iOS Wireguard

2021-10-23 04:26:47 -07:00 · 2021-10-23 04:26:47 -07:00 · 7701efc704
commit 7701efc704
parent 421f665e85
117 changed files with 6577 additions and 0 deletions
--- a/client/macos/gobridge/.gitignore
+++ b/client/macos/gobridge/.gitignore
@ -0,0 +1,3 @@
+.cache/
+.tmp/
+out/
--- a/client/macos/gobridge/api.go
+++ b/client/macos/gobridge/api.go
@ -0,0 +1,225 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2018-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+package main
+
+// #include <stdlib.h>
+// #include <sys/types.h>
+// static void callLogger(void *func, void *ctx, int level, const char *msg)
+// {
+// 	((void(*)(void *, int, const char *))func)(ctx, level, msg);
+// }
+import "C"
+
+import (
+	"fmt"
+	"math"
+	"os"
+	"os/signal"
+	"runtime"
+	"runtime/debug"
+	"strings"
+	"time"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+	"golang.zx2c4.com/wireguard/conn"
+	"golang.zx2c4.com/wireguard/device"
+	"golang.zx2c4.com/wireguard/tun"
+)
+
+var loggerFunc unsafe.Pointer
+var loggerCtx unsafe.Pointer
+
+type CLogger int
+
+func cstring(s string) *C.char {
+	b, err := unix.BytePtrFromString(s)
+	if err != nil {
+		b := [1]C.char{}
+		return &b[0]
+	}
+	return (*C.char)(unsafe.Pointer(b))
+}
+
+func (l CLogger) Printf(format string, args ...interface{}) {
+	if uintptr(loggerFunc) == 0 {
+		return
+	}
+	C.callLogger(loggerFunc, loggerCtx, C.int(l), cstring(fmt.Sprintf(format, args...)))
+}
+
+type tunnelHandle struct {
+	*device.Device
+	*device.Logger
+}
+
+var tunnelHandles = make(map[int32]tunnelHandle)
+
+func init() {
+	signals := make(chan os.Signal)
+	signal.Notify(signals, unix.SIGUSR2)
+	go func() {
+		buf := make([]byte, os.Getpagesize())
+		for {
+			select {
+			case <-signals:
+				n := runtime.Stack(buf, true)
+				buf[n] = 0
+				if uintptr(loggerFunc) != 0 {
+					C.callLogger(loggerFunc, loggerCtx, 0, (*C.char)(unsafe.Pointer(&buf[0])))
+				}
+			}
+		}
+	}()
+}
+
+//export wgSetLogger
+func wgSetLogger(context, loggerFn uintptr) {
+	loggerCtx = unsafe.Pointer(context)
+	loggerFunc = unsafe.Pointer(loggerFn)
+}
+
+//export wgTurnOn
+func wgTurnOn(settings *C.char, tunFd int32) int32 {
+	logger := &device.Logger{
+		Verbosef: CLogger(0).Printf,
+		Errorf:   CLogger(1).Printf,
+	}
+	dupTunFd, err := unix.Dup(int(tunFd))
+	if err != nil {
+		logger.Errorf("Unable to dup tun fd: %v", err)
+		return -1
+	}
+
+	err = unix.SetNonblock(dupTunFd, true)
+	if err != nil {
+		logger.Errorf("Unable to set tun fd as non blocking: %v", err)
+		unix.Close(dupTunFd)
+		return -1
+	}
+	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
+	if err != nil {
+		logger.Errorf("Unable to create new tun device from fd: %v", err)
+		unix.Close(dupTunFd)
+		return -1
+	}
+	logger.Verbosef("Attaching to interface")
+	dev := device.NewDevice(tun, conn.NewStdNetBind(), logger)
+
+	err = dev.IpcSet(C.GoString(settings))
+	if err != nil {
+		logger.Errorf("Unable to set IPC settings: %v", err)
+		unix.Close(dupTunFd)
+					dev.Close()
+		return -1
+	}
+
+	dev.Up()
+	logger.Verbosef("Device started")
+
+	var i int32
+	for i = 0; i < math.MaxInt32; i++ {
+		if _, exists := tunnelHandles[i]; !exists {
+			break
+		}
+	}
+	if i == math.MaxInt32 {
+		unix.Close(dupTunFd)
+					dev.Close()
+		return -1
+	}
+	tunnelHandles[i] = tunnelHandle{dev, logger}
+	return i
+}
+
+//export wgTurnOff
+func wgTurnOff(tunnelHandle int32) {
+	dev, ok := tunnelHandles[tunnelHandle]
+	if !ok {
