Calculate and apply CIDR.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jeroen Leenarts 2018-08-16 21:26:24 +02:00
parent b306149222
commit d341c8e8e8
3 changed files with 108 additions and 22 deletions

View File

@ -117,4 +117,18 @@ struct CIDRAddress {
self.subnet = subnet self.subnet = subnet
} }
var subnetString: String {
// We could calculate these.
var bitMask: UInt32 = 0b11111111111111111111111111111111
bitMask = bitMask << (32 - subnet)
let first = UInt8(truncatingIfNeeded: bitMask >> 24)
let second = UInt8(truncatingIfNeeded: bitMask >> 16 )
let third = UInt8(truncatingIfNeeded: bitMask >> 8)
let fourth = UInt8(truncatingIfNeeded: bitMask)
return "\(first).\(second).\(third).\(fourth)"
}
} }

View File

@ -34,34 +34,37 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? "" let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? ""
let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",") let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",")
settings.split(separator: "\n").forEach {os_log("Tunnel config: %{public}s", log: Log.general, type: .info, String($0))} let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
let validatedAddresses = addresses.compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 }
if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) { if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) {
//TODO: Hardcoded values for addresses
// IPv4 settings
let ipv4Settings = NEIPv4Settings(addresses: ["10.50.10.171"], subnetMasks: ["255.255.224.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
// IPv6 settings
//TODO: Hardcoded values for address
let ipv6Settings = NEIPv6Settings(addresses: ["2607:f938:3001:4000::aac"], networkPrefixLengths: [64])
ipv6Settings.includedRoutes = [NEIPv6Route.default()]
ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
//TODO: Hardcoded values for tunnelRemoteAddress //TODO: Hardcoded values for tunnelRemoteAddress
let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60") let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
newSettings.ipv4Settings = ipv4Settings
//TODO apply IPv6
// newSettings.ipv6Settings = ipv6Settings
newSettings.tunnelOverheadBytes = 80 newSettings.tunnelOverheadBytes = 80
// IPv4 settings
let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4}
if validatedIPv4Addresses.count > 0 {
let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString })
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
newSettings.ipv4Settings = ipv4Settings
}
// IPv6 settings
let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6}
if validatedIPv6Addresses.count > 0 {
let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) })
ipv6Settings.includedRoutes = [NEIPv6Route.default()]
ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
newSettings.ipv6Settings = ipv6Settings
}
if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String { if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String {
var splitDnsEntries = dns.split(separator: ",").map {String($0)} let splitDnsEntries = dns.split(separator: ",").map {String($0)}
//TODO apple IPv6 DNS
// splitDnsEntries.append("2606:ed00:2:babe::2")
let dnsSettings = NEDNSSettings(servers: splitDnsEntries) let dnsSettings = NEDNSSettings(servers: splitDnsEntries)
newSettings.dnsSettings = dnsSettings newSettings.dnsSettings = dnsSettings
} }

