Andrej Mihajlov
30406dec6d
wireguard-go-bridge: use C string instead of gostring_t
...
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-07 22:35:57 +01:00
Jason A. Donenfeld
437f0dc46d
Revert "NetworkExtension: don't use exit(0) hack on Catalina"
...
This reverts commit 3619279a65d9a506fb13d7f24909b38a5202fa8f.
Still broken!
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 16:51:50 +02:00
Jason A. Donenfeld
1b6170cbc9
NetworkExtension: don't use exit(0) hack on Catalina
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 11:44:13 +02:00
Jason A. Donenfeld
e70c397e54
TunnelProvider: remove all cleverness
...
This will cause more socket flaps than necessary but hopefully will fix
some bugs.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-10 18:47:39 +02:00
Jason A. Donenfeld
c7b7b1247b
TunnelProvider: store the entire NWPath
...
Otherwise [utun0, en0] == [en0, utun0] before WiFi has connected, and we
wind up not rebinding after WiFi does successfully connect, which means
people have trouble when resuming from sleep.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-09 11:39:06 +02:00
Jason A. Donenfeld
168ba2da8a
NetworkExtension: bump sockets on path change
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 17:29:29 +02:00
Jason A. Donenfeld
0340641c4c
NetworkExtension: apparently the extension process is scoped properly anyway
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Jason A. Donenfeld
813dea6902
NetworkExtension: use excludedRoutes instead of binding on iOS
...
The networking stack there is to flaky and the notifier doesn't always
fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise
we're in trouble.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Roopesh Chander
d9e88c51bd
Swift 5 migration: Fix switch warnings
...
We now get a warning when switching over enums from system
frameworks even when we handle all public cases because
there can be future cases that aren't handled.
When such a future case is introduced, we'll get a warning.
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-04-09 11:25:04 +05:30
Jason A. Donenfeld
a6f80135ef
ringlogger: support mpsc for singlefile
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-17 08:51:27 +01:00
Jason A. Donenfeld
0e2556544e
Global: fix swiftlint issues
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 17:07:28 +01:00
Jason A. Donenfeld
a231410c52
Info.plist: Add missing key types
...
I worry that LSMinimumSystemVersion in the extension's plist might be
problematic, since that same plist runs on macOS and iOS. We _might_
need to bifurcate.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:47:36 +01:00
Jason A. Donenfeld
0539929d0c
Key: Use C implementation instead
...
Swift compiles so slowly and it's unclear all of the insane type punning
was even correct.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:23:15 +01:00
Jason A. Donenfeld
05547861b6
Key: Constant time encoding
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 03:23:15 +01:00
Jason A. Donenfeld
394a0cbeb0
PacketTunnelProvider: proper fix for 32073323
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-07 15:01:37 +01:00
Jason A. Donenfeld
8c3557a907
Keychain: store configurations in keychain instead of providerConfig
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-06 06:20:23 +01:00
Jason A. Donenfeld
22625e8cc4
Tunnel: support getting runtime configuration
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 01:37:57 +01:00
Jason A. Donenfeld
668c4a475c
macOS: remove mobile network tweeks
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-22 13:11:28 +01:00
Roopesh Chander
273ee04450
Better os() directives
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-22 04:06:37 +05:30
Roopesh Chander
f63c9fd598
macOS: Use tunnelOverheadBytes for automatic MTU in macOS
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-16 01:51:56 +05:30
Roopesh Chander
629009d3be
macOS: NE: Add entitlements for making network connections
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander
d7d4355f5e
Make app groups work on both iOS and macOS
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander
c8cd663a05
iOS: Fix WireGuardNetworkExtensioniOS target
...
- Rename WireGuardNetworkExtension.entitlements to WireGuardNetworkExtension_iOS.entitlements
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:28 +05:30
Roopesh Chander
b32b897181
macOS: Fix WireGuardNetworkExtensionmacOS target
...
