diff options
author | Roopesh Chander <roop@roopc.net> | 2018-10-13 06:25:43 +0530 |
---|---|---|
committer | Roopesh Chander <roop@roopc.net> | 2018-10-27 15:13:01 +0530 |
commit | dd672d3dacfbb7974add2f40d836e51535a339a1 (patch) | |
tree | e57469bdf434f2f995cd9ffb155728a6f9dfc36a /WireGuardNetworkExtension | |
parent | Use APP_ID in xcconfig rather than PRODUCT_BUNDLE_IDENTIFIER (diff) | |
download | wireguard-apple-dd672d3dacfbb7974add2f40d836e51535a339a1.tar.xz wireguard-apple-dd672d3dacfbb7974add2f40d836e51535a339a1.zip |
Prepare for rewrite: Move WireGuardNetworkExtension into the new project folder
Signed-off-by: Roopesh Chander <roop@roopc.net>
Diffstat (limited to 'WireGuardNetworkExtension')
5 files changed, 0 insertions, 311 deletions
diff --git a/WireGuardNetworkExtension/Info.plist b/WireGuardNetworkExtension/Info.plist deleted file mode 100644 index 497cce6..0000000 --- a/WireGuardNetworkExtension/Info.plist +++ /dev/null @@ -1,31 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>CFBundleDevelopmentRegion</key> - <string>$(DEVELOPMENT_LANGUAGE)</string> - <key>CFBundleDisplayName</key> - <string>WireGuardNetworkExtension</string> - <key>CFBundleExecutable</key> - <string>$(EXECUTABLE_NAME)</string> - <key>CFBundleIdentifier</key> - <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> - <key>CFBundleInfoDictionaryVersion</key> - <string>6.0</string> - <key>CFBundleName</key> - <string>$(PRODUCT_NAME)</string> - <key>CFBundlePackageType</key> - <string>XPC!</string> - <key>CFBundleShortVersionString</key> - <string>1.0</string> - <key>CFBundleVersion</key> - <string>1</string> - <key>NSExtension</key> - <dict> - <key>NSExtensionPointIdentifier</key> - <string>com.apple.networkextension.packet-tunnel</string> - <key>NSExtensionPrincipalClass</key> - <string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string> - </dict> -</dict> -</plist> diff --git a/WireGuardNetworkExtension/Log.swift b/WireGuardNetworkExtension/Log.swift deleted file mode 100644 index 40e097f..0000000 --- a/WireGuardNetworkExtension/Log.swift +++ /dev/null @@ -1,9 +0,0 @@ -// -// Copyright © 2018 WireGuard LLC. All rights reserved. -// - -import os.log - -struct Log { - static var general = OSLog(subsystem: "com.wireguard.ios.network-extension", category: "general") -} diff --git a/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuardNetworkExtension/PacketTunnelProvider.swift deleted file mode 100644 index 1480abc..0000000 --- a/WireGuardNetworkExtension/PacketTunnelProvider.swift +++ /dev/null @@ -1,247 +0,0 @@ -// -// Copyright © 2018 WireGuard LLC. All rights reserved. -// - -import NetworkExtension -import os.log - -enum PacketTunnelProviderError: Error { - case tunnelSetupFailed -} - -/// A packet tunnel provider object. -class PacketTunnelProvider: NEPacketTunnelProvider { - - // MARK: Properties - - private var wgHandle: Int32? - private var wgContext: WireGuardContext? - - private var config: NETunnelProviderProtocol { - return self.protocolConfiguration as! NETunnelProviderProtocol // swiftlint:disable:this force_cast - } - - private var interfaceName: String { - return config.providerConfiguration![PCKeys.title.rawValue]! as! String // swiftlint:disable:this force_cast - } - - private var settings: String { - return config.providerConfiguration![PCKeys.settings.rawValue]! as! String // swiftlint:disable:this force_cast - } - - // MARK: NEPacketTunnelProvider - - /// Begin the process of establishing the tunnel. - override func startTunnel(options: [String: NSObject]?, completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) { - os_log("Starting tunnel", log: Log.general, type: .info) - - let validatedEndpoints = (config.providerConfiguration?[PCKeys.endpoints.rawValue] as? String ?? "").commaSeparatedToArray().compactMap { try? Endpoint(endpointString: String($0)) }.compactMap {$0} - let validatedAddresses = (config.providerConfiguration?