Calculate and apply CIDR.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jeroen Leenarts <jeroen.leenarts@gmail.com> 2018-08-16 21:26:24 +0200
committer: Jeroen Leenarts <jeroen.leenarts@gmail.com> 2018-08-16 21:26:24 +0200
commit: d341c8e8e8e50b70dcc1496f907fc626aafa6c3c (patch)
tree: cefcd619e36f65acdf7565faf464bf0f850ac5c8
parent: Added validation before saving any tunnels (diff)
download: wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.tar.xz
wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.zip
3 files changed, 106 insertions, 20 deletions
diff --git a/Shared/Validators.swift b/Shared/Validators.swift
index aef1019..f065f0e 100644
--- a/Shared/Validators.swift
+++ b/Shared/Validators.swift
@@ -117,4 +117,18 @@ struct CIDRAddress {
 
         self.subnet = subnet
     }
+
+    var subnetString: String {
+        // We could calculate these.
+
+        var bitMask: UInt32 = 0b11111111111111111111111111111111
+        bitMask = bitMask << (32 - subnet)
+
+        let first = UInt8(truncatingIfNeeded: bitMask >> 24)
+        let second = UInt8(truncatingIfNeeded: bitMask >> 16 )
+        let third = UInt8(truncatingIfNeeded: bitMask >> 8)
+        let fourth = UInt8(truncatingIfNeeded: bitMask)
+
+        return "\(first).\(second).\(third).\(fourth)"
+    }
 }
diff --git a/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuardNetworkExtension/PacketTunnelProvider.swift
index d4ae9e3..4963ff4 100644
--- a/WireGuardNetworkExtension/PacketTunnelProvider.swift
+++ b/WireGuardNetworkExtension/PacketTunnelProvider.swift
@@ -34,34 +34,37 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? ""
         let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",")
 
-        settings.split(separator: "\n").forEach {os_log("Tunnel config: %{public}s", log: Log.general, type: .info, String($0))}
+        let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
+        let validatedAddresses = addresses.compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 }
 
         if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) {
-            //TODO: Hardcoded values for addresses
+            //TODO: Hardcoded values for tunnelRemoteAddress
+            let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
+            newSettings.tunnelOverheadBytes = 80
+
             // IPv4 settings
-            let ipv4Settings = NEIPv4Settings(addresses: ["10.50.10.171"], subnetMasks: ["255.255.224.0"])
-            ipv4Settings.includedRoutes = [NEIPv4Route.default()]
-            let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
-            ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
-                NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
+            let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4}
+            if validatedIPv4Addresses.count > 0 {
+                let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString })
+                ipv4Settings.includedRoutes = [NEIPv4Route.default()]
+                ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
+                    NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
+
+                newSettings.ipv4Settings = ipv4Settings
+            }
 
             // IPv6 settings
-            //TODO: Hardcoded values for address
-            let ipv6Settings = NEIPv6Settings(addresses: ["2607:f938:3001:4000::aac"], networkPrefixLengths: [64])
-            ipv6Settings.includedRoutes = [NEIPv6Route.default()]
-            ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
+            let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6}
+            if validatedIPv6Addresses.count > 0 {
+                let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) })
+                ipv6Settings.includedRoutes = [NEIPv6Route.default()]
+                ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
 
-            //TODO: Hardcoded values for tunnelRemoteAddress
-            let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
+                newSettings.ipv6Settings = ipv6Settings
+            }
 
-            newSettings.ipv4Settings = ipv4Settings
-            //TODO apply IPv6
-//            newSettings.ipv6Settings = ipv6Settings
-            newSettings.tunnelOverheadBytes = 80
             if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String {
-                var splitDnsEntries = dns.split(separator: ",").map {String($0)}
-                //TODO apple IPv6 DNS
-//                splitDnsEntries.append("2606:ed00:2:babe::2")
+                let splitDnsEntries = dns.split(separator: ",").map {String($0)}
                 let dnsSettings = NEDNSSettings(servers: splitDnsEntries)
                 newSettings.dnsSettings = dnsSettings
             }
diff --git a/WireGuardTests/ValidatorsTests.swift b/WireGuardTests/ValidatorsTests.swift
index c3398bc..39182be 100644
--- a/WireGuardTests/ValidatorsTests.swift
+++ b/WireGuardTests/ValidatorsTests.swift
@@ -120,4 +120,73 @@ class ValidatorsTests: XCTestCase {
         executeTest(stringRepresentation: "12345")
     }
 
