Rework DNS and routes in network extension

The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.

But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.

Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 3 insertions, 35 deletions

diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
index 5946843..4fd84fc 100644
--- a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
+++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
@@ -18,7 +18,7 @@ class PacketTunnelSettingsGenerator {
         var wgSettings = ""
         for (index, peer) in tunnelConfiguration.peers.enumerated() {
             wgSettings.append("public_key=\(peer.publicKey.hexEncodedString())\n")
-            if let endpoint = resolvedEndpoints[index] {
+            if let endpoint = resolvedEndpoints[index]?.withReresolvedIP() {
                 if case .name(_, _) = endpoint.host { assert(false, "Endpoint is not resolved") }
                 wgSettings.append("endpoint=\(endpoint.stringRepresentation)\n")
             }
@@ -42,7 +42,7 @@ class PacketTunnelSettingsGenerator {
             if let preSharedKey = peer.preSharedKey {
                 wgSettings.append("preshared_key=\(preSharedKey.hexEncodedString())\n")
             }
-            if let endpoint = resolvedEndpoints[index] {
+            if let endpoint = resolvedEndpoints[index]?.withReresolvedIP() {
                 if case .name(_, _) = endpoint.host { assert(false, "Endpoint is not resolved") }
                 wgSettings.append("endpoint=\(endpoint.stringRepresentation)\n")
             }
@@ -63,18 +63,7 @@ class PacketTunnelSettingsGenerator {
          * make sense. So, we fill it in with this placeholder, which is not
          * a valid IP address that will actually route over the Internet.
          */
-        var remoteAddress = "0.0.0.0"
-        let endpointsCompact = resolvedEndpoints.compactMap { $0 }
-        if endpointsCompact.count == 1 {
-            switch endpointsCompact.first!.host {
-            case .ipv4(let address):
-                remoteAddress = "\(address)"
-            case .ipv6(let address):
-                remoteAddress = "\(address)"
-            default:
-                break
-            }
-        }
+        let remoteAddress = "0.0.0.0"
 
         let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
 
@@ -93,16 +82,13 @@ class PacketTunnelSettingsGenerator {
 
         let (ipv4Routes, ipv6Routes) = routes()
         let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes()
-        let (ipv4ExcludedRoutes, ipv6ExcludedRoutes) = excludedRoutes()
 
         let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask })
         ipv4Settings.includedRoutes = ipv4IncludedRoutes
-        ipv4Settings.excludedRoutes = ipv4ExcludedRoutes
         networkSettings.ipv4Settings = ipv4Settings
 
         let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength })
         ipv6Settings.includedRoutes = ipv6IncludedRoutes
-        ipv6Settings.excludedRoutes = ipv6ExcludedRoutes
         networkSettings.ipv6Settings = ipv6Settings
 
         return networkSettings
@@ -152,24 +138,6 @@ class PacketTunnelSettingsGenerator {
         }
         return (ipv4IncludedRoutes, ipv6IncludedRoutes)
     }
-
-    private func excludedRoutes() -> ([NEIPv4Route], [NEIPv6Route]) {
-        var ipv4ExcludedRoutes = [NEIPv4Route]()
-        var ipv6ExcludedRoutes = [NEIPv6Route]()
-        for endpoint in resolvedEndpoints {
-            guard let endpoint = endpoint else { continue }
-            switch endpoint.host {
-            case .ipv4(let address):
-                ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(address)", subnetMask: "255.255.255.255"))
-            case .ipv6(let address):
-                ipv6ExcludedRoutes.append(NEIPv6Route(destinationAddress: "\(address)", networkPrefixLength: NSNumber(value: UInt8(128))))
-            default:
-                fatalError()
-            }
-        }
-        return (ipv4ExcludedRoutes, ipv6ExcludedRoutes)
-    }
-
 }
 
 private extension Data {