From 813dea69026c2853425513f776a9a7d5eb8676ce Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sat, 25 May 2019 13:48:51 +0200 Subject: NetworkExtension: use excludedRoutes instead of binding on iOS The networking stack there is to flaky and the notifier doesn't always fire correctly. Hopefully excludedRoutes works well with XLAT; otherwise we're in trouble. Signed-off-by: Jason A. Donenfeld --- .../PacketTunnelProvider.swift | 3 ++- .../PacketTunnelSettingsGenerator.swift | 23 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift index c4fefd4..9aa466f 100644 --- a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift +++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift @@ -147,7 +147,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider { if let packetTunnelSettingsGenerator = packetTunnelSettingsGenerator { _ = packetTunnelSettingsGenerator.endpointUapiConfiguration().withGoString { return wgSetConfig(handle, $0) } } - #endif + #elseif os(macOS) var interfaces = path.availableInterfaces if let ifname = ifname { interfaces = interfaces.filter { $0.name != ifname } @@ -155,6 +155,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider { if let ifscope = interfaces.first?.index { wgBindInterfaceScope(handle, Int32(ifscope)) } + #endif } } diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift index a4ff7dd..cc491af 100644 --- a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift +++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift @@ -97,13 +97,16 @@ class PacketTunnelSettingsGenerator { let (ipv4Routes, ipv6Routes) = routes() let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes() + let (ipv4ExcludedRoutes, ipv6ExcludedRoutes) = excludedRoutes() let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask }) ipv4Settings.includedRoutes = ipv4IncludedRoutes + ipv4Settings.excludedRoutes = ipv4ExcludedRoutes networkSettings.ipv4Settings = ipv4Settings let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength }) ipv6Settings.includedRoutes = ipv6IncludedRoutes + ipv6Settings.excludedRoutes = ipv6ExcludedRoutes networkSettings.ipv6Settings = ipv6Settings return networkSettings @@ -153,4 +156,24 @@ class PacketTunnelSettingsGenerator { } return (ipv4IncludedRoutes, ipv6IncludedRoutes) } + private func excludedRoutes() -> ([NEIPv4Route]?, [NEIPv6Route]?) { + #if os(macOS) + return (nil, nil) + #elseif os(iOS) + var ipv4ExcludedRoutes = [NEIPv4Route]() + var ipv6ExcludedRoutes = [NEIPv6Route]() + for endpoint in resolvedEndpoints { + guard let host = endpoint?.host else { continue } + switch host { + case .ipv4(let v4): + ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(v4)", subnetMask: "255.255.255.255")) + case .ipv6(let v6): + ipv6ExcludedRoutes.append(NEIPv6Route(destinationAddress: "\(v6)", networkPrefixLength: 128)) + default: + continue + } + } + return (ipv4ExcludedRoutes, ipv6ExcludedRoutes) + #endif + } } -- cgit v1.2.3-59-g8ed1b