+    func testIPv4CIDRAddressSubnetConversion() throws {
+        // swiftlint:disable force_try
+        let cidrAddress1 = try! CIDRAddress(stringRepresentation: "128.0.0.0/1")!
+        XCTAssertEqual(cidrAddress1.ipAddress, cidrAddress1.subnetString)
+        let cidrAddress2 = try! CIDRAddress(stringRepresentation: "192.0.0.0/2")!
+        XCTAssertEqual(cidrAddress2.ipAddress, cidrAddress2.subnetString)
+        let cidrAddress3 = try! CIDRAddress(stringRepresentation: "224.0.0.0/3")!
+        XCTAssertEqual(cidrAddress3.ipAddress, cidrAddress3.subnetString)
+        let cidrAddress4 = try! CIDRAddress(stringRepresentation: "240.0.0.0/4")!
+        XCTAssertEqual(cidrAddress4.ipAddress, cidrAddress4.subnetString)
+        let cidrAddress5 = try! CIDRAddress(stringRepresentation: "248.0.0.0/5")!
+        XCTAssertEqual(cidrAddress5.ipAddress, cidrAddress5.subnetString)
+        let cidrAddress6 = try! CIDRAddress(stringRepresentation: "252.0.0.0/6")!
+        XCTAssertEqual(cidrAddress6.ipAddress, cidrAddress6.subnetString)
+        let cidrAddress7 = try! CIDRAddress(stringRepresentation: "254.0.0.0/7")!
+        XCTAssertEqual(cidrAddress7.ipAddress, cidrAddress7.subnetString)
+        let cidrAddress8 = try! CIDRAddress(stringRepresentation: "255.0.0.0/8")!
+        XCTAssertEqual(cidrAddress8.ipAddress, cidrAddress8.subnetString)
+        let cidrAddress9 = try! CIDRAddress(stringRepresentation: "255.128.0.0/9")!
+        XCTAssertEqual(cidrAddress9.ipAddress, cidrAddress9.subnetString)
+        let cidrAddress10 = try! CIDRAddress(stringRepresentation: "255.192.0.0/10")!
+        XCTAssertEqual(cidrAddress10.ipAddress, cidrAddress10.subnetString)
+        let cidrAddress11 = try! CIDRAddress(stringRepresentation: "255.224.0.0/11")!
+        XCTAssertEqual(cidrAddress11.ipAddress, cidrAddress11.subnetString)
+        let cidrAddress12 = try! CIDRAddress(stringRepresentation: "255.240.0.0/12")!
+        XCTAssertEqual(cidrAddress12.ipAddress, cidrAddress12.subnetString)
+        let cidrAddress13 = try! CIDRAddress(stringRepresentation: "255.248.0.0/13")!
+        XCTAssertEqual(cidrAddress13.ipAddress, cidrAddress13.subnetString)
+        let cidrAddress14 = try! CIDRAddress(stringRepresentation: "255.252.0.0/14")!
+        XCTAssertEqual(cidrAddress14.ipAddress, cidrAddress14.subnetString)
+        let cidrAddress15 = try! CIDRAddress(stringRepresentation: "255.254.0.0/15")!
+        XCTAssertEqual(cidrAddress15.ipAddress, cidrAddress15.subnetString)
+        let cidrAddress16 = try! CIDRAddress(stringRepresentation: "255.255.0.0/16")!
+        XCTAssertEqual(cidrAddress16.ipAddress, cidrAddress16.subnetString)
+        let cidrAddress17 = try! CIDRAddress(stringRepresentation: "255.255.128.0/17")!
+        XCTAssertEqual(cidrAddress17.ipAddress, cidrAddress17.subnetString)
+        let cidrAddress18 = try! CIDRAddress(stringRepresentation: "255.255.192.0/18")!
