Commit Graph

81 Commits

Author SHA1 Message Date
Andrej Mihajlov 6099975b71 Packet tunnel: Implement packet tunnel provider using WireGuardAdapter
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-02 11:08:09 +01:00
Andrej Mihajlov 95b833c754 iOS/macOS: Integrate WireGuardKit
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-02 11:08:08 +01:00
Andrej Mihajlov 671a594945 Change QoS to .utility
As per comment by eskimo:
https://developer.apple.com/forums/thread/107904?answerId=328525022#328525022

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-25 17:50:15 -06:00
Andrej Mihajlov 3646430528 Make sure that the tunnel and path monitor run on the same serial queue
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-25 17:50:15 -06:00
Andrej Mihajlov e9bd6e576f Fix retain cycle between NWPathMonitor and PacketTunnelProvider
See: https://www.marisibrothers.com/2017/04/memory-leak-in-swift-assigning-function.html

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-25 17:50:15 -06:00
Andrej Mihajlov 35300d1c5f Refactor interface name query
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-25 17:50:03 -06:00
Andrej Mihajlov 30406dec6d wireguard-go-bridge: use C string instead of gostring_t
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-07 22:35:57 +01:00
Jason A. Donenfeld 437f0dc46d Revert "NetworkExtension: don't use exit(0) hack on Catalina"
This reverts commit 3619279a65d9a506fb13d7f24909b38a5202fa8f.

Still broken!

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 16:51:50 +02:00
Jason A. Donenfeld 1b6170cbc9 NetworkExtension: don't use exit(0) hack on Catalina
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-10-15 11:44:13 +02:00
Jason A. Donenfeld e70c397e54 TunnelProvider: remove all cleverness
This will cause more socket flaps than necessary but hopefully will fix
some bugs.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-10 18:47:39 +02:00
Jason A. Donenfeld c7b7b1247b TunnelProvider: store the entire NWPath
Otherwise [utun0, en0] == [en0, utun0] before WiFi has connected, and we
wind up not rebinding after WiFi does successfully connect, which means
people have trouble when resuming from sleep.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-09 11:39:06 +02:00
Jason A. Donenfeld 168ba2da8a NetworkExtension: bump sockets on path change
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 17:29:29 +02:00
Jason A. Donenfeld 0340641c4c NetworkExtension: apparently the extension process is scoped properly anyway
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Jason A. Donenfeld 813dea6902 NetworkExtension: use excludedRoutes instead of binding on iOS
The networking stack there is to flaky and the notifier doesn't always
fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise
we're in trouble.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-26 00:12:47 +05:30
Jason A. Donenfeld a6f80135ef ringlogger: support mpsc for singlefile
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-17 08:51:27 +01:00
Jason A. Donenfeld 0e2556544e Global: fix swiftlint issues
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-08 17:07:28 +01:00
Jason A. Donenfeld 394a0cbeb0 PacketTunnelProvider: proper fix for 32073323
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-07 15:01:37 +01:00
Jason A. Donenfeld 22625e8cc4 Tunnel: support getting runtime configuration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-24 01:37:57 +01:00
Jason A. Donenfeld 668c4a475c macOS: remove mobile network tweeks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-22 13:11:28 +01:00
Jason A. Donenfeld e2384e143c Update copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07 19:23:39 -05:00
Jason A. Donenfeld 0b828f9b96 Rework DNS and routes in network extension
The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.

But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.

Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-28 19:38:03 +01:00
Jason A. Donenfeld c9c343cde2 NetworkExtension: rescope socket instead of tearing down socket
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-26 01:17:55 +01:00
Jason A. Donenfeld 129f94dccd Rely on availability of fd only after setting network settings
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 18:29:54 +01:00
Jason A. Donenfeld dddbf3b370 Retain aggressive socket reestablishment for now
This can be reverted once we've done more testing.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 15:45:09 +01:00
Eric Kuck 0bec5b04b0 All models now Equatable
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 22:57:17 -06:00
Jason A. Donenfeld b0b6866c51 Do not crash if we can't get socket.fileDescriptor
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 05:13:04 +01:00
Eric Kuck 9098cd1161 Removing a tunnel from iOS's settings is now immediately reflected in app
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 21:59:43 -06:00
Jason A. Donenfeld 8365adf435 Localize remaining strings in network extension
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 03:42:01 +01:00
Jason A. Donenfeld f2000aa1da Combine double log invocations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 02:21:07 +01:00
Jason A. Donenfeld 4ed646973e Move name from interface to tunnel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-22 00:28:18 +01:00
Jason A. Donenfeld 7b9d4cb9e3 Nuke trailing spaces
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 23:34:56 +01:00
Eric Kuck 1fecd8eb6c providerConfiguration is now a WgQuickConfig
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:32:08 -06:00
Jason A. Donenfeld accf60b82f Do not require NetworkExtension to know its own name
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 22:05:47 +01:00
Jason A. Donenfeld ec031b1f19 Get rid of superflous isActivateOnDemandEnabled key
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 18:50:32 +01:00
Eric Kuck 8553723e04 Updated NETunnelProvider save format
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-21 16:42:16 +01:00
Jason A. Donenfeld 38445114e0 NE: simplify logic
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-21 15:56:03 +01:00
Roopesh Chander a21c569e9f NE: Simplify DNS resolution
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 19:24:22 +05:30
Roopesh Chander f818cdd963 NE: Update listen port only when first interface changes
When handling network path changes, change the listen port
only when the first interface has changed.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 17:32:44 +05:30
Roopesh Chander 28ce4d5164 NE: Change handling of bad domain names and Activate On Demand
The solution implemented in commit b8c331c causes the tunnel to
remain in 'Activating' state, without the ability to cancel that.

So, in this commit, instead of retrying DNS silently on
Activated-On-Demand tunnels, we fail the startTunnel() silently.

To summarize, if activate-on-demand is on:
- If started from the WireGuard app, show error using lastErrorFile
mechanism, suggesting a way to turn off Activate On Demand
- If not started from WireGuard app, don't call displayMessage()
(don't show error to user) and silently fail starting the tunnel

Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-21 15:52:47 +05:30
Roopesh Chander 5c501ac9a6 NE: Log whether tunnel was activated from the app or not
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30
Roopesh Chander 35450bf407 Remove non-helpful comments
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 18:35:53 +05:30
Roopesh Chander fa51e3f1d1 NE: Handle bad domain names and Activate On Demand
This combination causes iOS to keep trying to bring up the tunnel,
leading to a lot of displayMessage() alerts.

In this fix, if we get a DNS resolution error in an Activate On Demand
enabled tunnel, we silently retry 9 times (with a 4-second delay before
each retry) and then show the displayMessage() alert.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 15:38:00 +05:30
Roopesh Chander 04a8c2ff5a NE: No need for two startTunnel() methods
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-19 13:10:42 +05:30
Eric Kuck ed9b4c85ed Got TunnelsManager back under the max file length by splitting out NEVPNStatus+CustomStringConvertible
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-16 23:51:25 -06:00
Eric Kuck 7a24f18eb7 Most similar views now shared between ViewControllers
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-14 17:15:22 -06:00
Jason A. Donenfeld e0bc5e12b3 Simplify logging tags
This was roop's initial idea, and it turns out to be the better one, now
that we can pass cstrings more easily.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-14 22:53:42 +01:00
Roopesh Chander 48552d2663 NE: Communicate last error to app through a shared file
Signed-off-by: Roopesh Chander <roop@roopc.net>
2018-12-14 02:24:53 +05:30
Jason A. Donenfeld 77a26e4cd2 Localize swiftlint
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-13 20:06:37 +01:00
Eric Kuck 05d750539b Reorganized ViewControllers (split out UIViews and UITableViewCells into their own classes)
All swiftlint warnings except one fixed up

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
2018-12-13 12:58:50 -06:00
Jason A. Donenfeld 7323a00612 Avoid escaping heap allocation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-13 19:43:12 +01:00