anlicheng/punchnet-macos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: anlicheng:main
Branches Tags
anlicheng:main
anlicheng:quic_mst
anlicheng:202601_v2_mst
anlicheng:actor_mst
anlicheng:async_mst
..
compare: anlicheng:202601_v2_mst
Branches Tags
anlicheng:quic_mst
anlicheng:202601_v2_mst
anlicheng:main
anlicheng:actor_mst
anlicheng:async_mst

51 Commits
main ... 202601_v2_

Author SHA1 Message Date
anlicheng
1554f3fe0b fix proto 2026-02-06 12:22:15 +08:00
anlicheng
2e6e1e5b3f fix rules 2026-02-05 23:13:37 +08:00
anlicheng
3947c1f6da fix policy 2026-02-05 15:25:22 +08:00
anlicheng
e79c3270ea 解决注册的问题 2026-02-04 17:25:00 +08:00
anlicheng
9aaaad6254 解决系统的异常退出问题 2026-02-04 14:58:18 +08:00
anlicheng
8c8006bc69 解决系统的异常退出问题 2026-02-04 14:56:30 +08:00
anlicheng
3283c2ae61 处理udp启动逻辑 2026-02-04 14:01:42 +08:00
anlicheng
b1c6b45f35 actor的最小依赖原则 2026-02-04 13:56:05 +08:00
anlicheng
f801344370 fix context 2026-02-04 01:03:49 +08:00
anlicheng
9cafe1aa57 fix 2026-02-04 00:51:18 +08:00
anlicheng
c63b20b568 fix logger 2026-02-04 00:07:06 +08:00
anlicheng
57e360bee2 fix 2026-02-03 23:45:03 +08:00
anlicheng
55ea1cd09d 解决定时器的问题 2026-02-03 16:07:30 +08:00
anlicheng
d964eb6e27 fix 2026-02-03 13:44:24 +08:00
anlicheng
478969d99d fix 2026-02-03 13:35:02 +08:00
anlicheng
2f9920ad6d fix 2026-02-03 13:06:58 +08:00
anlicheng
57dd0d9538 fix context 2026-02-02 12:07:29 +08:00
anlicheng
352dff8e19 fix context 2026-01-30 16:41:10 +08:00
anlicheng
b5d574ea31 fix context 2026-01-30 15:23:35 +08:00
anlicheng
d4390f5117 fix 2026-01-30 13:39:58 +08:00
anlicheng
e40a266b13 fix lock 2026-01-30 12:26:10 +08:00
anlicheng
df236d4c1f fix 2026-01-29 23:23:53 +08:00
anlicheng
faebe09da0 fix 2026-01-29 22:28:13 +08:00
anlicheng
5bb971bef3 fix actor 2026-01-29 22:13:31 +08:00
anlicheng
2abef3d0bf fix udpHole 2026-01-29 22:07:46 +08:00
anlicheng
d15240a3a7 fix context 2026-01-29 00:17:23 +08:00
anlicheng
ce0f3fa29d fix 2026-01-28 23:43:19 +08:00
anlicheng
92a05263bb fix vpn 2026-01-28 21:42:16 +08:00
anlicheng
dc59e1870a fix config 2026-01-28 19:26:14 +08:00
anlicheng
d74bc61060 解决通讯模型的问题 2026-01-28 18:53:03 +08:00
anlicheng
047f5b90ec fix dns client 2026-01-28 17:43:47 +08:00
anlicheng
e36ecd0c29 fix hole 2026-01-28 17:34:02 +08:00
anlicheng
599a047f5c fix stun 2026-01-28 14:03:41 +08:00
anlicheng
cbfbbc9ac6 逻辑上的正确行调整 2026-01-28 13:05:11 +08:00
anlicheng
6faff2e6cc 解决语法级别的错误 2026-01-28 01:02:37 +08:00
anlicheng
cd4c977b83 fix 2026-01-27 23:47:46 +08:00
anlicheng
fe680b31b2 fix 2026-01-27 23:13:41 +08:00
anlicheng
715fa6f491 修改语法层面的错误 2026-01-27 22:36:41 +08:00
anlicheng
21b8585d3c remove superClient 2026-01-27 21:53:09 +08:00
anlicheng
20993dd923 fix 2026-01-19 17:36:46 +08:00
anlicheng
f9b1c03b85 fix menu 2026-01-19 14:51:34 +08:00
anlicheng
5ec207e1fa fix 2026-01-19 14:48:35 +08:00
anlicheng
efa14a3071 fix 2026-01-19 12:14:21 +08:00
anlicheng
db64e3a128 解决界面效果问题 2026-01-19 12:08:32 +08:00
anlicheng
6e054fc169 add view 2026-01-19 11:36:45 +08:00
anlicheng
d91860af49 add settings 2026-01-16 18:01:42 +08:00
anlicheng
06682d113d fix networkd 2026-01-16 17:17:53 +08:00
anlicheng
dde1b37f1f fix toolbar 2026-01-16 17:12:41 +08:00
anlicheng
b1f128f4c4 fxi view 2026-01-16 16:43:33 +08:00
anlicheng
a87978e89b 处理简单的view逻辑 2026-01-16 16:05:32 +08:00
anlicheng
bfc88eac08 fix login view 2026-01-15 17:21:21 +08:00
54 changed files with 4293 additions and 2568 deletions
Show Stats Expand all files Collapse all files

91
Tun/PacketTunnelProvider.swift
View File

@ -5,101 +5,52 @@
// Created by on 2025/8/3.
//
//
// PacketTunnelProvider.swift
// Tun
//
// Created by on 2024/1/17.
//
import NetworkExtension
enum TunnelError: Error {
case invalidConfiguration
case invalidContext
}
class PacketTunnelProvider: NEPacketTunnelProvider {
var context: SDLContext?
var contextActor: SDLContextActor?
private var rootTask: Task<Void, Error>?
override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
// host: "192.168.0.101", port: 1265
guard let options else {
guard let options, let config = SDLConfiguration.parse(options: options) else {
completionHandler(TunnelError.invalidConfiguration)
return
}
//
guard self.context == nil else {
guard self.contextActor == nil else {
completionHandler(TunnelError.invalidContext)
return
}
// let token = options["token"] as! String
let installed_channel = options["installed_channel"] as! String
let superIp = options["super_ip"] as! String
let superPort = options["super_port"] as! Int
let stunServersStr = options["stun_servers"] as! String
let noticePort = options["notice_port"] as! Int
let token = options["token"] as! String
let networkCode = options["network_code"] as! String
let clientId = options["client_id"] as! String
let remoteDnsServer = options["remote_dns_server"] as! String
let hostname = options["hostname"] as! String
let stunServers = stunServersStr.split(separator: ";").compactMap { server -> SDLConfiguration.StunServer? in
let parts = server.split(separator: ":", maxSplits: 2)
guard parts.count == 2 else {
return nil
}
let ports = parts[1].split(separator: ",", maxSplits: 2)
guard ports.count == 2, let port1 = Int(String(ports[0])), let port2 = Int(String(ports[1])) else {
return nil
}
return .init(host: String(parts[0]), ports: [port1, port2])
}
guard stunServers.count >= 2 else {
NSLog("stunServers配置错误")
return
}
NSLog("[PacketTunnelProvider] client_id: \(clientId), token: \(token), network_code: \(networkCode)")
let config = SDLConfiguration(version: 1,
installedChannel: installed_channel,
superHost: superIp,
superPort: superPort,
stunServers: stunServers,
clientId: clientId,
noticePort: noticePort,
token: token,
networkCode: networkCode,
remoteDnsServer: remoteDnsServer,
hostname: hostname)
//
let rsaCipher = try! CCRSACipher(keySize: 1024)
let aesChiper = CCAESChiper()
self.rootTask = Task {
do {
self.context = SDLContext(provider: self, config: config, rsaCipher: rsaCipher, aesCipher: aesChiper, logger: SDLLogger(level: .debug))
try await self.context?.start()
} catch let err {
NSLog("[PacketTunnelProvider] exit with error: \(err)")
exit(-1)
}
self.contextActor = SDLContextActor(provider: self, config: config, rsaCipher: rsaCipher, aesCipher: aesChiper)
await self.contextActor?.start()
completionHandler(nil)
}
completionHandler(nil)
}
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
// Add code here to start the process of stopping the tunnel.
self.rootTask?.cancel()
Task {
await self.context?.stop()
await self.contextActor?.stop()
self.contextActor = nil
self.rootTask?.cancel()
self.rootTask = nil
completionHandler()
}
self.context = nil
self.rootTask = nil
completionHandler()
}
override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) {

8
Tun/Punchnet/ArpServer.swift → Tun/Punchnet/Actors/ArpServerActor.swift
View File

@ -5,8 +5,9 @@
// Created by on 2025/7/14.
//
import Foundation
import Darwin
actor ArpServer {
actor ArpServerActor {
private var known_macs: [UInt32:Data] = [:]
init(known_macs: [UInt32:Data]) {
@ -25,7 +26,12 @@ actor ArpServer {
self.known_macs.removeValue(forKey: ip)
}
func dropMacs(macs: [Data]) {
self.known_macs = self.known_macs.filter { !macs.contains($0.value) }
}
func clear() {
self.known_macs = [:]
}
}

117
Tun/Punchnet/Actors/SDLDNSClientActor.swift
View File

@ -1,117 +0,0 @@
//
// DNSClient.swift
// Tun
//
// Created by on 2025/12/10.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
@available(macOS 14, *)
actor SDLDNSClientActor {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
private let logger: SDLLogger
private let dnsServerAddress: SocketAddress
public let packetFlow: AsyncStream<Data>
private let packetContinuation: AsyncStream<Data>.Continuation
//
init(dnsServerAddress: SocketAddress, logger: SDLLogger) async throws {
self.dnsServerAddress = dnsServerAddress
self.logger = logger
(self.packetFlow, self.packetContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
}
.get()
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose {inbound, outbound in
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[DNSClient] inbound closed", level: .warning)
}
for try await envelope in inbound {
try Task.checkCancellation()
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
self.logger.log("[DNSClient] read data: \(buffer), from: \(remoteAddress)", level: .debug)
let len = buffer.readableBytes
if let bytes = buffer.readBytes(length: len) {
self.packetContinuation.yield(Data(bytes))
}
}
}
group.addTask {
defer {
self.logger.log("[DNSClient] outbound closed", level: .warning)
}
for await message in self.writeStream {
try Task.checkCancellation()
let buffer = self.asyncChannel.channel.allocator.buffer(bytes: message)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: self.dnsServerAddress, data: buffer)
try await outbound.write(envelope)
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.writeContinuation.finish()
self.packetContinuation.finish()
self.logger.log("[DNSClient] withTaskCancellationHandler cancel")
}
}
func forward(ipPacket: IPPacket) {
self.writeContinuation.yield(ipPacket.data)
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
}
}
extension SDLDNSClientActor {
struct Helper {
static let dnsServer: String = "100.100.100.100"
// dns
static let dnsDestIpAddr: UInt32 = 1684300900
// dns
static func isDnsRequestPacket(ipPacket: IPPacket) -> Bool {
return ipPacket.header.destination == dnsDestIpAddr
}
}
}

