netbird/iface/wg_configurer_mobile.go

//go:build ios || android
// +build ios android

package iface

import (
	"encoding/hex"
	"errors"
	"fmt"
	"net"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"
	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)

var (
	errFuncNotImplemented = errors.New("function not implemented")
)

type wGConfigurer struct {
	tunDevice *tunDevice
}

func newWGConfigurer(tunDevice *tunDevice) wGConfigurer {
	return wGConfigurer{
		tunDevice: tunDevice,
	}
}

func (c *wGConfigurer) configureInterface(privateKey string, port int) error {
	log.Debugf("adding Wireguard private key")
	key, err := wgtypes.ParseKey(privateKey)
	if err != nil {
		return err
	}
	fwmark := 0
	config := wgtypes.Config{
		PrivateKey:   &key,
		ReplacePeers: true,
		FirewallMark: &fwmark,
		ListenPort:   &port,
	}

	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
}

func (c *wGConfigurer) updatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
	// parse allowed ips
	_, ipNet, err := net.ParseCIDR(allowedIps)
	if err != nil {
		return err
	}

	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
	if err != nil {
		return err
	}
	peer := wgtypes.PeerConfig{
		PublicKey:                   peerKeyParsed,
		ReplaceAllowedIPs:           true,
		AllowedIPs:                  []net.IPNet{*ipNet},
		PersistentKeepaliveInterval: &keepAlive,
		PresharedKey:                preSharedKey,
		Endpoint:                    endpoint,
	}

	config := wgtypes.Config{
		Peers: []wgtypes.PeerConfig{peer},
	}

	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
}

func (c *wGConfigurer) removePeer(peerKey string) error {
	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
	if err != nil {
		return err
	}

	peer := wgtypes.PeerConfig{
		PublicKey: peerKeyParsed,
		Remove:    true,
	}

	config := wgtypes.Config{
		Peers: []wgtypes.PeerConfig{peer},
	}
	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
}

func (c *wGConfigurer) addAllowedIP(peerKey string, allowedIP string) error {
	_, ipNet, err := net.ParseCIDR(allowedIP)
	if err != nil {
		return err
	}

	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
	if err != nil {
		return err
	}
	peer := wgtypes.PeerConfig{
		PublicKey:         peerKeyParsed,
		UpdateOnly:        true,
		ReplaceAllowedIPs: false,
		AllowedIPs:        []net.IPNet{*ipNet},
	}

	config := wgtypes.Config{
		Peers: []wgtypes.PeerConfig{peer},
	}

	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
}

func (c *wGConfigurer) removeAllowedIP(peerKey string, ip string) error {
	ipc, err := c.tunDevice.Device().IpcGet()
	if err != nil {
		return err
	}

	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
	hexKey := hex.EncodeToString(peerKeyParsed[:])

	lines := strings.Split(ipc, "\n")

	output := ""
	foundPeer := false
	removedAllowedIP := false
	for _, line := range lines {
		line = strings.TrimSpace(line)

		// If we're within the details of the found peer and encounter another public key,
		// this means we're starting another peer's details. So, reset the flag.
		if strings.HasPrefix(line, "public_key=") && foundPeer {
			foundPeer = false
		}

		// Identify the peer with the specific public key
		if line == fmt.Sprintf("public_key=%s", hexKey) {
			foundPeer = true
		}

		// If we're within the details of the found peer and find the specific allowed IP, skip this line
		if foundPeer && line == "allowed_ip="+ip {
			removedAllowedIP = true
			continue
		}

		// Append the line to the output string
		if strings.HasPrefix(line, "private_key=") || strings.HasPrefix(line, "listen_port=") ||
			strings.HasPrefix(line, "public_key=") || strings.HasPrefix(line, "preshared_key=") ||
			strings.HasPrefix(line, "endpoint=") || strings.HasPrefix(line, "persistent_keepalive_interval=") ||
			strings.HasPrefix(line, "allowed_ip=") {
			output += line + "\n"
		}
	}

	if !removedAllowedIP {
		return fmt.Errorf("allowedIP not found")
	} else {
		return c.tunDevice.Device().IpcSet(output)
	}
}
Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`//go:build ios \|\| android`
			`// +build ios android`

Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`package iface`

			`import (`
Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`"encoding/hex"`
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`"errors"`
Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`"fmt"`
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`"net"`
Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`"strings"`
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`"time"`

			`log "github.com/sirupsen/logrus"`
			`"golang.zx2c4.com/wireguard/wgctrl/wgtypes"`
			`)`

			`var (`
			`errFuncNotImplemented = errors.New("function not implemented")`
			`)`

			`type wGConfigurer struct {`
			`tunDevice *tunDevice`
			`}`

			`func newWGConfigurer(tunDevice *tunDevice) wGConfigurer {`
			`return wGConfigurer{`
			`tunDevice: tunDevice,`
			`}`
			`}`

			`func (c *wGConfigurer) configureInterface(privateKey string, port int) error {`
			`log.Debugf("adding Wireguard private key")`
			`key, err := wgtypes.ParseKey(privateKey)`
			`if err != nil {`
			`return err`
			`}`
			`fwmark := 0`
			`config := wgtypes.Config{`
			`PrivateKey: &key,`
			`ReplacePeers: true,`
			`FirewallMark: &fwmark,`
			`ListenPort: &port,`
			`}`

			`return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))`
			`}`

			`func (c wGConfigurer) updatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint net.UDPAddr, preSharedKey *wgtypes.Key) error {`
Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`// parse allowed ips`
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`_, ipNet, err := net.ParseCIDR(allowedIps)`
			`if err != nil {`
			`return err`
			`}`

