Do not read from packetFlow when tunnel is not yet fully initialized and configured.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

WireGuardNetworkExtension/WireGuardGoWrapper.h

@@ -12,6 +12,7 @@
 @interface WireGuardGoWrapper : NSObject
 
 @property (nonatomic, weak) NEPacketTunnelFlow *packetFlow;
+@property (nonatomic, assign) BOOL configured;
 
 - (BOOL) turnOnWithInterfaceName: (NSString *)interfaceName settingsString: (NSString *)settingsString;
 - (void) turnOff;

WireGuardNetworkExtension/WireGuardGoWrapper.m

@@ -37,6 +37,8 @@ static void do_log(int level, const char *tag, const char *msg);
 {
     self = [super init];
     if (self) {
+        self.handle = -1;
+        self.configured = false;
         self.condition = [NSCondition new];
     }
     return self;
@@ -59,7 +61,9 @@ static void do_log(int level, const char *tag, const char *msg);
 - (void) turnOff
 {
     self.isClosed = YES;
+    self.configured = NO;
     wgTurnOff(self.handle);
+    self.handle = -1;
 }
 
 + (NSString *)versionWireGuardGo {
@@ -83,6 +87,12 @@ static ssize_t do_read(const void *ctx, const unsigned char *buf, size_t len)
     WireGuardGoWrapper *wrapper = (__bridge WireGuardGoWrapper *)ctx;
     if (wrapper.isClosed) return -1;
 
+    if (wrapper.handle < 0 || !wrapper.configured ) {
+//        os_log_debug([WireGuardGoWrapper log], "do_read - early - on thread \"%{public}@\" - %d", NSThread.currentThread.name, (int)NSThread.currentThread);
+
+        return 0;
+    }
+
     if (wrapper.packets.count == 0) {
 
         dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{