iOS and macOS apps for WireGuard https://git.zx2c4.com/wireguard-apple/atom/Sources/WireGuardKit?h=master 2023-02-15T13:20:35Z 2023-02-15T13:20:35Z Jason A. Donenfeld Jason@zx2c4.com 2023-02-14T15:10:32Z urn:sha1:7b279383d1f5aeb939bef6507b95b33afbb577e6 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2023-02-08T16:08:40Z John Biggs john.biggs@proton.ch 2022-11-15T19:50:15Z urn:sha1:12b095470ad29ecea7436088f6e5fa701e6445a6 According to [1], the `capacity` parameter is specified as "the number of instances of T in the re-bound region" and not the total size of the rebound struct. Without this patch, there are crashes in the extension with the following error: Fatal error: self must be a properly aligned pointer for types Pointee and T` Since the subsequent line in the code only reads `sizeof(in_addr)` or `sizeof(in6_addr)` anyway, change the `capacity` parameter to just be a count of 1. [1] https://developer.apple.com/documentation/swift/unsafepointer/withmemoryrebound(to:capacity:_:) Signed-off-by: John Biggs <john.biggs@proton.ch> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-17T14:56:46Z Jason A. Donenfeld Jason@zx2c4.com 2021-06-17T14:56:46Z urn:sha1:13b720442d47b67a18d6841aa34569633a22b458 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-17T13:15:41Z Andrej Mihajlov and@mullvad.net 2021-06-17T11:23:22Z urn:sha1:c1f509d65bba1c00c6b6ef93826f658ff36a0761 Signed-off-by: Andrej Mihajlov <and@mullvad.net> 2021-06-16T15:40:12Z Jason A. Donenfeld Jason@zx2c4.com 2021-06-16T15:09:40Z urn:sha1:23bf3cfccb5a6fa9faf85c35ca24ec4c3e29c3fe Rather than hoping that the AF_SYSTEM fd is of type utun, and then calling "2" on it to get the name -- which could be defined as something else for a different AF_SYSTEM socket type -- instead simply query the AF_SYSTEM control socket ID with getpeername. This has one catch, which is that the ID is dynamically allocated, so we resolve it using the qualified name. Normally we'd make a new AF_SYSTEM socket for this, but since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket that we're checking. At this point in the flow, we know that it's a proper AF_SYSTEM one, based on the first sockaddr member; we just don't know that it's a utun variety. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-16T13:56:21Z Jason A. Donenfeld Jason@zx2c4.com 2021-06-16T13:56:21Z urn:sha1:7f5ad3e503f231893dc5d298f703c4b72b83bdb9 This is a bit of a kludge, until I find something better. We simply iterate through all FDs, and call getsockopt on each one until we find the utun FD. This works, and completes rather quickly (fd is usually 6 or 7). Rather than maintain the old path for older kernels, just use this for all versions, to get more coverage. Other techniques involve undocumented APIs; this one has the advantage of using nothing undocumented. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-16T13:23:11Z Andrej Mihajlov and@mullvad.net 2021-06-15T13:18:21Z urn:sha1:820fa55380b529704945b32e5d990f690c03b2e2 Fixes missing excluded file warning in Xcode. api-ios.go was renamed to api-apple.go. Signed-off-by: Andrej Mihajlov <and@mullvad.net> 2021-03-09T16:10:04Z Jason A. Donenfeld Jason@zx2c4.com 2021-03-08T19:29:12Z urn:sha1:b7f69d20b6c6560b6cdced961bed428e68c66719 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-01-01T17:28:14Z Jason A. Donenfeld Jason@zx2c4.com 2021-01-01T17:26:49Z urn:sha1:7b5b564a6ee3d3be90cdb56472cd404e8a0eaa18 macOS will use the wrong source address unless we add explicit routes that mention the self-pointing gateway. Actually, it won't add any implicit routes on its own, so in order to route the masks of the addresses, we have to add our own routes explicitly. However, this still doesn't fix the problem while inside of the network extension, even though it works outside it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2020-12-23T13:06:26Z Jason A. Donenfeld Jason@zx2c4.com 2020-12-23T13:06:26Z urn:sha1:b67acaccff1b587717c1fc444179307da4919c12 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>