Calculate and apply CIDR.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jeroen Leenarts
parent
b306149222
commit
d341c8e8e8
|
|
@ -117,4 +117,18 @@ struct CIDRAddress {
|
|||
|
||||
self.subnet = subnet
|
||||
}
|
||||
|
||||
var subnetString: String {
|
||||
// We could calculate these.
|
||||
|
||||
var bitMask: UInt32 = 0b11111111111111111111111111111111
|
||||
bitMask = bitMask << (32 - subnet)
|
||||
|
||||
let first = UInt8(truncatingIfNeeded: bitMask >> 24)
|
||||
let second = UInt8(truncatingIfNeeded: bitMask >> 16 )
|
||||
let third = UInt8(truncatingIfNeeded: bitMask >> 8)
|
||||
let fourth = UInt8(truncatingIfNeeded: bitMask)
|
||||
|
||||
return "\(first).\(second).\(third).\(fourth)"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,34 +34,37 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
|
|||
let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? ""
|
||||
let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",")
|
||||
|
||||
settings.split(separator: "\n").forEach {os_log("Tunnel config: %{public}s", log: Log.general, type: .info, String($0))}
|
||||
let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
|
||||
let validatedAddresses = addresses.compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 }
|
||||
|
||||
if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) {
|
||||
//TODO: Hardcoded values for addresses
|
||||
// IPv4 settings
|
||||
let ipv4Settings = NEIPv4Settings(addresses: ["10.50.10.171"], subnetMasks: ["255.255.224.0"])
|
||||
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
|
||||
let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
|
||||
ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
|
||||
NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
|
||||
|
||||
// IPv6 settings
|
||||
//TODO: Hardcoded values for address
|
||||
let ipv6Settings = NEIPv6Settings(addresses: ["2607:f938:3001:4000::aac"], networkPrefixLengths: [64])
|
||||
ipv6Settings.includedRoutes = [NEIPv6Route.default()]
|
||||
ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
|
||||
|
||||
//TODO: Hardcoded values for tunnelRemoteAddress
|
||||
let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
|
||||
|
||||
newSettings.ipv4Settings = ipv4Settings
|
||||
//TODO apply IPv6
|
||||
// newSettings.ipv6Settings = ipv6Settings
|
||||
newSettings.tunnelOverheadBytes = 80
|
||||
|
||||
// IPv4 settings
|
||||
let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4}
|
||||
if validatedIPv4Addresses.count > 0 {
|
||||
let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString })
|
||||
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
|
||||
ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
|
||||
NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
|
||||
|
||||
newSettings.ipv4Settings = ipv4Settings
|
||||
}
|
||||
|
||||
// IPv6 settings
|
||||
let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6}
|
||||
if validatedIPv6Addresses.count > 0 {
|
||||
let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) })
|
||||
ipv6Settings.includedRoutes = [NEIPv6Route.default()]
|
||||
ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
|
||||
|
||||
newSettings.ipv6Settings = ipv6Settings
|
||||
}
|
||||
|
||||
if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String {
|
||||
var splitDnsEntries = dns.split(separator: ",").map {String($0)}
|
||||
//TODO apple IPv6 DNS
|
||||
// splitDnsEntries.append("2606:ed00:2:babe::2")
|
||||
let splitDnsEntries = dns.split(separator: ",").map {String($0)}
|
||||
let dnsSettings = NEDNSSettings(servers: splitDnsEntries)
|
||||
newSettings.dnsSettings = dnsSettings
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,4 +120,73 @@ class ValidatorsTests: XCTestCase {
|
|||
executeTest(stringRepresentation: "12345")
|
||||
}
|
||||
|
||||
func testIPv4CIDRAddressSubnetConversion() throws {
|
||||
// swiftlint:disable force_try
|
||||
let cidrAddress1 = try! CIDRAddress(stringRepresentation: "128.0.0.0/1")!
|
||||
XCTAssertEqual(cidrAddress1.ipAddress, cidrAddress1.subnetString)
|
||||
let cidrAddress2 = try! CIDRAddress(stringRepresentation: "192.0.0.0/2")!
|
||||
XCTAssertEqual(cidrAddress2.ipAddress, cidrAddress2.subnetString)
|
||||
let cidrAddress3 = try! CIDRAddress(stringRepresentation: "224.0.0.0/3")!
|
||||
XCTAssertEqual(cidrAddress3.ipAddress, cidrAddress3.subnetString)
|
||||
let cidrAddress4 = try! CIDRAddress(stringRepresentation: "240.0.0.0/4")!
|
||||
XCTAssertEqual(cidrAddress4.ipAddress, cidrAddress4.subnetString)
|
||||
let cidrAddress5 = try! CIDRAddress(stringRepresentation: "248.0.0.0/5")!
|
||||
XCTAssertEqual(cidrAddress5.ipAddress, cidrAddress5.subnetString)
|
||||
let cidrAddress6 = try! CIDRAddress(stringRepresentation: "252.0.0.0/6")!
|
||||
XCTAssertEqual(cidrAddress6.ipAddress, cidrAddress6.subnetString)
|
||||
let cidrAddress7 = try! CIDRAddress(stringRepresentation: "254.0.0.0/7")!
|
||||
XCTAssertEqual(cidrAddress7.ipAddress, cidrAddress7.subnetString)
|
||||
let cidrAddress8 = try! CIDRAddress(stringRepresentation: "255.0.0.0/8")!