+		return
+	}
+	delete(tunnelHandles, tunnelHandle)
+	dev.Close()
+}
+
+//export wgSetConfig
+func wgSetConfig(tunnelHandle int32, settings *C.char) int64 {
+	dev, ok := tunnelHandles[tunnelHandle]
+	if !ok {
+		return 0
+	}
+	err := dev.IpcSet(C.GoString(settings))
+	if err != nil {
+		dev.Errorf("Unable to set IPC settings: %v", err)
+		if ipcErr, ok := err.(*device.IPCError); ok {
+			return ipcErr.ErrorCode()
+		}
+		return -1
+	}
+	return 0
+}
+
+//export wgGetConfig
+func wgGetConfig(tunnelHandle int32) *C.char {
+	device, ok := tunnelHandles[tunnelHandle]
+	if !ok {
+		return nil
+	}
+	settings, err := device.IpcGet()
+	if err != nil {
+		return nil
+	}
+	return C.CString(settings)
+}
+
+//export wgBumpSockets
+func wgBumpSockets(tunnelHandle int32) {
+	dev, ok := tunnelHandles[tunnelHandle]
+	if !ok {
+		return
+	}
+	go func() {
+		for i := 0; i < 10; i++ {
+			err := dev.BindUpdate()
+			if err == nil {
+				dev.SendKeepalivesToPeersWithCurrentKeypair()
+				return
+			}
+			dev.Errorf("Unable to update bind, try %d: %v", i+1, err)
+			time.Sleep(time.Second / 2)
+		}
+		dev.Errorf("Gave up trying to update bind; tunnel is likely dysfunctional")
+	}()
+}
+
+//export wgDisableSomeRoamingForBrokenMobileSemantics
+func wgDisableSomeRoamingForBrokenMobileSemantics(tunnelHandle int32) {
+	dev, ok := tunnelHandles[tunnelHandle]
+	if !ok {
+		return
+	}
+	dev.DisableSomeRoamingForBrokenMobileSemantics()
+}
+
+//export wgVersion
+func wgVersion() *C.char {
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		return C.CString("unknown")
+	}
+	for _, dep := range info.Deps {
+		if dep.Path == "golang.zx2c4.com/wireguard" {
+			parts := strings.Split(dep.Version, "-")
+			if len(parts) == 3 && len(parts[2]) == 12 {
+				return C.CString(parts[2][:7])
+			}
+			return C.CString(dep.Version)
+		}
+	}
+	return C.CString("unknown")
+}
+
+func main() {}
--- a/client/macos/gobridge/dummy.c
+++ b/client/macos/gobridge/dummy.c
@ -0,0 +1 @@
+// Empty
--- a/client/macos/gobridge/go.mod
+++ b/client/macos/gobridge/go.mod
@ -0,0 +1,8 @@
+module golang.zx2c4.com/wireguard/apple
+
+go 1.16
+
+require (
+	golang.org/x/sys v0.0.0-20210308170721-88b6017d0656
+	golang.zx2c4.com/wireguard v0.0.0-20210307162820-f4695db51c39
+)
--- a/client/macos/gobridge/go.sum
+++ b/client/macos/gobridge/go.sum
@ -0,0 +1,19 @@
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305215415-5cdee2b1b5a0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210308170721-88b6017d0656 h1:FuBaiPCiXkq4v+JY5JEGPU/HwEZwpVyDbu/KBz9fU+4=
+golang.org/x/sys v0.0.0-20210308170721-88b6017d0656/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.zx2c4.com/wireguard v0.0.0-20210307162820-f4695db51c39 h1:yv331J9aB1fuvxzneUKsRnWyhwK+aj495rADUXSP7Uk=
+golang.zx2c4.com/wireguard v0.0.0-20210307162820-f4695db51c39/go.mod h1:ojGPy+9W6ZSM8anL+xC67fvh8zPQJwA6KpFOHyDWLX4=
--- a/client/macos/gobridge/goruntime-boottime-over-monotonic.diff
+++ b/client/macos/gobridge/goruntime-boottime-over-monotonic.diff
@ -0,0 +1,61 @@
+From 516dc0c15ff1ab781e0677606b5be72919251b3e Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Wed, 9 Dec 2020 14:07:06 +0100
+Subject: [PATCH] runtime: use libc_mach_continuous_time in nanotime on Darwin
+
+This makes timers account for having expired while a computer was
+asleep, which is quite common on mobile devices. Note that
+continuous_time absolute_time, except that it takes into account
+time spent in suspend.
