Kit: PacketTunnelSettingsGenerator: do not require DNS queries if no DNS

Prior, we would set matchDomains=[""] even if the user didn't provide
any DNS servers. This was kind of incoherent, but I guess we had in mind
some kind of non-sensical leakproof scheme that never really worked
anyway. NetworkExtension didn't like this, so setTunnelNetworkSettings
would, rather than return an error, simply timeout and never call its
callback function. But everything worked fine, so we had code in the UI
to check to make sure everything was okay after 5 seconds or so of no
callback. Recent changes made the timeout fatal on the network extension
side, so rather than succeed, configs with no DNS server started
erroring out, causing user reports.

This commit attempts to handle the root cause of the timeout issue by
not twiddling with DNS settings if no DNS server was specified. For now,
however, it leaves the hard-timeout semantics in place.

Reported-by: Filipe Mendonça <cfilipem@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
index 034ecaf66777cfe6b99f8e269792c4d6e2f2678c..2d8cda1a0483c1c7b693d5711d5cdb52dc994905 100644 (file)
--- a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
+++ b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -83,11 +83,15 @@ class PacketTunnelSettingsGenerator {
          */
         let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1")
 
-        let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation }
-        let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
-        dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
-        dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
-        networkSettings.dnsSettings = dnsSettings
+        if !tunnelConfiguration.interface.dnsSearch.isEmpty || !tunnelConfiguration.interface.dns.isEmpty {
+            let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation }
+            let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
+            dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
+            if !tunnelConfiguration.interface.dns.isEmpty {
+                dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
+            }
+            networkSettings.dnsSettings = dnsSettings
+        }
 
         let mtu = tunnelConfiguration.interface.mtu ?? 0