[PCKeys.addresses.rawValue] as? String ?? "").commaSeparatedToArray().compactMap { try? CIDRAddress(stringRepresentation: String($0)) }.compactMap { $0 } - - guard let firstEndpoint = validatedEndpoints.first else { - startTunnelCompletionHandler(PacketTunnelProviderError.tunnelSetupFailed) - return - } - - configureLogger() - wgContext = WireGuardContext(packetFlow: self.packetFlow) - - let handle = connect(interfaceName: interfaceName, settings: settings) - - if handle < 0 { - startTunnelCompletionHandler(PacketTunnelProviderError.tunnelSetupFailed) - return - } - - wgHandle = handle - - // We use the first endpoint for the ipAddress - let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: firstEndpoint.ipAddress) - newSettings.tunnelOverheadBytes = 80 - - // IPv4 settings - let validatedIPv4Addresses = validatedAddresses.filter { $0.addressType == .IPv4} - if validatedIPv4Addresses.count > 0 { - let ipv4Settings = NEIPv4Settings(addresses: validatedIPv4Addresses.map { $0.ipAddress }, subnetMasks: validatedIPv4Addresses.map { $0.subnetString }) - ipv4Settings.includedRoutes = [NEIPv4Route.default()] - ipv4Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv4}.map { - NEIPv4Route(destinationAddress: $0.ipAddress, subnetMask: "255.255.255.255")} - - newSettings.ipv4Settings = ipv4Settings - } - - // IPv6 settings - let validatedIPv6Addresses = validatedAddresses.filter { $0.addressType == .IPv6} - if validatedIPv6Addresses.count > 0 { - let ipv6Settings = NEIPv6Settings(addresses: validatedIPv6Addresses.map { $0.ipAddress }, networkPrefixLengths: validatedIPv6Addresses.map { NSNumber(value: $0.subnet) }) - ipv6Settings.includedRoutes = [NEIPv6Route.default()] - ipv6Settings.excludedRoutes = validatedEndpoints.filter { $0.addressType == .IPv6 }.map { NEIPv6Route(destinationAddress: $0.ipAddress, networkPrefixLength: 128) } - - newSettings.ipv6Settings = ipv6Settings - } - - if let dns = config.providerConfiguration?[PCKeys.dns.rawValue] as? String { - newSettings.dnsSettings = NEDNSSettings(servers: dns.commaSeparatedToArray()) - } - - if let mtu = config.providerConfiguration![PCKeys.mtu.rawValue] as? NSNumber, mtu.intValue > 0 { - newSettings.mtu = mtu - } - - setTunnelNetworkSettings(newSettings) { (error) in - if let error = error { - os_log("Error setting network settings: %s", log: Log.general, type: .error, error.localizedDescription) - startTunnelCompletionHandler(PacketTunnelProviderError.tunnelSetupFailed) - } else { - startTunnelCompletionHandler(nil /* No errors */) - } - } - } - - /// Begin the process of stopping the tunnel. - override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { - os_log("Stopping tunnel", log: Log.general, type: .info) - if let handle = wgHandle { - wgTurnOff(handle) - } - wgContext?.closeTunnel() - completionHandler() - } - - /// Handle IPC messages from the app. - override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) { - let responseData: Data? - - let message = ExtensionMessage(messageData) - - switch message { - case ExtensionMessage.requestVersion: - responseData = (wgVersion().flatMap { String(cString: $0) } ?? "").data(using: .utf8) - default: - responseData = nil - } - - completionHandler?(responseData) - } - - private func configureLogger() { - wgSetLogger { (level, tagCStr, msgCStr) in - let logType: OSLogType - switch level { - case 0: - logType = .debug - case 1: - logType = .info - case 2: - logType = .error - default: - logType = .default - } - let tag = (tagCStr != nil) ? String(cString: tagCStr!) : "" - let msg = (msgCStr != nil) ? String(cString: msgCStr!) : "" - os_log("wg log: %{public}s: %{public}s", log: Log.general, type: logType, tag, msg) - } - } - - private func connect(interfaceName: String, settings: String) -> Int32 { // swiftlint:disable:this cyclomatic_complexity - return withStringsAsGoStrings(interfaceName, settings) { (nameGoStr, settingsGoStr) -> Int32 in - return withUnsafeMutablePointer(to: &wgContext) { (wgCtxPtr) -> Int32 in - return wgTurnOn(nameGoStr, settingsGoStr, { (wgCtxPtr, buf, len) -> Int in - autoreleasepool { - // read_fn: Read from the TUN interface and pass it on to WireGuard - guard let wgCtxPtr = wgCtxPtr else { return 0 } - guard let buf = buf else { return 0 } - let