+
+Fixes #24595
+
+Change-Id: Ia3282e8bd86f95ad2b76427063e60a005563f4eb
+---
+ src/runtime/sys_darwin.go      | 2 +-
+ src/runtime/sys_darwin_amd64.s | 2 +-
+ src/runtime/sys_darwin_arm64.s | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/runtime/sys_darwin.go b/src/runtime/sys_darwin.go
+index 4a3f2fc453..4a69403b32 100644
+--- a/src/runtime/sys_darwin.go
+++ b/src/runtime/sys_darwin.go
+@@ -440,7 +440,7 @@ func setNonblock(fd int32) {
+ //go:cgo_import_dynamic libc_usleep usleep "/usr/lib/libSystem.B.dylib"
+ 
+ //go:cgo_import_dynamic libc_mach_timebase_info mach_timebase_info "/usr/lib/libSystem.B.dylib"
+-//go:cgo_import_dynamic libc_mach_absolute_time mach_absolute_time "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic libc_mach_continuous_time mach_continuous_time "/usr/lib/libSystem.B.dylib"
+ //go:cgo_import_dynamic libc_clock_gettime clock_gettime "/usr/lib/libSystem.B.dylib"
+ //go:cgo_import_dynamic libc_sigaction sigaction "/usr/lib/libSystem.B.dylib"
+ //go:cgo_import_dynamic libc_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib"
+diff --git a/src/runtime/sys_darwin_amd64.s b/src/runtime/sys_darwin_amd64.s
+index 630fb5df64..4499c88802 100644
+--- a/src/runtime/sys_darwin_amd64.s
+++ b/src/runtime/sys_darwin_amd64.s
+@@ -114,7 +114,7 @@ TEXT runtime·nanotime_trampoline(SB),NOSPLIT,$0
+ 	PUSHQ	BP
+ 	MOVQ	SP, BP
+ 	MOVQ	DI, BX
+-	CALL	libc_mach_absolute_time(SB)
+	CALL	libc_mach_continuous_time(SB)
+ 	MOVQ	AX, 0(BX)
+ 	MOVL	timebase<>+machTimebaseInfo_numer(SB), SI
+ 	MOVL	timebase<>+machTimebaseInfo_denom(SB), DI // atomic read
+diff --git a/src/runtime/sys_darwin_arm64.s b/src/runtime/sys_darwin_arm64.s
+index 96d2ed1076..f046545395 100644
+--- a/src/runtime/sys_darwin_arm64.s
+++ b/src/runtime/sys_darwin_arm64.s
+@@ -143,7 +143,7 @@ GLOBL timebase<>(SB),NOPTR,$(machTimebaseInfo__size)
+ 
+ TEXT runtime·nanotime_trampoline(SB),NOSPLIT,$40
+ 	MOVD	R0, R19
+-	BL	libc_mach_absolute_time(SB)
+	BL	libc_mach_continuous_time(SB)
+ 	MOVD	R0, 0(R19)
+ 	MOVW	timebase<>+machTimebaseInfo_numer(SB), R20
+ 	MOVD	$timebase<>+machTimebaseInfo_denom(SB), R21
+-- 
+2.30.1
+
--- a/client/macos/gobridge/module.modulemap
+++ b/client/macos/gobridge/module.modulemap
@ -0,0 +1,5 @@
+module WireGuardKitGo {
+    umbrella header "wireguard.h"
+    link "wg-go"
+    export *
+}
--- a/client/macos/gobridge/wireguard-go-version.h
+++ b/client/macos/gobridge/wireguard-go-version.h
@ -0,0 +1 @@
+#define WIREGUARD_GO_VERSION "0.0.0"
--- a/client/macos/gobridge/wireguard.h
+++ b/client/macos/gobridge/wireguard.h
@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2018-2020 WireGuard LLC. All Rights Reserved.
+ */
+
+#ifndef WIREGUARD_H
+#define WIREGUARD_H
+
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+typedef void (*logger_fn_t)(void* context, int level, const char* msg);
+extern void wgSetLogger(void* context, logger_fn_t logger_fn);
+extern int wgTurnOn(const char* settings, int32_t tun_fd);
+extern void wgTurnOff(int handle);
+extern int64_t wgSetConfig(int handle, const char* settings);
+extern char* wgGetConfig(int handle);
+extern void wgBumpSockets(int handle);
+extern void wgDisableSomeRoamingForBrokenMobileSemantics(int handle);
+extern const char* wgVersion();
+
+#endif