passepartoutvpn
/
wireguard-apple
mirror of https://github.com/passepartoutvpn/wireguard-apple.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkExtension: use excludedRoutes instead of binding on iOS 

The networking stack there is to flaky and the notifier doesn't always
fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise
we're in trouble.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2019-05-25 13:48:51 +02:00 committed by Roopesh Chander
parent c30d491edc
commit 813dea6902
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
View File

@ -147,7 +147,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
if let packetTunnelSettingsGenerator = packetTunnelSettingsGenerator { if let packetTunnelSettingsGenerator = packetTunnelSettingsGenerator {
_ = packetTunnelSettingsGenerator.endpointUapiConfiguration().withGoString { return wgSetConfig(handle, $0) } _ = packetTunnelSettingsGenerator.endpointUapiConfiguration().withGoString { return wgSetConfig(handle, $0) }
} }
#endif #elseif os(macOS)
var interfaces = path.availableInterfaces var interfaces = path.availableInterfaces
if let ifname = ifname { if let ifname = ifname {
interfaces = interfaces.filter { $0.name != ifname } interfaces = interfaces.filter { $0.name != ifname }
@ -155,6 +155,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
if let ifscope = interfaces.first?.index { if let ifscope = interfaces.first?.index {
wgBindInterfaceScope(handle, Int32(ifscope)) wgBindInterfaceScope(handle, Int32(ifscope))
} }
#endif
} }
} }

23
WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
View File

@ -97,13 +97,16 @@ class PacketTunnelSettingsGenerator {
let (ipv4Routes, ipv6Routes) = routes() let (ipv4Routes, ipv6Routes) = routes()
let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes() let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes()
let (ipv4ExcludedRoutes, ipv6ExcludedRoutes) = excludedRoutes()
let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask }) let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask })
ipv4Settings.includedRoutes = ipv4IncludedRoutes ipv4Settings.includedRoutes = ipv4IncludedRoutes
ipv4Settings.excludedRoutes = ipv4ExcludedRoutes
networkSettings.ipv4Settings = ipv4Settings networkSettings.ipv4Settings = ipv4Settings
let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength }) let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength })
ipv6Settings.includedRoutes = ipv6IncludedRoutes ipv6Settings.includedRoutes = ipv6IncludedRoutes
ipv6Settings.excludedRoutes = ipv6ExcludedRoutes
networkSettings.ipv6Settings = ipv6Settings networkSettings.ipv6Settings = ipv6Settings
return networkSettings return networkSettings
@ -153,4 +156,24 @@ class PacketTunnelSettingsGenerator {
} }
return (ipv4IncludedRoutes, ipv6IncludedRoutes) return (ipv4IncludedRoutes, ipv6IncludedRoutes)
} }
private func excludedRoutes() -> ([NEIPv4Route]?, [NEIPv6Route]?) {
#if os(macOS)
return (nil, nil)
#elseif os(iOS)
var ipv4ExcludedRoutes = [NEIPv4Route]()
var ipv6ExcludedRoutes = [NEIPv6Route]()
for endpoint in resolvedEndpoints {
guard let host = endpoint?.host else { continue }
switch host {
case .ipv4(let v4):
ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(v4)", subnetMask: "255.255.255.255"))
case .ipv6(let v6):
ipv6ExcludedRoutes.append(NEIPv6Route(destinationAddress: "\(v6)", networkPrefixLength: 128))
default:
continue
}
}
return (ipv4ExcludedRoutes, ipv6ExcludedRoutes)
#endif
}
} }