/
PacketTunnelProvider.swift
164 lines (143 loc) · 6.06 KB
/
PacketTunnelProvider.swift
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
//
// PacketTunnelProvider.swift
// LockdownTunnel
//
// Copyright © 2019 Confirmed Inc. All rights reserved.
//
import NetworkExtension
import NEKit
var latestBlockedDomains = getAllBlockedDomains()
class PacketTunnelProvider: NEPacketTunnelProvider {
let proxyServerPort: UInt16 = 9090
let proxyServerAddress = "127.0.0.1"
var proxyServer: GCDHTTPProxyServer!
// MARK: - OVERRIDES
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
if proxyServer != nil {
proxyServer.stop()
}
proxyServer = nil
PacketTunnelProviderLogs.log("startTunnel function called with protected file access")
self.connect(options: options, completionHandler: completionHandler)
}
private func connect(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: proxyServerAddress)
settings.mtu = NSNumber(value: 1500)
let proxySettings = NEProxySettings()
proxySettings.httpEnabled = true
proxySettings.httpServer = NEProxyServer(address: proxyServerAddress, port: Int(proxyServerPort))
proxySettings.httpsEnabled = true
proxySettings.httpsServer = NEProxyServer(address: proxyServerAddress, port: Int(proxyServerPort))
proxySettings.excludeSimpleHostnames = false
proxySettings.exceptionList = []
// probably not blocking whitelisted so this is safe, example.com is used to ensure firewall is still working
var combined: [String] = getAllBlockedDomains() + [testFirewallDomain]
combined += getAllWhitelistedDomains()
if combined.count <= 1 {
#if DEBUG
debugLog("PTP: COMBINED BLOCK LIST IS INVALID, LIKELY JUST RESTARTED")
debugLog(combined.description)
#endif
completionHandler(NEVPNError(.configurationInvalid))
return
}
proxySettings.matchDomains = combined
settings.dnsSettings = NEDNSSettings(servers: ["127.0.0.1"])
settings.proxySettings = proxySettings
RawSocketFactory.TunnelProvider = self
self.setTunnelNetworkSettings(settings, completionHandler: { error in
guard error == nil else {
PacketTunnelProviderLogs.log("Error setting tunnel network settings \(error as Any)")
completionHandler(error)
return
}
let newProxyServer = GCDHTTPProxyServer(address: IPAddress(fromString: self.proxyServerAddress), port: Port(port: self.proxyServerPort))
newProxyServer.refreshDomains()
self.proxyServer = newProxyServer
do {
try self.proxyServer.start()
PacketTunnelProviderLogs.log("Proxy server started")
completionHandler(nil)
} catch let proxyError {
PacketTunnelProviderLogs.log("Error starting proxy server \(proxyError)")
completionHandler(proxyError)
}
})
}
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
DNSServer.currentServer = nil
RawSocketFactory.TunnelProvider = nil
ObserverFactory.currentFactory = nil
proxyServer.stop()
proxyServer = nil
PacketTunnelProviderLogs.log("LockdownTunnel: error on stopping: \(reason.debugDescription)")
completionHandler()
exit(EXIT_SUCCESS)
}
override func cancelTunnelWithError(_ error: Error?) {
super.cancelTunnelWithError(error)
PacketTunnelProviderLogs.log("Packet tunnel provider cancelled with error: \(error as Any)")
}
}
extension PacketTunnelProvider {
#if DEBUG
static let debugLogsKey = AppGroupStorage.Key<[String]>(rawValue: "com.confirmed.packettunnelprovider.debuglogs")
func debugLog(_ string: String) {
let string = "DEBUG LOG \(PacketTunnelProviderLogs.dateFormatter.string(from: Date())) \(string)"
if var existing = AppGroupStorage.shared.read(key: PacketTunnelProvider.debugLogsKey) {
existing.append(string)
AppGroupStorage.shared.write(content: existing, key: PacketTunnelProvider.debugLogsKey)
} else {
AppGroupStorage.shared.write(content: [string], key: PacketTunnelProvider.debugLogsKey)
}
}
func flushDebugLogsToPacketTunnelProviderLogs() {
if let existing = AppGroupStorage.shared.read(key: PacketTunnelProvider.debugLogsKey) {
for entry in existing {
PacketTunnelProviderLogs.log(entry)
}
AppGroupStorage.shared.delete(forKey: PacketTunnelProvider.debugLogsKey)
}
}
#endif
}
extension NEProviderStopReason: CustomDebugStringConvertible {
public var debugDescription: String {
switch self {
case .none:
return "none"
case .userInitiated:
return "userInitiated"
case .providerFailed:
return "providerFailed"
case .noNetworkAvailable:
return "noNetworkAvailable"
case .unrecoverableNetworkChange:
return "unrecoverableNetworkChange"
case .providerDisabled:
return "providerDisabled"
case .authenticationCanceled:
return "authenticationCanceled"
case .configurationFailed:
return "configurationFailed"
case .idleTimeout:
return "idleTimeout"
case .configurationDisabled:
return "configurationDisabled"
case .configurationRemoved:
return "configurationRemoved"
case .superceded:
return "superceded"
case .userLogout:
return "userLogout"
case .userSwitch:
return "userSwitch"
case .connectionFailed:
return "connectionFailed"
case .sleep:
return "sleep"
case .appUpdate:
return "appUpdate"
}
}
}