aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2020-12-17 00:10:28 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2020-12-17 00:10:28 +0100
commit20bdf46792905de8862ae7641e50e0f9f99ec946 (patch)
treea38a17a2952a8ef7aa0dec6003a2104e73a2da63
parentUI: macOS: remove donation link (diff)
downloadwireguard-apple-20bdf46792905de8862ae7641e50e0f9f99ec946.tar.xz
wireguard-apple-20bdf46792905de8862ae7641e50e0f9f99ec946.zip
Kit: PacketTunnelSettingsGenerator: do not require DNS queries if no DNS
Prior, we would set matchDomains=[""] even if the user didn't provide any DNS servers. This was kind of incoherent, but I guess we had in mind some kind of non-sensical leakproof scheme that never really worked anyway. NetworkExtension didn't like this, so setTunnelNetworkSettings would, rather than return an error, simply timeout and never call its callback function. But everything worked fine, so we had code in the UI to check to make sure everything was okay after 5 seconds or so of no callback. Recent changes made the timeout fatal on the network extension side, so rather than succeed, configs with no DNS server started erroring out, causing user reports. This commit attempts to handle the root cause of the timeout issue by not twiddling with DNS settings if no DNS server was specified. For now, however, it leaves the hard-timeout semantics in place. Reported-by: Filipe Mendonça <cfilipem@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift14
1 files changed, 9 insertions, 5 deletions
diff --git a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
index 034ecaf6..2d8cda1a 100644
--- a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
+++ b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -83,11 +83,15 @@ class PacketTunnelSettingsGenerator {
*/
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1")
- let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation }
- let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
- dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
- dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
- networkSettings.dnsSettings = dnsSettings
+ if !tunnelConfiguration.interface.dnsSearch.isEmpty || !tunnelConfiguration.interface.dns.isEmpty {
+ let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation }
+ let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
+ dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
+ if !tunnelConfiguration.interface.dns.isEmpty {
+ dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
+ }
+ networkSettings.dnsSettings = dnsSettings
+ }
let mtu = tunnelConfiguration.interface.mtu ?? 0