From c346ec5b391f3dcbc4cbf2a3b10972c74ad157b9 Mon Sep 17 00:00:00 2001
From: Jett Chen <jettchen12345@gmail.com>
Date: Mon, 11 Dec 2023 19:04:53 +0800
Subject: [PATCH] Update for MacOS

---
 .../NetworkExtension-macOS.entitlements       |  2 ++
 burrow/src/daemon/mod.rs                      |  6 +++--
 burrow/src/wireguard/iface.rs                 |  1 +
 burrow/src/wireguard/noise/mod.rs             | 24 +++++++++++++++++++
 4 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/Apple/NetworkExtension/NetworkExtension-macOS.entitlements b/Apple/NetworkExtension/NetworkExtension-macOS.entitlements
index c3d6dc2..edb3f26 100644
--- a/Apple/NetworkExtension/NetworkExtension-macOS.entitlements
+++ b/Apple/NetworkExtension/NetworkExtension-macOS.entitlements
@@ -4,6 +4,8 @@
 <dict>
 	<key>com.apple.security.network.client</key>
 	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
 		<string>packet-tunnel-provider</string>
diff --git a/burrow/src/daemon/mod.rs b/burrow/src/daemon/mod.rs
index 1020cf7..4e91968 100644
--- a/burrow/src/daemon/mod.rs
+++ b/burrow/src/daemon/mod.rs
@@ -2,13 +2,14 @@ use std::{
     net::{IpAddr, Ipv4Addr, SocketAddr},
     sync::Arc,
 };
+use std::net::ToSocketAddrs;
 
 mod command;
 mod instance;
 mod net;
 mod response;
 
-use anyhow::{Error, Result};
+use anyhow::{anyhow, Error, Result};
 use base64::{engine::general_purpose, Engine as _};
 pub use command::{DaemonCommand, DaemonStartOptions};
 use fehler::throws;
@@ -52,7 +53,8 @@ pub async fn daemon_main() -> Result<()> {
     let private_key = parse_secret_key("GNqIAOCRxjl/cicZyvkvpTklgQuUmGUIEkH7IXF/sEE=")?;
     let public_key = parse_public_key("uy75leriJay0+oHLhRMpV+A5xAQ0hCJ+q7Ww81AOvT4=")?;
     let preshared_key = Some(parse_key("s7lx/mg+reVEMnGnqeyYOQkzD86n2+gYnx1M9ygi08k=")?);
-    let endpoint = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(198, 18, 6, 180)), 51820); // DNS lookup under macos fails, somehow
+    let endpoint = "wg.burrow.rs:51820".to_socket_addrs()?.next()
+        .ok_or(anyhow!("DNS Lookup Fails!"))?; // DNS lookup under macos fails, somehow
 
     let iface = Interface::new(vec![Peer {
         endpoint,
diff --git a/burrow/src/wireguard/iface.rs b/burrow/src/wireguard/iface.rs
index 3d1823b..8363dcd 100755
--- a/burrow/src/wireguard/iface.rs
+++ b/burrow/src/wireguard/iface.rs
@@ -131,6 +131,7 @@ impl Interface {
                 };
 
                 tracing::debug!("dst_addr: {}", dst_addr);
+                debug!("src_addr: {}", Tunnel::src_address(src).unwrap());
 
                 let Some(idx) = pcbs.find(dst_addr) else {
                     continue
diff --git a/burrow/src/wireguard/noise/mod.rs b/burrow/src/wireguard/noise/mod.rs
index 3a60c22..aaa8138 100755
--- a/burrow/src/wireguard/noise/mod.rs
+++ b/burrow/src/wireguard/noise/mod.rs
@@ -205,6 +205,30 @@ impl Tunnel {
         }
     }
 
+    pub fn src_address(packet: &[u8]) -> Option<IpAddr> {
+        if packet.is_empty() {
+            return None
+        }
+
+        match packet[0] >> 4 {
+            4 if packet.len() >= IPV4_MIN_HEADER_SIZE => {
+                let addr_bytes: [u8; IPV4_IP_SZ] = packet
+                    [IPV4_SRC_IP_OFF..IPV4_SRC_IP_OFF + IPV4_IP_SZ]
+                    .try_into()
+                    .unwrap();
+                Some(IpAddr::from(addr_bytes))
+            }
+            6 if packet.len() >= IPV6_MIN_HEADER_SIZE => {
+                let addr_bytes: [u8; IPV6_IP_SZ] = packet
+                    [IPV6_SRC_IP_OFF..IPV6_SRC_IP_OFF + IPV6_IP_SZ]
+                    .try_into()
+                    .unwrap();
+                Some(IpAddr::from(addr_bytes))
+            }
+            _ => None,
+        }
+    }
+
     /// Create a new tunnel using own private key and the peer public key
     pub fn new(
         static_private: x25519::StaticSecret,