|
||||
XCTAssertEqual(cidrAddress8.ipAddress, cidrAddress8.subnetString)
|
||||
let cidrAddress9 = try! CIDRAddress(stringRepresentation: "255.128.0.0/9")!
|
||||
XCTAssertEqual(cidrAddress9.ipAddress, cidrAddress9.subnetString)
|
||||
let cidrAddress10 = try! CIDRAddress(stringRepresentation: "255.192.0.0/10")!
|
||||
XCTAssertEqual(cidrAddress10.ipAddress, cidrAddress10.subnetString)
|
||||
let cidrAddress11 = try! CIDRAddress(stringRepresentation: "255.224.0.0/11")!
|
||||
XCTAssertEqual(cidrAddress11.ipAddress, cidrAddress11.subnetString)
|
||||
let cidrAddress12 = try! CIDRAddress(stringRepresentation: "255.240.0.0/12")!
|
||||
XCTAssertEqual(cidrAddress12.ipAddress, cidrAddress12.subnetString)
|
||||
let cidrAddress13 = try! CIDRAddress(stringRepresentation: "255.248.0.0/13")!
|
||||
XCTAssertEqual(cidrAddress13.ipAddress, cidrAddress13.subnetString)
|
||||
let cidrAddress14 = try! CIDRAddress(stringRepresentation: "255.252.0.0/14")!
|
||||
XCTAssertEqual(cidrAddress14.ipAddress, cidrAddress14.subnetString)
|
||||
let cidrAddress15 = try! CIDRAddress(stringRepresentation: "255.254.0.0/15")!
|
||||
XCTAssertEqual(cidrAddress15.ipAddress, cidrAddress15.subnetString)
|
||||
let cidrAddress16 = try! CIDRAddress(stringRepresentation: "255.255.0.0/16")!
|
||||
XCTAssertEqual(cidrAddress16.ipAddress, cidrAddress16.subnetString)
|
||||
let cidrAddress17 = try! CIDRAddress(stringRepresentation: "255.255.128.0/17")!
|
||||
XCTAssertEqual(cidrAddress17.ipAddress, cidrAddress17.subnetString)
|
||||
let cidrAddress18 = try! CIDRAddress(stringRepresentation: "255.255.192.0/18")!
|
||||
XCTAssertEqual(cidrAddress18.ipAddress, cidrAddress18.subnetString)
|
||||
let cidrAddress19 = try! CIDRAddress(stringRepresentation: "255.255.224.0/19")!
|
||||
XCTAssertEqual(cidrAddress19.ipAddress, cidrAddress19.subnetString)
|
||||
let cidrAddress20 = try! CIDRAddress(stringRepresentation: "255.255.240.0/20")!
|
||||
XCTAssertEqual(cidrAddress20.ipAddress, cidrAddress20.subnetString)
|
||||
let cidrAddress21 = try! CIDRAddress(stringRepresentation: "255.255.248.0/21")!
|
||||
XCTAssertEqual(cidrAddress21.ipAddress, cidrAddress21.subnetString)
|
||||
let cidrAddress22 = try! CIDRAddress(stringRepresentation: "255.255.252.0/22")!
|
||||
XCTAssertEqual(cidrAddress22.ipAddress, cidrAddress22.subnetString)
|
||||
let cidrAddress23 = try! CIDRAddress(stringRepresentation: "255.255.254.0/23")!
|
||||
XCTAssertEqual(cidrAddress23.ipAddress, cidrAddress23.subnetString)
|
||||
let cidrAddress24 = try! CIDRAddress(stringRepresentation: "255.255.255.0/24")!
|
||||
XCTAssertEqual(cidrAddress24.ipAddress, cidrAddress24.subnetString)
|
||||
let cidrAddress25 = try! CIDRAddress(stringRepresentation: "255.255.255.128/25")!
|
||||
XCTAssertEqual(cidrAddress25.ipAddress, cidrAddress25.subnetString)
|
||||
let cidrAddress26 = try! CIDRAddress(stringRepresentation: "255.255.255.192/26")!
|
||||
XCTAssertEqual(cidrAddress26.ipAddress, cidrAddress26.subnetString)
|
||||
let cidrAddress27 = try! CIDRAddress(stringRepresentation: "255.255.255.224/27")!
|
||||
XCTAssertEqual(cidrAddress27.ipAddress, cidrAddress27.subnetString)
|
||||
let cidrAddress28 = try! CIDRAddress(stringRepresentation: "255.255.255.240/28")!
|
||||
XCTAssertEqual(cidrAddress28.ipAddress, cidrAddress28.subnetString)
|
||||
let cidrAddress29 = try! CIDRAddress(stringRepresentation: "255.255.255.248/29")!
|
||||
XCTAssertEqual(cidrAddress29.ipAddress, cidrAddress29.subnetString)
|
||||
let cidrAddress30 = try! CIDRAddress(stringRepresentation: "255.255.255.252/30")!
|
||||
XCTAssertEqual(cidrAddress30.ipAddress, cidrAddress30.subnetString)
|
||||
let cidrAddress31 = try! CIDRAddress(stringRepresentation: "255.255.255.254/31")!
|
||||
XCTAssertEqual(cidrAddress31.ipAddress, cidrAddress31.subnetString)
|
||||
let cidrAddress32 = try! CIDRAddress(stringRepresentation: "255.255.255.255/32")!
|
||||
XCTAssertEqual(cidrAddress32.ipAddress, cidrAddress32.subnetString)
|
||||
// swiftlint:enable force_try
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue