aboutsummaryrefslogtreecommitdiffstats
path: root/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
diff options
context:
space:
mode:
authorRoopesh Chander <roop@roopc.net>2018-12-21 15:40:04 +0530
committerRoopesh Chander <roop@roopc.net>2018-12-21 15:52:47 +0530
commit28ce4d516435306b929aba4a7ccbed00bf16e309 (patch)
tree3361c59eae9724a48efc506ad2ad92f569606ba8 /WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
parentAdded missing param in MockTunnels (diff)
downloadwireguard-apple-28ce4d516435306b929aba4a7ccbed00bf16e309.tar.xz
wireguard-apple-28ce4d516435306b929aba4a7ccbed00bf16e309.zip
NE: Change handling of bad domain names and Activate On Demand
The solution implemented in commit b8c331c causes the tunnel to remain in 'Activating' state, without the ability to cancel that. So, in this commit, instead of retrying DNS silently on Activated-On-Demand tunnels, we fail the startTunnel() silently. To summarize, if activate-on-demand is on: - If started from the WireGuard app, show error using lastErrorFile mechanism, suggesting a way to turn off Activate On Demand - If not started from WireGuard app, don't call displayMessage() (don't show error to user) and silently fail starting the tunnel Signed-off-by: Roopesh Chander <roop@roopc.net>
Diffstat (limited to 'WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift')
-rw-r--r--WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift46
1 files changed, 16 insertions, 30 deletions
diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
index f0ae3e7..f678ca7 100644
--- a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
+++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
@@ -8,7 +8,7 @@ import os.log
enum PacketTunnelProviderError: Error {
case savedProtocolConfigurationIsInvalid
- case dnsResolutionFailure(tunnelName: String, isActivateOnDemandEnabled: Bool)
+ case dnsResolutionFailure
case couldNotStartWireGuard
case coultNotSetNetworkSettings
}
@@ -54,9 +54,13 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
wg_log(.info, staticMessage: "Tunnel has Activate On Demand disabled")
}
+ errorNotifier.isActivateOnDemandEnabled = isActivateOnDemandEnabled
+ errorNotifier.tunnelName = tunnelName
+
let endpoints = tunnelConfiguration.peers.map { $0.endpoint }
- guard let resolvedEndpoints = resolveDomainNames(endpoints: endpoints, isActivateOnDemandEnabled: isActivateOnDemandEnabled) else {
- let dnsError = PacketTunnelProviderError.dnsResolutionFailure(tunnelName: tunnelName, isActivateOnDemandEnabled: isActivateOnDemandEnabled)
+ guard let resolvedEndpoints = resolveDomainNames(endpoints: endpoints) else {
+ wg_log(.error, staticMessage: "Starting tunnel failed: DNS resolution failure")
+ let dnsError = PacketTunnelProviderError.dnsResolutionFailure
errorNotifier.notify(dnsError)
startTunnelCompletionHandler(dnsError)
return
@@ -148,34 +152,16 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
}
}
- private func resolveDomainNames(endpoints: [Endpoint?], isActivateOnDemandEnabled: Bool) -> [Endpoint?]? {
- var resolvedEndpoints = [Endpoint?]()
- let dnsResolutionAttemptsCount = isActivateOnDemandEnabled ? 10 : 1
- var isDNSResolved = false
-
- for attemptIndex in 0 ..< dnsResolutionAttemptsCount {
- do {
- resolvedEndpoints = try DNSResolver.resolveSync(endpoints: endpoints)
- isDNSResolved = true
- } catch DNSResolverError.dnsResolutionFailed(let hostnames) {
- wg_log(.error, staticMessage: "Starting tunnel failed: DNS resolution failure")
- wg_log(.error, message: "Hostnames for which DNS resolution failed: \(hostnames.joined(separator: ", "))")
- } catch {
- // There can be no other errors from DNSResolver.resolveSync()
- fatalError()
- }
- if isDNSResolved {
- break
- } else {
- let isLastAttempt = attemptIndex == dnsResolutionAttemptsCount - 1
- if !isLastAttempt {
- Thread.sleep(forTimeInterval: 4 /* seconds */)
- wg_log(.error, message: "Retrying DNS resolution (Attempt \(attemptIndex + 2))")
- }
- }
+ private func resolveDomainNames(endpoints: [Endpoint?]) -> [Endpoint?]? {
+ do {
+ return try DNSResolver.resolveSync(endpoints: endpoints)
+ } catch DNSResolverError.dnsResolutionFailed(let hostnames) {
+ wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnames.joined(separator: ", "))")
+ } catch {
+ // There can be no other errors from DNSResolver.resolveSync()
+ fatalError()
}
-
- return isDNSResolved ? resolvedEndpoints : nil
+ return nil
}
private func connect(interfaceName: String, settings: String, fileDescriptor: Int32) -> Int32 {