wgContext = wgCtxPtr.bindMemory(to: WireGuardContext.self, capacity: 1).pointee - var isTunnelClosed = false - guard let packet = wgContext.readPacket(isTunnelClosed: &isTunnelClosed) else { return 0 } - if isTunnelClosed { return -1 } - let packetData = packet.data - if packetData.count <= len { - packetData.copyBytes(to: buf, count: packetData.count) - return packetData.count - } - return 0 - } - }, { (wgCtxPtr, buf, len) -> Int in - autoreleasepool { - // write_fn: Receive packets from WireGuard and write to the TUN interface - guard let wgCtxPtr = wgCtxPtr else { return 0 } - guard let buf = buf else { return 0 } - guard len > 0 else { return 0 } - let wgContext = wgCtxPtr.bindMemory(to: WireGuardContext.self, capacity: 1).pointee - let ipVersionBits = (buf[0] & 0xf0) >> 4 - let ipVersion: sa_family_t? = { - if ipVersionBits == 4 { return sa_family_t(AF_INET) } // IPv4 - if ipVersionBits == 6 { return sa_family_t(AF_INET6) } // IPv6 - return nil - }() - guard let protocolFamily = ipVersion else { fatalError("Unknown IP version") } - let packet = NEPacket(data: Data(bytes: buf, count: len), protocolFamily: protocolFamily) - var isTunnelClosed = false - let isWritten = wgContext.writePacket(packet: packet, isTunnelClosed: &isTunnelClosed) - if isTunnelClosed { return -1 } - if isWritten { - return len - } - return 0 - } - }, - wgCtxPtr) - } - } - } -} - -class WireGuardContext { - private var packetFlow: NEPacketTunnelFlow - private var outboundPackets: [NEPacket] = [] - private var isTunnelClosed: Bool = false - private var readPacketCondition = NSCondition() - - init(packetFlow: NEPacketTunnelFlow) { - self.packetFlow = packetFlow - } - - func closeTunnel() { - isTunnelClosed = true - readPacketCondition.signal() - } - - func packetsRead(packets: [NEPacket]) { - readPacketCondition.lock() - outboundPackets.append(contentsOf: packets) - readPacketCondition.unlock() - readPacketCondition.signal() - } - - func readPacket(isTunnelClosed: inout Bool) -> NEPacket? { - if outboundPackets.isEmpty { - readPacketCondition.lock() - packetFlow.readPacketObjects(completionHandler: packetsRead) - while outboundPackets.isEmpty && !self.isTunnelClosed { - readPacketCondition.wait() - } - readPacketCondition.unlock() - } - isTunnelClosed = self.isTunnelClosed - if !outboundPackets.isEmpty { - return outboundPackets.removeFirst() - } - return nil - } - - func writePacket(packet: NEPacket, isTunnelClosed: inout Bool) -> Bool { - isTunnelClosed = self.isTunnelClosed - return packetFlow.writePacketObjects([packet]) - } -} - -private func withStringsAsGoStrings<R>(_ str1: String, _ str2: String, closure: (gostring_t, gostring_t) -> R) -> R { - return str1.withCString { (s1cStr) -> R in - let gstr1 = gostring_t(p: s1cStr, n: str1.utf8.count) - return str2.withCString { (s2cStr) -> R in - let gstr2 = gostring_t(p: s2cStr, n: str2.utf8.count) - return closure(gstr1, gstr2) - } - } -} diff --git a/WireGuardNetworkExtension/WireGuardNetworkExtension-Bridging-Header.h b/WireGuardNetworkExtension/WireGuardNetworkExtension-Bridging-Header.h deleted file mode 100644 index 8bfc34a..0000000 --- a/WireGuardNetworkExtension/WireGuardNetworkExtension-Bridging-Header.h +++ /dev/null @@ -1,6 +0,0 @@ -// -// Use this file to import your target's public headers that you would like to expose to Swift. -// - -#import "../wireguard-go-bridge/wireguard.h" - diff --git a/WireGuardNetworkExtension/WireGuardNetworkExtension.entitlements b/WireGuardNetworkExtension/WireGuardNetworkExtension.entitlements deleted file mode 100644 index a4774c6..0000000 --- a/WireGuardNetworkExtension/WireGuardNetworkExtension.entitlements +++ /dev/null @@ -1,18 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>com.apple.developer.networking.networkextension</key> - <array> - <string>packet-tunnel-provider</string> - </array> - <key>com.apple.security.application-groups</key> - <array> - <string>group.com.wireguard.ios</string> - </array> - <key>keychain-access-groups</key> - <array> - <string>$(AppIdentifierPrefix)com.wireguard.ios</string> - </array> -</dict> -</plist> |