XPC fixes

coadler · coadler · commit dc56a960805d · 2025-01-23T15:43:56.000-06:00
diff --git a/Coder Desktop/Coder Desktop.xcodeproj/project.pbxproj b/Coder Desktop/Coder Desktop.xcodeproj/project.pbxproj
@@ -8,7 +8,6 @@
 
 /* Begin PBXBuildFile section */
 		3B0916A92D41CFD50064DEA8 /* VPNXPC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 3B0916A12D41CFD50064DEA8 /* VPNXPC.framework */; };
-		3B0916AA2D41CFD50064DEA8 /* VPNXPC.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 3B0916A12D41CFD50064DEA8 /* VPNXPC.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		961679332CFF117300B2B6DF /* NetworkExtension.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 961679322CFF117300B2B6DF /* NetworkExtension.framework */; };
 		9616793D2CFF117300B2B6DF /* com.coder.Coder-Desktop.VPN.systemextension in Embed System Extensions */ = {isa = PBXBuildFile; fileRef = 961679302CFF117300B2B6DF /* com.coder.Coder-Desktop.VPN.systemextension */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
 		AA2C690F2D34F6920059AFAF /* LaunchAtLogin in Frameworks */ = {isa = PBXBuildFile; productRef = AA2C690E2D34F6920059AFAF /* LaunchAtLogin */; };
@@ -137,17 +136,6 @@
 			name = "Embed XPC Services";
 			runOnlyForDeploymentPostprocessing = 0;
 		};
-		3B0916872D41C8010064DEA8 /* Embed Frameworks */ = {
-			isa = PBXCopyFilesBuildPhase;
-			buildActionMask = 2147483647;
-			dstPath = "";
-			dstSubfolderSpec = 10;
-			files = (
-				3B0916AA2D41CFD50064DEA8 /* VPNXPC.framework in Embed Frameworks */,
-			);
-			name = "Embed Frameworks";
-			runOnlyForDeploymentPostprocessing = 0;
-		};
 		961679422CFF117300B2B6DF /* Embed System Extensions */ = {
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
@@ -1015,7 +1003,7 @@
 					"@executable_path/../Frameworks",
 					"@loader_path/Frameworks",
 				);
-				MACOSX_DEPLOYMENT_TARGET = 14.6;
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1.0;
 				MODULE_VERIFIER_SUPPORTED_LANGUAGES = "objective-c objective-c++";
 				MODULE_VERIFIER_SUPPORTED_LANGUAGE_STANDARDS = "gnu17 gnu++20";
@@ -1054,7 +1042,7 @@
 					"@executable_path/../Frameworks",
 					"@loader_path/Frameworks",
 				);
-				MACOSX_DEPLOYMENT_TARGET = 14.6;
+				MACOSX_DEPLOYMENT_TARGET = 14.0;
 				MARKETING_VERSION = 1.0;
 				MODULE_VERIFIER_SUPPORTED_LANGUAGES = "objective-c objective-c++";
 				MODULE_VERIFIER_SUPPORTED_LANGUAGE_STANDARDS = "gnu17 gnu++20";
@@ -1207,6 +1195,7 @@
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
 				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_FILE = "Coder Desktop/Info.plist";
 				INFOPLIST_KEY_LSUIElement = YES;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "";
 				LD_RUNPATH_SEARCH_PATHS = (
@@ -1239,6 +1228,7 @@
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
 				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_FILE = "Coder Desktop/Info.plist";
 				INFOPLIST_KEY_LSUIElement = YES;
 				INFOPLIST_KEY_NSHumanReadableCopyright = "";
 				LD_RUNPATH_SEARCH_PATHS = (
diff --git a/Coder Desktop/Coder Desktop/Info.plist b/Coder Desktop/Coder Desktop/Info.plist
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NetworkExtension</key>
+	<dict>
+		<key>NEMachServiceName</key>
+		<string>$(TeamIdentifierPrefix)com.coder.Coder-Desktop.VPN</string>
+	</dict>
+</dict>
+</plist>
diff --git a/Coder Desktop/Coder Desktop/VPNService.swift b/Coder Desktop/Coder Desktop/VPNService.swift
@@ -1,6 +1,7 @@
 import NetworkExtension
 import os
 import SwiftUI
+import VPNLib
 import VPNXPC
 
