Update for MacOS

2023-12-11 19:04:53 +08:00 · 2023-12-11 19:04:53 +08:00 · c346ec5b39
commit c346ec5b39
parent 3e5a01ffbe
4 changed files with 31 additions and 2 deletions
--- a/Apple/NetworkExtension/NetworkExtension-macOS.entitlements
+++ b/Apple/NetworkExtension/NetworkExtension-macOS.entitlements
@ -4,6 +4,8 @@
 <dict>
 	<key>com.apple.security.network.client</key>
 	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
 		<string>packet-tunnel-provider</string>
--- a/burrow/src/daemon/mod.rs
+++ b/burrow/src/daemon/mod.rs
@ -2,13 +2,14 @@ use std::{
    net::{IpAddr, Ipv4Addr, SocketAddr},
    sync::Arc,
 };
+use std::net::ToSocketAddrs;

 mod command;
 mod instance;
 mod net;
 mod response;

-use anyhow::{Error, Result};
+use anyhow::{anyhow, Error, Result};
 use base64::{engine::general_purpose, Engine as _};
 pub use command::{DaemonCommand, DaemonStartOptions};
 use fehler::throws;
@ -52,7 +53,8 @@ pub async fn daemon_main() -> Result<()> {
    let private_key = parse_secret_key("GNqIAOCRxjl/cicZyvkvpTklgQuUmGUIEkH7IXF/sEE=")?;
    let public_key = parse_public_key("uy75leriJay0+oHLhRMpV+A5xAQ0hCJ+q7Ww81AOvT4=")?;
    let preshared_key = Some(parse_key("s7lx/mg+reVEMnGnqeyYOQkzD86n2+gYnx1M9ygi08k=")?);
-    let endpoint = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(198, 18, 6, 180)), 51820); // DNS lookup under macos fails, somehow
+    let endpoint = "wg.burrow.rs:51820".to_socket_addrs()?.next()
+        .ok_or(anyhow!("DNS Lookup Fails!"))?; // DNS lookup under macos fails, somehow

    let iface = Interface::new(vec![Peer {
        endpoint,
--- a/burrow/src/wireguard/iface.rs
+++ b/burrow/src/wireguard/iface.rs
@ -131,6 +131,7 @@ impl Interface {
                };

                tracing::debug!("dst_addr: {}", dst_addr);
+                debug!("src_addr: {}", Tunnel::src_address(src).unwrap());

                let Some(idx) = pcbs.find(dst_addr) else {
                    continue
--- a/burrow/src/wireguard/noise/mod.rs
+++ b/burrow/src/wireguard/noise/mod.rs
@ -205,6 +205,30 @@ impl Tunnel {
        }
    }

+    pub fn src_address(packet: &[u8]) -> Option<IpAddr> {
+        if packet.is_empty() {
+            return None
+        }
+
+        match packet[0] >> 4 {
+            4 if packet.len() >= IPV4_MIN_HEADER_SIZE => {
+                let addr_bytes: [u8; IPV4_IP_SZ] = packet
+                    [IPV4_SRC_IP_OFF..IPV4_SRC_IP_OFF + IPV4_IP_SZ]
+                    .try_into()
+                    .unwrap();
+                Some(IpAddr::from(addr_bytes))
+            }
+            6 if packet.len() >= IPV6_MIN_HEADER_SIZE => {
+                let addr_bytes: [u8; IPV6_IP_SZ] = packet
+                    [IPV6_SRC_IP_OFF..IPV6_SRC_IP_OFF + IPV6_IP_SZ]
+                    .try_into()
+                    .unwrap();
+                Some(IpAddr::from(addr_bytes))
+            }
+            _ => None,
+        }
+    }
+
    /// Create a new tunnel using own private key and the peer public key
    pub fn new(
        static_private: x25519::StaticSecret,