Commit Graph

108 Commits

Author SHA1 Message Date
Andrej Mihajlov 30406dec6d wireguard-go-bridge: use C string instead of gostring_t
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-07 22:35:57 +01:00
Jason A. Donenfeld 437f0dc46d Revert "NetworkExtension: don't use exit(0) hack on Catalina"
This reverts commit 3619279a65d9a506fb13d7f24909b38a5202fa8f.

Still broken!

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 16:51:50 +02:00
Jason A. Donenfeld 1b6170cbc9 NetworkExtension: don't use exit(0) hack on Catalina
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 11:44:13 +02:00
Jason A. Donenfeld e70c397e54 TunnelProvider: remove all cleverness
This will cause more socket flaps than necessary but hopefully will fix
some bugs.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-10 18:47:39 +02:00
Jason A. Donenfeld c7b7b1247b TunnelProvider: store the entire NWPath
Otherwise [utun0, en0] == [en0, utun0] before WiFi has connected, and we
wind up not rebinding after WiFi does successfully connect, which means
people have trouble when resuming from sleep.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-09 11:39:06 +02:00
Jason A. Donenfeld 168ba2da8a NetworkExtension: bump sockets on path change
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 17:29:29 +02:00
Jason A. Donenfeld 0340641c4c NetworkExtension: apparently the extension process is scoped properly anyway
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Jason A. Donenfeld 813dea6902 NetworkExtension: use excludedRoutes instead of binding on iOS
The networking stack there is to flaky and the notifier doesn't always
fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise
we're in trouble.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Roopesh Chander d9e88c51bd Swift 5 migration: Fix switch warnings
We now get a warning when switching over enums from system
frameworks even when we handle all public cases because
there can be future cases that aren't handled.

When such a future case is introduced, we'll get a warning.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-04-09 11:25:04 +05:30
Jason A. Donenfeld a6f80135ef ringlogger: support mpsc for singlefile
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-17 08:51:27 +01:00
Jason A. Donenfeld 0e2556544e Global: fix swiftlint issues
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 17:07:28 +01:00
Jason A. Donenfeld a231410c52 Info.plist: Add missing key types
I worry that LSMinimumSystemVersion in the extension's plist might be
problematic, since that same plist runs on macOS and iOS. We _might_
need to bifurcate.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:47:36 +01:00
Jason A. Donenfeld 0539929d0c Key: Use C implementation instead
Swift compiles so slowly and it's unclear all of the insane type punning
was even correct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:23:15 +01:00
Jason A. Donenfeld 05547861b6 Key: Constant time encoding
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:23:15 +01:00
Jason A. Donenfeld 394a0cbeb0 PacketTunnelProvider: proper fix for 32073323
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-07 15:01:37 +01:00
Jason A. Donenfeld 8c3557a907 Keychain: store configurations in keychain instead of providerConfig
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-06 06:20:23 +01:00
Jason A. Donenfeld 22625e8cc4 Tunnel: support getting runtime configuration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 01:37:57 +01:00
Jason A. Donenfeld 668c4a475c macOS: remove mobile network tweeks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-22 13:11:28 +01:00
Roopesh Chander 273ee04450 Better os() directives
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-22 04:06:37 +05:30
Roopesh Chander f63c9fd598 macOS: Use tunnelOverheadBytes for automatic MTU in macOS
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-16 01:51:56 +05:30
Roopesh Chander 629009d3be macOS: NE: Add entitlements for making network connections
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander d7d4355f5e Make app groups work on both iOS and macOS
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander c8cd663a05 iOS: Fix WireGuardNetworkExtensioniOS target
- Rename WireGuardNetworkExtension.entitlements to WireGuardNetworkExtension_iOS.entitlements

Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander b32b897181 macOS: Fix WireGuardNetworkExtensionmacOS target
- Build using common network extension code
- Add run scripts
- Set Info.plist to common network extension's Info.plist
- Move entitlements to common network extension folder
- Remove Xcode-generated macOS network extension code
- Set Swift-Obj-C bridging header

Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:27 +05:30
Roopesh Chander d02b0fd10e xcconfig: Make app id platform-specific
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:26 +05:30
Jason A. Donenfeld 49f287439e PacketTunnelSettingsGenerator: use 127.0.0.1 as dummy address
It turns out that using 0.0.0.0 somehow conflicts with DNS lookups when
CLAT is in use.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-08 01:51:12 +01:00
Jason A. Donenfeld 150cd119c7 Avoid dynamic MTU calculations for now
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:23:39 -05:00
Jason A. Donenfeld e2384e143c Update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:23:39 -05:00
Jason A. Donenfeld 0b828f9b96 Rework DNS and routes in network extension
The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.

But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.

Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-28 19:38:03 +01:00
Jason A. Donenfeld c9c343cde2 NetworkExtension: rescope socket instead of tearing down socket
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-26 01:17:55 +01:00
Jason A. Donenfeld 129f94dccd Rely on availability of fd only after setting network settings
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 18:29:54 +01:00
Jason A. Donenfeld dddbf3b370 Retain aggressive socket reestablishment for now
This can be reverted once we've done more testing.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 15:45:09 +01:00
Eric Kuck 0bec5b04b0 All models now Equatable
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 22:57:17 -06:00
Jason A. Donenfeld b0b6866c51 Do not crash if we can't get socket.fileDescriptor
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 05:13:04 +01:00
Eric Kuck 9098cd1161 Removing a tunnel from iOS's settings is now immediately reflected in app
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 21:59:43 -06:00
Jason A. Donenfeld 8365adf435 Localize remaining strings in network extension
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 03:42:01 +01:00
Jason A. Donenfeld f2000aa1da Combine double log invocations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 02:21:07 +01:00
Jason A. Donenfeld 4ed646973e Move name from interface to tunnel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 00:28:18 +01:00
Jason A. Donenfeld 7b9d4cb9e3 Nuke trailing spaces
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 23:34:56 +01:00
Eric Kuck 1fecd8eb6c providerConfiguration is now a WgQuickConfig
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:32:08 -06:00
Jason A. Donenfeld accf60b82f Do not require NetworkExtension to know its own name
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 22:05:47 +01:00
Jason A. Donenfeld ec031b1f19 Get rid of superflous isActivateOnDemandEnabled key
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 18:50:32 +01:00
Eric Kuck 8553723e04 Updated NETunnelProvider save format
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:42:16 +01:00
Jason A. Donenfeld 38445114e0 NE: simplify logic
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 15:56:03 +01:00
Roopesh Chander a21c569e9f NE: Simplify DNS resolution
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 19:24:22 +05:30
Roopesh Chander f818cdd963 NE: Update listen port only when first interface changes
When handling network path changes, change the listen port
only when the first interface has changed.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 17:32:44 +05:30
Roopesh Chander 28ce4d5164 NE: Change handling of bad domain names and Activate On Demand
The solution implemented in commit b8c331c causes the tunnel to
remain in 'Activating' state, without the ability to cancel that.

So, in this commit, instead of retrying DNS silently on
Activated-On-Demand tunnels, we fail the startTunnel() silently.

To summarize, if activate-on-demand is on:
- If started from the WireGuard app, show error using lastErrorFile
mechanism, suggesting a way to turn off Activate On Demand
- If not started from WireGuard app, don't call displayMessage()
(don't show error to user) and silently fail starting the tunnel

Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 15:52:47 +05:30
Eric Kuck a89ad95901 Enabled more swiftlint rules
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-20 11:22:37 -06:00
Roopesh Chander 5c501ac9a6 NE: Log whether tunnel was activated from the app or not
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30
Roopesh Chander 35450bf407 Remove non-helpful comments
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30