disabled_rules:
- line_length
- trailing_whitespace
+ - todo
opt_in_rules:
- unneeded_parentheses_in_closure_argument
# - trailing_closure
struct InterfaceConfiguration: Codable {
var name: String
var privateKey: Data
- var addresses: [IPAddressRange] = []
+ var addresses = [IPAddressRange]()
var listenPort: UInt16?
var mtu: UInt16?
- var dns: [DNSServer] = []
+ var dns = [DNSServer]()
init(name: String, privateKey: Data) {
self.name = name
}
}
}
- var allowedIPs: [IPAddressRange] = []
+ var allowedIPs = [IPAddressRange]()
var endpoint: Endpoint?
var persistentKeepAlive: UInt16?
default: return nil
}
}()
- guard let ipAddress = ipAddressFromData else {
- throw DecodingError.invalidData
- }
+ guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData }
address = ipAddress
}
enum DecodingError: Error {
} else {
attributes[key] = value
}
- } else {
- if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" {
- throw ParseError.invalidLine(line)
- }
+ } else if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" {
+ throw ParseError.invalidLine(line)
}
- let isLastLine = (lineIndex == lines.count - 1)
+ let isLastLine = lineIndex == lines.count - 1
if isLastLine || lowercasedLine == "[interface]" || lowercasedLine == "[peer]" {
// Previous section has ended; process the attributes collected so far
}
// wg-quick fields
if let addressesString = attributes["address"] {
- var addresses: [IPAddressRange] = []
+ var addresses = [IPAddressRange]()
for addressString in addressesString.split(separator: ",") {
let trimmedString = addressString.trimmingCharacters(in: .whitespaces)
guard let address = IPAddressRange(from: trimmedString) else { return nil }
interface.addresses = addresses
}
if let dnsString = attributes["dns"] {
- var dnsServers: [DNSServer] = []
+ var dnsServers = [DNSServer]()
for dnsServerString in dnsString.split(separator: ",") {
let trimmedString = dnsServerString.trimmingCharacters(in: .whitespaces)
guard let dnsServer = DNSServer(from: trimmedString) else { return nil }
peer.preSharedKey = preSharedKey
}
if let allowedIPsString = attributes["allowedips"] {
- var allowedIPs: [IPAddressRange] = []
+ var allowedIPs = [IPAddressRange]()
for allowedIPString in allowedIPsString.split(separator: ",") {
let trimmedString = allowedIPString.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
guard let allowedIP = IPAddressRange(from: trimmedString) else { return nil }
static let keyLengthInBase64 = 44
class InterfaceData {
- var scratchpad: [InterfaceField: String] = [:]
- var fieldsWithError: Set<InterfaceField> = []
+ var scratchpad = [InterfaceField: String]()
+ var fieldsWithError = Set<InterfaceField>()
var validatedConfiguration: InterfaceConfiguration?
subscript(field: InterfaceField) -> String {
return .error("Interface's private key must be a 32-byte key in base64 encoding")
}
var config = InterfaceConfiguration(name: name, privateKey: privateKey)
- var errorMessages: [String] = []
+ var errorMessages = [String]()
if let addressesString = scratchpad[.addresses] {
- var addresses: [IPAddressRange] = []
+ var addresses = [IPAddressRange]()
for addressString in addressesString.split(separator: ",") {
let trimmedString = addressString.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
if let address = IPAddressRange(from: trimmedString) {
}
}
if let dnsString = scratchpad[.dns] {
- var dnsServers: [DNSServer] = []
+ var dnsServers = [DNSServer]()
for dnsServerString in dnsString.split(separator: ",") {
let trimmedString = dnsServerString.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
if let dnsServer = DNSServer(from: trimmedString) {
class PeerData {
var index: Int
- var scratchpad: [PeerField: String] = [:]
- var fieldsWithError: Set<PeerField> = []
+ var scratchpad = [PeerField: String]()
+ var fieldsWithError = Set<PeerField>()
var validatedConfiguration: PeerConfiguration?
