Commit Graph

1267 Commits

Author SHA1 Message Date
Jason A. Donenfeld 3428bfbc9e UI: macOS: do on-demand ritual for clicking list item too
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 02:40:49 +02:00
Roopesh Chander cfd1b16801 UI: Consider on-demand to be enabled iff the tunnel provider is enabled
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-03 16:35:18 +05:30
Roopesh Chander ca70fe9ddc UI: When setting on-demand, avoid a second saveToPreferences() call
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-03 16:34:57 +05:30
Roopesh Chander 55c587b443 UI: When saving on-demand rules, don't set isOnDemandEnabled
When adding or modifying a config, when on-demand options are set by a
user, the rules are saved, but isOnDemandEnabled is left unset (and can
be set by the appropriate control in the detail view (switch in iOS /
button in macOS)).

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-02 23:25:53 +05:30
Roopesh Chander b6831c1aca UI: macOS: Incorporate on-demand-ness in status menu
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:38 +05:30
Roopesh Chander 2ac17da7cb UI: macOS: Tunnel detail: Incorporate on-demand-ness in toggle button
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:33 +05:30
Roopesh Chander 274c4cd092 UI: macOS: Tunnel detail: Incorporate on-demand-ness in the status row
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:28 +05:30
Roopesh Chander 95e1409bfb UI: macOS: Tunnel list: Incorporate on-demand-ness in the status circle
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:25 +05:30
Roopesh Chander 2c2c53b1f8 UI: macOS: Add yellow circle image
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:09 +05:30
Roopesh Chander 9cbfec99df UI: Localizations: Remove alertTunnelActivationFailureOnDemandAddendum
It's not used anymore.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 15:55:17 +05:30
Roopesh Chander 1bd6dcb7e7 UI: Remove addendum on on-demand from error on tunnel activation
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 11:52:54 +05:30
Roopesh Chander c1fe8b0162 UI: When setting on-demand, enable the tunnel if required
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 11:52:54 +05:30
Roopesh Chander 64c2fb337d UI: iOS: Tunnels list: Move the "On Demand" label to the right
Having that at the bottom makes it harder for iOS to get
the row height correctly.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander 147ac02f0d UI: iOS: Show on-demand state in 'Status' if there are on-demand rules
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander 03ef79c0fd UI: When reloading tunnels, preserve '.waiting' state
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander a261d84fc6 UI: When deactivating for activating another tunnel, disable on-demand
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander abaf1f1454 UI: Keep on-demand rules even if on-demand is disabled
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:34:36 +05:30
Roopesh Chander 1e9e21bacf UI: iOS: Tunnel detail: Incorporate on-demand-ness in 'Status'
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:02 +05:30
Andrej Mihajlov ac9f7b9f5e UI: iOS: Show "on-demand is active" for tunnels with the active on-demand
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:02 +05:30
Roopesh Chander a115dd3bd9 UI: iOS: Tunnels list: Incorporate on-demand-ness in the switch
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Roopesh Chander df9934a4b8 UI: TunnelsManager: Add setOnDemandEnabled() instance method
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Roopesh Chander 40f18de4d2 UI: TunnelsManager: Add TunnelContainer.hasOnDemandRules
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Jason A. Donenfeld 13b720442d Global: bump copyright year
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-17 16:56:46 +02:00
Andrej Mihajlov c1f509d65b Kit: add missing import for WireGuardKitC
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-06-17 15:15:41 +02:00
Jason A. Donenfeld 87f0526f09 App: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 18:34:54 +02:00
Jason A. Donenfeld 060c027325 Kit: Go: mod bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 18:03:28 +02:00
Jason A. Donenfeld 23bf3cfccb Kit: Adapter: use more reliable utun detection technique
Rather than hoping that the AF_SYSTEM fd is of type utun, and then
calling "2" on it to get the name -- which could be defined as something
else for a different AF_SYSTEM socket type -- instead simply query the
AF_SYSTEM control socket ID with getpeername. This has one catch, which
is that the ID is dynamically allocated, so we resolve it using the
qualified name. Normally we'd make a new AF_SYSTEM socket for this, but
since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket
that we're checking. At this point in the flow, we know that it's a
proper AF_SYSTEM one, based on the first sockaddr member; we just don't
know that it's a utun variety.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 17:40:12 +02:00
Jason A. Donenfeld 7f5ad3e503 Kit: Adapter: iterate through all FDs to find UTUN
This is a bit of a kludge, until I find something better. We simply
iterate through all FDs, and call getsockopt on each one until we find
the utun FD. This works, and completes rather quickly (fd is usually 6
or 7). Rather than maintain the old path for older kernels, just use
this for all versions, to get more coverage. Other techniques involve
undocumented APIs; this one has the advantage of using nothing
undocumented.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 15:56:21 +02:00
Andrej Mihajlov 820fa55380 SPM: update exclude rules
Fixes missing excluded file warning in Xcode. api-ios.go was renamed to api-apple.go.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-06-16 15:23:11 +02:00
Jason A. Donenfeld eb528c766b UI: iOS: asynchronously load from NEHotspotNetwork on iOS 14
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-09 09:10:07 -07:00
Jason A. Donenfeld 53235eb38f UI: iOS: clean up visuals in SSID editor
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-09 09:10:07 -07:00
Jason A. Donenfeld b9ff5c2e94 README: account for funky xcode paths
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-09 09:10:07 -07:00
Jason A. Donenfeld b7f69d20b6 Kit: Go: bump to latest API
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-09 09:10:04 -07:00
Andrej Mihajlov 6c4f4109eb UI: iOS: Disable "copy" action on on-demand cells
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-01-11 13:09:41 +01:00
Jason A. Donenfeld 7b5b564a6e Kit: netcfg: add explicit IP mask routes
macOS will use the wrong source address unless we add explicit routes
that mention the self-pointing gateway. Actually, it won't add any
implicit routes on its own, so in order to route the masks of the
addresses, we have to add our own routes explicitly.

