {
|
|
|
|
guard let settings = settings as? NEPacketTunnelNetworkSettings else {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
setTunnelNetworkSettings(settings, completionHandler: completionHandler)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-19 12:29:31 +00:00
|
|
|
extension WireGuardLogLevel {
|
|
|
|
var osLogLevel: OSLogType {
|
|
|
|
switch self {
|
2021-03-08 19:29:12 +00:00
|
|
|
case .verbose:
|
2020-11-19 12:29:31 +00:00
|
|
|
return .debug
|
|
|
|
case .error:
|
|
|
|
return .error
|
2019-01-22 12:09:38 +00:00
|
|
|
}
|
2018-08-28 12:04:38 +00:00
|
|
|
}
|
2018-06-22 06:23:39 +00:00
|
|
|
}
|