Calculate and apply CIDR.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jeroen Leenarts <jeroen.leenarts@gmail.com> 2018-08-16 21:26:24 +0200
committer: Jeroen Leenarts <jeroen.leenarts@gmail.com> 2018-08-16 21:26:24 +0200
commit: d341c8e8e8e50b70dcc1496f907fc626aafa6c3c (patch)
tree: cefcd619e36f65acdf7565faf464bf0f850ac5c8 /WireGuardNetworkExtension/PacketTunnelProvider.swift
parent: Added validation before saving any tunnels (diff)
download: wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.tar.xz
wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.zip
1 files changed, 23 insertions, 20 deletions
diff --git a/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuardNetworkExtension/PacketTunnelProvider.swift
index d4ae9e3..4963ff4 100644
--- a/WireGuardNetworkExtension/PacketTunnelProvider.swift
+++ b/WireGuardNetworkExtension/PacketTunnelProvider.swift
@@ -34,34 +34,37 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         let endpoints = config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? ""
         let addresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").split(separator: ",")
 
-        settings.split(separator: "\n").forEach {os_log("Tunnel config: %{public}s", log: Log.general, type: .info, String($0))}
+        let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
+        let validatedAddresses = addresses.compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 }
 
         if wireGuardWrapper.turnOn(withInterfaceName: interfaceName, settingsString: settings) {
-            //TODO: Hardcoded values for addresses
+            //TODO: Hardcoded values for tunnelRemoteAddress
+            let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
+            newSettings.tunnelOverheadBytes = 80
+
             // IPv4 settings
-            let ipv4Settings = NEIPv4Settings(addresses: ["10.50.10.171"], subnetMasks: ["255.255.224.0"])
-            ipv4Settings.includedRoutes = [NEIPv4Route.default()]
-            let validatedEndpoints = endpoints.split(separator: ",").compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0}
-            ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
-                NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
+            let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4}
+            if validatedIPv4Addresses.count > 0 {
+                let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString })
+                ipv4Settings.includedRoutes = [NEIPv4Route.default()]
+                ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map {
+                    NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")}
+
+                newSettings.ipv4Settings = ipv4Settings
+            }
 
             // IPv6 settings
-            //TODO: Hardcoded values for address
-            let ipv6Settings = NEIPv6Settings(addresses: ["2607:f938:3001:4000::aac"], networkPrefixLengths: [64])
-            ipv6Settings.includedRoutes = [NEIPv6Route.default()]
-            ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
+            let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6}
+            if validatedIPv6Addresses.count > 0 {
+                let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) })
+                ipv6Settings.includedRoutes = [NEIPv6Route.default()]
+                ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6}.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 0)}
 
-            //TODO: Hardcoded values for tunnelRemoteAddress
-            let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "149.248.160.60")
+                newSettings.ipv6Settings = ipv6Settings
+            }
 
-            newSettings.ipv4Settings = ipv4Settings
-            //TODO apply IPv6
-//            newSettings.ipv6Settings = ipv6Settings
-            newSettings.tunnelOverheadBytes = 80
             if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String {
-                var splitDnsEntries = dns.split(separator: ",").map {String($0)}
-                //TODO apple IPv6 DNS
-//                splitDnsEntries.append("2606:ed00:2:babe::2")
+                let splitDnsEntries = dns.split(separator: ",").map {String($0)}
                 let dnsSettings = NEDNSSettings(servers: splitDnsEntries)
                 newSettings.dnsSettings = dnsSettings
             }
author	Jeroen Leenarts <jeroen.leenarts@gmail.com>	2018-08-16 21:26:24 +0200
committer	Jeroen Leenarts <jeroen.leenarts@gmail.com>	2018-08-16 21:26:24 +0200
commit	d341c8e8e8e50b70dcc1496f907fc626aafa6c3c (patch)
tree	cefcd619e36f65acdf7565faf464bf0f850ac5c8 /WireGuardNetworkExtension/PacketTunnelProvider.swift
parent	Added validation before saving any tunnels (diff)
download	wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.tar.xz wireguard-apple-d341c8e8e8e50b70dcc1496f907fc626aafa6c3c.zip