// For exclude private IPs
- var shouldAllowExcludePrivateIPsControl: Bool = false /* Read-only from the VC's point of view */
- var excludePrivateIPsValue: Bool = false /* Read-only from the VC's point of view */
- fileprivate var numberOfPeers: Int = 0
+ private(set) var shouldAllowExcludePrivateIPsControl = false
+ private(set) var excludePrivateIPsValue = false
+ fileprivate var numberOfPeers = 0
init(index: Int) {
self.index = index
return .error("Peer's public key must be a 32-byte key in base64 encoding")
}
var config = PeerConfiguration(publicKey: publicKey)
- var errorMessages: [String] = []
+ var errorMessages = [String]()
if let preSharedKeyString = scratchpad[.preSharedKey] {
if let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength {
config.preSharedKey = preSharedKey
}
}
if let allowedIPsString = scratchpad[.allowedIPs] {
- var allowedIPs: [IPAddressRange] = []
+ var allowedIPs = [IPAddressRange]()
for allowedIPString in allowedIPsString.split(separator: ",") {
let trimmedString = allowedIPString.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines)
if let allowedIP = IPAddressRange(from: trimmedString) {
let ipv6Addresses = allowedIPStrings.filter { $0.contains(":") }
let modifiedAllowedIPStrings: [String]
if isOn {
- modifiedAllowedIPStrings = ipv6Addresses +
- TunnelViewModel.PeerData.ipv4DefaultRouteModRFC1918String + dnsServerStrings
+ modifiedAllowedIPStrings = ipv6Addresses + TunnelViewModel.PeerData.ipv4DefaultRouteModRFC1918String + dnsServerStrings
} else {
- modifiedAllowedIPStrings = ipv6Addresses +
- [TunnelViewModel.PeerData.ipv4DefaultRouteString]
+ modifiedAllowedIPStrings = ipv6Addresses + [TunnelViewModel.PeerData.ipv4DefaultRouteString]
}
scratchpad[.allowedIPs] = modifiedAllowedIPStrings.joined(separator: ", ")
validatedConfiguration = nil // The configuration has been modified, and needs to be saved
init(tunnelConfiguration: TunnelConfiguration?) {
let interfaceData: InterfaceData = InterfaceData()
- var peersData: [PeerData] = []
+ var peersData = [PeerData]()
if let tunnelConfiguration = tunnelConfiguration {
interfaceData.validatedConfiguration = tunnelConfiguration.interface
for (index, peerConfiguration) in tunnelConfiguration.peers.enumerated() {
case .error(let errorMessage):
return .error(errorMessage)
case .saved(let interfaceConfiguration):
- var peerConfigurations: [PeerConfiguration] = []
+ var peerConfigurations = [PeerConfiguration]()
peerConfigurations.reserveCapacity(peerSaveResults.count)
for peerSaveResult in peerSaveResults {
switch peerSaveResult {
import os.log
class ErrorPresenter {
- static func showErrorAlert(error: WireGuardAppError, from sourceVC: UIViewController?,
- onPresented: (() -> Void)? = nil, onDismissal: (() -> Void)? = nil) {
+ static func showErrorAlert(error: WireGuardAppError, from sourceVC: UIViewController?, onPresented: (() -> Void)? = nil, onDismissal: (() -> Void)? = nil) {
guard let sourceVC = sourceVC else { return }
- guard let (title, message) = error.alertText() else { return }
+
+ let (title, message) = error.alertText()
let okAction = UIAlertAction(title: "OK", style: .default) { _ in
onDismissal?()
}
sourceVC.present(alert, animated: true, completion: onPresented)
}
- static func showErrorAlert(title: String, message: String, from sourceVC: UIViewController?,
- onPresented: (() -> Void)? = nil, onDismissal: (() -> Void)? = nil) {
+ static func showErrorAlert(title: String, message: String, from sourceVC: UIViewController?, onPresented: (() -> Void)? = nil, onDismissal: (() -> Void)? = nil) {
guard let sourceVC = sourceVC else { return }
+
let okAction = UIAlertAction(title: "OK", style: .default) { _ in
onDismissal?()
}
let keyLabel: UILabel
let valueLabel: ScrollableLabel
- var isStackedHorizontally: Bool = false
- var isStackedVertically: Bool = false
- var contentSizeBasedConstraints: [NSLayoutConstraint] = []
+ var isStackedHorizontally = false
