[PATCH] Wireguard-Apple: Restore iOS-like NWPath handling on MacOS app
Kajetan Staszkiewicz
vegeta at tuxpowered.net
Wed Jun 18 20:38:43 UTC 2025
I've sent this already when the mailing list was down, maybe it went
unnoticed:
Sometimes after a network path change, especially when only
"unsatisfied" network path is available, for example when a laptop
loses all LAN and WiFi networks, further network path changes are
ignored. When "satisfied" networks disappear the cloned route for the
bound socket is removed by the system and WireGuard packets are routed
through the tunnel. This will result in an non-operational tunnel.
The iOS code does not manifest this behaviour, as it properly disables
the tunnel when no "satisfied" networks are available. Remove the
special MacOS case, use the iOS code on MacOS app.
--
| pozdrawiam / regards | Powered by Debian and FreeBSD |
| Kajetan Staszkiewicz | www: http://tuxpowered.net |
| | matrix: @vegeta:tuxpowered.net |
`----------------------^--------------------------------'
-------------- next part --------------
From 0dc1630f54201dac005125b065265b7b3394bc29 Mon Sep 17 00:00:00 2001
From: Kajetan Staszkiewicz <vegeta at tuxpowered.net>
Date: Mon, 27 Jan 2025 12:48:36 +0100
Subject: [PATCH] Restore iOS-like NWPath handling on MacOS app
Sometimes after a network path change, especially when only "unsatisfied"
network path is available, for example when a laptop loses all LAN
and WiFi networks, further network path changes are ignored. When "satisfied"
networks disappear the cloned route for the bound socket is removed by the
system and WireGuard packets are routed through the tunnel. This will result
in an non-operational tunnel.
The iOS code does not manifest this behaviour, as it properly disables
the tunnel when no "satisfied" networks are available. Remove the special
MacOS case, use the iOS code on MacOS app.
---
Sources/WireGuardKit/WireGuardAdapter.swift | 8 --------
1 file changed, 8 deletions(-)
diff --git a/Sources/WireGuardKit/WireGuardAdapter.swift b/Sources/WireGuardKit/WireGuardAdapter.swift
index f7be19b..f5bf115 100644
--- a/Sources/WireGuardKit/WireGuardAdapter.swift
+++ b/Sources/WireGuardKit/WireGuardAdapter.swift
@@ -409,25 +409,20 @@ public class WireGuardAdapter {
self.logHandler(.error, "Failed to resolve endpoint \(resolutionError.address): \(resolutionError.errorDescription ?? "(nil)")")
}
}
}
/// Helper method used by network path monitor.
/// - Parameter path: new network path
private func didReceivePathUpdate(path: Network.NWPath) {
self.logHandler(.verbose, "Network change detected with \(path.status) route and interface order \(path.availableInterfaces)")
- #if os(macOS)
- if case .started(let handle, _) = self.state {
- wgBumpSockets(handle)
- }
- #elseif os(iOS)
switch self.state {
case .started(let handle, let settingsGenerator):
if path.status.isSatisfiable {
let (wgConfig, resolutionResults) = settingsGenerator.endpointUapiConfiguration()
self.logEndpointResolutionResults(resolutionResults)
wgSetConfig(handle, wgConfig)
wgDisableSomeRoamingForBrokenMobileSemantics(handle)
wgBumpSockets(handle)
} else {
@@ -453,23 +448,20 @@ public class WireGuardAdapter {
settingsGenerator
)
} catch {
self.logHandler(.error, "Failed to restart backend: \(error.localizedDescription)")
}
case .stopped:
// no-op
break
}
- #else
- #error("Unsupported")
- #endif
}
}
/// A enum describing WireGuard log levels defined in `api-apple.go`.
public enum WireGuardLogLevel: Int32 {
case verbose = 0
case error = 1
}
private extension Network.NWPath.Status {
--
2.47.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20250618/40af86be/attachment.sig>
More information about the WireGuard
mailing list