- Build using common network extension code
- Add run scripts
- Set Info.plist to common network extension's Info.plist
- Move entitlements to common network extension folder
- Remove Xcode-generated macOS network extension code
- Set Swift-Obj-C bridging header
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:27 +05:30
Roopesh Chander
d02b0fd10e
xcconfig: Make app id platform-specific
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2019-01-14 14:52:26 +05:30
Jason A. Donenfeld
49f287439e
PacketTunnelSettingsGenerator: use 127.0.0.1 as dummy address
...
It turns out that using 0.0.0.0 somehow conflicts with DNS lookups when
CLAT is in use.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-08 01:51:12 +01:00
Jason A. Donenfeld
150cd119c7
Avoid dynamic MTU calculations for now
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:23:39 -05:00
Jason A. Donenfeld
e2384e143c
Update copyright
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:23:39 -05:00
Jason A. Donenfeld
0b828f9b96
Rework DNS and routes in network extension
...
The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.
But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.
Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-28 19:38:03 +01:00
Jason A. Donenfeld
c9c343cde2
NetworkExtension: rescope socket instead of tearing down socket
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-26 01:17:55 +01:00
Jason A. Donenfeld
129f94dccd
Rely on availability of fd only after setting network settings
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 18:29:54 +01:00
Jason A. Donenfeld
dddbf3b370
Retain aggressive socket reestablishment for now
...
This can be reverted once we've done more testing.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 15:45:09 +01:00
Eric Kuck
0bec5b04b0
All models now Equatable
...
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 22:57:17 -06:00
Jason A. Donenfeld
b0b6866c51
Do not crash if we can't get socket.fileDescriptor
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 05:13:04 +01:00
Eric Kuck
9098cd1161
Removing a tunnel from iOS's settings is now immediately reflected in app
...
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 21:59:43 -06:00
Jason A. Donenfeld
8365adf435
Localize remaining strings in network extension
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 03:42:01 +01:00
Jason A. Donenfeld
f2000aa1da
Combine double log invocations
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 02:21:07 +01:00
Jason A. Donenfeld
4ed646973e
Move name from interface to tunnel
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 00:28:18 +01:00
Jason A. Donenfeld
7b9d4cb9e3
Nuke trailing spaces
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 23:34:56 +01:00
Eric Kuck
1fecd8eb6c
providerConfiguration is now a WgQuickConfig
...
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:32:08 -06:00
Jason A. Donenfeld
accf60b82f
Do not require NetworkExtension to know its own name
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 22:05:47 +01:00
Jason A. Donenfeld
ec031b1f19
Get rid of superflous isActivateOnDemandEnabled key
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 18:50:32 +01:00
Eric Kuck
8553723e04
Updated NETunnelProvider save format
...
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:42:16 +01:00
Jason A. Donenfeld
38445114e0
NE: simplify logic
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 15:56:03 +01:00
Roopesh Chander
a21c569e9f
NE: Simplify DNS resolution
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 19:24:22 +05:30
Roopesh Chander
f818cdd963
NE: Update listen port only when first interface changes
...
When handling network path changes, change the listen port
only when the first interface has changed.
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 17:32:44 +05:30
Roopesh Chander
28ce4d5164
NE: Change handling of bad domain names and Activate On Demand
...
The solution implemented in commit b8c331c
causes the tunnel to
remain in 'Activating' state, without the ability to cancel that.
So, in this commit, instead of retrying DNS silently on
Activated-On-Demand tunnels, we fail the startTunnel() silently.
To summarize, if activate-on-demand is on:
- If started from the WireGuard app, show error using lastErrorFile
mechanism, suggesting a way to turn off Activate On Demand
- If not started from WireGuard app, don't call displayMessage()
(don't show error to user) and silently fail starting the tunnel
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 15:52:47 +05:30
Eric Kuck
a89ad95901
Enabled more swiftlint rules
...
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-20 11:22:37 -06:00
Roopesh Chander
5c501ac9a6
NE: Log whether tunnel was activated from the app or not
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30
Roopesh Chander
35450bf407
Remove non-helpful comments
...
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30