diff --git a/client/internal/engine.go b/client/internal/engine.go index 9d041031e..fc5937fb1 100644 --- a/client/internal/engine.go +++ b/client/internal/engine.go @@ -228,8 +228,6 @@ func (e *Engine) Start() error { }) case "ios": err = e.wgInterface.CreateOniOS(e.mobileDep.FileDescriptor) - log.Debugf("sending initial route range %s to iOS", strings.Join(e.routeManager.InitialRouteRange(), ",")) - e.mobileDep.RouteListener.OnNewRouteSetting(strings.Join(e.routeManager.InitialRouteRange(), ",")) default: err = e.wgInterface.Create() } diff --git a/client/internal/routemanager/manager.go b/client/internal/routemanager/manager.go index 2f8482dbf..b31fe6327 100644 --- a/client/internal/routemanager/manager.go +++ b/client/internal/routemanager/manager.go @@ -53,8 +53,7 @@ func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface, notifier: newNotifier(), } - log.Debug("initializing route manager") - if runtime.GOOS == "android" || runtime.GOOS == "ios" { + if runtime.GOOS == "android" { cr := dm.clientRoutes(initialRoutes) dm.notifier.setInitialClientRoutes(cr) } diff --git a/client/internal/routemanager/notifier.go b/client/internal/routemanager/notifier.go index 7da4f920b..752cdd7db 100644 --- a/client/internal/routemanager/notifier.go +++ b/client/internal/routemanager/notifier.go @@ -59,9 +59,6 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) { n.routeRangers = newNets - if !n.hasDiff(n.initialRouteRangers, newNets) { - return - } n.notify() } diff --git a/client/internal/routemanager/systemops_ios.go b/client/internal/routemanager/systemops_ios.go new file mode 100644 index 000000000..aae0f8dc8 --- /dev/null +++ b/client/internal/routemanager/systemops_ios.go @@ -0,0 +1,15 @@ +//go:build ios + +package routemanager + +import ( + "net/netip" +) + +func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error { + return nil +} + +func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error { + return nil +} diff --git a/client/internal/routemanager/systemops_nonandroid.go b/client/internal/routemanager/systemops_nonandroid.go index 3ddf72686..11a4890c0 100644 --- a/client/internal/routemanager/systemops_nonandroid.go +++ b/client/internal/routemanager/systemops_nonandroid.go @@ -1,4 +1,4 @@ -//go:build !android +//go:build !android && !ios package routemanager diff --git a/iface/wg_configurer_ios.go b/iface/wg_configurer_ios.go index 232402278..4b1c89be0 100644 --- a/iface/wg_configurer_ios.go +++ b/iface/wg_configurer_ios.go @@ -4,12 +4,14 @@ package iface import ( + "encoding/hex" "errors" + "fmt" "net" + "strings" "time" log "github.com/sirupsen/logrus" - "golang.zx2c4.com/wireguard/wgctrl/wgtypes" ) @@ -112,6 +114,52 @@ func (c *wGConfigurer) addAllowedIP(peerKey string, allowedIP string) error { return c.tunDevice.Device().IpcSet(toWgUserspaceString(config)) } -func (c *wGConfigurer) removeAllowedIP(peerKey string, allowedIP string) error { - return errFuncNotImplemented +func (c *wGConfigurer) removeAllowedIP(peerKey string, ip string) error { + ipc, err := c.tunDevice.Device().IpcGet() + if err != nil { + return err + } + + peerKeyParsed, err := wgtypes.ParseKey(peerKey) + hexKey := hex.EncodeToString(peerKeyParsed[:]) + + lines := strings.Split(ipc, "\n") + + output := "" + foundPeer := false + removedAllowedIP := false + for _, line := range lines { + line = strings.TrimSpace(line) + + // If we're within the details of the found peer and encounter another public key, + // this means we're starting another peer's details. So, reset the flag. + if strings.HasPrefix(line, "public_key=") && foundPeer { + foundPeer = false + } + + // Identify the peer with the specific public key + if line == fmt.Sprintf("public_key=%s", hexKey) { + foundPeer = true + } + + // If we're within the details of the found peer and find the specific allowed IP, skip this line + if foundPeer && line == "allowed_ip="+ip { + removedAllowedIP = true + continue + } + + // Append the line to the output string + if strings.HasPrefix(line, "private_key=") || strings.HasPrefix(line, "listen_port=") || + strings.HasPrefix(line, "public_key=") || strings.HasPrefix(line, "preshared_key=") || + strings.HasPrefix(line, "endpoint=") || strings.HasPrefix(line, "persistent_keepalive_interval=") || + strings.HasPrefix(line, "allowed_ip=") { + output += line + "\n" + } + } + + if !removedAllowedIP { + return fmt.Errorf("allowedIP not found") + } else { + return c.tunDevice.Device().IpcSet(output) + } }