176
Tun/Punchnet/Actors/SDLNATProberActor.swift Normal file
View File

@ -0,0 +1,176 @@
//
// SDLNATProberActor.swift
// punchnet
//
// Created by on 2026/1/28.
//
import Foundation
import NIOCore
actor SDLNATProberActor {
// MARK: - NAT Type
enum NatType: UInt8, Encodable {
case blocked = 0
case noNat = 1
case fullCone = 2
case portRestricted = 3
case coneRestricted = 4
case symmetric = 5
}
// MARK: - Internal State
class ProbeSession {
var cookieId: UInt32
// step -> SDLStunProbeReply
var replies: [UInt32: SDLStunProbeReply]
var timeoutTask: Task<Void, Never>?
var continuation: CheckedContinuation<NatType, Never>
private var isFinished: Bool = false
init(cookieId: UInt32, timeoutTask: Task<Void, Never>? = nil, continuation: CheckedContinuation<NatType, Never>) {
self.cookieId = cookieId
self.replies = [:]
self.timeoutTask = timeoutTask
self.continuation = continuation
}
func finished(with type: NatType) {
guard !isFinished else {
return
}
self.continuation.resume(returning: type)
//
self.timeoutTask?.cancel()
self.isFinished = true
}
}
// MARK: - Dependencies
nonisolated private let addressArray: [[SocketAddress]]
// MARK: - Completion
private var cookieId: UInt32 = 1
private var sessions: [UInt32: ProbeSession] = [:]
// MARK: - Init
init(addressArray: [[SocketAddress]]) {
self.addressArray = addressArray
}
// MARK: - Public API
func probeNatType(using udpHole: SDLUDPHole) async -> NatType {
let cookieId = self.cookieId
self.cookieId &+= 1
return await withCheckedContinuation { continuation in
let timeoutTask = Task {
try? await Task.sleep(nanoseconds: 5_000_000_000)
await self.handleTimeout(cookie: cookieId)
}
let session = ProbeSession(
cookieId: cookieId,
timeoutTask: timeoutTask,
continuation: continuation
)
self.sessions[cookieId] = session
Task {
await self.sendProbe(using: udpHole, cookie: cookieId)
}
}
}
/// UDP STUN
func handleProbeReply(localAddress: SocketAddress?, reply: SDLStunProbeReply) async {
guard let session = self.sessions[reply.cookie] else {
return
}
session.replies[reply.step] = reply
// 退nat
if session.replies[1] != nil {
if await reply.socketAddress() == localAddress {
finish(cookie: session.cookieId, .noNat)
return
}
}
if let step1 = session.replies[1], let step2 = session.replies[2] {
// natAddress2 IPIPNAT;
// ip{dstIp, dstPort, srcIp, srcPort}, ip
if let addr1 = await step1.socketAddress(), let addr2 = await step2.socketAddress(), addr1 != addr2 {
finish(cookie: session.cookieId, .symmetric)
return
}
}
// ,
if session.replies[1] != nil && session.replies[2] != nil && session.replies[3] != nil && session.replies[4] != nil {
// step3: ip2:port2 <---- ip1:port1 (ipport)
// IPNAT
if session.replies[3] != nil {
finish(cookie: session.cookieId, .fullCone)
return
}
// step3: ip1:port1 <---- ip1:port2 (port)
// IPNAT
if session.replies[4] != nil {
finish(cookie: session.cookieId, .coneRestricted)
return
}
}
}
/// Timer / Task
private func handleTimeout(cookie: UInt32) async {
guard let session = self.sessions[cookie] else {
return
}
if session.replies[1] == nil {
finish(cookie: cookie, .blocked)
} else if session.replies[3] != nil {
finish(cookie: cookie, .fullCone)
} else if session.replies[4] != nil {
finish(cookie: cookie, .coneRestricted)
} else {
finish(cookie: cookie, .portRestricted)
}
}
private func finish(cookie: UInt32, _ type: NatType) {
if let session = self.sessions.removeValue(forKey: cookie) {
session.finished(with: type)
}
}
// MARK: - Internal helpers
private func sendProbe(using udpHole: SDLUDPHole, cookie: UInt32) async {
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 1, attr: .none), remoteAddress: addressArray[0][0])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 2, attr: .none), remoteAddress: addressArray[1][1])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 3, attr: .peer), remoteAddress: addressArray[0][0])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 4, attr: .port), remoteAddress: addressArray[0][0])
}
private func makeProbePacket(cookieId: UInt32, step: UInt32, attr: SDLProbeAttr) -> Data {
var stunProbe = SDLStunProbe()
stunProbe.cookie = cookieId
stunProbe.step = step
stunProbe.attr = UInt32(attr.rawValue)
return try! stunProbe.serializedData()
}
}

93
Tun/Punchnet/Actors/SDLPuncherActor.swift
View File

@ -6,17 +6,19 @@
//
import Foundation
import NIOCore
actor SDLPuncherActor {
nonisolated private let cooldown: Duration = .seconds(5)
// dstMac
private var coolingDown: Set<Data> = []
private let cooldown: Duration = .seconds(5)
private var superClientActor: SDLSuperClientActor?
private var udpHoleActor: SDLUDPHoleActor?
private var pktId: UInt32 = 1
//
private var pendingRequests: [UInt32: RegisterRequest] = [:]
// holer
private var logger: SDLLogger
nonisolated private let querySocketAddress: SocketAddress
struct RegisterRequest {
let srcMac: Data
@ -24,33 +26,48 @@ actor SDLPuncherActor {
let networkId: UInt32
}
init(logger: SDLLogger) {
self.logger = logger
init(querySocketAddress: SocketAddress) {
self.querySocketAddress = querySocketAddress
}
func setSuperClientActor(superClientActor: SDLSuperClientActor?) {
self.superClientActor = superClientActor
}
func setUDPHoleActor(udpHoleActor: SDLUDPHoleActor?) {
self.udpHoleActor = udpHoleActor
}
func submitRegisterRequest(request: RegisterRequest) {
func submitRegisterRequest(using udpHole: SDLUDPHole?, request: RegisterRequest) {
let dstMac = request.dstMac
guard !coolingDown.contains(dstMac) else {
guard let udpHole, !coolingDown.contains(dstMac) else {
return
}
//
coolingDown.insert(dstMac)
let pktId = self.pktId
self.pktId &+= 1
if self.pktId == 0 {
self.pktId = 1
}
self.tryHole(using: udpHole, pktId: pktId, request: request)
Task {
await self.tryHole(request: request)
//
try? await Task.sleep(for: .seconds(5))
self.endCooldown(for: dstMac)
self.removePendingRequest(for: pktId)
}
}
func handlePeerInfo(using udpHole: SDLUDPHole, peerInfo: SDLPeerInfo) async {
if let request = pendingRequests.removeValue(forKey: peerInfo.pktID) {
if let remoteAddress = try? await peerInfo.v4Info.socketAddress() {
SDLLogger.shared.log("[SDLContext] hole sock address: \(remoteAddress)", level: .debug)
// register
var register = SDLRegister()
register.networkID = request.networkId
register.srcMac = request.srcMac
register.dstMac = request.dstMac
udpHole.send(type: .register, data: try! register.serializedData(), remoteAddress: remoteAddress)
} else {
SDLLogger.shared.log("[SDLContext] hole sock address is invalid: \(peerInfo.v4Info)", level: .warning)
}
}
}
@ -58,32 +75,18 @@ actor SDLPuncherActor {
self.coolingDown.remove(key)
}
private func tryHole(request: RegisterRequest) async {
var queryInfo = SDLQueryInfo()
queryInfo.dstMac = request.dstMac
guard let message = try? await self.superClientActor?.request(type: .queryInfo, data: try queryInfo.serializedData()) else {
return
}
switch message.packet {
case .empty:
self.logger.log("[SDLContext] hole query_info get empty: \(message)", level: .debug)
case .peerInfo(let peerInfo):
if let remoteAddress = peerInfo.v4Info.socketAddress() {
self.logger.log("[SDLContext] hole sock address: \(remoteAddress)", level: .debug)
// register
var register = SDLRegister()
register.networkID = request.networkId
register.srcMac = request.srcMac
register.dstMac = request.dstMac
await self.udpHoleActor?.send(type: .register, data: try! register.serializedData(), remoteAddress: remoteAddress)
} else {
self.logger.log("[SDLContext] hole sock address is invalid: \(peerInfo.v4Info)", level: .warning)
}
default:
self.logger.log("[SDLContext] hole query_info is packet: \(message)", level: .warning)
}
private func removePendingRequest(for pktId: UInt32) {
self.pendingRequests.removeValue(forKey: pktId)
}
private func tryHole(using udpHole: SDLUDPHole, pktId: UInt32, request: RegisterRequest) {
var queryInfo = SDLQueryInfo()
queryInfo.pktID = pktId
queryInfo.dstMac = request.dstMac
self.pendingRequests[pktId] = request
if let queryData = try? queryInfo.serializedData() {
udpHole.send(type: .queryInfo, data: queryData, remoteAddress: self.querySocketAddress)
}
}
}