+ var isStackedVertically = false
+ var contentSizeBasedConstraints = [NSLayoutConstraint]()
override init(style: UITableViewCell.CellStyle, reuseIdentifier: String?) {
keyLabel = UILabel()
}
func configureForContentSize() {
- var constraints: [NSLayoutConstraint] = []
+ var constraints = [NSLayoutConstraint]()
if self.traitCollection.preferredContentSizeCategory.isAccessibilityCategory {
// Stack vertically
if !isStackedVertically {
switch field {
case .publicKey:
cell.placeholderText = "Required"
- case .preSharedKey, .endpoint, .allowedIPs:
+ cell.keyboardType = .default
+ case .preSharedKey, .endpoint:
+ cell.placeholderText = "Optional"
+ cell.keyboardType = .default
+ case .allowedIPs:
cell.placeholderText = "Optional"
+ cell.keyboardType = .numbersAndPunctuation
case .persistentKeepAlive:
cell.placeholderText = "Off"
- case .excludePrivateIPs, .deletePeer:
- break
- }
-
- switch field {
- case .persistentKeepAlive:
cell.keyboardType = .numberPad
- case .allowedIPs:
- cell.keyboardType = .numbersAndPunctuation
- default:
+ case .excludePrivateIPs, .deletePeer:
cell.keyboardType = .default
}
- // Show erroring fields
- cell.isValueValid = (!peerData.fieldsWithError.contains(field))
- // Bind values to view model
+ cell.isValueValid = !peerData.fieldsWithError.contains(field)
cell.value = peerData[field]
- if field != .allowedIPs {
- cell.onValueChanged = { [weak peerData] value in
- peerData?[field] = value
- }
- }
- // Compute state of exclude private IPs live
+
if field == .allowedIPs {
cell.onValueBeingEdited = { [weak self, weak peerData] value in
- if let peerData = peerData, let self = self {
- let oldValue = peerData.shouldAllowExcludePrivateIPsControl
- peerData[.allowedIPs] = value
- if oldValue != peerData.shouldAllowExcludePrivateIPsControl {
- if let row = self.peerFields.firstIndex(of: .excludePrivateIPs) {
- if peerData.shouldAllowExcludePrivateIPsControl {
- self.tableView.insertRows(at: [IndexPath(row: row, section: indexPath.section)], with: .fade)
- } else {
- self.tableView.deleteRows(at: [IndexPath(row: row, section: indexPath.section)], with: .fade)
- }
+ guard let self = self, let peerData = peerData else { return }
+
+ let oldValue = peerData.shouldAllowExcludePrivateIPsControl
+ peerData[.allowedIPs] = value
+ if oldValue != peerData.shouldAllowExcludePrivateIPsControl {
+ if let row = self.peerFields.firstIndex(of: .excludePrivateIPs) {
+ if peerData.shouldAllowExcludePrivateIPsControl {
+ self.tableView.insertRows(at: [IndexPath(row: row, section: indexPath.section)], with: .fade)
+ } else {
+ self.tableView.deleteRows(at: [IndexPath(row: row, section: indexPath.section)], with: .fade)
}
}
}
}
} else {
- cell.onValueBeingEdited = nil
+ cell.onValueChanged = { [weak peerData] value in
+ peerData?[field] = value
+ }
}
+
return cell
}
cell.isOn = activateOnDemandSetting.isActivateOnDemandEnabled
cell.onSwitchToggled = { [weak self] isOn in
guard let self = self else { return }
- let indexPaths: [IndexPath] = (1 ..< 4).map { IndexPath(row: $0, section: indexPath.section) }
+ let indexPaths = (1 ..< 4).map { IndexPath(row: $0, section: indexPath.section) }
if isOn {
self.activateOnDemandSetting.isActivateOnDemandEnabled = true
if self.activateOnDemandSetting.activateOnDemandOption == .none {
var isStackedHorizontally: Bool = false
var isStackedVertically: Bool = false
- var contentSizeBasedConstraints: [NSLayoutConstraint] = []
+ var contentSizeBasedConstraints = [NSLayoutConstraint]()
private var textFieldValueOnBeginEditing: String = ""
}
func configureForContentSize() {
- var constraints: [NSLayoutConstraint] = []
+ var constraints = [NSLayoutConstraint]()
if self.traitCollection.preferredContentSizeCategory.isAccessibilityCategory {
// Stack vertically
if !isStackedVertically {
ErrorPresenter.showErrorAlert(error: error, from: self)
return
}
- let configs: [TunnelConfiguration?] = result.value!