 @MainActor
@@ -42,7 +43,7 @@ enum VPNServiceError: Error, Equatable {
 }
 
 @MainActor
-final class CoderVPNService: NSObject, VPNService {
+final class CoderVPNService: NSObject, VPNService, @preconcurrency VPNXPCClientCallbackProtocol {
     var logger = Logger(subsystem: Bundle.main.bundleIdentifier!, category: "vpn")
     var xpcConn: NSXPCConnection
     @Published var tunnelState: VPNServiceState = .disabled
@@ -66,11 +67,19 @@ final class CoderVPNService: NSObject, VPNService {
     var systemExtnDelegate: SystemExtensionDelegate<CoderVPNService>?
 
     override init() {
-        xpcConn = NSXPCConnection(serviceName: "com.coder.Coder-Desktop.VPNXPC")
+        let networkExtDict = Bundle.main.object(forInfoDictionaryKey: "NetworkExtension") as? [String: Any]
+        let machServiceName = networkExtDict?["NEMachServiceName"] as? String
+        xpcConn = NSXPCConnection(serviceName: machServiceName!)
         xpcConn.remoteObjectInterface = NSXPCInterface(with: VPNXPCProtocol.self)
-        xpcConn.resume()
+        xpcConn.exportedInterface = NSXPCInterface(with: VPNXPCClientCallbackProtocol.self)
 
         super.init()
+        xpcConn.exportedObject = self
+//        xpcConn.invalidationHandler = {
+//        //            self.logger.error("XPC connection invalidated.")
+//            print("XPC connection invalidated")
+//        }
+        xpcConn.resume()
         installSystemExtension()
         Task {
             await loadNetworkExtension()
@@ -86,11 +95,6 @@ final class CoderVPNService: NSObject, VPNService {
             tunnelState = .connecting
             await enableNetworkExtension()
             logger.debug("network extension enabled")
-            if let proxy = xpcConn.remoteObjectProxy as? VPNXPCProtocol {
-                proxy.start { _ in
-                    self.tunnelState = .connected
-                }
-            }
         }
         defer { startTask = nil }
         await startTask?.value
@@ -106,9 +110,6 @@ final class CoderVPNService: NSObject, VPNService {
         }
         stopTask = Task {
             tunnelState = .disconnecting
-            if let proxy = xpcConn.remoteObjectProxy as? VPNXPCProtocol {
-                proxy.stop { _ in }
-            }
             await disableNetworkExtension()
             logger.info("network extension stopped")
             tunnelState = .disabled
@@ -135,4 +136,26 @@ final class CoderVPNService: NSObject, VPNService {
             }
         }
     }
+
+    func onPeerUpdate(_ data: Data) {
+        // TODO: handle peer update
+        do {
+            let msg = try Vpn_TunnelMessage(serializedBytes: data)
+            debugPrint(msg)
+        } catch {
+            logger.error("failed to decode peer update \(error)")
+        }
+    }
+
+    func onStart() {
+        logger.info("network extension reported started")
+        tunnelState = .connected
+    }
+
+    func onStop() {
+        logger.info("network extension reported stopped")
+        tunnelState = .disabled
+    }
+
+    func onError(_: NSError) {}
 }
diff --git a/Coder Desktop/VPN/Manager.swift b/Coder Desktop/VPN/Manager.swift
@@ -2,6 +2,7 @@ import CoderSDK
 import NetworkExtension
 import os
 import VPNLib
+import VPNXPC
 
 actor Manager {
     let ptp: PacketTunnelProvider
@@ -10,7 +11,6 @@ actor Manager {
     let tunnelHandle: TunnelHandle
     let speaker: Speaker<Vpn_ManagerMessage, Vpn_TunnelMessage>
     var readLoop: Task<Void, any Error>!
-    // TODO: XPC Speaker
 