312
Tun/Punchnet/Actors/SDLSuperClientActor.swift
View File

@ -1,312 +0,0 @@
//
// SDLWebsocketClient.swift
// Tun
//
// Created by on 2024/3/28.
//
import Foundation
import NIOCore
import NIOPosix
// --MARK: SuperNode
actor SDLSuperClientActor {
//
private typealias TcpMessage = (packetId: UInt32, type: SDLPacketType, data: Data)
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<ByteBuffer,ByteBuffer>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: TcpMessage.self, bufferingPolicy: .unbounded)
private var continuations: [UInt32:CheckedContinuation<SDLSuperInboundMessage, Error>] = [:]
public let eventFlow: AsyncStream<SuperEvent>
private let inboundContinuation: AsyncStream<SuperEvent>.Continuation
// id
var idGenerator = SDLIdGenerator(seed: 1)
private let logger: SDLLogger
//
enum SuperEvent {
case ready
case event(SDLEvent)
case command(UInt32, SDLCommand)
}
enum SuperClientError: Error {
case timeout
case connectionClosed
case cancelled
}
init(host: String, port: Int, logger: SDLLogger) async throws {
self.logger = logger
(self.eventFlow, self.inboundContinuation) = AsyncStream.makeStream(of: SuperEvent.self, bufferingPolicy: .unbounded)
let bootstrap = ClientBootstrap(group: self.group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
return channel.pipeline.addHandlers([
ByteToMessageHandler(FixedHeaderDecoder()),
MessageToByteHandler(FixedHeaderEncoder())
])
}
self.asyncChannel = try await bootstrap.connect(host: host, port: port)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: ByteBuffer.self,
outboundType: ByteBuffer.self
))
}
.get()
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose { inbound, outbound in
self.inboundContinuation.yield(.ready)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[SDLSuperClient] inbound closed", level: .warning)
}
for try await var packet in inbound {
try Task.checkCancellation()
if let message = SDLSuperClientDecoder.decode(buffer: &packet) {
if !message.isPong() {
self.logger.log("[SDLSuperClient] read message: \(message)", level: .debug)
}
switch message.packet {
case .event(let event):
self.inboundContinuation.yield(.event(event))
case .command(let command):
self.inboundContinuation.yield(.command(message.msgId, command))
default:
await self.fireCallback(message: message)
}
}
}
}
group.addTask {
defer {
self.logger.log("[SDLSuperClient] outbound closed", level: .warning)
}
for await (packetId, type, data) in self.writeStream {
try Task.checkCancellation()
var buffer = self.asyncChannel.channel.allocator.buffer(capacity: data.count + 5)
buffer.writeInteger(packetId, as: UInt32.self)
buffer.writeBytes([type.rawValue])
buffer.writeBytes(data)
try await outbound.write(buffer)
}
}
// --MARK:
group.addTask {
defer {
self.logger.log("[SDLSuperClient] ping task closed", level: .warning)
}
while true {
try Task.checkCancellation()
await self.ping()
try await Task.sleep(nanoseconds: 5 * 1_000_000_000)
}
}
// 退,
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.inboundContinuation.finish()
self.writeContinuation.finish()
self.logger.log("[SDLSuperClient] withTaskCancellationHandler cancel")
Task {
await self.failAllContinuations(SuperClientError.cancelled)
}
}
}
// -- MARK: apis
func unregister() throws {
self.send(type: .unregisterSuper, packetId: 0, data: Data())
}
private func ping() {
self.send(type: .ping, packetId: 0, data: Data())
}
func request(type: SDLPacketType, data: Data, timeout: Duration = .seconds(5)) async throws -> SDLSuperInboundMessage {
let packetId = idGenerator.nextId()
return try await withCheckedThrowingContinuation { cont in
self.continuations[packetId] = cont
self.writeContinuation.yield(TcpMessage(packetId: packetId, type: type, data: data))
Task {
try? await Task.sleep(for: timeout)
self.timeout(packetId: packetId)
}
}
}
func send(type: SDLPacketType, packetId: UInt32, data: Data) {
self.writeContinuation.yield(TcpMessage(packetId: packetId, type: type, data: data))
}
//
private func fireCallback(message: SDLSuperInboundMessage) {
guard let cont = self.continuations.removeValue(forKey: message.msgId) else {
return
}
cont.resume(returning: message)
}
private func failAllContinuations(_ error: Error) {
let all = continuations
continuations.removeAll()
for (_, cont) in all {
cont.resume(throwing: error)
}
}
private func timeout(packetId: UInt32) {
guard let cont = self.continuations.removeValue(forKey: packetId) else {
return
}
cont.resume(throwing: SuperClientError.timeout)
}
deinit {
try! group.syncShutdownGracefully()
}
}
// --MARK:
private struct SDLSuperClientDecoder {
// : <<MsgId:32, Type:8, Body/binary>>
static func decode(buffer: inout ByteBuffer) -> SDLSuperInboundMessage? {
guard let msgId = buffer.readInteger(as: UInt32.self),
let type = buffer.readInteger(as: UInt8.self),
let messageType = SDLPacketType(rawValue: type) else {
return nil
}
switch messageType {
case .empty:
return .init(msgId: msgId, packet: .empty)
case .registerSuperAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperAck = try? SDLRegisterSuperAck(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .registerSuperAck(registerSuperAck))
case .registerSuperNak:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperNak = try? SDLRegisterSuperNak(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .registerSuperNak(registerSuperNak))
case .peerInfo:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let peerInfo = try? SDLPeerInfo(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .peerInfo(peerInfo))
case .pong:
return .init(msgId: msgId, packet: .pong)
case .command:
guard let commandVal = buffer.readInteger(as: UInt8.self),
let command = SDLCommandType(rawValue: commandVal),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch command {
case .changeNetwork:
guard let changeNetworkCommand = try? SDLChangeNetworkCommand(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .command(.changeNetwork(changeNetworkCommand)))
}
case .event:
guard let eventVal = buffer.readInteger(as: UInt8.self),
let event = SDLEventType(rawValue: eventVal),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch event {
case .natChanged:
guard let natChangedEvent = try? SDLNatChangedEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.natChanged(natChangedEvent)))
case .sendRegister:
guard let sendRegisterEvent = try? SDLSendRegisterEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.sendRegister(sendRegisterEvent)))
case .networkShutdown:
guard let networkShutdownEvent = try? SDLNetworkShutdownEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.networkShutdown(networkShutdownEvent)))
}
default:
return nil
}
}
}
private final class FixedHeaderEncoder: MessageToByteEncoder, @unchecked Sendable {
typealias InboundIn = ByteBuffer
typealias InboundOut = ByteBuffer
func encode(data: ByteBuffer, out: inout ByteBuffer) throws {
let len = data.readableBytes
out.writeInteger(UInt16(len))
out.writeBytes(data.readableBytesView)
}
}
private final class FixedHeaderDecoder: ByteToMessageDecoder, @unchecked Sendable {
typealias InboundIn = ByteBuffer
typealias InboundOut = ByteBuffer
func decode(context: ChannelHandlerContext, buffer: inout ByteBuffer) throws -> DecodingState {
guard let len = buffer.getInteger(at: buffer.readerIndex, endianness: .big, as: UInt16.self) else {
return .needMoreData
}
if buffer.readableBytes >= len + 2 {
buffer.moveReaderIndex(forwardBy: 2)
if let bytes = buffer.readBytes(length: Int(len)) {
context.fireChannelRead(self.wrapInboundOut(ByteBuffer(bytes: bytes)))
}
return .continue
} else {
return .needMoreData
}
}
}

89
Tun/Punchnet/Actors/SDLTunnelProviderActor.swift
View File

@ -1,89 +0,0 @@
//
// SDLContext.swift
// Tun
//
// Created by on 2024/2/29.
//
import Foundation
import NetworkExtension
import NIOCore
import Combine
//
/*
1. rsa的加解密逻辑
*/
actor SDLTunnelProviderActor {
//
struct Route {
let dstAddress: String
let subnetMask: String
var debugInfo: String {
return "\(dstAddress):\(subnetMask)"
}
}
//
private var readTask: Task<(), Never>?
let provider: NEPacketTunnelProvider
let logger: SDLLogger
public init(provider: NEPacketTunnelProvider, logger: SDLLogger) {
self.logger = logger
self.provider = provider
}
func writePackets(packets: [NEPacket]) {
//let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects(packets)
}
//
func setNetworkSettings(devAddr: SDLDevAddr, dnsServer: String) async throws -> String {
let netAddress = SDLNetAddress(ip: devAddr.netAddr, maskLen: UInt8(devAddr.netBitLen))
let routes = [
Route(dstAddress: netAddress.networkAddress, subnetMask: netAddress.maskAddress),
Route(dstAddress: dnsServer, subnetMask: "255.255.255.255")
]
// Add code here to start the process of connecting the tunnel.
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
networkSettings.mtu = 1460
// DNS
let networkDomain = devAddr.networkDomain
let dnsSettings = NEDNSSettings(servers: [dnsServer])
dnsSettings.searchDomains = [networkDomain]
dnsSettings.matchDomains = [networkDomain]
dnsSettings.matchDomainsNoSearch = false
networkSettings.dnsSettings = dnsSettings
self.logger.log("[SDLContext] Tun started at network ip: \(netAddress.ipAddress), mask: \(netAddress.maskAddress)", level: .info)
let ipv4Settings = NEIPv4Settings(addresses: [netAddress.ipAddress], subnetMasks: [netAddress.maskAddress])
//
//NEIPv4Route.default()
ipv4Settings.includedRoutes = routes.map { route in
NEIPv4Route(destinationAddress: route.dstAddress, subnetMask: route.subnetMask)
}
networkSettings.ipv4Settings = ipv4Settings
//
try await self.provider.setTunnelNetworkSettings(networkSettings)
return netAddress.ipAddress
}
// , 线packetFlow
func readPackets() async -> [Data] {
let (packets, numbers) = await self.provider.packetFlow.readPackets()
return zip(packets, numbers).compactMap { (data, number) in
return number == 2 ? data : nil
}
}
}