+ let configs = result.value!
tunnelsManager.addMultiple(tunnelConfigurations: configs.compactMap { $0 }) { [weak self] numberSuccessful in
if numberSuccessful == configs.count {
completionHandler?()
case tunnelActivationFailedInternalError // startTunnel() succeeded, but activation failed
case tunnelActivationFailedNoInternetConnection // startTunnel() succeeded, but activation failed since no internet
- func alertText() -> (String, String)? {
+ //swiftlint:disable:next cyclomatic_complexity
+ func alertText() -> AlertText {
switch self {
case .tunnelNameEmpty:
return ("No name provided", "Can't create tunnel with an empty name")
return ("Unable to modify tunnel", "Internal error")
case .vpnSystemErrorOnRemoveTunnel:
return ("Unable to remove tunnel", "Internal error")
-
case .attemptingActivationWhenTunnelIsNotInactive:
return ("Activation failure", "The tunnel is already active or in the process of being activated")
case .attemptingActivationWhenAnotherTunnelIsOperational(let otherTunnelName):
}
private func startObservingTunnelStatuses() {
- if statusObservationToken != nil { return }
- statusObservationToken = NotificationCenter.default.addObserver(
- forName: .NEVPNStatusDidChange,
- object: nil,
- queue: OperationQueue.main) { [weak self] statusChangeNotification in
- guard let self = self else { return }
- guard let session = statusChangeNotification.object as? NETunnelProviderSession else { return }
- guard let tunnelProvider = session.manager as? NETunnelProviderManager else { return }
- guard let tunnel = self.tunnels.first(where: { $0.tunnelProvider == tunnelProvider }) else { return }
-
- os_log("Tunnel '%{public}@' connection status changed to '%{public}@'",
- log: OSLog.default, type: .debug, tunnel.name, "\(tunnel.tunnelProvider.connection.status)")
-
- // In case our attempt to start the tunnel, didn't succeed
- if tunnel == self.tunnelBeingActivated {
- if session.status == .disconnected {
- if InternetReachability.currentStatus() == .notReachable {
- let error = TunnelsManagerError.tunnelActivationFailedNoInternetConnection
- self.activationDelegate?.tunnelActivationFailed(tunnel: tunnel, error: error)
- }
- self.tunnelBeingActivated = nil
- } else if session.status == .connected {
- self.tunnelBeingActivated = nil
+ guard statusObservationToken == nil else { return }
+
+ statusObservationToken = NotificationCenter.default.addObserver(forName: .NEVPNStatusDidChange, object: nil, queue: OperationQueue.main) { [weak self] statusChangeNotification in
+ guard let self = self else { return }
+ guard let session = statusChangeNotification.object as? NETunnelProviderSession else { return }
+ guard let tunnelProvider = session.manager as? NETunnelProviderManager else { return }
+ guard let tunnel = self.tunnels.first(where: { $0.tunnelProvider == tunnelProvider }) else { return }
+
+ os_log("Tunnel '%{public}@' connection status changed to '%{public}@'",
+ log: OSLog.default, type: .debug, tunnel.name, "\(tunnel.tunnelProvider.connection.status)")
+
+ // In case our attempt to start the tunnel, didn't succeed
+ if tunnel == self.tunnelBeingActivated {
+ if session.status == .disconnected {
