Commit Graph

128 Commits

Author SHA1 Message Date
Jason A. Donenfeld
fe61522f2a tunnel: retry DNS resolution for 10 seconds
This has several problems: 1) it blocks the main thread; 2) it doesn't
distinguish between a permanent error and a transient one; 3) the 10
seconds is hard coded; 4) there's no way for the user to cancel it.

We'll have to improve this.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-26 18:07:28 +02:00
Jason A. Donenfeld
0dcfde35f4 tunnel: bump deps
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07 10:28:51 +02:00
Jason A. Donenfeld
6acc1125b8 tunnel: download hash list in chunks if necessary
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-07 10:25:10 +02:00
Jason A. Donenfeld
d6a8e9d4dc tunnel: avoid race between shutdown and stats
wgTurnOff can block for a while, in which case, calling getStatistics
will use a stale handle and stale tunnel. Not only that, but wgGetConfig
might return null, in which case string.split throws.

    java.lang.NullPointerException: Attempt to invoke virtual method
    'java.lang.String[] java.lang.String.split(java.lang.String)' on a null
    at com.wireguard.android.backend.GoBackend.getStatistics

Reported-by: tomt@adslweb.co.uk
Link: https://lists.zx2c4.com/pipermail/wireguard/2021-May/006709.html
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-06 10:50:20 +02:00
Jason A. Donenfeld
f32c5cc222 tools: bump deps
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-05-05 13:02:56 +02:00
Jason A. Donenfeld
11301617d2 tunnel: update to go 1.16 and newer api
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-22 15:27:53 +01:00
Jason A. Donenfeld
8523979c9c tunnel: report git commit as wgVersion
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-12 18:08:38 +01:00
Jason A. Donenfeld
639ee6b5b2 tunnel: add developer information to pom xml
Otherwise sonatype gets upset.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-11 16:40:34 +01:00
Jason A. Donenfeld
4c3289aa52 tunnel: bump all tools
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-11 16:00:28 +01:00
Jason A. Donenfeld
79376bca64 tunnel: sign using gpg-agent
This way we don't have to have a separate java universe.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-02-11 15:55:20 +01:00
Harsh Shandilya
b709d36c01
tunnel: switch publishing to MavenCentral
Since MavenCentral requires GPG signed artifacts, we'll need to configure
some things on the machine running the deployment. Specifically, these
three Gradle properties need to be set (preferably in ~/.gradle/gradle.properties)

```
signing.keyId= // Duh
signing.password= // I have absolutely no idea how this will work with HSMs
signing.secretKeyRingFile= // $HOME/.gnupg/... you know the deal
```

The BINTRAY_USER and BINTRAY_KEY variables are replaced by SONATYPE_USER
and SONATYPE_PASSWORD to better reflect their new contents.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2021-02-11 01:58:41 +05:30
Jason A. Donenfeld
74ff870cf5 tunnel: bump libwg-go and use newer logging function
We also plug a memory leak. C.CString was calling malloc, and these were
never freed.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-01-27 01:10:48 +01:00
L.W.Reek
d179a3af15
libwg-go: update to go 1.15.6
Signed-off-by: L.W.Reek <syphyr@gmail.com>
2021-01-23 14:42:46 +05:30
Jason A. Donenfeld
cb3194f10a tunnel: bump libwg-go
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 22:55:56 +01:00
Jason A. Donenfeld
177457e67b tunnel: bump libwg-go
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-16 19:04:17 +01:00
Harsh Shandilya
35f868733c
build: switch to Gradle's maven-publish plugin
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-11-07 18:53:06 +05:30
Jason A. Donenfeld
e71b3d2583 ToolsInstaller: unbreak cleanup
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-27 13:35:07 +01:00
Jason A. Donenfeld
755148242c tunnel: do not constantly raise toasts when process is opportunistically killed
Modern Android likes to kill processes to free ram and resources. When
kernel-mode WireGuard is in use, this is quite alright with us, since
the app doesn't actually need to consume any resources at all in order
for the tunnel to run. So, we want to allow and encourage this resource
frugality. However, when the quick settings tile is being used or when
the app is referenced otherwise, the app will occasionally be restarted,
to, for example, repaint the quick settings tile. This is also fine, as
the process winds up being short-lived again. But, since process
initialization means asking for a new root shell in order to check on
kernel-mode WireGuard, this means that Magisk raises a systemwide toast.
On some phones, this happens each and every time that the notification
shade is pulled down. It's not only annoying but it sometimes obscures
other notifications that users want to see, prompting their pulling down
of the notification shade in the first place. In order to get rid of
this nuisance, just disable these notifications and extraneous logs, so
that we don't clutter the system every time that the process is
opportunistically killed and restarted.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-26 22:44:35 +01:00
Jason A. Donenfeld
15fea6f02f tunnel: clean up some docstring wording
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-20 16:35:05 +02:00
Jason A. Donenfeld
5b5ba88a97 tunnel: use more subtle roaming escape hatch
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-10-07 10:21:02 +02:00
Jason A. Donenfeld
d738161a2e Statistics: only do one hash lookup
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-21 11:16:33 +02:00
Jason A. Donenfeld
52c2e9cd24 TunnelManager: catch exception in intent receiver
java.lang.IllegalStateException:
  at android.app.ContextImpl.startServiceCommon (ContextImpl.java:1720)
  at android.app.ContextImpl.startService (ContextImpl.java:1675)
  at android.content.ContextWrapper.startService (ContextWrapper.java:669)
  at com.wireguard.android.backend.GoBackend.startVpnService (GoBackend.java:4)
  at com.wireguard.android.backend.GoBackend.setStateInternal (GoBackend.java:4)
  at com.wireguard.android.backend.GoBackend.setState (GoBackend.java:2)
  at com.wireguard.android.model.TunnelManager$setTunnelState$2$1.invokeSuspend (TunnelManager.java:6)
  at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith (BaseContinuationImpl.java:2)
  at kotlinx.coroutines.DispatchedTask.run (DispatchedTask.java:2)
  at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely (CoroutineScheduler.java)
  at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask (CoroutineScheduler.java:7)
  at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker (CoroutineScheduler.java:7)
  at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run (CoroutineScheduler.java:7)