210
Tun/Punchnet/Actors/SDLUDPHoleActor.swift
View File

@ -1,210 +0,0 @@
//
// SDLanServer.swift
// Tun
//
// Created by on 2024/1/31.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
actor SDLUDPHoleActor {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: UDPMessage.self, bufferingPolicy: .unbounded)
private var cookieGenerator = SDLIdGenerator(seed: 1)
private var promises: [UInt32:EventLoopPromise<SDLStunProbeReply>] = [:]
public var localAddress: SocketAddress?
public let eventFlow: AsyncStream<UDPEvent>
private let eventContinuation: AsyncStream<UDPEvent>.Continuation
private let logger: SDLLogger
//
struct Capabilities {
let logger: @Sendable (String) async -> Void
}
struct UDPMessage {
let remoteAddress: SocketAddress
let type: SDLPacketType
let data: Data
}
//
enum UDPEvent {
case ready
case message(SocketAddress, SDLHoleInboundMessage)
case data(SDLData)
}
//
init(logger: SDLLogger) async throws {
self.logger = logger
(self.eventFlow, self.eventContinuation) = AsyncStream.makeStream(of: UDPEvent.self, bufferingPolicy: .unbounded)
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
}
.get()
self.localAddress = self.asyncChannel.channel.localAddress
self.logger.log("[UDPHole] started and listening on: \(self.localAddress!)", level: .debug)
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose {inbound, outbound in
self.eventContinuation.yield(.ready)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[SDLUDPHole] inbound closed", level: .warning)
}
for try await envelope in inbound {
try Task.checkCancellation()
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
do {
if let message = try Self.decode(buffer: &buffer) {
switch message {
case .data(let data):
self.logger.log("[SDLUDPHole] read data: \(data.format()), from: \(remoteAddress)", level: .debug)
self.eventContinuation.yield(.data(data))
case .stunProbeReply(let probeReply):
//
await self.trigger(probeReply: probeReply)
default:
self.eventContinuation.yield(.message(remoteAddress, message))
}
} else {
self.logger.log("[SDLUDPHole] decode message, get null", level: .warning)
}
} catch let err {
self.logger.log("[SDLUDPHole] decode message, get error: \(err)", level: .warning)
throw err
}
}
}
group.addTask {
defer {
self.logger.log("[SDLUDPHole] outbound closed", level: .warning)
}
for await message in self.writeStream {
try Task.checkCancellation()
var buffer = self.asyncChannel.channel.allocator.buffer(capacity: message.data.count + 1)
buffer.writeBytes([message.type.rawValue])
buffer.writeBytes(message.data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: message.remoteAddress, data: buffer)
try await outbound.write(envelope)
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.writeContinuation.finish()
self.eventContinuation.finish()
self.logger.log("[SDLUDPHole] withTaskCancellationHandler cancel")
}
}
func getCookieId() -> UInt32 {
return self.cookieGenerator.nextId()
}
// tun
func stunProbe(remoteAddress: SocketAddress, attr: SDLProbeAttr = .none, timeout: Int = 5) async throws -> SDLStunProbeReply {
return try await self._stunProbe(remoteAddress: remoteAddress, attr: attr, timeout: timeout).get()
}
private func _stunProbe(remoteAddress: SocketAddress, attr: SDLProbeAttr = .none, timeout: Int) -> EventLoopFuture<SDLStunProbeReply> {
let cookie = self.cookieGenerator.nextId()
var stunProbe = SDLStunProbe()
stunProbe.cookie = cookie
stunProbe.attr = UInt32(attr.rawValue)
self.send( type: .stunProbe, data: try! stunProbe.serializedData(), remoteAddress: remoteAddress)
self.logger.log("[SDLUDPHole] stunProbe: \(remoteAddress)", level: .debug)
let promise = self.asyncChannel.channel.eventLoop.makePromise(of: SDLStunProbeReply.self)
self.promises[cookie] = promise
return promise.futureResult
}
private func trigger(probeReply: SDLStunProbeReply) {
let id = probeReply.cookie
//
if let promise = self.promises[id] {
self.asyncChannel.channel.eventLoop.execute {
promise.succeed(probeReply)
}
self.promises.removeValue(forKey: id)
}
}
// MARK: client-client apis
//
func send(type: SDLPacketType, data: Data, remoteAddress: SocketAddress) {
let message = UDPMessage(remoteAddress: remoteAddress, type: type, data: data)
self.writeContinuation.yield(message)
}
//--MARK:
private static func decode(buffer: inout ByteBuffer) throws -> SDLHoleInboundMessage? {
guard let type = buffer.readInteger(as: UInt8.self),
let packetType = SDLPacketType(rawValue: type),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch packetType {
case .data:
let dataPacket = try SDLData(serializedBytes: bytes)
return .data(dataPacket)
case .register:
let registerPacket = try SDLRegister(serializedBytes: bytes)
return .register(registerPacket)
case .registerAck:
let registerAck = try SDLRegisterAck(serializedBytes: bytes)
return .registerAck(registerAck)
case .stunReply:
let stunReply = try SDLStunReply(serializedBytes: bytes)
return .stunReply(stunReply)
case .stunProbeReply:
let stunProbeReply = try SDLStunProbeReply(serializedBytes: bytes)
return .stunProbeReply(stunProbeReply)
default:
return nil
}
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
self.eventContinuation.finish()
}
}

26
Tun/Punchnet/IPPacket.swift → Tun/Punchnet/NetworkStack/IPPacket.swift
View File

@ -15,26 +15,17 @@ struct IPHeader {
let id: UInt16
let offset: UInt16
let timeToLive: UInt8
let proto:UInt8
let proto: UInt8
let checksum: UInt16
let source: UInt32
let destination: UInt32
var source_ip: String {
return intToIp(source)
return SDLUtil.int32ToIp(source)
}
var destination_ip: String {
return intToIp(destination)
}
private func intToIp(_ num: UInt32) -> String {
let ip0 = (UInt8) (num >> 24 & 0xFF)
let ip1 = (UInt8) (num >> 16 & 0xFF)
let ip2 = (UInt8) (num >> 8 & 0xFF)
let ip3 = (UInt8) (num & 0xFF)
return "\(ip0).\(ip1).\(ip2).\(ip3)"
return SDLUtil.int32ToIp(destination)
}
public var description: String {
@ -83,4 +74,15 @@ struct IPPacket {
func getPayload() -> Data {
return data.subdata(in: 20..<data.count)
}
// ip
func getDstPort() -> UInt16? {
guard case .ipv4 = IPVersion(rawValue: self.header.version), self.data.count >= 24 else {
return nil
}
// ipv4(srcPort:16, dstPort:16, ...)
return UInt16(bytes: (self.data[22], self.data[23]))
}
}

0
Tun/Punchnet/LayerPacket.swift → Tun/Punchnet/NetworkStack/LayerPacket.swift
View File

25
Tun/Punchnet/Policy/IdentityRuleMap.swift Normal file
View File

@ -0,0 +1,25 @@
//
// RuleMap.swift
// punchnet
//
// Created by on 2026/2/5.
//
struct IdentityRuleMap {
// map[proto][port]
let ruleMap: [UInt8: [UInt16: Bool]]
init(ruleMap: [UInt8: [UInt16: Bool]]) {
self.ruleMap = ruleMap
}
func isAllow(proto: UInt8, port: UInt16) -> Bool {
if let portMap = self.ruleMap[proto],
let allowed = portMap[port] {
return allowed
} else {
return false
}
}
}

25
Tun/Punchnet/Policy/IdentitySnapshot.swift Normal file
View File

@ -0,0 +1,25 @@
//
// IdentitySnapshot.swift
// punchnet
//
// Created by on 2026/2/5.
//
final class IdentitySnapshot {
typealias IdentityID = UInt32
private let identityMap: [IdentityID: IdentityRuleMap]
init(identityMap: [IdentityID : IdentityRuleMap]) {
self.identityMap = identityMap
}
func lookup(_ id: IdentityID) -> IdentityRuleMap? {
return self.identityMap[id]
}
static func empty() -> IdentitySnapshot {
return IdentitySnapshot(identityMap: [:])
}
}

110
Tun/Punchnet/Policy/IdentityStore.swift Normal file
View File

@ -0,0 +1,110 @@
//
// IdentityStore.swift
// punchnet
//
// Created by on 2026/2/5.
//
import Foundation
import NIO
final class IdentitySession {
var version: UInt32
var totalNum: UInt32
private var parts: [UInt32: SDLPolicyResponse] = [:]
init(part: SDLPolicyResponse) {
self.version = part.version
self.totalNum = part.totalNum
self.parts[part.index] = part
}
func merge(part: SDLPolicyResponse) {
if part.version < version {
//
} else if part.version == version {
self.parts[part.index] = part
} else {
self.parts.removeAll()
self.parts[part.index] = part
}
}
func process() -> Data? {
// parts0total_num
let indexs = parts.keys.sorted().map { UInt32($0) }
guard indexs.count == self.totalNum && isContinuousFromZero(indexs: indexs) else {
return nil
}
var rulesData: Data = Data()
for i in 0..<totalNum {
if let part = self.parts[i] {
rulesData.append(part.rules)
}
}
SDLLogger.shared.log("[IdentitySession] get a completed rules: \(rulesData.count)")
return rulesData
}
private func isContinuousFromZero(indexs: [UInt32]) -> Bool {
guard !indexs.isEmpty else {
return false
}
return indexs.enumerated().allSatisfy { idx, value in
idx == value
}
}
}
actor IdentityStore {
typealias IdentityID = UInt32
nonisolated private let alloctor = ByteBufferAllocator()
private let publisher: SnapshotPublisher<IdentitySnapshot>
private var identityMap: [IdentityID: IdentityRuleMap] = [:]
private var sessions: [IdentityID: IdentitySession] = [:]
init(publisher: SnapshotPublisher<IdentitySnapshot>) {
self.publisher = publisher
}
func apply(policyResponse: SDLPolicyResponse) {
let id = policyResponse.srcIdentityID
let session = self.sessions[id, default: IdentitySession(part: policyResponse)]
session.merge(part: policyResponse)
//
if let rulesData = session.process() {
var buffer = alloctor.buffer(bytes: rulesData)
var ruleMap: [UInt8: [UInt16: Bool]] = [:]
while true {
guard let proto = buffer.readInteger(endianness: .big, as: UInt8.self),
let port = buffer.readInteger(endianness: .big, as: UInt16.self) else {
break
}
ruleMap[proto, default: [:]][port] = true
}
self.identityMap[id] = IdentityRuleMap(ruleMap: ruleMap)
// session
self.sessions.removeValue(forKey: id)
SDLLogger.shared.log("[IdentitySession] get compile Snapshot rules nums: \(self.identityMap[id]?.ruleMap.count), success: \(self.identityMap[id]?.isAllow(proto: 1, port: 80))")
//
let snapshot = compileSnapshot()
publisher.publish(snapshot)
} else {
self.sessions[id] = session
}
}
private func compileSnapshot() -> IdentitySnapshot {
return IdentitySnapshot(identityMap: identityMap)
}
}