+ if InternetReachability.currentStatus() == .notReachable {
+ let error = TunnelsManagerError.tunnelActivationFailedNoInternetConnection
+ self.activationDelegate?.tunnelActivationFailed(tunnel: tunnel, error: error)
}
+ self.tunnelBeingActivated = nil
+ } else if session.status == .connected {
+ self.tunnelBeingActivated = nil
}
-
- // In case we're restarting the tunnel
- if (tunnel.status == .restarting) && (session.status == .disconnected || session.status == .disconnecting) {
- // Don't change tunnel.status when disconnecting for a restart
- if session.status == .disconnected {
- self.tunnelBeingActivated = tunnel
- tunnel.startActivation { _ in }
- }
- return
+ }
+
+ // In case we're restarting the tunnel
+ if (tunnel.status == .restarting) && (session.status == .disconnected || session.status == .disconnecting) {
+ // Don't change tunnel.status when disconnecting for a restart
+ if session.status == .disconnected {
+ self.tunnelBeingActivated = tunnel
+ tunnel.startActivation { _ in }
}
-
- // Update tunnel status
- tunnel.refreshStatus()
+ return
+ }
+
+ tunnel.refreshStatus()
}
}
// Copyright © 2018 WireGuard LLC. All Rights Reserved.
protocol WireGuardAppError: Error {
- func alertText() -> (/* title */ String, /* message */ String)?
+ typealias AlertText = (title: String, message: String)
+ func alertText() -> AlertText
}
case cantOpenOutputZipFileForWriting
case badArchive
- func alertText() -> (String, String)? {
+ func alertText() -> AlertText {
switch self {
case .cantOpenInputZipFile:
return ("Unable to read zip archive", "The zip archive could not be read.")
static func unarchive(url: URL, requiredFileExtensions: [String]) throws -> [(fileBaseName: String, contents: Data)] {
- var results: [(fileBaseName: String, contents: Data)] = []
+ var results = [(fileBaseName: String, contents: Data)]()
guard let zipFile = unzOpen64(url.path) else {
throw ZipArchiveError.cantOpenInputZipFile
enum ZipExporterError: WireGuardAppError {
case noTunnelsToExport
- func alertText() -> (String, String)? {
+ func alertText() -> AlertText {
switch self {
case .noTunnelsToExport:
return ("Nothing to export", "There are no tunnels to export")
}
class ZipExporter {
- static func exportConfigFiles(tunnelConfigurations: [TunnelConfiguration], to url: URL,
- completion: @escaping (WireGuardAppError?) -> Void) {
+ static func exportConfigFiles(tunnelConfigurations: [TunnelConfiguration], to url: URL, completion: @escaping (WireGuardAppError?) -> Void) {
guard !tunnelConfigurations.isEmpty else {
completion(ZipExporterError.noTunnelsToExport)
enum ZipImporterError: WireGuardAppError {
case noTunnelsInZipArchive
- func alertText() -> (String, String)? {
+ func alertText() -> AlertText {
switch self {
case .noTunnelsInZipArchive:
return ("No tunnels in zip archive", "No .conf tunnel files were found inside the zip archive.")
dispatchGroup.wait() // TODO: Timeout?
- var hostnamesWithDnsResolutionFailure: [String] = []
+ var hostnamesWithDnsResolutionFailure = [String]()
assert(endpoints.count == resolvedEndpoints.count)
for tuple in zip(endpoints, resolvedEndpoints) {
let endpoint = tuple.0
}
/// Begin the process of establishing the tunnel.