However, this still doesn't fix the problem while inside of the network
extension, even though it works outside it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-01 18:28:14 +01:00
Jason A. Donenfeld 695f868b1f Kit: Go: mod bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 22:54:47 +01:00
Andrej Mihajlov e724c043d9 UI: iOS: Remove duplicate call to addSubview
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-23 16:14:03 +01:00
Andrej Mihajlov 491301f58b UI: iOS: Fix placeholder label alignment in text fields.
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-23 16:14:03 +01:00
Jason A. Donenfeld c4f79beb8d App: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 15:05:56 +01:00
Jason A. Donenfeld a613fec2ff project: sync translations and improve id generation again
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 14:55:29 +01:00
Andrej Mihajlov e54a5d9a13 UI: macOS: Group more than 10 tunnels into submenu
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-23 14:40:54 +01:00
Andrej Mihajlov 6d57c8b6f9 UI: Avoid force unwrap when checking for errors
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-23 14:17:59 +01:00
Jason A. Donenfeld b67acaccff Kit: do not crash on [abcd::] with missing port
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 14:06:26 +01:00
Jason A. Donenfeld d8568b0e31 Kit: Go: bump module and simplify API
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 13:40:24 +01:00
Andrej Mihajlov 373bb2ae99 UI: pause VPN configurations observer while adding or removing multiple tunnels
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:47:02 +01:00
Andrej Mihajlov 631286e2d1 UI: use NotificationToken to properly clean up observers
When the variable goes out of scope, the observer isn't removed unless
an explicit call is made to the token.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:46:30 +01:00
Andrej Mihajlov 74cd7041dc Keychain: prevent call to stat() when determining appex path
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:46:14 +01:00
Jason A. Donenfeld 21d920c8b0 Kit: Go: use Windows-style retry sleep loop on bind updates
Something odd happens in the network extension that we still don't
understand. Attempt to poke it in this terrible way.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-18 23:53:39 +01:00
Jason A. Donenfeld 44c4df1cd5 UI: Model: remove 0.0.0.0/8 from non-private IPs
macOS freaks out if you try to explicitly route to 0.0.0.0/8 in its
includedRoutes parameter. Even though 0.0.0.0/8 isn't RFC1918, it is
marked in RFC6890 as "this host on this network", so removing it from
the Internet routes makes sense semantically too.

This commit changes 0.0.0.0/5 into:
- 1.0.0.0/8
- 2.0.0.0/8
- 3.0.0.0/8
- 4.0.0.0/6

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-18 23:53:39 +01:00
Jason A. Donenfeld a4fc0f64b8 UI: iOS: remove donation link
Apple forbids us from having a simple link to wireguard.com/donations/
in the version info window, citing the existence of this link as a form
of payment outside of their in-app purchase framework that requires 30%.
The link had been there for around two years. After rejecting an app
update for a critical networking regression unrelated to this, they
wrote:

    Dec 17, 2020 at 8:35 PM
    From Apple

    3.1.1 - Business - Payments - In-App Purchase

    We noticed that your app allows users to contribute donations to the
    development of your app with a mechanism other than the in-app
    purchase API, which is not appropriate for the App Store.

    Next Steps

    To resolve this issue, please revise your app to use the in-app
    purchase API to pay for this type of transaction. Please note that
    even though tipping another individual is optional, the tip is
    connected to or associated with the receipt of digital content or
    services in your app and must be purchased through in-app purchase
    in accordance with guideline 3.1.1 of the App Store Review
    Guidelines.

    Please see attached screenshot for details.

Trying to appeal this or reason with Apple is not going to be a fruitful
endeavor, so instead we simply cut our losses and remove the donation
link entirely. The goal, anyway, is to get a timely critical update into
the hands of users, and encouraging Apple to block that further would be
a disservice.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 22:44:30 +01:00