56
Tun/Punchnet/Policy/PolicyRequesterActor.swift Normal file
View File

@ -0,0 +1,56 @@
//
// SDLPuncherActor.swift
// Tun
//
// Created by on 2026/1/7.
//
import Foundation
import NIOCore
actor PolicyRequesterActor {
nonisolated private let cooldown: Duration = .seconds(5)
// identityId
private var coolingDown: Set<UInt32> = []
// , map[identityId] = version
private var versions: [UInt32: UInt32] = [:]
// holer
nonisolated private let querySocketAddress: SocketAddress
init(querySocketAddress: SocketAddress) {
self.querySocketAddress = querySocketAddress
}
//
func submitPolicyRequest(using udpHole: SDLUDPHole?, request: inout SDLPolicyRequest) {
let identityId = request.srcIdentityID
guard let udpHole, !coolingDown.contains(identityId) else {
return
}
//
coolingDown.insert(identityId)
let version = self.versions[identityId, default: 1]
request.version = version
//
self.versions[identityId] = version + 1
//
if let queryData = try? request.serializedData() {
udpHole.send(type: .policyRequest, data: queryData, remoteAddress: self.querySocketAddress)
}
Task {
//
try? await Task.sleep(for: .seconds(5))
self.endCooldown(for: identityId)
}
}
private func endCooldown(for key: UInt32) {
self.coolingDown.remove(key)
}
}

32
Tun/Punchnet/Policy/SnapshotPublisher.swift Normal file
View File

@ -0,0 +1,32 @@
//
// SnapshotPublisher.swift
// punchnet
//
// Created by on 2026/2/5.
//
import Atomics
final class SnapshotPublisher<IdentitySnapshot: AnyObject> {
private let atomic: ManagedAtomic<Unmanaged<IdentitySnapshot>>
init(initial snapshot: IdentitySnapshot) {
self.atomic = ManagedAtomic(.passRetained(snapshot))
}
func publish(_ snapshot: IdentitySnapshot) {
let newRef = Unmanaged.passRetained(snapshot)
let oldRef = atomic.exchange(newRef, ordering: .acquiring)
oldRef.release()
}
@inline(__always)
func current() -> IdentitySnapshot {
atomic.load(ordering: .relaxed).takeUnretainedValue()
}
deinit {
let ref = atomic.load(ordering: .relaxed)
ref.release()
}
}

41
Tun/Punchnet/SDLAddressResolver.swift Normal file
View File

@ -0,0 +1,41 @@
//
// SDLAddressResolverPool.swift
// Tun
//
// Created by on 2026/2/3.
//
import Foundation
import NIOCore
import NIOPosix
actor SDLAddressResolver {
static let shared = SDLAddressResolver(threads: System.coreCount)
private let pool: NIOThreadPool
private var cache: [String: SocketAddress] = [:]
private init(threads: Int = 2) {
self.pool = NIOThreadPool(numberOfThreads: threads)
self.pool.start()
}
func resolve(host: String, port: Int) async throws -> SocketAddress {
let key = "\(host):\(port)"
if let cached = cache[key] {
return cached
}
let address = try await pool.runIfActive {
try SocketAddress.makeAddressResolvingHost(host, port: port)
}
cache[key] = address
return address
}
deinit {
pool.shutdownGracefully { _ in }
}
}

29
Tun/Punchnet/SDLAsyncTimerStream.swift Normal file
View File

@ -0,0 +1,29 @@
//
// SDLAsyncTimerStream.swift
// Tun
//
// Created by on 2026/2/3.
//
import Foundation
class SDLAsyncTimerStream {
let timer: DispatchSourceTimer
init() {
self.timer = DispatchSource.makeTimerSource(queue: .global())
}
func start(_ cont: AsyncStream<Void>.Continuation) {
timer.schedule(deadline: .now(), repeating: .seconds(5))
timer.setEventHandler {
cont.yield()
}
timer.resume()
}
deinit {
self.timer.cancel()
}
}

133
Tun/Punchnet/SDLConfiguration.swift
View File

@ -9,7 +9,6 @@ import NIOCore
//
public class SDLConfiguration {
public struct StunServer {
public let host: String
public let ports: [Int]
@ -20,6 +19,35 @@ public class SDLConfiguration {
}
}
public struct NetworkAddress {
public let networkId: UInt32
public let ip: UInt32
public let maskLen: UInt8
public let mac: Data
public let networkDomain: String
// ip
var ipAddress: String {
return SDLUtil.int32ToIp(self.ip)
}
//
var maskAddress: String {
let len0 = 32 - maskLen
let num: UInt32 = (0xFFFFFFFF >> len0) << len0
return SDLUtil.int32ToIp(num)
}
//
var netAddress: String {
let len0 = 32 - maskLen
let mask: UInt32 = (0xFFFFFFFF >> len0) << len0
return SDLUtil.int32ToIp(self.ip & mask)
}
}
//
let version: UInt8
@ -32,8 +60,6 @@ public class SDLConfiguration {
let stunServers: [StunServer]
let remoteDnsServer: String
let hostname: String
let noticePort: Int
lazy var stunSocketAddress: SocketAddress = {
@ -52,21 +78,110 @@ public class SDLConfiguration {
}()
let clientId: String
let token: String
let networkCode: String
public init(version: UInt8, installedChannel: String, superHost: String, superPort: Int, stunServers: [StunServer], clientId: String, noticePort: Int, token: String, networkCode: String, remoteDnsServer: String, hostname: String) {
let networkAddress: NetworkAddress
let hostname: String
let accessToken: String
let identityId: UInt32
public init(version: UInt8,
installedChannel: String,
superHost: String,
superPort: Int,
stunServers: [StunServer],
clientId: String,
networkAddress: NetworkAddress,
hostname: String,
noticePort: Int,
accessToken: String,
identityId: UInt32,
remoteDnsServer: String) {
self.version = version
self.installedChannel = installedChannel
self.superHost = superHost
self.superPort = superPort
self.stunServers = stunServers
self.clientId = clientId
self.networkAddress = networkAddress
self.noticePort = noticePort
self.token = token
self.networkCode = networkCode
self.accessToken = accessToken
self.identityId = identityId
self.remoteDnsServer = remoteDnsServer
self.hostname = hostname
}
}
//
extension SDLConfiguration {
static func parse(options: [String: NSObject]) -> SDLConfiguration? {
guard let installed_channel = options["installed_channel"] as? String,
let superIp = options["super_ip"] as? String,
let superPort = options["super_port"] as? Int,
let stunServersStr = options["stun_servers"] as? String,
let noticePort = options["notice_port"] as? Int,
let accessToken = options["access_token"] as? String,
let identityId = options["identity_id"] as? UInt32,
let clientId = options["client_id"] as? String,
let remoteDnsServer = options["remote_dns_server"] as? String,
let hostname = options["hostname"] as? String,
let networkAddressDict = options["network_address"] as? [String: NSObject] else {
return nil
}
guard let stunServers = parseStunServers(stunServersStr: stunServersStr), stunServers.count >= 2 else {
NSLog("stunServers配置错误")
return nil
}
guard let networkAddress = parseNetworkAddress(networkAddressDict) else {
return nil
}
return SDLConfiguration(version: 1,
installedChannel: installed_channel,
superHost: superIp,
superPort: superPort,
stunServers: stunServers,
clientId: clientId,
networkAddress: networkAddress,
hostname: hostname,
noticePort: noticePort,
accessToken: accessToken,
identityId: identityId,
remoteDnsServer: remoteDnsServer)
}
private static func parseStunServers(stunServersStr: String) -> [SDLConfiguration.StunServer]? {
let stunServers = stunServersStr.split(separator: ";").compactMap { server -> SDLConfiguration.StunServer? in
let parts = server.split(separator: ":", maxSplits: 2)
guard parts.count == 2 else {
return nil
}
let ports = parts[1].split(separator: ",", maxSplits: 2)
guard ports.count == 2, let port1 = Int(String(ports[0])), let port2 = Int(String(ports[1])) else {
return nil
}
return .init(host: String(parts[0]), ports: [port1, port2])
}
return stunServers.count >= 2 ? stunServers : nil
}
private static func parseNetworkAddress(_ config: [String: NSObject]) -> SDLConfiguration.NetworkAddress? {
guard let networkId = config["network_id"] as? UInt32,
let ipStr = config["ip"] as? String,
let ip = SDLUtil.ipv4StrToInt32(ipStr),
let maskLen = config["mask_len"] as? UInt8,
let mac = config["mac"] as? Data,
let networkDomain = config["network_domain"] as? String else {
return nil
}
return .init(networkId: networkId, ip: ip, maskLen: maskLen, mac: mac, networkDomain: networkDomain)
}
}