- override func startTunnel(options: [String: NSObject]?,
- completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) {
+ override func startTunnel(options: [String: NSObject]?, completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) {
guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
let tunnelConfiguration = tunnelProviderProtocol.tunnelConfiguration() else {
// Resolve endpoint domains
let endpoints = tunnelConfiguration.peers.map { $0.endpoint }
- var resolvedEndpoints: [Endpoint?] = []
+ var resolvedEndpoints = [Endpoint?]()
do {
resolvedEndpoints = try DNSResolver.resolveSync(endpoints: endpoints)
} catch DNSResolverError.dnsResolutionFailed(let hostnames) {
}
func generateNetworkSettings() -> NEPacketTunnelNetworkSettings {
-
- // Remote address
-
/* iOS requires a tunnel endpoint, whereas in WireGuard it's valid for
* a tunnel to have no endpoint, or for there to be many endpoints, in
* which case, displaying a single one in settings doesn't really
* make sense. So, we fill it in with this placeholder, which is not
* a valid IP address that will actually route over the Internet.
*/
- var remoteAddress: String = "0.0.0.0"
+ var remoteAddress = "0.0.0.0"
let endpointsCompact = resolvedEndpoints.compactMap { $0 }
if endpointsCompact.count == 1 {
switch endpointsCompact.first!.host {
}
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
-
- // DNS
-
+
let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation() }
let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
dnsSettings.matchDomains = [""] // All DNS queries must first go through the VPN's DNS
networkSettings.dnsSettings = dnsSettings
-
- // MTU
-
+
let mtu = tunnelConfiguration.interface.mtu ?? 0
if mtu == 0 {
// 0 imples automatic MTU, where we set overhead as 80 bytes, which is the worst case for WireGuard
} else {
networkSettings.mtu = NSNumber(value: mtu)
}
+
+ let (ipv4Routes, ipv6Routes) = routes()
+ let (ipv4IncludedRoutes, ipv6IncludedRoutes) = includedRoutes()
+ let (ipv4ExcludedRoutes, ipv6ExcludedRoutes) = excludedRoutes()
+
+ let ipv4Settings = NEIPv4Settings(addresses: ipv4Routes.map { $0.destinationAddress }, subnetMasks: ipv4Routes.map { $0.destinationSubnetMask })
+ ipv4Settings.includedRoutes = ipv4IncludedRoutes
+ ipv4Settings.excludedRoutes = ipv4ExcludedRoutes
+ networkSettings.ipv4Settings = ipv4Settings
+
+ let ipv6Settings = NEIPv6Settings(addresses: ipv6Routes.map { $0.destinationAddress }, networkPrefixLengths: ipv6Routes.map { $0.destinationNetworkPrefixLength })
+ ipv6Settings.includedRoutes = ipv6IncludedRoutes
+ ipv6Settings.excludedRoutes = ipv6ExcludedRoutes
+ networkSettings.ipv6Settings = ipv6Settings
- // Addresses from interface addresses
-
- var ipv4Addresses: [String] = []
- var ipv4SubnetMasks: [String] = []
-
- var ipv6Addresses: [String] = []
- var ipv6NetworkPrefixLengths: [NSNumber] = []
+ return networkSettings
+ }
+ private func ipv4SubnetMaskString(of addressRange: IPAddressRange) -> String {
+ let length: UInt8 = addressRange.networkPrefixLength
+ assert(length <= 32)
+ var octets: [UInt8] = [0, 0, 0, 0]
+ let subnetMask: UInt32 = length > 0 ? ~UInt32(0) << (32 - length) : UInt32(0)
+ octets[0] = UInt8(truncatingIfNeeded: subnetMask >> 24)
+ octets[1] = UInt8(truncatingIfNeeded: subnetMask >> 16)
+ octets[2] = UInt8(truncatingIfNeeded: subnetMask >> 8)
+ octets[3] = UInt8(truncatingIfNeeded: subnetMask)
+ return octets.map { String($0) }.joined(separator: ".")