			`peerKeyParsed, err := wgtypes.ParseKey(peerKey)`
			`if err != nil {`
			`return err`
			`}`
			`peer := wgtypes.PeerConfig{`
			`PublicKey: peerKeyParsed,`
			`ReplaceAllowedIPs: true,`
			`AllowedIPs: []net.IPNet{*ipNet},`
			`PersistentKeepaliveInterval: &keepAlive,`
			`PresharedKey: preSharedKey,`
			`Endpoint: endpoint,`
			`}`

			`config := wgtypes.Config{`
			`Peers: []wgtypes.PeerConfig{peer},`
			`}`

			`return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))`
			`}`

			`func (c *wGConfigurer) removePeer(peerKey string) error {`
			`peerKeyParsed, err := wgtypes.ParseKey(peerKey)`
			`if err != nil {`
			`return err`
			`}`

			`peer := wgtypes.PeerConfig{`
			`PublicKey: peerKeyParsed,`
			`Remove: true,`
			`}`

			`config := wgtypes.Config{`
			`Peers: []wgtypes.PeerConfig{peer},`
			`}`
			`return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))`
			`}`

			`func (c *wGConfigurer) addAllowedIP(peerKey string, allowedIP string) error {`
			`_, ipNet, err := net.ParseCIDR(allowedIP)`
			`if err != nil {`
			`return err`
			`}`

			`peerKeyParsed, err := wgtypes.ParseKey(peerKey)`
			`if err != nil {`
			`return err`
			`}`
			`peer := wgtypes.PeerConfig{`
			`PublicKey: peerKeyParsed,`
			`UpdateOnly: true,`
			`ReplaceAllowedIPs: false,`
			`AllowedIPs: []net.IPNet{*ipNet},`
			`}`

			`config := wgtypes.Config{`
			`Peers: []wgtypes.PeerConfig{peer},`
			`}`

			`return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))`
			`}`

Feature/add iOS support (#1244) * starting engine by passing file descriptor on engine start * inject logger that does not compile * logger and first client * first working connection * support for routes and working connection * small refactor for better code quality in swift * trying to add DNS * fix * updated * fix route deletion * trying to bind the DNS resolver dialer to an interface * use dns.Client.Exchange * fix metadata send on startup * switching between client to query upstream * fix panic on no dns response * fix after merge changes * add engine ready listener * replace engine listener with connection listener * disable relay connection for iOS until proxy is refactored into bind * Extract private upstream for iOS and fix function headers for other OS * Update mock Server * Fix dns server and upstream tests * Fix engine null pointer with mobile dependencies for other OS * Revert back to disabling upstream on no response * Fix some of the remarks from the linter * Fix linter * re-arrange duration calculation * revert exported HostDNSConfig * remove unused engine listener * remove development logs * refactor dns code and interface name propagation * clean dns server test * disable upstream deactivation for iOS * remove files after merge * fix dns server darwin * fix server mock * fix build flags * move service listen back to initialize * add wgInterface to hostManager initialization on android * fix typo and remove unused function * extract upstream exchange for ios and rest * remove todo * separate upstream logic to ios file * Fix upstream test * use interface and embedded struct for upstream * set properly upstream client * remove placeholder * remove ios specific attributes * fix upstream test * merge ipc parser and wg configurer for mobile * fix build annotation * use json for DNS settings handover through gomobile * add logs for DNS json string * bring back check on ios for private upstream * remove wrong (and unused) line * fix wrongly updated comments on DNSSetting export --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> 2023-12-18 11:46:58 +01:00			`func (c *wGConfigurer) removeAllowedIP(peerKey string, ip string) error {`
			`ipc, err := c.tunDevice.Device().IpcGet()`
			`if err != nil {`
			`return err`
			`}`

			`peerKeyParsed, err := wgtypes.ParseKey(peerKey)`
			`hexKey := hex.EncodeToString(peerKeyParsed[:])`

			`lines := strings.Split(ipc, "\n")`

			`output := ""`
			`foundPeer := false`
			`removedAllowedIP := false`
			`for _, line := range lines {`
			`line = strings.TrimSpace(line)`

			`// If we're within the details of the found peer and encounter another public key,`
			`// this means we're starting another peer's details. So, reset the flag.`
			`if strings.HasPrefix(line, "public_key=") && foundPeer {`
			`foundPeer = false`
			`}`

			`// Identify the peer with the specific public key`
			`if line == fmt.Sprintf("public_key=%s", hexKey) {`
			`foundPeer = true`
			`}`

			`// If we're within the details of the found peer and find the specific allowed IP, skip this line`
			`if foundPeer && line == "allowed_ip="+ip {`
			`removedAllowedIP = true`
			`continue`
			`}`

			`// Append the line to the output string`
			`if strings.HasPrefix(line, "private_key=") \|\| strings.HasPrefix(line, "listen_port=") \|\|`
			`strings.HasPrefix(line, "public_key=") \|\| strings.HasPrefix(line, "preshared_key=") \|\|`
			`strings.HasPrefix(line, "endpoint=") \|\| strings.HasPrefix(line, "persistent_keepalive_interval=") \|\|`
			`strings.HasPrefix(line, "allowed_ip=") {`
			`output += line + "\n"`
			`}`
			`}`

			`if !removedAllowedIP {`
			`return fmt.Errorf("allowedIP not found")`
			`} else {`
			`return c.tunDevice.Device().IpcSet(output)`
			`}`
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework 2023-03-17 10:37:27 +01:00			`}`