715
Tun/Punchnet/SDLContext.swift
View File

@ -1,715 +0,0 @@
//
// SDLContext.swift
// Tun
//
// Created by on 2024/2/29.
//
import Foundation
import NetworkExtension
import NIOCore
import Combine
//
/*
1. rsa的加解密逻辑
*/
@available(macOS 14, *)
public class SDLContext {
//
struct Route {
let dstAddress: String
let subnetMask: String
var debugInfo: String {
return "\(dstAddress):\(subnetMask)"
}
}
let config: SDLConfiguration
// tun
var devAddr: SDLDevAddr
// nat,
//var natAddress: SDLNatAddress?
// nat
var natType: NatType = .blocked
// AES
var aesCipher: AESCipher
// aes
var aesKey: Data = Data()
// rsa, public_key
let rsaCipher: RSACipher
//
var udpHoleActor: SDLUDPHoleActor?
var superClientActor: SDLSuperClientActor?
var providerActor: SDLTunnelProviderActor
var puncherActor: SDLPuncherActor
// dnsclient
var dnsClientActor: SDLDNSClientActor?
//
private var readTask: Task<(), Never>?
private var sessionManager: SessionManager
private var arpServer: ArpServer
// stunRequestcookie
private var lastCookie: UInt32? = 0
//
private var monitor: SDLNetworkMonitor?
// socket
private var noticeClient: SDLNoticeClient?
//
private var flowTracer = SDLFlowTracerActor()
private var flowTracerCancel: AnyCancellable?
private let logger: SDLLogger
private var rootTask: Task<Void, Error>?
public init(provider: NEPacketTunnelProvider, config: SDLConfiguration, rsaCipher: RSACipher, aesCipher: AESCipher, logger: SDLLogger) {
self.logger = logger
self.config = config
self.rsaCipher = rsaCipher
self.aesCipher = aesCipher
// mac
var devAddr = SDLDevAddr()
devAddr.mac = Self.getMacAddress()
self.devAddr = devAddr
self.sessionManager = SessionManager()
self.arpServer = ArpServer(known_macs: [:])
self.providerActor = SDLTunnelProviderActor(provider: provider, logger: logger)
self.puncherActor = SDLPuncherActor(logger: logger)
}
public func start() async throws {
self.rootTask = Task {
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
while !Task.isCancelled {
do {
try await self.startDnsClient()
} catch let err {
self.logger.log("[SDLContext] UDPHole get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startUDPHole()
} catch let err {
self.logger.log("[SDLContext] UDPHole get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startSuperClient()
} catch let err {
self.logger.log("[SDLContext] SuperClient get error: \(err), will restart", level: .warning)
await self.arpServer.clear()
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
await self.startMonitor()
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startNoticeClient()
} catch let err {
self.logger.log("[SDLContext] noticeClient get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
try await group.waitForAll()
}
}
try await self.rootTask?.value
}
public func stop() async {
self.rootTask?.cancel()
self.superClientActor = nil
self.udpHoleActor = nil
self.noticeClient = nil
self.readTask?.cancel()
}
private func startNoticeClient() async throws {
self.noticeClient = try await SDLNoticeClient(noticePort: self.config.noticePort, logger: self.logger)
try await self.noticeClient?.start()
self.logger.log("[SDLContext] notice_client task cancel", level: .warning)
}
private func startUDPHole() async throws {
self.udpHoleActor = try await SDLUDPHoleActor(logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
try await self.udpHoleActor?.start()
}
group.addTask {
while !Task.isCancelled {
try Task.checkCancellation()
try await Task.sleep(nanoseconds: 5 * 1_000_000_000)
try Task.checkCancellation()
if let udpHoleActor = self.udpHoleActor {
let cookie = await udpHoleActor.getCookieId()
var stunRequest = SDLStunRequest()
stunRequest.cookie = cookie
stunRequest.clientID = self.config.clientId
stunRequest.networkID = self.devAddr.networkID
stunRequest.ip = self.devAddr.netAddr
stunRequest.mac = self.devAddr.mac
stunRequest.natType = UInt32(self.natType.rawValue)
let remoteAddress = self.config.stunSocketAddress
await udpHoleActor.send(type: .stunRequest, data: try stunRequest.serializedData(), remoteAddress: remoteAddress)
self.lastCookie = cookie
}
}
}
group.addTask {
if let eventFlow = self.udpHoleActor?.eventFlow {
for try await event in eventFlow {
try Task.checkCancellation()
try await self.handleUDPEvent(event: event)
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func startSuperClient() async throws {
self.superClientActor = try await SDLSuperClientActor(host: self.config.superHost, port: self.config.superPort, logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
defer {
self.logger.log("[SDLContext] super client task cancel", level: .warning)
}
group.addTask {
try await self.superClientActor?.start()
}
group.addTask {
if let eventFlow = self.superClientActor?.eventFlow {
for try await event in eventFlow {
try await self.handleSuperEvent(event: event)
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func startMonitor() async {
self.monitor = SDLNetworkMonitor()
for await event in self.monitor!.eventStream {
switch event {
case .changed:
// nat
self.natType = await self.getNatType()
self.logger.log("didNetworkPathChanged, nat type is: \(self.natType)", level: .info)
case .unreachable:
self.logger.log("didNetworkPathUnreachable", level: .warning)
}
}
}
private func startDnsClient() async throws {
let remoteDnsServer = config.remoteDnsServer
let dnsSocketAddress = try SocketAddress.makeAddressResolvingHost(remoteDnsServer, port: 15353)
self.dnsClientActor = try await SDLDNSClientActor(dnsServerAddress: dnsSocketAddress, logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
defer {
self.logger.log("[SDLContext] dns client task cancel", level: .warning)
}
group.addTask {
try await self.dnsClientActor?.start()
}
group.addTask {
if let packetFlow = self.dnsClientActor?.packetFlow {
for await packet in packetFlow {
let nePacket = NEPacket(data: packet, protocolFamily: 2)
await self.providerActor.writePackets(packets: [nePacket])
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func handleSuperEvent(event: SDLSuperClientActor.SuperEvent) async throws {
switch event {
case .ready:
await self.puncherActor.setSuperClientActor(superClientActor: self.superClientActor)
self.logger.log("[SDLContext] get registerSuper, mac address: \(SDLUtil.formatMacAddress(mac: self.devAddr.mac))", level: .debug)
var registerSuper = SDLRegisterSuper()
registerSuper.version = UInt32(self.config.version)
registerSuper.clientID = self.config.clientId
registerSuper.devAddr = self.devAddr
registerSuper.pubKey = self.rsaCipher.pubKey
registerSuper.token = self.config.token
registerSuper.networkCode = self.config.networkCode
registerSuper.hostname = self.config.hostname
guard let message = try await self.superClientActor?.request(type: .registerSuper, data: try registerSuper.serializedData()) else {
return
}
switch message.packet {
case .registerSuperAck(let registerSuperAck):
// rsa
let aesKey = try! self.rsaCipher.decode(data: Data(registerSuperAck.aesKey))
let upgradeType = SDLUpgradeType(rawValue: registerSuperAck.upgradeType)
self.logger.log("[SDLContext] get registerSuperAck, aes_key len: \(aesKey.count), network_id:\(registerSuperAck.devAddr.networkID)", level: .info)
self.devAddr = registerSuperAck.devAddr
if upgradeType == .force {
let forceUpgrade = NoticeMessage.upgrade(prompt: registerSuperAck.upgradePrompt, address: registerSuperAck.upgradeAddress)
await self.noticeClient?.send(data: forceUpgrade)
exit(-1)
}
// tun
do {
let ipAddress = try await self.providerActor.setNetworkSettings(devAddr: self.devAddr, dnsServer: SDLDNSClientActor.Helper.dnsServer)
await self.noticeClient?.send(data: NoticeMessage.ipAdress(ip: ipAddress))
self.startReader()
} catch let err {
self.logger.log("[SDLContext] setTunnelNetworkSettings get error: \(err)", level: .error)
exit(-1)
}
self.aesKey = aesKey
if upgradeType == .normal {
let normalUpgrade = NoticeMessage.upgrade(prompt: registerSuperAck.upgradePrompt, address: registerSuperAck.upgradeAddress)
await self.noticeClient?.send(data: normalUpgrade)
}
case .registerSuperNak(let nakPacket):
let errorMessage = nakPacket.errorMessage
guard let errorCode = SDLNAKErrorCode(rawValue: UInt8(nakPacket.errorCode)) else {
return
}
switch errorCode {
case .invalidToken, .nodeDisabled:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
await self.noticeClient?.send(data: alertNotice)
exit(-1)
case .noIpAddress, .networkFault, .internalFault:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
await self.noticeClient?.send(data: alertNotice)
}
self.logger.log("[SDLContext] Get a SuperNak message exit", level: .warning)
default:
()
}
case .event(let evt):
switch evt {
case .natChanged(let natChangedEvent):
let dstMac = natChangedEvent.mac
self.logger.log("[SDLContext] natChangedEvent, dstMac: \(dstMac)", level: .info)
await sessionManager.removeSession(dstMac: dstMac)
case .sendRegister(let sendRegisterEvent):
self.logger.log("[SDLContext] sendRegisterEvent, ip: \(sendRegisterEvent)", level: .debug)
let address = SDLUtil.int32ToIp(sendRegisterEvent.natIp)
if let remoteAddress = try? SocketAddress.makeAddressResolvingHost(address, port: Int(sendRegisterEvent.natPort)) {
// register
var register = SDLRegister()
register.networkID = self.devAddr.networkID
register.srcMac = self.devAddr.mac
register.dstMac = sendRegisterEvent.dstMac
await self.udpHoleActor?.send(type: .register, data: try register.serializedData(), remoteAddress: remoteAddress)
}
case .networkShutdown(let shutdownEvent):
let alertNotice = NoticeMessage.alert(alert: shutdownEvent.message)
await self.noticeClient?.send(data: alertNotice)
exit(-1)
}
case .command(let packetId, let command):
switch command {
case .changeNetwork(let changeNetworkCommand):
// rsa
let aesKey = try! self.rsaCipher.decode(data: Data(changeNetworkCommand.aesKey))
