aboutsummaryrefslogtreecommitdiffstats
path: root/WireGuard/WireGuardNetworkExtension (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ringlogger: support mpsc for singlefileJason A. Donenfeld2019-03-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Global: fix swiftlint issuesJason A. Donenfeld2019-02-081-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Info.plist: Add missing key types0.0.20190207-1Jason A. Donenfeld2019-02-081-0/+2
| | | | | | | | I worry that LSMinimumSystemVersion in the extension's plist might be problematic, since that same plist runs on macOS and iOS. We _might_ need to bifurcate. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Key: Use C implementation insteadJason A. Donenfeld2019-02-081-0/+1
| | | | | | | Swift compiles so slowly and it's unclear all of the insane type punning was even correct. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Key: Constant time encodingJason A. Donenfeld2019-02-081-12/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* PacketTunnelProvider: proper fix for 32073323Jason A. Donenfeld2019-02-071-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Keychain: store configurations in keychain instead of providerConfigJason A. Donenfeld2019-02-061-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Tunnel: support getting runtime configurationJason A. Donenfeld2019-01-241-0/+18
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* macOS: remove mobile network tweeksJason A. Donenfeld2019-01-222-2/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Better os() directivesRoopesh Chander2019-01-221-1/+3
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* macOS: Use tunnelOverheadBytes for automatic MTU in macOSRoopesh Chander2019-01-161-4/+8
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* macOS: NE: Add entitlements for making network connectionsRoopesh Chander2019-01-141-0/+4
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* Make app groups work on both iOS and macOSRoopesh Chander2019-01-142-3/+9
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* iOS: Fix WireGuardNetworkExtensioniOS targetRoopesh Chander2019-01-141-0/+0
| | | | | | - Rename WireGuardNetworkExtension.entitlements to WireGuardNetworkExtension_iOS.entitlements Signed-off-by: Roopesh Chander <roop@roopc.net>
* macOS: Fix WireGuardNetworkExtensionmacOS targetRoopesh Chander2019-01-141-0/+12
| | | | | | | | | | | - Build using common network extension code - Add run scripts - Set Info.plist to common network extension's Info.plist - Move entitlements to common network extension folder - Remove Xcode-generated macOS network extension code - Set Swift-Obj-C bridging header Signed-off-by: Roopesh Chander <roop@roopc.net>
* xcconfig: Make app id platform-specificRoopesh Chander2019-01-142-2/+2
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* PacketTunnelSettingsGenerator: use 127.0.0.1 as dummy addressJason A. Donenfeld2019-01-081-3/+1
| | | | | | | It turns out that using 0.0.0.0 somehow conflicts with DNS lookups when CLAT is in use. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Avoid dynamic MTU calculations for nowJason A. Donenfeld2019-01-071-5/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update copyrightJason A. Donenfeld2019-01-074-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Rework DNS and routes in network extensionJason A. Donenfeld2018-12-283-92/+77
| | | | | | | | | | | | | | | | | The DNS resolver prior had useless comments, awful nesting, converted bytes into strings and back into bytes, and generally made no sense. That's been rewritten now. But more fundumentally, this commit made the DNS resolver actually accomplish its objective, by passing AI_ALL to it. It turns out, though, that the Go library isn't actually using GAI in the way we need for parsing IP addresses, so we actually need to do another round, this time with hints flag as zero, so that we get the DNS64 address. Additionally, since we're now binding sockets to interfaces, we can entirely remove the excludedRoutes logic. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* NetworkExtension: rescope socket instead of tearing down socketJason A. Donenfeld2018-12-262-21/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Rely on availability of fd only after setting network settingsJason A. Donenfeld2018-12-221-29/+24
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Retain aggressive socket reestablishment for nowJason A. Donenfeld2018-12-221-1/+2
| | | | | | This can be reverted once we've done more testing. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* All models now EquatableEric Kuck2018-12-211-0/+4
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Do not crash if we can't get socket.fileDescriptorJason A. Donenfeld2018-12-221-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Removing a tunnel from iOS's settings is now immediately reflected in appEric Kuck2018-12-211-4/+0
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Localize remaining strings in network extensionJason A. Donenfeld2018-12-222-33/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Combine double log invocationsJason A. Donenfeld2018-12-221-3/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Move name from interface to tunnelJason A. Donenfeld2018-12-221-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Nuke trailing spacesJason A. Donenfeld2018-12-212-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* providerConfiguration is now a WgQuickConfigEric Kuck2018-12-211-2/+1
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Do not require NetworkExtension to know its own nameJason A. Donenfeld2018-12-212-15/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Get rid of superflous isActivateOnDemandEnabled keyJason A. Donenfeld2018-12-212-32/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Updated NETunnelProvider save formatEric Kuck2018-12-212-7/+5
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* NE: simplify logicJason A. Donenfeld2018-12-212-46/+27
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* NE: Simplify DNS resolutionRoopesh Chander2018-12-212-23/+6
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* NE: Update listen port only when first interface changesRoopesh Chander2018-12-212-4/+27
| | | | | | | When handling network path changes, change the listen port only when the first interface has changed. Signed-off-by: Roopesh Chander <roop@roopc.net>
* NE: Change handling of bad domain names and Activate On DemandRoopesh Chander2018-12-212-42/+30
| | | | | | | | | | | | | | | | The solution implemented in commit b8c331c causes the tunnel to remain in 'Activating' state, without the ability to cancel that. So, in this commit, instead of retrying DNS silently on Activated-On-Demand tunnels, we fail the startTunnel() silently. To summarize, if activate-on-demand is on: - If started from the WireGuard app, show error using lastErrorFile mechanism, suggesting a way to turn off Activate On Demand - If not started from WireGuard app, don't call displayMessage() (don't show error to user) and silently fail starting the tunnel Signed-off-by: Roopesh Chander <roop@roopc.net>
* Enabled more swiftlint rulesEric Kuck2018-12-202-2/+2
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* NE: Log whether tunnel was activated from the app or notRoopesh Chander2018-12-191-0/+6
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* Remove non-helpful commentsRoopesh Chander2018-12-191-2/+0
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* NE: Handle bad domain names and Activate On DemandRoopesh Chander2018-12-192-15/+50
| | | | | | | | | | | This combination causes iOS to keep trying to bring up the tunnel, leading to a lot of displayMessage() alerts. In this fix, if we get a DNS resolution error in an Activate On Demand enabled tunnel, we silently retry 9 times (with a 4-second delay before each retry) and then show the displayMessage() alert. Signed-off-by: Roopesh Chander <roop@roopc.net>
* NE: No need for two startTunnel() methodsRoopesh Chander2018-12-191-5/+1
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* Got TunnelsManager back under the max file length by splitting out NEVPNStatus+CustomStringConvertibleEric Kuck2018-12-161-13/+2
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Most similar views now shared between ViewControllersEric Kuck2018-12-141-1/+1
| | | | Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Simplify logging tagsJason A. Donenfeld2018-12-141-1/+1
| | | | | | | This was roop's initial idea, and it turns out to be the better one, now that we can pass cstrings more easily. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* NE: Communicate last error to app through a shared fileRoopesh Chander2018-12-142-13/+42
| | | | Signed-off-by: Roopesh Chander <roop@roopc.net>
* Localize swiftlintJason A. Donenfeld2018-12-131-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Reorganized ViewControllers (split out UIViews and UITableViewCells into their own classes)Eric Kuck2018-12-132-1/+4
| | | | | | All swiftlint warnings except one fixed up Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
* Avoid escaping heap allocationJason A. Donenfeld2018-12-131-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>