Rather than hoping that the AF_SYSTEM fd is of type utun, and then
calling "2" on it to get the name -- which could be defined as something
else for a different AF_SYSTEM socket type -- instead simply query the
AF_SYSTEM control socket ID with getpeername. This has one catch, which
is that the ID is dynamically allocated, so we resolve it using the
qualified name. Normally we'd make a new AF_SYSTEM socket for this, but
since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket
that we're checking. At this point in the flow, we know that it's a
proper AF_SYSTEM one, based on the first sockaddr member; we just don't
know that it's a utun variety.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This is a bit of a kludge, until I find something better. We simply
iterate through all FDs, and call getsockopt on each one until we find
the utun FD. This works, and completes rather quickly (fd is usually 6
or 7). Rather than maintain the old path for older kernels, just use
this for all versions, to get more coverage. Other techniques involve
undocumented APIs; this one has the advantage of using nothing
undocumented.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
macOS will use the wrong source address unless we add explicit routes
that mention the self-pointing gateway. Actually, it won't add any
implicit routes on its own, so in order to route the masks of the
addresses, we have to add our own routes explicitly.
However, this still doesn't fix the problem while inside of the network
extension, even though it works outside it.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
When the variable goes out of scope, the observer isn't removed unless
an explicit call is made to the token.
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Something odd happens in the network extension that we still don't
understand. Attempt to poke it in this terrible way.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
macOS freaks out if you try to explicitly route to 0.0.0.0/8 in its
includedRoutes parameter. Even though 0.0.0.0/8 isn't RFC1918, it is
marked in RFC6890 as "this host on this network", so removing it from
the Internet routes makes sense semantically too.
This commit changes 0.0.0.0/5 into:
- 1.0.0.0/8
- 2.0.0.0/8
- 3.0.0.0/8
- 4.0.0.0/6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Apple forbids us from having a simple link to wireguard.com/donations/
in the version info window, citing the existence of this link as a form
of payment outside of their in-app purchase framework that requires 30%.
The link had been there for around two years. After rejecting an app
update for a critical networking regression unrelated to this, they
wrote:
Dec 17, 2020 at 8:35 PM
From Apple
3.1.1 - Business - Payments - In-App Purchase
We noticed that your app allows users to contribute donations to the
development of your app with a mechanism other than the in-app
purchase API, which is not appropriate for the App Store.
Next Steps
To resolve this issue, please revise your app to use the in-app
purchase API to pay for this type of transaction. Please note that
even though tipping another individual is optional, the tip is
connected to or associated with the receipt of digital content or
services in your app and must be purchased through in-app purchase
in accordance with guideline 3.1.1 of the App Store Review
Guidelines.
Please see attached screenshot for details.
Trying to appeal this or reason with Apple is not going to be a fruitful
endeavor, so instead we simply cut our losses and remove the donation
link entirely. The goal, anyway, is to get a timely critical update into
the hands of users, and encouraging Apple to block that further would be
a disservice.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>