self.logger.log("[SDLContext] change network command get aes_key len: \(aesKey.count)", level: .info)
self.devAddr = changeNetworkCommand.devAddr
// tun
do {
let ipAddress = try await self.providerActor.setNetworkSettings(devAddr: self.devAddr, dnsServer: SDLDNSClientActor.Helper.dnsServer)
await self.noticeClient?.send(data: NoticeMessage.ipAdress(ip: ipAddress))
self.startReader()
} catch let err {
self.logger.log("[SDLContext] setTunnelNetworkSettings get error: \(err)", level: .error)
exit(-1)
}
self.aesKey = aesKey
var commandAck = SDLCommandAck()
commandAck.status = true
await self.superClientActor?.send(type: .commandAck, packetId: packetId, data: try commandAck.serializedData())
}
}
}
private func handleUDPEvent(event: SDLUDPHoleActor.UDPEvent) async throws {
switch event {
case .ready:
await self.puncherActor.setUDPHoleActor(udpHoleActor: self.udpHoleActor)
//
self.natType = await getNatType()
self.logger.log("[SDLContext] broadcast is: \(self.natType)", level: .debug)
case .message(let remoteAddress, let message):
switch message {
case .register(let register):
self.logger.log("register packet: \(register), dev_addr: \(self.devAddr)", level: .debug)
// tun,
if register.dstMac == self.devAddr.mac && register.networkID == self.devAddr.networkID {
// ack
var registerAck = SDLRegisterAck()
registerAck.networkID = self.devAddr.networkID
registerAck.srcMac = self.devAddr.mac
registerAck.dstMac = register.srcMac
await self.udpHoleActor?.send(type: .registerAck, data: try registerAck.serializedData(), remoteAddress: remoteAddress)
// , super-nodenatudpnat
let session = Session(dstMac: register.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
self.logger.log("SDLContext didReadRegister get a invalid packet, because dst_ip not matched: \(register.dstMac)", level: .warning)
}
case .registerAck(let registerAck):
// tun,
if registerAck.dstMac == self.devAddr.mac && registerAck.networkID == self.devAddr.networkID {
let session = Session(dstMac: registerAck.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
self.logger.log("SDLContext didReadRegisterAck get a invalid packet, because dst_mac not matched: \(registerAck.dstMac)", level: .warning)
}
case .stunReply(let stunReply):
let cookie = stunReply.cookie
if cookie == self.lastCookie {
// nat
//self.natAddress = stunReply.natAddress
self.logger.log("[SDLContext] get a stunReply: \(try! stunReply.jsonString())", level: .debug)
}
default:
()
}
case .data(let data):
let mac = LayerPacket.MacAddress(data: data.dstMac)
guard (data.dstMac == self.devAddr.mac || mac.isBroadcast() || mac.isMulticast()) else {
return
}
guard let decyptedData = try? self.aesCipher.decypt(aesKey: self.aesKey, data: Data(data.data)) else {
return
}
do {
let layerPacket = try LayerPacket(layerData: decyptedData)
await self.flowTracer.inc(num: decyptedData.count, type: .inbound)
// arp
switch layerPacket.type {
case .arp:
// arp
if let arpPacket = ARPPacket(data: layerPacket.data) {
if arpPacket.targetIP == self.devAddr.netAddr {
switch arpPacket.opcode {
case .request:
self.logger.log("[SDLContext] get arp request packet", level: .debug)
let response = ARPPacket.arpResponse(for: arpPacket, mac: self.devAddr.mac, ip: self.devAddr.netAddr)
await self.routeLayerPacket(dstMac: arpPacket.senderMAC, type: .arp, data: response.marshal())
case .response:
self.logger.log("[SDLContext] get arp response packet", level: .debug)
await self.arpServer.append(ip: arpPacket.senderIP, mac: arpPacket.senderMAC)
}
} else {
self.logger.log("[SDLContext] get invalid arp packet: \(arpPacket), target_ip: \(SDLUtil.int32ToIp(arpPacket.targetIP)), net ip: \(SDLUtil.int32ToIp(self.devAddr.netAddr))", level: .debug)
}
} else {
self.logger.log("[SDLContext] get invalid arp packet", level: .debug)
}
case .ipv4:
guard let ipPacket = IPPacket(layerPacket.data), ipPacket.header.destination == self.devAddr.netAddr else {
return
}
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
await self.providerActor.writePackets(packets: [packet])
default:
self.logger.log("[SDLContext] get invalid packet", level: .debug)
}
} catch let err {
self.logger.log("[SDLContext] didReadData err: \(err)", level: .warning)
}
}
}
//
// public func flowReportTask() {
// Task {
// //
// self.flowTracerCancel = Timer.publish(every: 60.0, on: .main, in: .common).autoconnect()
// .sink { _ in
// Task {
// let (forwardNum, p2pNum, inboundNum) = await self.flowTracer.reset()
// await self.superClient?.flowReport(forwardNum: forwardNum, p2pNum: p2pNum, inboundNum: inboundNum)
// }
// }
// }
// }
// , 线packetFlow
private func startReader() {
//
self.readTask?.cancel()
//
self.readTask = Task(priority: .high) {
repeat {
let packets = await self.providerActor.readPackets()
for packet in packets {
await self.dealPacket(data: packet)
}
} while true
}
}
//
private func dealPacket(data: Data) async {
guard let packet = IPPacket(data) else {
return
}
if SDLDNSClientActor.Helper.isDnsRequestPacket(ipPacket: packet) {
let destIp = packet.header.destination_ip
self.logger.log("[DNSQuery] destIp: \(destIp), int: \(packet.header.destination.asIpAddress())", level: .debug)
await self.dnsClientActor?.forward(ipPacket: packet)
}
else {
Task.detached {
let dstIp = packet.header.destination
// , ip
if dstIp == self.devAddr.netAddr {
let nePacket = NEPacket(data: packet.data, protocolFamily: 2)
await self.providerActor.writePackets(packets: [nePacket])
return
}
// arpmac
if let dstMac = await self.arpServer.query(ip: dstIp) {
await self.routeLayerPacket(dstMac: dstMac, type: .ipv4, data: packet.data)
}
else {
self.logger.log("[SDLContext] dstIp: \(dstIp.asIpAddress()) arp query not found, broadcast", level: .debug)
// arp广
let arpReqeust = ARPPacket.arpRequest(senderIP: self.devAddr.netAddr, senderMAC: self.devAddr.mac, targetIP: dstIp)
await self.routeLayerPacket(dstMac: ARPPacket.broadcastMac , type: .arp, data: arpReqeust.marshal())
}
}
}
}
private func routeLayerPacket(dstMac: Data, type: LayerPacket.PacketType, data: Data) async {
// 2
let layerPacket = LayerPacket(dstMac: dstMac, srcMac: self.devAddr.mac, type: type, data: data)
guard let encodedPacket = try? self.aesCipher.encrypt(aesKey: self.aesKey, data: layerPacket.marshal()) else {
return
}
//
var dataPacket = SDLData()
dataPacket.networkID = self.devAddr.networkID
dataPacket.srcMac = self.devAddr.mac
dataPacket.dstMac = dstMac
dataPacket.ttl = 255
dataPacket.data = encodedPacket
let data = try! dataPacket.serializedData()
// 广
if ARPPacket.isBroadcastMac(dstMac) {
// super_node
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
}
else {
// session
if let session = await self.sessionManager.getSession(toAddress: dstMac) {
self.logger.log("[SDLContext] send packet by session: \(session)", level: .debug)
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: session.natAddress)
await self.flowTracer.inc(num: data.count, type: .p2p)
}
else {
// super_node
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
//
await self.flowTracer.inc(num: data.count, type: .forward)
//
await self.puncherActor.submitRegisterRequest(request: .init(srcMac: self.devAddr.mac, dstMac: dstMac, networkId: self.devAddr.networkID))
}
}
}
deinit {
self.rootTask?.cancel()
self.udpHoleActor = nil
self.superClientActor = nil
self.dnsClientActor = nil
}
// mac
public static func getMacAddress() -> Data {
let key = "gMacAddress2"
let userDefaults = UserDefaults.standard
if let mac = userDefaults.value(forKey: key) as? Data {
return mac
}
else {
let mac = generateMacAddress()
userDefaults.setValue(mac, forKey: key)
return mac
}
}
// mac
private static func generateMacAddress() -> Data {
var macAddress = [UInt8](repeating: 0, count: 6)
for i in 0..<6 {
macAddress[i] = UInt8.random(in: 0...255)
}
return Data(macAddress)
}
}
//
extension SDLContext {
// nat
enum NatType: UInt8, Encodable {
case blocked = 0
case noNat = 1
case fullCone = 2
case portRestricted = 3
case coneRestricted = 4
case symmetric = 5
}
// nat
func getNatType() async -> NatType {
guard let udpHole = self.udpHoleActor else {
return .blocked
}
let addressArray = config.stunProbeSocketAddressArray
// step1: ip1:port1 <---- ip1:port1
guard let natAddress1 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .none) else {
return .blocked
}
// nat
if await natAddress1 == udpHole.localAddress {
return .noNat
}
// step2: ip2:port2 <---- ip2:port2
guard let natAddress2 = await getNatAddress(udpHole, remoteAddress: addressArray[1][1], attr: .none) else {
return .blocked
}
// natAddress2 IPIPNAT;
// ip{dstIp, dstPort, srcIp, srcPort}, ip
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2)", level: .debug)
if let ipAddress1 = natAddress1.ipAddress, let ipAddress2 = natAddress2.ipAddress, ipAddress1 != ipAddress2 {
return .symmetric
}
// step3: ip1:port1 <---- ip2:port2 (ipport)
// IPNAT
if let natAddress3 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .peer) {
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2), nat_address3: \(natAddress3)", level: .debug)
return .fullCone
}
// step3: ip1:port1 <---- ip1:port2 (port)
// IPNAT
if let natAddress4 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .port) {
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2), nat_address4: \(natAddress4)", level: .debug)
return .coneRestricted
} else {
return .portRestricted
}
}
private func getNatAddress(_ udpHole: SDLUDPHoleActor, remoteAddress: SocketAddress, attr: SDLProbeAttr) async -> SocketAddress? {
let stunProbeReply = try? await udpHole.stunProbe(remoteAddress: remoteAddress, attr: attr, timeout: 5)
return stunProbeReply?.socketAddress()
}
}
private extension UInt32 {
// ip
func asIpAddress() -> String {
return SDLUtil.int32ToIp(self)
}
}

