aboutsummaryrefslogtreecommitdiffstats
path: root/Sources/WireGuardKit (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Kit: Adapter: use more reliable utun detection techniqueJason A. Donenfeld2021-06-161-3/+24
| | | | | | | | | | | | | | | Rather than hoping that the AF_SYSTEM fd is of type utun, and then calling "2" on it to get the name -- which could be defined as something else for a different AF_SYSTEM socket type -- instead simply query the AF_SYSTEM control socket ID with getpeername. This has one catch, which is that the ID is dynamically allocated, so we resolve it using the qualified name. Normally we'd make a new AF_SYSTEM socket for this, but since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket that we're checking. At this point in the flow, we know that it's a proper AF_SYSTEM one, based on the first sockaddr member; we just don't know that it's a utun variety. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kit: Adapter: iterate through all FDs to find UTUNJason A. Donenfeld2021-06-161-1/+8
| | | | | | | | | | | | This is a bit of a kludge, until I find something better. We simply iterate through all FDs, and call getsockopt on each one until we find the utun FD. This works, and completes rather quickly (fd is usually 6 or 7). Rather than maintain the old path for older kernels, just use this for all versions, to get more coverage. Other techniques involve undocumented APIs; this one has the advantage of using nothing undocumented. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* SPM: update exclude rulesAndrej Mihajlov2021-06-161-1/+1
| | | | | | Fixes missing excluded file warning in Xcode. api-ios.go was renamed to api-apple.go. Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* Kit: Go: bump to latest APIJason A. Donenfeld2021-03-091-10/+12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kit: netcfg: add explicit IP mask routesJason A. Donenfeld2021-01-012-18/+67
| | | | | | | | | | | | macOS will use the wrong source address unless we add explicit routes that mention the self-pointing gateway. Actually, it won't add any implicit routes on its own, so in order to route the masks of the addresses, we have to add our own routes explicitly. However, this still doesn't fix the problem while inside of the network extension, even though it works outside it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kit: do not crash on [abcd::] with missing portJason A. Donenfeld2020-12-231-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kit: Adapter: do not treat NE settings timeouts as fatalJason A. Donenfeld2020-12-171-4/+1
| | | | | | | | | | The general Network Extension framework is incredibly buggy, and a timeout when setting the network settings does not necessarily imply that the whole operation failed. Simply log the condition and move on. This restores the app's old behavior. Reported-by: Filipe Mendonça <cfilipem@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kit: PacketTunnelSettingsGenerator: do not require DNS queries if no DNSJason A. Donenfeld2020-12-171-5/+9
| | | | | | | | | | | | | | | | | | | | Prior, we would set matchDomains=[""] even if the user didn't provide any DNS servers. This was kind of incoherent, but I guess we had in mind some kind of non-sensical leakproof scheme that never really worked anyway. NetworkExtension didn't like this, so setTunnelNetworkSettings would, rather than return an error, simply timeout and never call its callback function. But everything worked fine, so we had code in the UI to check to make sure everything was okay after 5 seconds or so of no callback. Recent changes made the timeout fatal on the network extension side, so rather than succeed, configs with no DNS server started erroring out, causing user reports. This commit attempts to handle the root cause of the timeout issue by not twiddling with DNS settings if no DNS server was specified. For now, however, it leaves the hard-timeout semantics in place. Reported-by: Filipe Mendonça <cfilipem@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: support DNS search domainsJason A. Donenfeld2020-12-152-1/+4
| | | | | | | This has been supported by Windows and Linux for quite some time. Add support here for iOS and macOS. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* WireGuardKitGo: update to latest wireguard-go tagJason A. Donenfeld2020-12-151-7/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* WireGuardKit: Let wireguard-go backend run in offline on macOSAndrej Mihajlov2020-12-111-3/+8
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* WireGuardKit: Conditionally turn on/off wireguard-goAndrej Mihajlov2020-12-113-106/+213
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* global: fix remaining swiftlint violationsJason A. Donenfeld2020-12-091-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump year in headerJason A. Donenfeld2020-12-0412-12/+12
| | | | | | A bit overdue, but better late than never. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* WireGuardKit: Delegate IPv*Address initialization to self.initAndrej Mihajlov2020-12-041-10/+2
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* WireGuardKit: Log XLAT resolution errorsAndrej Mihajlov2020-12-042-5/+20
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* WireGuadKit: Rename WireGuardAdapter.version -> .backendVersion & remove `var wireGuardVersion` with WireGuardKit.swiftAndrej Mihajlov2020-12-042-9/+1
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* WireGuardApp: integrate WireGuardKit sources directlyAndrej Mihajlov2020-12-033-0/+9
| | | | Signed-off-by: Andrej Mihajlov <and@mullvad.net>
* WireGuardKit: Rename WireGuardKitSwift -> WireGuardKitAndrej Mihajlov2020-12-0313-0/+1146
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.