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-21 10:54:07 +02:00
Jonathan Davies
b877593d55 libwg-go: use PeekLookAtSocketFd6(), not PeekLookAtSocketFd4()
Signed-off-by: Jonathan Davies <jpds@protonmail.com>
Fixes: 3d088411 ("libwg-go: use conn.Bind for socketfd peek")
Cc: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-16 18:01:06 +02:00
Harsh Shandilya
ff7d7e0edd tunnel: document more public API from backend package
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-09-16 18:01:06 +02:00
Jason A. Donenfeld
53adb0e9a6 Ed25519: use implementation from Tink
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-16 18:01:06 +02:00
Jason A. Donenfeld
a3726b07bf wireguard-tools: bump to fix invalid free
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-15 16:21:09 +02:00
Jason A. Donenfeld
601b58b670 libwg-go: update to go 1.15.2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-15 13:40:13 +02:00
Jason A. Donenfeld
f20d0f0659 gradle: desugar retrofuture and remove old deps
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-15 12:30:15 +02:00
Harsh Shandilya
8b7617294e
tools: bump for Android 11 ndc fix
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-08-26 18:59:57 +05:30
Harsh Shandilya
9985b9b08e
build: target SDK 30
We're all set to support it from the application side of things.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-08-25 21:17:05 +05:30
Harsh Shandilya
348d430cd3
build: remove explicit buildToolsVersion
AGP sets it automatically, let's rely on that

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-08-23 00:49:11 +05:30
David Crawshaw
3d088411e2 libwg-go: use conn.Bind for socketfd peek
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-22 02:24:55 -06:00
Jason A. Donenfeld
39e0c861e2 tools: bump versions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-07 01:58:02 -06:00
Jason A. Donenfeld
8e2d63db75 tunnel: add windows-style killswitch semantics for GoBackend
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-04 02:30:44 -06:00
Harsh Shandilya
09125e1e31
libwg-go: bump go version
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-26 04:33:41 +05:30
Harsh Shandilya
f3ac787f5a
ToolsInstaller: update Magisk directory
/data/adb/modules has been the location for modules since v18.0 and nobody
should reasonably be on any older version anymore. This has continued to
work for this long because Magisk created symlinks for backwards compat. However,
these symlinks are not created anymore on Android 11, which is where this
problem	first surfaced.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-23 01:40:50 +05:30
Harsh Shandilya
6cb9548f72
tunnel: disable LongLogTag lint
Should have been part of the patch that disabled this for ui/

Fixes: 8d128cf2e9 ("ui: disable LongLogTag lint")
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-19 01:59:51 +05:30
Harsh Shandilya
3fa8e09545
tunnel: disable BuildConfig generation
We don't (and shouldn't) use BuildConfig values, but the class was
polluting our public API regardless which is undesirable.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-08 17:05:31 +05:30
Jason A. Donenfeld
e424765a61 tunnel: support IncludedApplications as whitelist
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-05 20:04:51 -06:00
Harsh Shandilya
1ca4dbf1a2
tunnel: hold peers in an ArrayList
A set will cause identical peers to be dropped during save

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-06 01:22:44 +05:30
Jason A. Donenfeld
7b5ceac9f7 version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-03 19:07:33 -06:00
Jason A. Donenfeld
9fe0019ec1 tunnel: libwg-go: use deterministic verdef name
From the ld.gold source:

  const char* name = parameters->options().soname();
  if (name == NULL)
    name = parameters->options().output_file_name();

That means by default it uses `-o {output}` as the verdef aux name,
which is random every time due to Go's build system. By passing in
`--soname={somethingexplicit}` we can instead have a deterministic
verdef.

