From 35d88eff60b4902bcf69112e59f569c569e3e810 Mon Sep 17 00:00:00 2001 From: Jeroen Leenarts Date: Thu, 16 Aug 2018 21:26:24 +0200 Subject: [PATCH] Calculate and apply CIDR. --- Shared/Validators.swift | 14 ++++ .../PacketTunnelProvider.swift | 47 +++++++------ WireGuardTests/ValidatorsTests.swift | 69 +++++++++++++++++++ 3 files changed, 108 insertions(+), 22 deletions(-) diff --git a/Shared/Validators.swift b/Shared/Validators.swift index aef1019..f065f0e 100644 --- a/Shared/Validators.swift +++ b/Shared/Validators.swift @@ -117,4 +117,18 @@ struct CIDRAddress { self.subnet = subnet } + + var subnetString: String { + // We could calculate these. + + var bitMask: UInt32 = 0b11111111111111111111111111111111 + bitMask = bitMask << (32 - subnet) + + let first = UInt8(truncatingIfNeeded: bitMask >> 24) + let second = UInt8(truncatingIfNeeded: bitMask >> 16 ) + let third = UInt8(truncatingIfNeeded: bitMask >> 8) + let fourth = UInt8(truncatingIfNeeded: bitMask) + + return "\(first).\(second).\(third).\(fourth)" + } } diff --git a/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuardNetworkExtension/PacketTunnelProvider.swift index d4ae9e3..4963ff4 100644 --- a/WireGuardNetworkExtension/PacketTunnelProvider.swift +++ b/WireGuardNetworkExtension/PacketTunnelProvider.swift @@ -34,34 +34,37 @@ class PacketTunnelProvider: NEPacketTunnelProvider { let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? "" let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",") - settings.split(separator: "\n").forEach {os_log("Tunnel config: %{public}s", log: Log.general, type: .info, String($0))} + let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0} + let validatedAddresses = addresses.compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 } if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) { - //TODO: Hardcoded values for addresses - // IPv4 settings - let ipv4Settings = NEIPv4Settings(addresses: ["10.50.10.171"], subnetMasks: ["255.255.224.0"]) - ipv4Settings.includedRoutes = [NEIPv4Route.default()] - let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0} - ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map { - NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")} - - // IPv6 settings - //TODO: Hardcoded values for address - let ipv6Settings = NEIPv6Settings(addresses: ["2607:f938:3001:4000::aac"], networkPrefixLengths: [64]) - ipv6Settings.includedRoutes = [NEIPv6Route.default()] - ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)} - //TODO: Hardcoded values for tunnelRemoteAddress let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60") - - newSettings.ipv4Settings = ipv4Settings - //TODO apply IPv6 -// newSettings.ipv6Settings = ipv6Settings newSettings.tunnelOverheadBytes = 80 + + // IPv4 settings + let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4} + if validatedIPv4Addresses.count > 0 { + let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString }) + ipv4Settings.includedRoutes = [NEIPv4Route.default()] + ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map { + NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")} + + newSettings.ipv4Settings = ipv4Settings + } + + // IPv6 settings + let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6} + if validatedIPv6Addresses.count > 0 { + let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) }) + ipv6Settings.includedRoutes = [NEIPv6Route.default()] + ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)} + + newSettings.ipv6Settings = ipv6Settings + } + if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String { - var splitDnsEntries = dns.split(separator: ",").map {String($0)} - //TODO apple IPv6 DNS -// splitDnsEntries.append("2606:ed00:2:babe::2") + let splitDnsEntries = dns.split(separator: ",").map {String($0)} let dnsSettings = NEDNSSettings(servers: splitDnsEntries) newSettings.dnsSettings = dnsSettings } diff --git a/WireGuardTests/ValidatorsTests.swift b/WireGuardTests/ValidatorsTests.swift index c3398bc..39182be 100644 --- a/WireGuardTests/ValidatorsTests.swift +++ b/WireGuardTests/ValidatorsTests.swift @@ -120,4 +120,73 @@ class ValidatorsTests: XCTestCase { executeTest(stringRepresentation: "12345") } + func testIPv4CIDRAddressSubnetConversion() throws { + // swiftlint:disable force_try + let cidrAddress1 = try! CIDRAddress(stringRepresentation: "128.0.0.0/1")! + XCTAssertEqual(cidrAddress1.ipAddress, cidrAddress1.subnetString) + let cidrAddress2 = try! CIDRAddress(stringRepresentation: "192.0.0.0/2")! + XCTAssertEqual(cidrAddress2.ipAddress, cidrAddress2.subnetString) + let