From: Andrej Mihajlov <and@mullvad.net>
To: David Crawshaw <crawshaw@tailscale.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: WireGuard is broken on iOS 15 beta
Date: Fri, 11 Jun 2021 09:16:25 +0200 [thread overview]
Message-ID: <E201364E-C433-4A43-968E-F336D5944986@mullvad.net> (raw)
In-Reply-To: <CANdratux27RGAbVg1QBEKEnff8jb3pdezZ-Ad0=bqYfOw6iUeA@mail.gmail.com>
IIRC one thing to consider with that lookup: iOS enables users to run Personal VPN and Custom VPN (aka WireGuard) side-by-side so there is a chance you may pick the wrong utun.
> On 11 Jun 2021, at 00:33, David Crawshaw <crawshaw@tailscale.com> wrote:
>
> I finally managed to get a device running iPadOS 15 and an Xcode 13
> beta. This technique works. Some modified code with logging:
>
> func tunnelFD(provider: NEPacketTunnelProvider) -> Int32 {
> os_log("tunnelFD searching")
> var buf = [CChar](repeating: 0, count: Int(IFNAMSIZ))
> for fd: Int32 in 4...64 {
> var len = socklen_t(buf.count)
> if getsockopt(fd, 2 /* SYSPROTO_CONTROL */, 2, &buf, &len) == 0 {
> let str = String(cString: buf)
> os_log("%{public}@", "tunnelFD \(fd): \(str)")
> if str.starts(with: "utun") {
> os_log("tunnelFD found likely fd")
> return fd
> }
> }
> }
> os_log("tunnelFD found nothing")
> return -1
> }
>
> produces the logs:
>
> tunnelFD searching
> tunnelFD 7: utun3
> tunnelFD found likely fd
>
> Note that the current technique of calling
> provider.packetFlow.value(forKeyPath: "socket.fileDescriptor") causes
> the NetworkExtension to crash under iOS 15. The logs say the kernel
> sandbox killed it:
>
> Sandbox: process(525) deny(2) file-test-existence /private/etc/.mdns_debug
>
> On Thu, Jun 10, 2021 at 8:44 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>
>> I won't have an updated OS to test this out in until next week at the
>> earliest, but perhaps this hack will work?
>> https://git.zx2c4.com/wireguard-apple/commit/?h=jd/fd-search-hack
>> Let me know if that is successful, or if it blows up.
>>
>> Jason
next prev parent reply other threads:[~2021-06-11 7:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-10 11:44 WireGuard is broken on iOS 15 beta Andrej Mihajlov
2021-06-10 11:51 ` Jason A. Donenfeld
2021-06-10 15:39 ` Jason A. Donenfeld
2021-06-10 22:33 ` David Crawshaw
2021-06-11 7:16 ` Andrej Mihajlov [this message]
2021-06-11 7:53 ` Jason A. Donenfeld
2021-06-11 8:42 ` Andrej Mihajlov
2021-06-11 8:50 ` Jason A. Donenfeld
2021-06-11 9:02 ` Andrej Mihajlov
2021-06-11 9:09 ` Jason A. Donenfeld
2021-06-16 13:25 ` Andrej Mihajlov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E201364E-C433-4A43-968E-F336D5944986@mullvad.net \
--to=and@mullvad.net \
--cc=Jason@zx2c4.com \
--cc=crawshaw@tailscale.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.