+ }
+
+ private func routes() -> ([NEIPv4Route], [NEIPv6Route]) {
+ var ipv4Routes = [NEIPv4Route]()
+ var ipv6Routes = [NEIPv6Route]()
for addressRange in tunnelConfiguration.interface.addresses {
if addressRange.address is IPv4Address {
- ipv4Addresses.append("\(addressRange.address)")
- ipv4SubnetMasks.append(PacketTunnelSettingsGenerator.ipv4SubnetMaskString(of: addressRange))
+ ipv4Routes.append(NEIPv4Route(destinationAddress: "\(addressRange.address)", subnetMask: ipv4SubnetMaskString(of: addressRange)))
} else if addressRange.address is IPv6Address {
- ipv6Addresses.append("\(addressRange.address)")
- ipv6NetworkPrefixLengths.append(NSNumber(value: addressRange.networkPrefixLength))
+ /* Big fat ugly hack for broken iOS networking stack: the smallest prefix that will have
+ * any effect on iOS is a /120, so we clamp everything above to /120. This is potentially
+ * very bad, if various network parameters were actually relying on that subnet being
+ * intentionally small. TODO: talk about this with upstream iOS devs.
+ */
+ ipv6Routes.append(NEIPv6Route(destinationAddress: "\(addressRange.address)", networkPrefixLength: NSNumber(value: min(120, addressRange.networkPrefixLength))))
}
}
-
- // Included routes from AllowedIPs
-
- var ipv4IncludedRouteAddresses: [String] = []
- var ipv4IncludedRouteSubnetMasks: [String] = []
-
- var ipv6IncludedRouteAddresses: [String] = []
- var ipv6IncludedRouteNetworkPrefixLengths: [NSNumber] = []
-
+ return (ipv4Routes, ipv6Routes)
+ }
+
+ private func includedRoutes() -> ([NEIPv4Route], [NEIPv6Route]) {
+ var ipv4IncludedRoutes = [NEIPv4Route]()
+ var ipv6IncludedRoutes = [NEIPv6Route]()
for peer in tunnelConfiguration.peers {
for addressRange in peer.allowedIPs {
if addressRange.address is IPv4Address {
- ipv4IncludedRouteAddresses.append("\(addressRange.address)")
- ipv4IncludedRouteSubnetMasks.append(PacketTunnelSettingsGenerator.ipv4SubnetMaskString(of: addressRange))
+ ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(addressRange.address)", subnetMask: ipv4SubnetMaskString(of: addressRange)))
} else if addressRange.address is IPv6Address {
- ipv6IncludedRouteAddresses.append("\(addressRange.address)")
- ipv6IncludedRouteNetworkPrefixLengths.append(NSNumber(value: addressRange.networkPrefixLength))
+ ipv6IncludedRoutes.append(NEIPv6Route(destinationAddress: "\(addressRange.address)", networkPrefixLength: NSNumber(value: addressRange.networkPrefixLength)))
}
}
}
-
- // Excluded routes from endpoints
-
- var ipv4ExcludedRouteAddresses: [String] = []
- var ipv4ExcludedRouteSubnetMasks: [String] = []
-
- var ipv6ExcludedRouteAddresses: [String] = []
- var ipv6ExcludedRouteNetworkPrefixLengths: [NSNumber] = []
-
+ return (ipv4IncludedRoutes, ipv6IncludedRoutes)
+ }
+
+ private func excludedRoutes() -> ([NEIPv4Route], [NEIPv6Route]) {
+ var ipv4ExcludedRoutes = [NEIPv4Route]()
+ var ipv6ExcludedRoutes = [NEIPv6Route]()
for endpoint in resolvedEndpoints {
guard let endpoint = endpoint else { continue }
switch endpoint.host {
case .ipv4(let address):
