import Foundation instead of UIKit wherever possible

Signed-off-by: Roopesh Chander <roop@roopc.net>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

PacketTunnelSettingsGenerator: use 127.0.0.1 as dummy address

It turns out that using 0.0.0.0 somehow conflicts with DNS lookups when
CLAT is in use.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Avoid dynamic MTU calculations for now

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Update copyright

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Rework DNS and routes in network extension

The DNS resolver prior had useless comments, awful nesting, converted
bytes into strings and back into bytes, and generally made no sense.
That's been rewritten now.

But more fundumentally, this commit made the DNS resolver actually
accomplish its objective, by passing AI_ALL to it. It turns out, though,
that the Go library isn't actually using GAI in the way we need for
parsing IP addresses, so we actually need to do another round, this time
with hints flag as zero, so that we get the DNS64 address.

Additionally, since we're now binding sockets to interfaces, we can
entirely remove the excludedRoutes logic.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

A Christmas Special, for TestFlight, and possibly for release if things
go well there.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

NetworkExtension: rescope socket instead of tearing down socket

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

minizip: Remove zip encryption code

We can now remove -DNOCRYPT cflag while compiling

Signed-off-by: Roopesh Chander <roop@roopc.net>

Tunnel edit: Fix crash

This fixes a crash that happens when you:

1. Scroll to the end of the Edit screen
2. Delete a peer
3. Toggle the Activate On Demand switch

Signed-off-by: Roopesh Chander <roop@roopc.net>

SwitchCell nits

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Fix typo for simulator builds

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Remove more comments

Signed-off-by: Roopesh Chander <roop@roopc.net>

Rely on availability of fd only after setting network settings

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Bump to latest wireguard-go release

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Retain aggressive socket reestablishment for now

This can be reverted once we've done more testing.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Don't set username on NETunnelProviderProtocol

The username corresponds to the Account field in iOS system VPN UI,
but if we don't set it, the field is not shown, so setting it isn't
really required.

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelErrors: Add alert text for PacketTunnelProviderError

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelStatus: Absorb NEVPNStatus+CustomStringConvertible

Signed-off-by: Roopesh Chander <roop@roopc.net>

Also refresh status

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Reassign tunnelProvider if it changes from outside the app

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

All models now Equatable

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Clean up trailing whitespace

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Do not crash if we can't get socket.fileDescriptor

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Removing a tunnel from iOS's settings is now immediately reflected in app

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Localize remaining strings in network extension

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

RTL support

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Strongly recommended now appears as placeholder for DNS when needed

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Combine double log invocations

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Bump go bridge

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Attempt to strongly recommend things

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Move model helpers to model directory

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fixes mock tunnels

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Do not set copyable back to true on reuse

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Move name from interface to tunnel

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fix paren typo

"I am very anti-paren." --Eric

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Nuke trailing spaces

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

providerConfiguration is now a WgQuickConfig

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Do not require NetworkExtension to know its own name

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

All migration stuff moved to one gross file

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Simplify versioning of stored data

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Get rid of superflous isActivateOnDemandEnabled key

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Updated NETunnelProvider save format

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

NE: simplify logic

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

NE: Simplify DNS resolution

Signed-off-by: Roopesh Chander <roop@roopc.net>

Localize all the things

Signed-off-by: Roopesh Chander <roop@roopc.net>

Tunnel detail: iPad: Handle deletion of tunnel correctly

Signed-off-by: Roopesh Chander <roop@roopc.net>

NE: Update listen port only when first interface changes

When handling network path changes, change the listen port
only when the first interface has changed.

Signed-off-by: Roopesh Chander <roop@roopc.net>

NE: Change handling of bad domain names and Activate On Demand

The solution implemented in commit b8c331c causes the tunnel to
remain in 'Activating' state, without the ability to cancel that.

So, in this commit, instead of retrying DNS silently on
Activated-On-Demand tunnels, we fail the startTunnel() silently.

