Add shadowsocks obfuscation as an option

author: Bug Magnet <marco.nikic@mullvad.net> 2024-10-30 17:10:43 +0100
committer: Bug Magnet <marco.nikic@mullvad.net> 2024-11-13 15:41:48 +0100
commit: 26b75ba407b6099ae815775ac921024c6708d055 (patch)
tree: 3cf4c06914d66baa6acce0f8298fb77fdcd21c85 /ios/MullvadRustRuntime
parent: e763bf54a1d49f1452d6328acb2b2aaea26beae9 (diff)
download: mullvadvpn-26b75ba407b6099ae815775ac921024c6708d055.tar.xz
mullvadvpn-26b75ba407b6099ae815775ac921024c6708d055.zip
2 files changed, 38 insertions, 5 deletions
diff --git a/ios/MullvadRustRuntime/UDPOverTCPObfuscator.swift b/ios/MullvadRustRuntime/TunnelObfuscator.swift
index 8d5d874c84..549794b3af 100644
--- a/ios/MullvadRustRuntime/UDPOverTCPObfuscator.swift
+++ b/ios/MullvadRustRuntime/TunnelObfuscator.swift
@@ -11,8 +11,13 @@ import MullvadRustRuntimeProxy
 import MullvadTypes
 import Network
 
+public enum TunnelObfuscationProtocol {
+    case udpOverTcp
+    case shadowsocks
+}
+
 public protocol TunnelObfuscation {
-    init(remoteAddress: IPAddress, tcpPort: UInt16)
+    init(remoteAddress: IPAddress, tcpPort: UInt16, obfuscationProtocol: TunnelObfuscationProtocol)
     func start()
     func stop()
     var localUdpPort: UInt16 { get }
@@ -21,11 +26,15 @@ public protocol TunnelObfuscation {
     var transportLayer: TransportLayer { get }
 }
 
-/// Class that implements UDP over TCP obfuscation by accepting traffic on a local UDP port and proxying it over TCP to the remote endpoint.
-public final class UDPOverTCPObfuscator: TunnelObfuscation {
+/// Class that implements obfuscation by accepting traffic on a local port and proxying it to the remote endpoint.
+///
+/// The obfuscation happens either by wrapping UDP traffic into TCP traffic, or by using a local shadowsocks server
+/// to encrypt the UDP traffic sent.
+public final class TunnelObfuscator: TunnelObfuscation {
     private let stateLock = NSLock()
     private let remoteAddress: IPAddress
     internal let tcpPort: UInt16
+    internal let obfuscationProtocol: TunnelObfuscationProtocol
 
     private var proxyHandle = ProxyHandle(context: nil, port: 0)
     private var isStarted = false
@@ -38,12 +47,20 @@ public final class UDPOverTCPObfuscator: TunnelObfuscation {
 
     public var remotePort: UInt16 { tcpPort }
 
-    public var transportLayer: TransportLayer { .tcp }
+    public var transportLayer: TransportLayer {
+        switch obfuscationProtocol {
+        case .udpOverTcp:
+            .tcp
+        case .shadowsocks:
+            .udp
+        }
+    }
 
     /// Initialize tunnel obfuscator with remote server address and TCP port where udp2tcp is running.
-    public init(remoteAddress: IPAddress, tcpPort: UInt16) {
+    public init(remoteAddress: IPAddress, tcpPort: UInt16, obfuscationProtocol: TunnelObfuscationProtocol) {
         self.remoteAddress = remoteAddress
         self.tcpPort = tcpPort
+        self.obfuscationProtocol = obfuscationProtocol
     }
 
     deinit {
@@ -54,6 +71,11 @@ public final class UDPOverTCPObfuscator: TunnelObfuscation {
         stateLock.withLock {
             guard !isStarted else { return }
 
+            let obfuscationProtocol = switch obfuscationProtocol {
+            case .udpOverTcp: TunnelObfuscatorProtocol(0)
+            case .shadowsocks: TunnelObfuscatorProtocol(1)
+            }
+
             let result = withUnsafeMutablePointer(to: &proxyHandle) { proxyHandlePointer in
                 let addressData = remoteAddress.rawValue
 
@@ -61,6 +83,7 @@ public final class UDPOverTCPObfuscator: TunnelObfuscation {
                     addressData.map { $0 },
                     UInt(addressData.count),
                     tcpPort,
+                    obfuscationProtocol,
                     proxyHandlePointer
                 )
             }
diff --git a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h
index a110313c72..26904b89df 100644
--- a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h
+++ b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h
@@ -6,6 +6,15 @@
 #include <stdlib.h>
 
 /**
+ * SAFETY: `TunnelObfuscatorProtocol` values must either be `0` or `1`
+ */
+enum TunnelObfuscatorProtocol {
+  UdpOverTcp = 0,
+  Shadowsocks,
+};
+typedef uint8_t TunnelObfuscatorProtocol;
+
+/**
  * A thin wrapper around [`mullvad_encrypted_dns_proxy::state::EncryptedDnsProxyState`] that
  * can start a local forwarder (see [`Self::start`]).
  */
@@ -179,6 +188,7 @@ int32_t stop_shadowsocks_proxy(struct ProxyHandle *proxy_config);
 int32_t start_tunnel_obfuscator_proxy(const uint8_t *peer_address,
                                       uintptr_t peer_address_len,
                                       uint16_t peer_port,
+                                      TunnelObfuscatorProtocol obfuscation_protocol,
                                       struct ProxyHandle *proxy_handle);
 
 int32_t stop_tunnel_obfuscator_proxy(struct ProxyHandle *proxy_handle);
author	Bug Magnet <marco.nikic@mullvad.net>	2024-10-30 17:10:43 +0100
committer	Bug Magnet <marco.nikic@mullvad.net>	2024-11-13 15:41:48 +0100
commit	26b75ba407b6099ae815775ac921024c6708d055 (patch)
tree	3cf4c06914d66baa6acce0f8298fb77fdcd21c85 /ios/MullvadRustRuntime
parent	e763bf54a1d49f1452d6328acb2b2aaea26beae9 (diff)
download	mullvadvpn-26b75ba407b6099ae815775ac921024c6708d055.tar.xz mullvadvpn-26b75ba407b6099ae815775ac921024c6708d055.zip