Update privacy defaults in BSK (#569)

* Update Class E IP address class to 240.0.0.0-255.255.255.255 (used to be 240.0.0.0-240.255.255.255) * Use DNS server IP from /register response * Remove DDG exclusion --------- Co-authored-by: Diego Rey Mendez <[email protected]>
duckduckgo · Nov 29, 2023 · 1400c9c · 1400c9c
1 parent 1331652
commit 1400c9c
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 13 deletions.
diff --git a/Sources/NetworkProtection/Models/NetworkProtectionServerInfo.swift b/Sources/NetworkProtection/Models/NetworkProtectionServerInfo.swift
@@ -43,6 +43,7 @@ public struct NetworkProtectionServerInfo: Codable, Equatable, Sendable {
     public let publicKey: String
     public let hostNames: [String]
     public let ips: [AnyIPAddress]
+    public let internalIP: AnyIPAddress
     public let port: UInt16
     public let attributes: ServerAttributes
 
@@ -51,6 +52,7 @@ public struct NetworkProtectionServerInfo: Codable, Equatable, Sendable {
         case publicKey
         case hostNames = "hostnames"
         case ips
+        case internalIP = "internalIp"
         case port
         case attributes
     }

diff --git a/Sources/NetworkProtection/NetworkProtectionDeviceManager.swift b/Sources/NetworkProtection/NetworkProtectionDeviceManager.swift
@@ -277,6 +277,7 @@ public actor NetworkProtectionDeviceManager: NetworkProtectionDeviceManagement {
                                                addressRange: interfaceAddressRange,
                                                includedRoutes: includedRoutes,
                                                excludedRoutes: excludedRoutes,
+                                               dns: [DNSServer(address: server.serverInfo.internalIP)],
                                                isKillSwitchEnabled: isKillSwitchEnabled)
 
         return TunnelConfiguration(name: "Network Protection", interface: interface, peers: [peerConfiguration])
@@ -291,15 +292,13 @@ public actor NetworkProtectionDeviceManager: NetworkProtectionDeviceManagement {
         return peerConfiguration
     }
 
+    // swiftlint:disable function_parameter_count
     func interfaceConfiguration(privateKey: PrivateKey,
                                 addressRange: IPAddressRange,
                                 includedRoutes: [IPAddressRange],
                                 excludedRoutes: [IPAddressRange],
+                                dns: [DNSServer],
                                 isKillSwitchEnabled: Bool) -> InterfaceConfiguration {
-        // TO BE moved out to config
-        let dns = [
-            DNSServer(from: "10.11.12.1")!
-        ]
         var includedRoutes = includedRoutes
         // Tunnel doesn‘t work with ‘enforceRoutes‘ option when DNS IP/addressRange is in includedRoutes
         if !isKillSwitchEnabled {
@@ -313,6 +312,7 @@ public actor NetworkProtectionDeviceManager: NetworkProtectionDeviceManagement {
                                       listenPort: 51821,
                                       dns: dns)
     }
+    // swiftlint:enable function_parameter_count
 
     private func handle(clientError: NetworkProtectionClientError) {
         if case .invalidAuthToken = clientError {

diff --git a/Sources/NetworkProtection/PacketTunnelProvider.swift b/Sources/NetworkProtection/PacketTunnelProvider.swift
@@ -711,6 +711,7 @@ open class PacketTunnelProvider: NEPacketTunnelProvider {
                log: .networkProtection,
                selectedServerInfo.serverLocation,
                selectedServerInfo.name)
+        os_log("🔵 Excluded routes: %{public}@", log: .networkProtection, type: .info, String(describing: excludedRoutes))
 
         let tunnelConfiguration = configurationResult.0
 

diff --git a/Sources/NetworkProtection/Settings/RoutingRange.swift b/Sources/NetworkProtection/Settings/RoutingRange.swift
@@ -29,16 +29,11 @@ public enum RoutingRange {
         .range("127.0.0.0/8"    /* 255.0.0.0 */, description: "Loopback"),
         .range("169.254.0.0/16" /* 255.255.0.0 */, description: "Link-local"),
         .range("224.0.0.0/4"    /* 240.0.0.0 */, description: "Multicast"),
-        .range("240.0.0.0/8"    /* 255.0.0.0 */, description: "Multicast"),
-
-        .section("duckduckgo.com"),
-        .range("52.142.124.215/32"),
-        .range("52.250.42.157/32"),
-        .range("40.114.177.156/32"),
+        .range("240.0.0.0/4"    /* 240.0.0.0 */, description: "Class E"),
     ]
 
     public static let alwaysExcludedIPv6Ranges: [RoutingRange] = [
-        // When need to figure out what will happen to these when
+        // We need to figure out what will happen to these when
         // excludeLocalNetworks is OFF.
         // For now though, I'm keeping these but leaving these always excluded
         // as IPv6 is out of scope.

diff --git a/Tests/NetworkProtectionTests/Mocks/NetworkProtectionServerMocks.swift b/Tests/NetworkProtectionTests/Mocks/NetworkProtectionServerMocks.swift
@@ -32,21 +32,24 @@ extension NetworkProtectionServerInfo {
     static let mock = NetworkProtectionServerInfo(name: "Mock Server",
                                                   publicKey: "ovn9RpzUuvQ4XLQt6B3RKuEXGIxa5QpTnehjduZlcSE=",
                                                   hostNames: ["duckduckgo.com"],
-                                                  ips: ["192.168.1.1"],
+                                                  ips: ["192.168.1.1"], 
+                                                  internalIP: "10.11.12.1",
                                                   port: 443,
                                                   attributes: .init(city: "City", country: "Country", state: "State", timezoneOffset: 0))
 
     static let hostNameOnly = NetworkProtectionServerInfo(name: "Mock Server",
                                                           publicKey: "ovn9RpzUuvQ4XLQt6B3RKuEXGIxa5QpTnehjduZlcSE=",
                                                           hostNames: ["duckduckgo.com"],
                                                           ips: [],
+                                                          internalIP: "10.11.12.1",
                                                           port: 443,
                                                           attributes: .init(city: "City", country: "Country", state: "State", timezoneOffset: 0))
 
     static let ipAddressOnly = NetworkProtectionServerInfo(name: "Mock Server",
                                                            publicKey: "ovn9RpzUuvQ4XLQt6B3RKuEXGIxa5QpTnehjduZlcSE=",
                                                            hostNames: [],
                                                            ips: ["192.168.1.1"],
+                                                           internalIP: "10.11.12.1",
                                                            port: 443,
                                                            attributes: .init(city: "City", country: "Country", state: "State", timezoneOffset: 0))
 
@@ -55,6 +58,7 @@ extension NetworkProtectionServerInfo {
                                     publicKey: publicKey,
                                     hostNames: ["duckduckgo.com"],
                                     ips: ["192.168.1.1"],
+                                    internalIP: "10.11.12.1",
                                     port: 443,
                                     attributes: .init(city: "City", country: "Country", state: "State", timezoneOffset: 0))
     }

diff --git a/Tests/NetworkProtectionTests/NetworkProtectionServerInfoTests.swift b/Tests/NetworkProtectionTests/NetworkProtectionServerInfoTests.swift
@@ -27,6 +27,7 @@ final class NetworkProtectionServerInfoTests: XCTestCase {
                                                      publicKey: "",
                                                      hostNames: [],
                                                      ips: [],
+                                                     internalIP: "10.11.12.1",
                                                      port: 42,
                                                      attributes: .init(city: "Amsterdam", country: "nl", state: "na", timezoneOffset: 3600))
 
@@ -38,6 +39,7 @@ final class NetworkProtectionServerInfoTests: XCTestCase {
                                                      publicKey: "",
                                                      hostNames: [],
                                                      ips: [],
+                                                     internalIP: "10.11.12.1",
                                                      port: 42,
                                                      attributes: .init(city: "New York", country: "us", state: "ny", timezoneOffset: 3600))
 

diff --git a/Tests/NetworkProtectionTests/Resources/servers-original-endpoint.json b/Tests/NetworkProtectionTests/Resources/servers-original-endpoint.json
@@ -1 +1 @@
-[{"registeredAt":"2023-02-03T17:42:36.263760127-05:00","server":{"name":"egress.usw.1","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"R/BMR6Rr5rzvp7vSIWdAtgAmOLK9m7CqTcDynblM3Us=","hostnames":[],"ips":["162.245.204.100"],"port":443}},{"registeredAt":"2023-02-03T17:42:36.613040955-05:00","server":{"name":"egress.euw.1","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"ocUfgaqaN/s/D3gTwJstipGh03T2v6wLL+aVtg3Viz4=","hostnames":[],"ips":["31.204.129.36"],"port":443}},{"registeredAt":"2023-02-03T17:42:34.946832238-05:00","server":{"name":"egress.euw.2","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"4PnM/V0CodegK44rd9fKTxxS9QDVTw13j8fxKsVud3s=","hostnames":[],"ips":["31.204.129.39"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.130289666-05:00","server":{"name":"egress.use.1","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"L4gDTg3KqbhjjiN99n/Zmwxwmbv+P+n8ZZVL0v34cAs=","hostnames":[],"ips":["109.200.208.196"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.913046706-05:00","server":{"name":"egress.use.2","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"q3YJJUwMNP31J8qSvMdVsxASKNcjrm8ep8cLcI0qViY=","hostnames":[],"ips":["109.200.208.198"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.661113901-05:00","server":{"name":"egress.usw.2","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"8JjNmnFYZA+CnWAkbiucDrUJ70wl+Tl3O3ETkRgw028=","hostnames":[],"ips":["162.245.204.102"],"port":443}}]
+[{"registeredAt":"2023-02-03T17:42:36.263760127-05:00","server":{"name":"egress.usw.1","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"R/BMR6Rr5rzvp7vSIWdAtgAmOLK9m7CqTcDynblM3Us=","hostnames":[],"ips":["162.245.204.100"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:36.613040955-05:00","server":{"name":"egress.euw.1","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"ocUfgaqaN/s/D3gTwJstipGh03T2v6wLL+aVtg3Viz4=","hostnames":[],"ips":["31.204.129.36"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:34.946832238-05:00","server":{"name":"egress.euw.2","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"4PnM/V0CodegK44rd9fKTxxS9QDVTw13j8fxKsVud3s=","hostnames":[],"ips":["31.204.129.39"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.130289666-05:00","server":{"name":"egress.use.1","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"L4gDTg3KqbhjjiN99n/Zmwxwmbv+P+n8ZZVL0v34cAs=","hostnames":[],"ips":["109.200.208.196"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.913046706-05:00","server":{"name":"egress.use.2","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"q3YJJUwMNP31J8qSvMdVsxASKNcjrm8ep8cLcI0qViY=","hostnames":[],"ips":["109.200.208.198"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.661113901-05:00","server":{"name":"egress.usw.2","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"8JjNmnFYZA+CnWAkbiucDrUJ70wl+Tl3O3ETkRgw028=","hostnames":[],"ips":["162.245.204.102"],"internalIp":"10.11.12.1","port":443}}]
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		[{"registeredAt":"2023-02-03T17:42:36.263760127-05:00","server":{"name":"egress.usw.1","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"R/BMR6Rr5rzvp7vSIWdAtgAmOLK9m7CqTcDynblM3Us=","hostnames":[],"ips":["162.245.204.100"],"port":443}},{"registeredAt":"2023-02-03T17:42:36.613040955-05:00","server":{"name":"egress.euw.1","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"ocUfgaqaN/s/D3gTwJstipGh03T2v6wLL+aVtg3Viz4=","hostnames":[],"ips":["31.204.129.36"],"port":443}},{"registeredAt":"2023-02-03T17:42:34.946832238-05:00","server":{"name":"egress.euw.2","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"4PnM/V0CodegK44rd9fKTxxS9QDVTw13j8fxKsVud3s=","hostnames":[],"ips":["31.204.129.39"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.130289666-05:00","server":{"name":"egress.use.1","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"L4gDTg3KqbhjjiN99n/Zmwxwmbv+P+n8ZZVL0v34cAs=","hostnames":[],"ips":["109.200.208.196"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.913046706-05:00","server":{"name":"egress.use.2","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"q3YJJUwMNP31J8qSvMdVsxASKNcjrm8ep8cLcI0qViY=","hostnames":[],"ips":["109.200.208.198"],"port":443}},{"registeredAt":"2023-02-03T17:42:35.661113901-05:00","server":{"name":"egress.usw.2","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"8JjNmnFYZA+CnWAkbiucDrUJ70wl+Tl3O3ETkRgw028=","hostnames":[],"ips":["162.245.204.102"],"port":443}}]
		[{"registeredAt":"2023-02-03T17:42:36.263760127-05:00","server":{"name":"egress.usw.1","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"R/BMR6Rr5rzvp7vSIWdAtgAmOLK9m7CqTcDynblM3Us=","hostnames":[],"ips":["162.245.204.100"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:36.613040955-05:00","server":{"name":"egress.euw.1","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"ocUfgaqaN/s/D3gTwJstipGh03T2v6wLL+aVtg3Viz4=","hostnames":[],"ips":["31.204.129.36"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:34.946832238-05:00","server":{"name":"egress.euw.2","attributes":{"city":"Rotterdam","country":"nl","latitude":51.9225,"longitude":4.4792,"region":"Europe","state":"na","tzOffset":3600},"publicKey":"4PnM/V0CodegK44rd9fKTxxS9QDVTw13j8fxKsVud3s=","hostnames":[],"ips":["31.204.129.39"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.130289666-05:00","server":{"name":"egress.use.1","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"L4gDTg3KqbhjjiN99n/Zmwxwmbv+P+n8ZZVL0v34cAs=","hostnames":[],"ips":["109.200.208.196"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.913046706-05:00","server":{"name":"egress.use.2","attributes":{"city":"Newark","country":"us","latitude":40.7357,"longitude":-74.1724,"region":"North America","state":"nj","tzOffset":-18000},"publicKey":"q3YJJUwMNP31J8qSvMdVsxASKNcjrm8ep8cLcI0qViY=","hostnames":[],"ips":["109.200.208.198"],"internalIp":"10.11.12.1","port":443}},{"registeredAt":"2023-02-03T17:42:35.661113901-05:00","server":{"name":"egress.usw.2","attributes":{"city":"El Segundo","country":"us","latitude":33.9192,"longitude":-118.4165,"region":"North America","state":"ca","tzOffset":-28800},"publicKey":"8JjNmnFYZA+CnWAkbiucDrUJ70wl+Tl3O3ETkRgw028=","hostnames":[],"ips":["162.245.204.102"],"internalIp":"10.11.12.1","port":443}}]