To summarize, if activate-on-demand is on:
- If started from the WireGuard app, show error using lastErrorFile
mechanism, suggesting a way to turn off Activate On Demand
- If not started from WireGuard app, don't call displayMessage()
(don't show error to user) and silently fail starting the tunnel

Signed-off-by: Roopesh Chander <roop@roopc.net>

Added missing param in MockTunnels

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

wireguard-go-bridge: SDK_DIR is not defined for simulator

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Enabled more swiftlint rules

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Added a String->[String] helper

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

TunnelErrors: Remove unused error

Signed-off-by: Roopesh Chander <roop@roopc.net>

Tunnel edit: init() need not take a tunnelConfiguration argument

Signed-off-by: Roopesh Chander <roop@roopc.net>

NE: Log whether tunnel was activated from the app or not

Signed-off-by: Roopesh Chander <roop@roopc.net>

Remove non-helpful comments

Signed-off-by: Roopesh Chander <roop@roopc.net>

Tunnel edit: Fix comment

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: If only Activate On Demand has changed, don't restart tunnel

Signed-off-by: Roopesh Chander <roop@roopc.net>

NE: Handle bad domain names and Activate On Demand

This combination causes iOS to keep trying to bring up the tunnel,
leading to a lot of displayMessage() alerts.

In this fix, if we get a DNS resolution error in an Activate On Demand
enabled tunnel, we silently retry 9 times (with a 4-second delay before
each retry) and then show the displayMessage() alert.

Signed-off-by: Roopesh Chander <roop@roopc.net>

NE: No need for two startTunnel() methods

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Handle waiting on a stale tunnel

If we have a stale tunnel on which we don't get status updates we rely
on a timer to update the status (see commit 34a7e5b).  Previously, if
the user tries to activate another tunnel, that resulted in both tunnels
waiting indefinitely. This commit fixes that.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Remove buttons and text from LaunchScreen.storyboard

With state restoration, we're not guaranteed that the
list view will get shown immediately after the launch screen.
So, generalize the launch screen as much as possible.

Signed-off-by: Roopesh Chander <roop@roopc.net>

s/Observervation/Observation/g;

Signed-off-by: Roopesh Chander <roop@roopc.net>

Tunnel detail: Update restorationIdentifier when tunnel name changes

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Add periods to end the system error messages

Because they can be part of a multi-sentence message when displayed
in the alert.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Error handling: Add info on the underlying system error to error alerts

Signed-off-by: Roopesh Chander <roop@roopc.net>

Version bump

This is our first release to the real app store.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Got TunnelsManager back under the max file length by splitting out NEVPNStatus+CustomStringConvertible

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Potential fix for insertRowAtIndexPath crash

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

More proper way to get sdk root directory

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Further generalize makefile

This should allow us to eventually build on macOS

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Bump the go runtime

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Improve mock tunnels generation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Provide mock tunnels for the Simulator

To help in generation of screenshots for the App Store

Signed-off-by: Roopesh Chander <roop@roopc.net>

Nuke duplicate file

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Bump the go runtime

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fixed editable KeyValueCells being copyable
Fixed DNS servers not saving

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Fix confusing indentation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

KeyValueCells now share code

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Reorganized project structure

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Most similar views now shared between ViewControllers

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Prettier log time format

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Simplify logging tags

This was roop's initial idea, and it turns out to be the better one, now
that we can pass cstrings more easily.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fix tunnel remaining in 'Activating' state

It uses to remain in 'Activating' state when we don't get a status
update notification, for example, when turning on the tunnel repeatedly
without Internet connectivity.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Fix status switch weird state after an error occurs

Signed-off-by: Roopesh Chander <roop@roopc.net>

Deduplicate functions

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Simplify filemanager extension

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Can't -> cannot

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

NE: Communicate last error to app through a shared file

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: startActivation() need not take a tunnelConfiguration

Signed-off-by: Roopesh Chander <roop@roopc.net>

Localize swiftlint

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Reorganized ViewControllers (split out UIViews and UITableViewCells into their own classes)
All swiftlint warnings except one fixed up

Signed-off-by: Eric Kuck <eric@bluelinelabs.com>

Avoid escaping heap allocation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Tidy up str to gostr conversion

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: Remove mentions of 'internal error'

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Ask to check Internet connectivity in error alert

Signed-off-by: Roopesh Chander <roop@roopc.net>

Remove unused code: InternetReachability

Signed-off-by: Roopesh Chander <roop@roopc.net>