cidrAddress3 = try! CIDRAddress(stringRepresentation: "224.0.0.0/3")! + XCTAssertEqual(cidrAddress3.ipAddress, cidrAddress3.subnetString) + let cidrAddress4 = try! CIDRAddress(stringRepresentation: "240.0.0.0/4")! + XCTAssertEqual(cidrAddress4.ipAddress, cidrAddress4.subnetString) + let cidrAddress5 = try! CIDRAddress(stringRepresentation: "248.0.0.0/5")! + XCTAssertEqual(cidrAddress5.ipAddress, cidrAddress5.subnetString) + let cidrAddress6 = try! CIDRAddress(stringRepresentation: "252.0.0.0/6")! + XCTAssertEqual(cidrAddress6.ipAddress, cidrAddress6.subnetString) + let cidrAddress7 = try! CIDRAddress(stringRepresentation: "254.0.0.0/7")! + XCTAssertEqual(cidrAddress7.ipAddress, cidrAddress7.subnetString) + let cidrAddress8 = try! CIDRAddress(stringRepresentation: "255.0.0.0/8")! + XCTAssertEqual(cidrAddress8.ipAddress, cidrAddress8.subnetString) + let cidrAddress9 = try! CIDRAddress(stringRepresentation: "255.128.0.0/9")! + XCTAssertEqual(cidrAddress9.ipAddress, cidrAddress9.subnetString) + let cidrAddress10 = try! CIDRAddress(stringRepresentation: "255.192.0.0/10")! + XCTAssertEqual(cidrAddress10.ipAddress, cidrAddress10.subnetString) + let cidrAddress11 = try! CIDRAddress(stringRepresentation: "255.224.0.0/11")! + XCTAssertEqual(cidrAddress11.ipAddress, cidrAddress11.subnetString) + let cidrAddress12 = try! CIDRAddress(stringRepresentation: "255.240.0.0/12")! + XCTAssertEqual(cidrAddress12.ipAddress, cidrAddress12.subnetString) + let cidrAddress13 = try! CIDRAddress(stringRepresentation: "255.248.0.0/13")! + XCTAssertEqual(cidrAddress13.ipAddress, cidrAddress13.subnetString) + let cidrAddress14 = try! CIDRAddress(stringRepresentation: "255.252.0.0/14")! + XCTAssertEqual(cidrAddress14.ipAddress, cidrAddress14.subnetString) + let cidrAddress15 = try! CIDRAddress(stringRepresentation: "255.254.0.0/15")! + XCTAssertEqual(cidrAddress15.ipAddress, cidrAddress15.subnetString) + let cidrAddress16 = try! CIDRAddress(stringRepresentation: "255.255.0.0/16")! + XCTAssertEqual(cidrAddress16.ipAddress, cidrAddress16.subnetString) + let cidrAddress17 = try! CIDRAddress(stringRepresentation: "255.255.128.0/17")! + XCTAssertEqual(cidrAddress17.ipAddress, cidrAddress17.subnetString) + let cidrAddress18 = try! CIDRAddress(stringRepresentation: "255.255.192.0/18")! + XCTAssertEqual(cidrAddress18.ipAddress, cidrAddress18.subnetString) + let cidrAddress19 = try! CIDRAddress(stringRepresentation: "255.255.224.0/19")! + XCTAssertEqual(cidrAddress19.ipAddress, cidrAddress19.subnetString) + let cidrAddress20 = try! CIDRAddress(stringRepresentation: "255.255.240.0/20")! + XCTAssertEqual(cidrAddress20.ipAddress, cidrAddress20.subnetString) + let cidrAddress21 = try! CIDRAddress(stringRepresentation: "255.255.248.0/21")! + XCTAssertEqual(cidrAddress21.ipAddress, cidrAddress21.subnetString) + let cidrAddress22 = try! CIDRAddress(stringRepresentation: "255.255.252.0/22")! + XCTAssertEqual(cidrAddress22.ipAddress, cidrAddress22.subnetString) + let cidrAddress23 = try! CIDRAddress(stringRepresentation: "255.255.254.0/23")! + XCTAssertEqual(cidrAddress23.ipAddress, cidrAddress23.subnetString) + let cidrAddress24 = try! CIDRAddress(stringRepresentation: "255.255.255.0/24")! + XCTAssertEqual(cidrAddress24.ipAddress, cidrAddress24.subnetString) + let cidrAddress25 = try! CIDRAddress(stringRepresentation: "255.255.255.128/25")! + XCTAssertEqual(cidrAddress25.ipAddress, cidrAddress25.subnetString) + let cidrAddress26 = try! CIDRAddress(stringRepresentation: "255.255.255.192/26")! + XCTAssertEqual(cidrAddress26.ipAddress, cidrAddress26.subnetString) + let cidrAddress27 = try! CIDRAddress(stringRepresentation: "255.255.255.224/27")! + XCTAssertEqual(cidrAddress27.ipAddress, cidrAddress27.subnetString) + let cidrAddress28 = try! CIDRAddress(stringRepresentation: "255.255.255.240/28")! + XCTAssertEqual(cidrAddress28.ipAddress, cidrAddress28.subnetString) + let cidrAddress29 = try! CIDRAddress(stringRepresentation: "255.255.255.248/29")! + XCTAssertEqual(cidrAddress29.ipAddress, cidrAddress29.subnetString) + let cidrAddress30 = try! CIDRAddress(stringRepresentation: "255.255.255.252/30")! + XCTAssertEqual(cidrAddress30.ipAddress, cidrAddress30.subnetString) + let cidrAddress31 = try! CIDRAddress(stringRepresentation: "255.255.255.254/31")! + XCTAssertEqual(cidrAddress31.ipAddress, cidrAddress31.subnetString) + let cidrAddress32 = try! CIDRAddress(stringRepresentation: "255.255.255.255/32")! + XCTAssertEqual(cidrAddress32.ipAddress, cidrAddress32.subnetString) + // swiftlint:enable force_try + } + }