     private let dest = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)
         .first!.appending(path: "coder-vpn.dylib")
@@ -85,12 +85,18 @@ actor Manager {
         } catch {
             logger.error("tunnel read loop failed: \(error)")
             try await tunnelHandle.close()
-            // TODO: Notify app over XPC
+            if let connection = globalXPCListenerDelegate.getActiveConnection() {
+                let client = connection.remoteObjectProxy as? VPNXPCClientCallbackProtocol
+                client?.onError(error as NSError)
+            }
             return
         }
         logger.info("tunnel read loop exited")
         try await tunnelHandle.close()
-        // TODO: Notify app over XPC
+        if let connection = globalXPCListenerDelegate.getActiveConnection() {
+            let client = connection.remoteObjectProxy as? VPNXPCClientCallbackProtocol
+            client?.onStop()
+        }
     }
 
     func handleMessage(_ msg: Vpn_TunnelMessage) {
@@ -100,7 +106,16 @@ actor Manager {
         }
         switch msgType {
         case .peerUpdate:
-            {}() // TODO: Send over XPC
+            if let connection = globalXPCListenerDelegate.getActiveConnection() {
+                // We can call back to the client
+                do {
+                    let client = connection.remoteObjectProxy as? VPNXPCClientCallbackProtocol
+                    let data = try msg.peerUpdate.serializedData()
+                    client!.onPeerUpdate(data)
+                } catch {
+                    logger.error("failed to send peer update to client: \(error)")
+                }
+            }
         case let .log(logMsg):
             writeVpnLog(logMsg)
         case .networkSettings, .start, .stop:
@@ -165,10 +180,9 @@ actor Manager {
         }
     }
 
-    // TODO: Call via XPC
     // Retrieves the current state of all peers,
     // as required when starting the app whilst the network extension is already running
-    func getPeerInfo() async throws(ManagerError) {
+    func getPeerInfo() async throws(ManagerError) -> Vpn_PeerUpdate {
         logger.info("sending peer state request")
         let resp: Vpn_TunnelMessage
         do {
@@ -181,7 +195,7 @@ actor Manager {
         guard case .peerUpdate = resp.msg else {
             throw .incorrectResponse(resp)
         }
-        // TODO: pass to app over XPC
+        return resp.peerUpdate
     }
 }
 
diff --git a/Coder Desktop/VPN/PacketTunnelProvider.swift b/Coder Desktop/VPN/PacketTunnelProvider.swift
@@ -1,6 +1,6 @@
 import NetworkExtension
-import VPNLib
 import os
+import VPNLib
 
 /* From <sys/kern_control.h> */
 let CTLIOCGINFO: UInt = 0xC064_4E03
@@ -16,7 +16,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
                 _ = strcpy($0, "com.apple.net.utun_control")
             }
         }
-        for fd: Int32 in 0...1024 {
+        for fd: Int32 in 0 ... 1024 {
             var addr = sockaddr_ctl()
             var ret: Int32 = -1
             var len = socklen_t(MemoryLayout.size(ofValue: addr))
@@ -57,12 +57,14 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
                 manager = try await Manager(
                     with: self,
                     cfg: .init(
-                        apiToken: "fake-token", serverUrl: .init(string: "https://dev.coder.com")!)
+                        apiToken: "fake-token", serverUrl: .init(string: "https://dev.coder.com")!
+                    )
                 )
                 globalXPCListenerDelegate.vpnXPCInterface.setManager(manager)
-                completionHandler(nil)
+                try await manager?.startVPN()
+                completionHandler.callAsFunction(nil)
             } catch {
-                completionHandler(error)
+                completionHandler.callAsFunction(error as NSError)
                 logger.error("error starting manager: \(error.description, privacy: .public)")
             }
         }
@@ -77,6 +79,16 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
             completionHandler()
             return
         }
+
+        let managerCopy = manager
+        Task {
+            do throws(ManagerError) {
+                try await managerCopy?.stopVPN()
+            } catch {
+                logger.error("error stopping manager: \(error.description, privacy: .public)")
+            }
+        }
+
         manager = nil
         globalXPCListenerDelegate.vpnXPCInterface.setManager(nil)
         completionHandler()
diff --git a/Coder Desktop/VPN/VpnXPCInterface.swift b/Coder Desktop/VPN/VpnXPCInterface.swift
@@ -1,20 +1,8 @@
 import Foundation
 import os.log
+import VPNLib
 import VPNXPC
 
