WireGuard rework for MacOS and Windows (#314)

WireGuard rework for MacOS and Windows
2023-09-14 19:44:17 +03:00 · 2023-09-14 19:44:17 +03:00 · 07c38e9b6c
commit 07c38e9b6c
parent 421a27ceae
60 changed files with 4779 additions and 434 deletions
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@ -97,7 +97,6 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  // Send a UAPI command to configure the interface
  QString message("set=1\n");
  QByteArray privateKey = QByteArray::fromBase64(config.m_privateKey.toUtf8());
-
  QTextStream out(&message);
  out << "private_key=" << QString(privateKey.toHex()) << "\n";
  out << "replace_peers=true\n";
@ -133,9 +132,14 @@ bool WireguardUtilsMacos::deleteInterface() {

 // dummy implementations for now
 bool WireguardUtilsMacos::updatePeer(const InterfaceConfig& config) {
-  QByteArray publicKey = QByteArray::fromBase64(qPrintable(config.m_serverPublicKey));
+  QByteArray publicKey =
+      QByteArray::fromBase64(qPrintable(config.m_serverPublicKey));
+
  QByteArray pskKey = QByteArray::fromBase64(qPrintable(config.m_serverPskKey));

+  logger.debug() << "Configuring peer" << config.m_serverPublicKey
+                 << "via" << config.m_serverIpv4AddrIn;
+
  // Update/create the peer config
  QString message;
  QTextStream out(&message);
@ -150,6 +154,7 @@ bool WireguardUtilsMacos::updatePeer(const InterfaceConfig& config) {
    logger.warning() << "Failed to create peer with no endpoints";
    return false;
  }
+
  out << config.m_serverPort << "\n";

  out << "replace_allowed_ips=true\n";
@ -158,7 +163,13 @@ bool WireguardUtilsMacos::updatePeer(const InterfaceConfig& config) {
    out << "allowed_ip=" << ip.toString() << "\n";
  }

-  logger.debug() << message;
+  // Exclude the server address, except for multihop exit servers.
+  if ((config.m_hopType != InterfaceConfig::MultiHopExit) &&
+      (m_rtmonitor != nullptr)) {
+    m_rtmonitor->addExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
+    m_rtmonitor->addExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
+  }
+
  int err = uapiErrno(uapiCommand(message));
  if (err != 0) {
    logger.error() << "Peer configuration failed:" << strerror(err);
@ -170,6 +181,13 @@ bool WireguardUtilsMacos::deletePeer(const InterfaceConfig& config) {
  QByteArray publicKey =
      QByteArray::fromBase64(qPrintable(config.m_serverPublicKey));

+  // Clear exclustion routes for this peer.
+  if ((config.m_hopType != InterfaceConfig::MultiHopExit) &&
+      (m_rtmonitor != nullptr)) {
+    m_rtmonitor->deleteExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
+    m_rtmonitor->deleteExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
+  }
+
  QString message;
  QTextStream out(&message);
  out << "set=1\n";
@ -223,9 +241,7 @@ QList<WireguardUtils::PeerStatus> WireguardUtilsMacos::getPeerStatus() {
  return peerList;
 }

-bool WireguardUtilsMacos::updateRoutePrefix(const IPAddress& prefix,
-                                            int hopindex) {
-  Q_UNUSED(hopindex);
+bool WireguardUtilsMacos::updateRoutePrefix(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
  }
@ -246,9 +262,7 @@ bool WireguardUtilsMacos::updateRoutePrefix(const IPAddress& prefix,
  return false;
 }

-bool WireguardUtilsMacos::deleteRoutePrefix(const IPAddress& prefix,
-                                            int hopindex) {
-  Q_UNUSED(hopindex);
+bool WireguardUtilsMacos::deleteRoutePrefix(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
  }
@ -268,18 +282,18 @@ bool WireguardUtilsMacos::deleteRoutePrefix(const IPAddress& prefix,
  }
 }

-bool WireguardUtilsMacos::addExclusionRoute(const QHostAddress& address) {
+bool WireguardUtilsMacos::addExclusionRoute(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
  }
-  return m_rtmonitor->addExclusionRoute(address);
+  return m_rtmonitor->addExclusionRoute(prefix);
 }

-bool WireguardUtilsMacos::deleteExclusionRoute(const QHostAddress& address) {
+bool WireguardUtilsMacos::deleteExclusionRoute(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
  }
-  return m_rtmonitor->deleteExclusionRoute(address);
+  return m_rtmonitor->deleteExclusionRoute(prefix);
 }

 QString WireguardUtilsMacos::uapiCommand(const QString& command) {