+        XCTAssertEqual(cidrAddress18.ipAddress, cidrAddress18.subnetString)
+        let cidrAddress19 = try! CIDRAddress(stringRepresentation: "255.255.224.0/19")!
+        XCTAssertEqual(cidrAddress19.ipAddress, cidrAddress19.subnetString)
+        let cidrAddress20 = try! CIDRAddress(stringRepresentation: "255.255.240.0/20")!
+        XCTAssertEqual(cidrAddress20.ipAddress, cidrAddress20.subnetString)
+        let cidrAddress21 = try! CIDRAddress(stringRepresentation: "255.255.248.0/21")!
+        XCTAssertEqual(cidrAddress21.ipAddress, cidrAddress21.subnetString)
+        let cidrAddress22 = try! CIDRAddress(stringRepresentation: "255.255.252.0/22")!
+        XCTAssertEqual(cidrAddress22.ipAddress, cidrAddress22.subnetString)
+        let cidrAddress23 = try! CIDRAddress(stringRepresentation: "255.255.254.0/23")!
+        XCTAssertEqual(cidrAddress23.ipAddress, cidrAddress23.subnetString)
+        let cidrAddress24 = try! CIDRAddress(stringRepresentation: "255.255.255.0/24")!
+        XCTAssertEqual(cidrAddress24.ipAddress, cidrAddress24.subnetString)
+        let cidrAddress25 = try! CIDRAddress(stringRepresentation: "255.255.255.128/25")!
+        XCTAssertEqual(cidrAddress25.ipAddress, cidrAddress25.subnetString)
+        let cidrAddress26 = try! CIDRAddress(stringRepresentation: "255.255.255.192/26")!
+        XCTAssertEqual(cidrAddress26.ipAddress, cidrAddress26.subnetString)
+        let cidrAddress27 = try! CIDRAddress(stringRepresentation: "255.255.255.224/27")!
+        XCTAssertEqual(cidrAddress27.ipAddress, cidrAddress27.subnetString)
+        let cidrAddress28 = try! CIDRAddress(stringRepresentation: "255.255.255.240/28")!
+        XCTAssertEqual(cidrAddress28.ipAddress, cidrAddress28.subnetString)
+        let cidrAddress29 = try! CIDRAddress(stringRepresentation: "255.255.255.248/29")!
+        XCTAssertEqual(cidrAddress29.ipAddress, cidrAddress29.subnetString)
+        let cidrAddress30 = try! CIDRAddress(stringRepresentation: "255.255.255.252/30")!
+        XCTAssertEqual(cidrAddress30.ipAddress, cidrAddress30.subnetString)
+        let cidrAddress31 = try! CIDRAddress(stringRepresentation: "255.255.255.254/31")!
+        XCTAssertEqual(cidrAddress31.ipAddress, cidrAddress31.subnetString)
+        let cidrAddress32 = try! CIDRAddress(stringRepresentation: "255.255.255.255/32")!
+        XCTAssertEqual(cidrAddress32.ipAddress, cidrAddress32.subnetString)
+        // swiftlint:enable force_try
+    }
+
 }
author	Jeroen Leenarts <jeroen.leenarts@gmail.com>	2018-08-16 21:26:24 +0200
committer	Jeroen Leenarts <jeroen.leenarts@gmail.com>	2018-08-16 21:26:24 +0200
commit	d341c8e8e8e50b70dcc1496f907fc626aafa6c3c (patch)
tree	cefcd619e36f65acdf7565faf464bf0f850ac5c8
parent	Added validation before saving any tunnels (diff)
download	wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.tar.xz wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.zip