VPN initial

GlassVPN/GlassVPN.entitlements

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.de.uni-bamberg.psi.AppCheck</string>
+	</array>
+</dict>
+</plist>

GlassVPN/Info.plist

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleDisplayName</key>
+	<string>GlassVPN</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+	<key>CFBundlePackageType</key>
+	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.networkextension.packet-tunnel</string>
+		<key>NSExtensionPrincipalClass</key>
+		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
+	</dict>
+</dict>
+</plist>

GlassVPN/PacketTunnelProvider.swift

@@ -0,0 +1,127 @@
+import NetworkExtension
+import NEKit
+
+fileprivate var db: SQLiteDatabase?
+fileprivate var blockedDomains: [String] = []
+fileprivate var ignoredDomains: [String] = []
+
+// MARK: ObserverFactory
+
+class LDObserverFactory: ObserverFactory {
+    
+	override func getObserverForProxySocket(_ socket: ProxySocket) -> Observer<ProxySocketEvent>? {
+		return LDProxySocketObserver()
+	}
+	
+	class LDProxySocketObserver: Observer<ProxySocketEvent> {
+		override func signal(_ event: ProxySocketEvent) {
+			switch event {
+			case .receivedRequest(let session, let socket):
+				QLog("DNS: \(session.host)")
+				if ignoredDomains.allSatisfy({ session.host != $0 && !session.host.hasSuffix("." + $0) }) {
+					try? db?.insertDNSQuery(session.host)
+				} else {
+					QLog("ignored")
+				}
+				for domain in blockedDomains {
+                    if (session.host == domain || session.host.hasSuffix("." + domain)) {
+                        QLog("blocked")
+						socket.forceDisconnect()
+                        return
+                    }
+                }
+			default:
+				break
+			}
+		}
+		
+	}
+}
+
+// MARK: NEPacketTunnelProvider
+
+class PacketTunnelProvider: NEPacketTunnelProvider {
+	
+	let proxyServerPort: UInt16 = 9090
+    let proxyServerAddress = "127.0.0.1"
+	var proxyServer: GCDHTTPProxyServer!
+
+    override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
+		QLog("startTunnel")
+		ignoredDomains = ["signal.org", "whispersystems.org"]
+		// TODO: init blocked & ignored
+		do {
+			db = try SQLiteDatabase.open(path: DB_PATH)
+			try db!.createTable(table: DNSQuery.self)
+		} catch {
+			completionHandler(error)
+			return
+		}
+		if proxyServer != nil {
+            proxyServer.stop()
+        }
+        proxyServer = nil
+        
+        let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: proxyServerAddress)
+        settings.mtu = NSNumber(value: 1500)
+        
+        let proxySettings = NEProxySettings()
+        proxySettings.httpEnabled = true;
+        proxySettings.httpServer = NEProxyServer(address: proxyServerAddress, port: Int(proxyServerPort))
+        proxySettings.httpsEnabled = true;
+        proxySettings.httpsServer = NEProxyServer(address: proxyServerAddress, port: Int(proxyServerPort))
+        proxySettings.excludeSimpleHostnames = false;
+        proxySettings.exceptionList = []
+        proxySettings.matchDomains = [""]
+        
+        settings.dnsSettings = NEDNSSettings(servers: ["127.0.0.1"])
+        settings.proxySettings = proxySettings;
+		RawSocketFactory.TunnelProvider = self
+        ObserverFactory.currentFactory = LDObserverFactory()
+		
+		self.setTunnelNetworkSettings(settings) { error in
+			guard error == nil else {
+				QLog("setTunnelNetworkSettings error: \(String(describing: error))")
+				completionHandler(error)
+				return
+			}
+			QLog("setTunnelNetworkSettings success \(self.packetFlow)")
+			completionHandler(nil)
+			
+			self.proxyServer = GCDHTTPProxyServer(address: IPAddress(fromString: self.proxyServerAddress), port: Port(port: self.proxyServerPort))
+            do {
+                try self.proxyServer.start()
+                completionHandler(nil)
+            }
+            catch let proxyError {
+                QLog("Error starting proxy server \(proxyError)")
+                completionHandler(proxyError)
+            }
+		}
+    }
+	
+    
+	override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
+		QLog("stopTunnel")
+		db = nil
+		DNSServer.currentServer = nil
+        RawSocketFactory.TunnelProvider = nil
+        ObserverFactory.currentFactory = nil
+        proxyServer.stop()
+        proxyServer = nil
+        QLog("error on stopping: \(reason)")
+        completionHandler()
+        exit(EXIT_SUCCESS)
+    }
+    
+    override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) {
+        QLog("handleAppMessage")
+        if let handler = completionHandler {
+            handler(messageData)
+        }
+    }
+}
+
+public func QLog(_ message: String) {
+	NSLog("TUN: \(message)")
+}