Commit Graph

24 Commits

Author SHA1 Message Date
Davide De Rosa 73d9152fa0 Add DoH/DoT options
Signed-off-by: Davide De Rosa <keeshux@gmail.com>
2023-03-18 15:34:36 +01:00
Jason A. Donenfeld 7b279383d1 App: bump copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2023-02-15 14:20:35 +01:00
John Biggs 12b095470a WireGuardKit: fix incorrect IP address allocation size
According to [1], the `capacity` parameter is specified as "the number
of instances of T in the re-bound region" and not the total size of the
rebound struct.

Without this patch, there are crashes in the extension with the
following error:

  Fatal error: self must be a properly aligned pointer for types Pointee and T`

Since the subsequent line in the code only reads `sizeof(in_addr)` or
`sizeof(in6_addr)` anyway, change the `capacity` parameter to just be a
count of 1.

[1] https://developer.apple.com/documentation/swift/unsafepointer/withmemoryrebound(to:capacity:_:)

Signed-off-by: John Biggs <john.biggs@proton.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2023-02-08 13:08:40 -03:00
Jason A. Donenfeld 13b720442d Global: bump copyright year
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-17 16:56:46 +02:00
Andrej Mihajlov c1f509d65b Kit: add missing import for WireGuardKitC
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-06-17 15:15:41 +02:00
Jason A. Donenfeld 23bf3cfccb Kit: Adapter: use more reliable utun detection technique
Rather than hoping that the AF_SYSTEM fd is of type utun, and then
calling "2" on it to get the name -- which could be defined as something
else for a different AF_SYSTEM socket type -- instead simply query the
AF_SYSTEM control socket ID with getpeername. This has one catch, which
is that the ID is dynamically allocated, so we resolve it using the
qualified name. Normally we'd make a new AF_SYSTEM socket for this, but
since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket
that we're checking. At this point in the flow, we know that it's a
proper AF_SYSTEM one, based on the first sockaddr member; we just don't
know that it's a utun variety.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 17:40:12 +02:00
Jason A. Donenfeld 7f5ad3e503 Kit: Adapter: iterate through all FDs to find UTUN
This is a bit of a kludge, until I find something better. We simply
iterate through all FDs, and call getsockopt on each one until we find
the utun FD. This works, and completes rather quickly (fd is usually 6
or 7). Rather than maintain the old path for older kernels, just use
this for all versions, to get more coverage. Other techniques involve
undocumented APIs; this one has the advantage of using nothing
undocumented.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 15:56:21 +02:00
Andrej Mihajlov 820fa55380 SPM: update exclude rules
Fixes missing excluded file warning in Xcode. api-ios.go was renamed to api-apple.go.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-06-16 15:23:11 +02:00
Jason A. Donenfeld b7f69d20b6 Kit: Go: bump to latest API
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-03-09 09:10:04 -07:00
Jason A. Donenfeld 7b5b564a6e Kit: netcfg: add explicit IP mask routes
macOS will use the wrong source address unless we add explicit routes
that mention the self-pointing gateway. Actually, it won't add any
implicit routes on its own, so in order to route the masks of the
addresses, we have to add our own routes explicitly.

However, this still doesn't fix the problem while inside of the network
extension, even though it works outside it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-01 18:28:14 +01:00
Jason A. Donenfeld b67acaccff Kit: do not crash on [abcd::] with missing port
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 14:06:26 +01:00
Jason A. Donenfeld db4e2915f3 Kit: Adapter: do not treat NE settings timeouts as fatal
The general Network Extension framework is incredibly buggy, and a
timeout when setting the network settings does not necessarily imply
that the whole operation failed. Simply log the condition and move on.
This restores the app's old behavior.

Reported-by: Filipe Mendonça <cfilipem@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:26:00 +01:00
Jason A. Donenfeld 20bdf46792 Kit: PacketTunnelSettingsGenerator: do not require DNS queries if no DNS
Prior, we would set matchDomains=[""] even if the user didn't provide
any DNS servers. This was kind of incoherent, but I guess we had in mind
some kind of non-sensical leakproof scheme that never really worked
anyway. NetworkExtension didn't like this, so setTunnelNetworkSettings
would, rather than return an error, simply timeout and never call its
callback function. But everything worked fine, so we had code in the UI
to check to make sure everything was okay after 5 seconds or so of no
callback. Recent changes made the timeout fatal on the network extension
side, so rather than succeed, configs with no DNS server started
erroring out, causing user reports.

This commit attempts to handle the root cause of the timeout issue by
not twiddling with DNS settings if no DNS server was specified. For now,
however, it leaves the hard-timeout semantics in place.

Reported-by: Filipe Mendonça <cfilipem@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:10:28 +01:00
Jason A. Donenfeld 9231c03513 global: support DNS search domains
This has been supported by Windows and Linux for quite some time. Add
support here for iOS and macOS.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-15 15:54:12 +01:00
Jason A. Donenfeld 27b32e60b2 WireGuardKitGo: update to latest wireguard-go tag
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-15 13:16:52 +01:00
Andrej Mihajlov d414cec9aa WireGuardKit: Let wireguard-go backend run in offline on macOS
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-11 11:56:05 +01:00
Andrej Mihajlov 9f8d0e24df WireGuardKit: Conditionally turn on/off wireguard-go
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-11 11:15:22 +01:00
Jason A. Donenfeld d4fd17cd8f global: fix remaining swiftlint violations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-09 14:35:21 +01:00
Jason A. Donenfeld 90acf2b220 global: bump year in header
A bit overdue, but better late than never.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-04 12:15:29 +01:00
Andrej Mihajlov 8f67435d4a WireGuardKit: Delegate IPv*Address initialization to self.init
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:44 +01:00
Andrej Mihajlov d440a91b0e WireGuardKit: Log XLAT resolution errors
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:43 +01:00
Andrej Mihajlov 54a89f6a0e WireGuadKit: Rename WireGuardAdapter.version -> .backendVersion & remove `var wireGuardVersion` with WireGuardKit.swift
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 547077a808 WireGuardApp: integrate WireGuardKit sources directly
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-03 13:32:25 +01:00
Andrej Mihajlov 9f9d1ffed8 WireGuardKit: Rename WireGuardKitSwift -> WireGuardKit
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-03 13:32:25 +01:00