Open
Conversation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
macOS will use the wrong source address unless we add explicit routes that mention the self-pointing gateway. Actually, it won't add any implicit routes on its own, so in order to route the masks of the addresses, we have to add our own routes explicitly. However, this still doesn't fix the problem while inside of the network extension, even though it works outside it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Fixes missing excluded file warning in Xcode. api-ios.go was renamed to api-apple.go. Signed-off-by: Andrej Mihajlov <and@mullvad.net>
This is a bit of a kludge, until I find something better. We simply iterate through all FDs, and call getsockopt on each one until we find the utun FD. This works, and completes rather quickly (fd is usually 6 or 7). Rather than maintain the old path for older kernels, just use this for all versions, to get more coverage. Other techniques involve undocumented APIs; this one has the advantage of using nothing undocumented. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Rather than hoping that the AF_SYSTEM fd is of type utun, and then calling "2" on it to get the name -- which could be defined as something else for a different AF_SYSTEM socket type -- instead simply query the AF_SYSTEM control socket ID with getpeername. This has one catch, which is that the ID is dynamically allocated, so we resolve it using the qualified name. Normally we'd make a new AF_SYSTEM socket for this, but since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket that we're checking. At this point in the flow, we know that it's a proper AF_SYSTEM one, based on the first sockaddr member; we just don't know that it's a utun variety. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Sync with official repo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.