[PATCH] Wireguard-Apple: Restore iOS-like NWPath handling on MacOS app

Development discussion of WireGuard
 help / color / mirror / Atom feed

* [PATCH] Wireguard-Apple: Restore iOS-like NWPath handling on MacOS app
@ 2025-06-18 20:38 Kajetan Staszkiewicz
  0 siblings, 0 replies; only message in thread
From: Kajetan Staszkiewicz @ 2025-06-18 20:38 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1.1: Type: text/plain, Size: 927 bytes --]

I've sent this already when the mailing list was down, maybe it went
unnoticed:

Sometimes after a network path change, especially when only
"unsatisfied" network path is available, for example when a laptop
loses all LAN and WiFi networks, further network path changes are
ignored. When "satisfied" networks disappear the cloned route for the
bound socket is removed by the system and WireGuard packets are routed
through the tunnel. This will result in an non-operational tunnel.

The iOS code does not manifest this behaviour, as it properly disables
the tunnel when no "satisfied" networks are available. Remove the
special MacOS case, use the iOS code on MacOS app.

-- 
| pozdrawiam / regards | Powered by Debian and FreeBSD  |
| Kajetan Staszkiewicz |   www: http://tuxpowered.net   |
|                      | matrix: @vegeta:tuxpowered.net |
`----------------------^--------------------------------'

[-- Attachment #1.1.2: 0001-Restore-iOS-like-NWPath-handling-on-MacOS-app.patch --]
[-- Type: text/plain, Size: 2922 bytes --]

From 0dc1630f54201dac005125b065265b7b3394bc29 Mon Sep 17 00:00:00 2001
From: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
Date: Mon, 27 Jan 2025 12:48:36 +0100
Subject: [PATCH] Restore iOS-like NWPath handling on MacOS app

Sometimes after a network path change, especially when only "unsatisfied"
network path is available, for example when a laptop loses all LAN
and WiFi networks, further network path changes are ignored. When "satisfied"
networks disappear the cloned route for the bound socket is removed by the
system and WireGuard packets are routed through the tunnel. This will result
in an non-operational tunnel.

The iOS code does not manifest this behaviour, as it properly disables
the tunnel when no "satisfied" networks are available. Remove the special
MacOS case, use the iOS code on MacOS app.
---
 Sources/WireGuardKit/WireGuardAdapter.swift | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift
index f7be19b..f5bf115 100644
--- a/Sources/WireGuardKit/WireGuardAdapter.swift
+++ b/Sources/WireGuardKit/WireGuardAdapter.swift
@@ -409,25 +409,20 @@ public class WireGuardAdapter {
                 self.logHandler(.error, "Failed to resolve endpoint \(resolutionError.address): \(resolutionError.errorDescription ?? "(nil)")")
             }
         }
     }
 
     /// Helper method used by network path monitor.
     /// - Parameter path: new network path
     private func didReceivePathUpdate(path: Network.NWPath) {
         self.logHandler(.verbose, "Network change detected with \(path.status) route and interface order \(path.availableInterfaces)")
 
-        #if os(macOS)
-        if case .started(let handle, _) = self.state {
-            wgBumpSockets(handle)
-        }
-        #elseif os(iOS)
         switch self.state {
         case .started(let handle, let settingsGenerator):
             if path.status.isSatisfiable {
                 let (wgConfig, resolutionResults) = settingsGenerator.endpointUapiConfiguration()
                 self.logEndpointResolutionResults(resolutionResults)
 
                 wgSetConfig(handle, wgConfig)
                 wgDisableSomeRoamingForBrokenMobileSemantics(handle)
                 wgBumpSockets(handle)
             } else {
@@ -453,23 +448,20 @@ public class WireGuardAdapter {
                     settingsGenerator
                 )
             } catch {
                 self.logHandler(.error, "Failed to restart backend: \(error.localizedDescription)")
             }
 
         case .stopped:
             // no-op
             break
         }
-        #else
-        #error("Unsupported")
-        #endif
     }
 }
 
 /// A enum describing WireGuard log levels defined in `api-apple.go`.
 public enum WireGuardLogLevel: Int32 {
     case verbose = 0
     case error = 1
 }
 
 private extension Network.NWPath.Status {
-- 
2.47.0


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-06-18 20:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-18 20:38 [PATCH] Wireguard-Apple: Restore iOS-like NWPath handling on MacOS app Kajetan Staszkiewicz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).