| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
| |
- Rename WireGuardNetworkExtension.entitlements to WireGuardNetworkExtension_iOS.entitlements
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Build using common network extension code
- Add run scripts
- Set Info.plist to common network extension's Info.plist
- Move entitlements to common network extension folder
- Remove Xcode-generated macOS network extension code
- Set Swift-Obj-C bridging header
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
|
| |
It turns out that using 0.0.0.0 somehow conflicts with DNS lookups when
CLAT is in use.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.
But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.
Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This can be reverted once we've done more testing.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
|
| |
When handling network path changes, change the listen port
only when the first interface has changed.
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The solution implemented in commit b8c331c causes the tunnel to
remain in 'Activating' state, without the ability to cancel that.
So, in this commit, instead of retrying DNS silently on
Activated-On-Demand tunnels, we fail the startTunnel() silently.
To summarize, if activate-on-demand is on:
- If started from the WireGuard app, show error using lastErrorFile
mechanism, suggesting a way to turn off Activate On Demand
- If not started from WireGuard app, don't call displayMessage()
(don't show error to user) and silently fail starting the tunnel
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
This combination causes iOS to keep trying to bring up the tunnel,
leading to a lot of displayMessage() alerts.
In this fix, if we get a DNS resolution error in an Activate On Demand
enabled tunnel, we silently retry 9 times (with a 4-second delay before
each retry) and then show the displayMessage() alert.
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
|
|
|
| |
This was roop's initial idea, and it turns out to be the better one, now
that we can pass cstrings more easily.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
All swiftlint warnings except one fixed up
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This reverts all of Roop's changes to the C code, and then rewrites the
logger logic to be cleaner.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Roopesh Chander <roop@roopc.net>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
| |
|
|
| |
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
|
Roopesh Chander
Jason A. Donenfeld
Eric Kuck