This commit makes wireguard-android reproducible.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-03 19:07:33 -06:00
Jason A. Donenfeld
c1e86acb3c tunnel: libwg-go: remove -x option from flock
It's already the default and the macOS port of flock doesn't support it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-01 22:05:24 -06:00
Jason A. Donenfeld
d74b988f75 global: cleanup code style
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-30 13:57:43 -06:00
Jason A. Donenfeld
c9717693d0 tunnel: libwg-go: check sha256 of downloaded tarball
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-29 02:36:29 -06:00
Jason A. Donenfeld
0fa3fe3d43 tunnel: libwg-go: stick go tarball in gradle cache
This way we don't have to build over and over.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-29 02:28:41 -06:00
Jason A. Donenfeld
f916f96761 tunnel: libwg-go: prevent parallel downloads
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-29 01:31:39 -06:00
Jason A. Donenfeld
79e766c4e1 tunnel: fix package name being passed through to cmake
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-29 01:18:46 -06:00
Jason A. Donenfeld
456a74db05 global: hardcode tags so that minification doesn't ruin the log
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-28 23:21:12 -06:00
Jason A. Donenfeld
4725e55090 libwg-go: update go modules
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-22 14:08:20 -06:00
Jason A. Donenfeld
38c360cb74 libwg-go: bump go version
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-22 01:07:20 -06:00
Jason A. Donenfeld
240e049e46 InetEndpoint: return proper parser exception
Wrapping this in something foreign doesn't make sense.

Reported-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-19 13:04:31 -06:00
Harsh Shandilya
2b31eac1af publish.gradle: Use non-deprecated API to prevent eager configuration of tasks
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-14 10:44:52 +05:30
Harsh Shandilya
093139bc91 tunnel: Add an initial set of unit tests
Includes a control set of broken configuration files that we attempt to parse and
verify that the parser fails in a predictable and consistent manner.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-14 10:32:12 +05:30
Harsh Shandilya
6c8a4a6a28 tunnel: Remove MISSING_VALUE from BadConfigException reasons
This is covered under SYNTAX_ERROR which feels like a reasonable choice,
so get rid of this unused field and associated resource string.

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-14 10:25:57 +05:30
Jason A. Donenfeld
f5d2fd6190 config: show missing section error correctly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-13 13:20:34 -06:00
Jason A. Donenfeld
86fc518585 tunnel: replace CompletableFuture with GhettoCompletableFuture
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-12 01:14:13 -06:00
Jason A. Donenfeld
78377a5c67 tunnel: we return Optional types so mark retrostreams as api
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-12 00:23:03 -06:00
Jason A. Donenfeld
56f2dcc073 tunnel: add javadoc support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-11 00:29:18 -06:00
Jason A. Donenfeld
704c344213 tunnel: the external API does not expose java9
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 11:52:30 -06:00
Jason A. Donenfeld
692b71af23 tunnel: tools: update to latest go
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 22:12:16 +05:30
Jason A. Donenfeld
d4875afe31 tunnel: make use of @RestrictTo
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 22:12:16 +05:30
Jason A. Donenfeld
de0e431d00 build: abstract out groupName
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 22:12:12 +05:30
Jason A. Donenfeld
6b304391b5 global: java access control has important semantic meaning
It's not right to blindly follow all of AndroidStudio's suggestions,
especially for things in tunnel/ which comprise useful API.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 08:44:38 -06:00
Harsh Shandilya
8f85e4c88f tunnel: Codestyle cleanups
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-10 13:20:16 +05:30
Harsh Shandilya
a3b9c3b884 ui: Codestyle cleanups
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-10 13:08:28 +05:30
Jason A. Donenfeld
5d342ee1ab tunnel: upload aar to bintray
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-10 00:29:38 -06:00
Jason A. Donenfeld
89d9e30025 build: apply version to both modules
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 21:54:27 -06:00
Jason A. Donenfeld
dfde86df76 Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 17:31:52 -06:00
Jason A. Donenfeld
2e55e5fd05 global: format code
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 12:36:47 -06:00
Jason A. Donenfeld
40ebf8006e global: optimize imports
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 12:21:35 -06:00
Jason A. Donenfeld
8e8643122e global: get rid of nonnull gradle hack
Hacking things up via gradle is not right, and package-info.java poses
problems with two modules, so instead we just apply it manually to every
class.

Remember to add this to new classes!

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 12:19:15 -06:00
Jason A. Donenfeld
d62526fde6 WgQuickBackend: by default use single-tunnel mode like GoBackend, but add option
Note that this currently doesn't play well with people activating
wg-quick tunnels from outside the app. Those tunnels won't be
deactivated. But presumably that's desired behavior anyway, considering
people are mucking around at the command line.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 10:02:00 -06:00
Jason A. Donenfeld
056cf472d9 ModuleLoader: move to right project
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 09:07:48 -06:00
Jason A. Donenfeld
0c161cc0c2 AsyncWorker: move back to original location
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-09 08:59:37 -06:00
Harsh Shandilya
7894894610 Use AndroidX Nullable annotation everywhere
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-09 19:24:27 +05:30
Harsh Shandilya
6bc3e257f8 Enable nonnull generation for tunnel module
Also cleanup nonnull.gradle while we're at it

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-09 19:24:26 +05:30
Harsh Shandilya
adc613d801 Migrate tunnel related classes to tunnel/ Gradle module
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-03-09 19:24:26 +05:30