diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-25 13:48:51 +0200 |
|---|---|---|
| committer |   Roopesh Chander <roop@roopc.net> | 2019-05-26 00:12:47 +0530 |
| commit | 813dea69026c2853425513f776a9a7d5eb8676ce (patch) | |
| tree | 52f8551fd337cf7c68cf6513a2e7337102714cdd | |
| parent | iOS: Should be able to call showTunnelDetail multiple times (diff) | |
| download | wireguard-apple-813dea69026c2853425513f776a9a7d5eb8676ce.tar.xz wireguard-apple-813dea69026c2853425513f776a9a7d5eb8676ce.zip | |
NetworkExtension: use excludedRoutes instead of binding on iOS
The networking stack there is to flaky and the notifier doesn't always
fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise
we're in trouble.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift | 3 | ||||
| -rw-r--r-- | WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift | 23 |
2 files changed, 25 insertions, 1 deletions
diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift index c4fefd4..9aa466f 100644 --- a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift +++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift @@ -147,7 +147,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider { if let packetTunnelSettingsGenerator = packetTunnelSettingsGenerator { _ = packetTunnelSettingsGenerator.endpointUapiConfiguration().withGoString { return wgSetConfig(handle, $0) } } - #endif + #elseif os(macOS) var interfaces = path.availableInterfaces if let ifname = ifname { interfaces = interfaces.filter { $0.name != ifname } @@ -155,6 +155,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider { if let ifscope = interfaces.first?.index { wgBindInterfaceScope(handle, Int32(ifscope)) } + #endif } } diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift index a4ff7dd..cc491af 100644 --- a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift +++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift @@ -97,13 +97,16 @@ class PacketTunnelSettingsGenerator { let (ipv4Routes, ipv6Routes) = routes() let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes() + let (ipv4ExcludedRoutes, ipv6ExcludedRoutes) = excludedRoutes() let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask }) ipv4Settings.includedRoutes = ipv4IncludedRoutes + ipv4Settings.excludedRoutes = ipv4ExcludedRoutes networkSettings.ipv4Settings = ipv4Settings let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength }) ipv6Settings.includedRoutes = ipv6IncludedRoutes + ipv6Settings.excludedRoutes = ipv6ExcludedRoutes networkSettings.ipv6Settings = ipv6Settings return networkSettings @@ -153,4 +156,24 @@ class PacketTunnelSettingsGenerator { } return (ipv4IncludedRoutes, ipv6IncludedRoutes) } + private func excludedRoutes() -> ([NEIPv4Route]?, [NEIPv6Route]?) { + #if os(macOS) + return (nil, nil) + #elseif os(iOS) + var ipv4ExcludedRoutes = [NEIPv4Route]() + var ipv6ExcludedRoutes = [NEIPv6Route]() + for endpoint in resolvedEndpoints { + guard let host = endpoint?.host else { continue } + switch host { + case .ipv4(let v4): + ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(v4)", subnetMask: "255.255.255.255")) + case .ipv6(let v6): + ipv6ExcludedRoutes.append(NEIPv6Route(destinationAddress: "\(v6)", networkPrefixLength: 128)) + default: + continue + } + } + return (ipv4ExcludedRoutes, ipv6ExcludedRoutes) + #endif + } } |