View File

@ -120,4 +120,73 @@ class ValidatorsTests: XCTestCase {
executeTest(stringRepresentation: "12345") executeTest(stringRepresentation: "12345")
} }
func testIPv4CIDRAddressSubnetConversion() throws {
// swiftlint:disable force_try
let cidrAddress1 = try! CIDRAddress(stringRepresentation: "128.0.0.0/1")!
XCTAssertEqual(cidrAddress1.ipAddress, cidrAddress1.subnetString)
let cidrAddress2 = try! CIDRAddress(stringRepresentation: "192.0.0.0/2")!
XCTAssertEqual(cidrAddress2.ipAddress, cidrAddress2.subnetString)
let cidrAddress3 = try! CIDRAddress(stringRepresentation: "224.0.0.0/3")!
XCTAssertEqual(cidrAddress3.ipAddress, cidrAddress3.subnetString)
let cidrAddress4 = try! CIDRAddress(stringRepresentation: "240.0.0.0/4")!
XCTAssertEqual(cidrAddress4.ipAddress, cidrAddress4.subnetString)
let cidrAddress5 = try! CIDRAddress(stringRepresentation: "248.0.0.0/5")!
XCTAssertEqual(cidrAddress5.ipAddress, cidrAddress5.subnetString)
let cidrAddress6 = try! CIDRAddress(stringRepresentation: "252.0.0.0/6")!
XCTAssertEqual(cidrAddress6.ipAddress, cidrAddress6.subnetString)
let cidrAddress7 = try! CIDRAddress(stringRepresentation: "254.0.0.0/7")!
XCTAssertEqual(cidrAddress7.ipAddress, cidrAddress7.subnetString)
let cidrAddress8 = try! CIDRAddress(stringRepresentation: "255.0.0.0/8")!
XCTAssertEqual(cidrAddress8.ipAddress, cidrAddress8.subnetString)
let cidrAddress9 = try! CIDRAddress(stringRepresentation: "255.128.0.0/9")!
XCTAssertEqual(cidrAddress9.ipAddress, cidrAddress9.subnetString)
let cidrAddress10 = try! CIDRAddress(stringRepresentation: "255.192.0.0/10")!
XCTAssertEqual(cidrAddress10.ipAddress, cidrAddress10.subnetString)
let cidrAddress11 = try! CIDRAddress(stringRepresentation: "255.224.0.0/11")!
XCTAssertEqual(cidrAddress11.ipAddress, cidrAddress11.subnetString)
let cidrAddress12 = try! CIDRAddress(stringRepresentation: "255.240.0.0/12")!
XCTAssertEqual(cidrAddress12.ipAddress, cidrAddress12.subnetString)
let cidrAddress13 = try! CIDRAddress(stringRepresentation: "255.248.0.0/13")!
XCTAssertEqual(cidrAddress13.ipAddress, cidrAddress13.subnetString)
let cidrAddress14 = try! CIDRAddress(stringRepresentation: "255.252.0.0/14")!
XCTAssertEqual(cidrAddress14.ipAddress, cidrAddress14.subnetString)
let cidrAddress15 = try! CIDRAddress(stringRepresentation: "255.254.0.0/15")!
XCTAssertEqual(cidrAddress15.ipAddress, cidrAddress15.subnetString)
let cidrAddress16 = try! CIDRAddress(stringRepresentation: "255.255.0.0/16")!
XCTAssertEqual(cidrAddress16.ipAddress, cidrAddress16.subnetString)
let cidrAddress17 = try! CIDRAddress(stringRepresentation: "255.255.128.0/17")!
XCTAssertEqual(cidrAddress17.ipAddress, cidrAddress17.subnetString)
let cidrAddress18 = try! CIDRAddress(stringRepresentation: "255.255.192.0/18")!
XCTAssertEqual(cidrAddress18.ipAddress, cidrAddress18.subnetString)
let cidrAddress19 = try! CIDRAddress(stringRepresentation: "255.255.224.0/19")!
XCTAssertEqual(cidrAddress19.ipAddress, cidrAddress19.subnetString)
let cidrAddress20 = try! CIDRAddress(stringRepresentation: "255.255.240.0/20")!
XCTAssertEqual(cidrAddress20.ipAddress, cidrAddress20.subnetString)
let cidrAddress21 = try! CIDRAddress(stringRepresentation: "255.255.248.0/21")!
XCTAssertEqual(cidrAddress21.ipAddress, cidrAddress21.subnetString)
let cidrAddress22 = try! CIDRAddress(stringRepresentation: "255.255.252.0/22")!
XCTAssertEqual(cidrAddress22.ipAddress, cidrAddress22.subnetString)
let cidrAddress23 = try! CIDRAddress(stringRepresentation: "255.255.254.0/23")!
XCTAssertEqual(cidrAddress23.ipAddress, cidrAddress23.subnetString)
let cidrAddress24 = try! CIDRAddress(stringRepresentation: "255.255.255.0/24")!
XCTAssertEqual(cidrAddress24.ipAddress, cidrAddress24.subnetString)
let cidrAddress25 = try! CIDRAddress(stringRepresentation: "255.255.255.128/25")!
XCTAssertEqual(cidrAddress25.ipAddress, cidrAddress25.subnetString)
let cidrAddress26 = try! CIDRAddress(stringRepresentation: "255.255.255.192/26")!
XCTAssertEqual(cidrAddress26.ipAddress, cidrAddress26.subnetString)
let cidrAddress27 = try! CIDRAddress(stringRepresentation: "255.255.255.224/27")!
XCTAssertEqual(cidrAddress27.ipAddress, cidrAddress27.subnetString)
let cidrAddress28 = try! CIDRAddress(stringRepresentation: "255.255.255.240/28")!
XCTAssertEqual(cidrAddress28.ipAddress, cidrAddress28.subnetString)
let cidrAddress29 = try! CIDRAddress(stringRepresentation: "255.255.255.248/29")!
XCTAssertEqual(cidrAddress29.ipAddress, cidrAddress29.subnetString)
let cidrAddress30 = try! CIDRAddress(stringRepresentation: "255.255.255.252/30")!
XCTAssertEqual(cidrAddress30.ipAddress, cidrAddress30.subnetString)
let cidrAddress31 = try! CIDRAddress(stringRepresentation: "255.255.255.254/31")!
XCTAssertEqual(cidrAddress31.ipAddress, cidrAddress31.subnetString)
let cidrAddress32 = try! CIDRAddress(stringRepresentation: "255.255.255.255/32")!
XCTAssertEqual(cidrAddress32.ipAddress, cidrAddress32.subnetString)
// swiftlint:enable force_try
}
} }