-final class CallbackWrapper: @unchecked Sendable {
-    private let block: (NSError?) -> Void
-
-    init(_ block: @escaping (NSError?) -> Void) {
-        self.block = block
-    }
-
-    func call(_ error: NSError?) {
-        // Just forward to the original block
-        block(error)
-    }
-}
-
 @objc final class VPNXPCInterface: NSObject, VPNXPCProtocol, @unchecked Sendable {
     private var manager: Manager?
     private let managerLock = NSLock()
@@ -51,11 +39,11 @@ final class CallbackWrapper: @unchecked Sendable {
             do {
                 try await manager.startVPN()
                 await MainActor.run {
-                    safeReply.call(nil)
+                    safeReply.callAsFunction(nil)
                 }
             } catch {
                 await MainActor.run {
-                    safeReply.call(error as NSError)
+                    safeReply.callAsFunction(error as NSError)
                 }
             }
         }
@@ -78,11 +66,11 @@ final class CallbackWrapper: @unchecked Sendable {
             do {
                 try await manager.stopVPN()
                 await MainActor.run {
-                    safeReply.call(nil)
+                    safeReply.callAsFunction(nil)
                 }
             } catch {
                 await MainActor.run {
-                    safeReply.call(error as NSError)
+                    safeReply.callAsFunction(error as NSError)
                 }
             }
         }
diff --git a/Coder Desktop/VPN/main.swift b/Coder Desktop/VPN/main.swift
@@ -2,20 +2,47 @@ import Foundation
 import NetworkExtension
 import VPNXPC
 
-final class XPCListenerDelegate: NSObject, NSXPCListenerDelegate, Sendable {
+final class XPCListenerDelegate: NSObject, NSXPCListenerDelegate, @unchecked Sendable {
     let vpnXPCInterface = VPNXPCInterface()
+    var activeConnection: NSXPCConnection?
+    var connMutex: NSLock = .init()
+
+    func getActiveConnection() -> NSXPCConnection? {
+        connMutex.lock()
+        defer { connMutex.unlock() }
+        return activeConnection
+    }
+
+    func setActiveConnection(_ connection: NSXPCConnection?) {
+        connMutex.lock()
+        defer { connMutex.unlock() }
+        activeConnection = connection
+    }
 
     func listener(_: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool {
         newConnection.exportedInterface = NSXPCInterface(with: VPNXPCProtocol.self)
         newConnection.exportedObject = vpnXPCInterface
+        newConnection.remoteObjectInterface = NSXPCInterface(with: VPNXPCClientCallbackProtocol.self)
+        newConnection.invalidationHandler = { [weak self] in
+            self?.setActiveConnection(nil)
+        }
+        setActiveConnection(newConnection)
 
         newConnection.resume()
         return true
     }
 }
 
+guard
+  let netExt = Bundle.main.object(forInfoDictionaryKey: "NetworkExtension") as? [String: Any],
+  let serviceName = netExt["NEMachServiceName"] as? String
+else {
+  fatalError("Missing NEMachServiceName in Info.plist")
+}
+
+print(serviceName)
 let globalXPCListenerDelegate = XPCListenerDelegate()
-let xpcListener = NSXPCListener(machServiceName: "com.coder.Coder-Desktop.VPNXPC")
+let xpcListener = NSXPCListener(machServiceName: serviceName)
 xpcListener.delegate = globalXPCListenerDelegate
 xpcListener.resume()
 
diff --git a/Coder Desktop/VPNXPC/Protocol.swift b/Coder Desktop/VPNXPC/Protocol.swift

-Original file line number
+Diff line change
     func start(with reply: @escaping (NSError?) -> Void)
     func stop(with reply: @escaping (NSError?) -> Void)
+}
++
 +@preconcurrency
 +@objc public protocol VPNXPCClientCallbackProtocol {
 +    /// Called when the server has a status update to share
 +    func onPeerUpdate(_ data: Data)
 +    func onStart()
 +    func onStop()
 +    func onError(_ err: NSError)
 +}