- ipv4ExcludedRouteAddresses.append("\(address)")
- ipv4ExcludedRouteSubnetMasks.append("255.255.255.255") // A single IPv4 address
+ ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(address)", subnetMask: "255.255.255.255"))
case .ipv6(let address):
- ipv6ExcludedRouteAddresses.append("\(address)")
- ipv6ExcludedRouteNetworkPrefixLengths.append(NSNumber(value: UInt8(128))) // A single IPv6 address
+ ipv6ExcludedRoutes.append(NEIPv6Route(destinationAddress: "\(address)", networkPrefixLength: NSNumber(value: UInt8(128))))
default:
fatalError()
}
}
-
- // Apply IPv4 settings
-
- let ipv4Settings = NEIPv4Settings(addresses: ipv4Addresses, subnetMasks: ipv4SubnetMasks)
- assert(ipv4IncludedRouteAddresses.count == ipv4IncludedRouteSubnetMasks.count)
- ipv4Settings.includedRoutes = zip(ipv4IncludedRouteAddresses, ipv4IncludedRouteSubnetMasks).map {
- NEIPv4Route(destinationAddress: $0.0, subnetMask: $0.1)
- }
- assert(ipv4ExcludedRouteAddresses.count == ipv4ExcludedRouteSubnetMasks.count)
- ipv4Settings.excludedRoutes = zip(ipv4ExcludedRouteAddresses, ipv4ExcludedRouteSubnetMasks).map {
- NEIPv4Route(destinationAddress: $0.0, subnetMask: $0.1)
- }
- networkSettings.ipv4Settings = ipv4Settings
-
- // Apply IPv6 settings
-
- /* Big fat ugly hack for broken iOS networking stack: the smallest prefix that will have
- * any effect on iOS is a /120, so we clamp everything above to /120. This is potentially
- * very bad, if various network parameters were actually relying on that subnet being
- * intentionally small. TODO: talk about this with upstream iOS devs.
- */
- let ipv6Settings = NEIPv6Settings(addresses: ipv6Addresses, networkPrefixLengths: ipv6NetworkPrefixLengths.map { NSNumber(value: min(120, $0.intValue)) })
- assert(ipv6IncludedRouteAddresses.count == ipv6IncludedRouteNetworkPrefixLengths.count)
- ipv6Settings.includedRoutes = zip(ipv6IncludedRouteAddresses, ipv6IncludedRouteNetworkPrefixLengths).map {
- NEIPv6Route(destinationAddress: $0.0, networkPrefixLength: $0.1)
- }
- assert(ipv6ExcludedRouteAddresses.count == ipv6ExcludedRouteNetworkPrefixLengths.count)
- ipv6Settings.excludedRoutes = zip(ipv6ExcludedRouteAddresses, ipv6ExcludedRouteNetworkPrefixLengths).map {
- NEIPv6Route(destinationAddress: $0.0, networkPrefixLength: $0.1)
- }
- networkSettings.ipv6Settings = ipv6Settings
-
- // Done
-
- return networkSettings
- }
-
- static func ipv4SubnetMaskString(of addressRange: IPAddressRange) -> String {
- let length: UInt8 = addressRange.networkPrefixLength
- assert(length <= 32)
- var octets: [UInt8] = [0, 0, 0, 0]
- let subnetMask: UInt32 = length > 0 ? ~UInt32(0) << (32 - length) : UInt32(0)
- octets[0] = UInt8(truncatingIfNeeded: subnetMask >> 24)
- octets[1] = UInt8(truncatingIfNeeded: subnetMask >> 16)
- octets[2] = UInt8(truncatingIfNeeded: subnetMask >> 8)
- octets[3] = UInt8(truncatingIfNeeded: subnetMask)
- return octets.map { String($0) }.joined(separator: ".")
+ return (ipv4ExcludedRoutes, ipv6ExcludedRoutes)
}
+
}
private extension Data {
projects / thirdparty / wireguard-apple.git / commitdiff