721
Tun/Punchnet/SDLContextActor.swift Normal file
View File

@ -0,0 +1,721 @@
//
// SDLContext.swift
// Tun
//
// Created by on 2024/2/29.
//
import Foundation
import NetworkExtension
import NIOCore
//
/*
1. rsa的加解密逻辑
*/
actor SDLContextActor {
enum State {
case unregistered
case registered
}
nonisolated let config: SDLConfiguration
private var state: State = .unregistered
// nat
var natType: SDLNATProberActor.NatType = .blocked
// AES
nonisolated let aesCipher: AESCipher
// aes
private var aesKey: Data?
// session token
private var sessionToken: Data?
// rsa, public_key
nonisolated let rsaCipher: RSACipher
//
private var udpHole: SDLUDPHole?
private var udpHoleWorkers: [Task<Void, Never>]?
// dnsclient
private var dnsClient: SDLDNSClient?
private var dnsWorker: Task<Void, Never>?
nonisolated private let puncherActor: SDLPuncherActor
//
nonisolated private let proberActor: SDLNATProberActor
//
private var readTask: Task<(), Never>?
private var sessionManager: SessionManager
private var arpServer: ArpServerActor
//
private var monitor: SDLNetworkMonitor?
private var monitorWorker: Task<Void, Never>?
// socket
private var noticeClient: SDLNoticeClient?
//
nonisolated private let flowTracer = SDLFlowTracer()
//
private var loopChildWorkers: [Task<Void, Never>] = []
private let provider: NEPacketTunnelProvider
//
private let identifyStore: IdentityStore
private let snapshotPublisher: SnapshotPublisher<IdentitySnapshot>
private let policyRequesterActor: PolicyRequesterActor
public init(provider: NEPacketTunnelProvider, config: SDLConfiguration, rsaCipher: RSACipher, aesCipher: AESCipher) {
self.provider = provider
self.config = config
self.rsaCipher = rsaCipher
self.aesCipher = aesCipher
self.sessionManager = SessionManager()
self.arpServer = ArpServerActor(known_macs: [:])
self.puncherActor = SDLPuncherActor(querySocketAddress: config.stunSocketAddress)
self.proberActor = SDLNATProberActor(addressArray: config.stunProbeSocketAddressArray)
//
let snapshotPublisher = SnapshotPublisher(initial: IdentitySnapshot.empty())
self.identifyStore = IdentityStore(publisher: snapshotPublisher)
self.snapshotPublisher = snapshotPublisher
self.policyRequesterActor = PolicyRequesterActor(querySocketAddress: config.stunSocketAddress)
}
public func start() {
self.startMonitor()
self.loopChildWorkers.append(spawnLoop {
let noticeClient = try self.startNoticeClient()
SDLLogger.shared.log("[SDLContext] noticeClient running!!!!")
try await noticeClient.waitClose()
SDLLogger.shared.log("[SDLContext] noticeClient closed!!!!")
})
self.loopChildWorkers.append(spawnLoop {
let dnsClient = try await self.startDnsClient()
SDLLogger.shared.log("[SDLContext] dns running!!!!")
try await dnsClient.waitClose()
SDLLogger.shared.log("[SDLContext] dns closed!!!!")
})
self.loopChildWorkers.append(spawnLoop {
let udpHole = try await self.startUDPHole()
SDLLogger.shared.log("[SDLContext] udp running!!!!")
try await udpHole.waitClose()
SDLLogger.shared.log("[SDLContext] udp closed!!!!")
})
}
private func startNoticeClient() throws -> SDLNoticeClient {
// noticeClient
let noticeClient = try SDLNoticeClient(noticePort: self.config.noticePort, logger: SDLLogger.shared)
noticeClient.start()
SDLLogger.shared.log("[SDLContext] noticeClient started")
self.noticeClient = noticeClient
return noticeClient
}
private func startMonitor() {
self.monitorWorker?.cancel()
self.monitorWorker = nil
// monitor
let monitor = SDLNetworkMonitor()
monitor.start()
SDLLogger.shared.log("[SDLContext] monitor started")
self.monitor = monitor
self.monitorWorker = Task.detached {
for await event in monitor.eventStream {
switch event {
case .changed:
// nat
//self.natType = await self.getNatType()
SDLLogger.shared.log("didNetworkPathChanged, nat type is:", level: .info)
case .unreachable:
SDLLogger.shared.log("didNetworkPathUnreachable", level: .warning)
}
}
}
}
private func startDnsClient() async throws -> SDLDNSClient {
self.dnsWorker?.cancel()
self.dnsWorker = nil
// dns
let dnsSocketAddress = try SocketAddress.makeAddressResolvingHost(self.config.remoteDnsServer, port: 15353)
let dnsClient = try await SDLDNSClient(dnsServerAddress: dnsSocketAddress, logger: SDLLogger.shared)
try dnsClient.start()
SDLLogger.shared.log("[SDLContext] dnsClient started")
self.dnsClient = dnsClient
self.dnsWorker = Task.detached {
//
for await packet in dnsClient.packetFlow {
if Task.isCancelled {
break
}
let nePacket = NEPacket(data: packet, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects([nePacket])
}
}
return dnsClient
}
private func startUDPHole() async throws -> SDLUDPHole {
self.udpHoleWorkers?.forEach {$0.cancel()}
self.udpHoleWorkers = nil
// udp
let udpHole = try SDLUDPHole()
try udpHole.start()
SDLLogger.shared.log("[SDLContext] udpHole started")
// udp
let localAddress = udpHole.getLocalAddress()
// udpHole
await udpHole.channelIsActived()
//
let pingTask = Task.detached {
let (stream, cont) = AsyncStream.makeStream(of: Void.self)
let timerStream = SDLAsyncTimerStream()
timerStream.start(cont)
for await _ in stream {
if Task.isCancelled {
break
}
await self.sendStunRequest()
}
SDLLogger.shared.log("[SDLContext] udp pingTask cancel")
}
//
let dataTask = Task.detached {
for await data in udpHole.dataStream {
if Task.isCancelled {
break
}
try? await self.handleData(data: data)
}
SDLLogger.shared.log("[SDLContext] udp dataTask cancel")
}
//
let signalTask = Task.detached {
for await(remoteAddress, signal) in udpHole.signalStream {
if Task.isCancelled {
break
}
switch signal {
case .registerSuperAck(let registerSuperAck):
await self.handleRegisterSuperAck(registerSuperAck: registerSuperAck)
case .registerSuperNak(let registerSuperNak):
await self.handleRegisterSuperNak(nakPacket: registerSuperNak)
case .peerInfo(let peerInfo):
await self.puncherActor.handlePeerInfo(using: udpHole, peerInfo: peerInfo)
case .event(let event):
try? await self.handleEvent(event: event)
case .stunProbeReply(let probeReply):
await self.proberActor.handleProbeReply(localAddress: localAddress, reply: probeReply)
case .register(let register):
try? await self.handleRegister(remoteAddress: remoteAddress, register: register)
case .registerAck(let registerAck):
await self.handleRegisterAck(remoteAddress: remoteAddress, registerAck: registerAck)
case .policyReponse(let policyResponse):
SDLLogger.shared.log("[SDLContext] get a policyResponse: \(policyResponse.totalNum) of \(policyResponse.index), bytes: \(policyResponse.rules.count)")
//
await self.identifyStore.apply(policyResponse: policyResponse)
}
}
SDLLogger.shared.log("[SDLContext] udp signalTask cancel")
}
self.udpHole = udpHole
self.udpHoleWorkers = [pingTask, dataTask, signalTask]
// nat
Task {
let natType = await self.proberActor.probeNatType(using: udpHole)
self.setNatType(natType: natType)
SDLLogger.shared.log("[SDLContext] nat_type is: \(natType)")
}
//
self.doRegisterSuper()
return udpHole
}
// context
public func stop() async {
self.loopChildWorkers.forEach { $0.cancel() }
self.loopChildWorkers.removeAll()
self.udpHoleWorkers?.forEach { $0.cancel() }
self.udpHoleWorkers = nil
self.dnsWorker?.cancel()
self.dnsWorker = nil
self.monitorWorker?.cancel()
self.monitorWorker = nil
self.readTask?.cancel()
self.readTask = nil
}
private func setNatType(natType: SDLNATProberActor.NatType) {
self.natType = natType
}
private func sendStunRequest() {
guard let sessionToken = self.sessionToken else {
return
}
var stunRequest = SDLStunRequest()
stunRequest.clientID = self.config.clientId
stunRequest.networkID = self.config.networkAddress.networkId
stunRequest.ip = self.config.networkAddress.ip
stunRequest.mac = self.config.networkAddress.mac
stunRequest.natType = UInt32(self.natType.rawValue)
stunRequest.sessionToken = sessionToken
if let stunData = try? stunRequest.serializedData() {
let remoteAddress = self.config.stunSocketAddress
self.udpHole?.send(type: .stunRequest, data: stunData, remoteAddress: remoteAddress)
}
}
private func handleRegisterSuperAck(registerSuperAck: SDLRegisterSuperAck) async {
// rsa
self.aesKey = try! self.rsaCipher.decode(data: Data(registerSuperAck.aesKey))
self.sessionToken = registerSuperAck.sessionToken
await self.triggerPolicy()
SDLLogger.shared.log("[SDLContext] get registerSuperAck, aes_key len: \(self.aesKey!.count)", level: .info)
// tun
do {
try await self.setNetworkSettings(networkAddress: self.config.networkAddress, dnsServer: SDLDNSClient.Helper.dnsServer)
SDLLogger.shared.log("[SDLContext] setNetworkSettings successed")
self.state = .registered
self.startReader()
} catch let err {
SDLLogger.shared.log("[SDLContext] setTunnelNetworkSettings get error: \(err)", level: .error)
self.provider.cancelTunnelWithError(err)
}
}
private func handleRegisterSuperNak(nakPacket: SDLRegisterSuperNak) {
let errorMessage = nakPacket.errorMessage
guard let errorCode = SDLNAKErrorCode(rawValue: UInt8(nakPacket.errorCode)) else {
return
}
switch errorCode {
case .invalidToken, .nodeDisabled:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
self.noticeClient?.send(data: alertNotice)
// 退
let error = NSError(domain: "com.jihe.punchnet.tun", code: -1)
self.provider.cancelTunnelWithError(error)
case .noIpAddress, .networkFault, .internalFault:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
self.noticeClient?.send(data: alertNotice)
}
SDLLogger.shared.log("[SDLContext] Get a SuperNak message exit", level: .warning)
}
private func handleEvent(event: SDLEvent) async throws {
switch event {
case .dropMacs(let dropMacsEvent):
SDLLogger.shared.log("[SDLContext] drop macs", level: .info)
await self.arpServer.dropMacs(macs: dropMacsEvent.macs)
case .natChanged(let natChangedEvent):
let dstMac = natChangedEvent.mac
SDLLogger.shared.log("[SDLContext] natChangedEvent, dstMac: \(dstMac)", level: .info)
await sessionManager.removeSession(dstMac: dstMac)
case .sendRegister(let sendRegisterEvent):
SDLLogger.shared.log("[SDLContext] sendRegisterEvent, ip: \(sendRegisterEvent)", level: .debug)
let address = SDLUtil.int32ToIp(sendRegisterEvent.natIp)
if let remoteAddress = try? SocketAddress.makeAddressResolvingHost(address, port: Int(sendRegisterEvent.natPort)) {
// register
var register = SDLRegister()
register.networkID = self.config.networkAddress.networkId
register.srcMac = self.config.networkAddress.mac
register.dstMac = sendRegisterEvent.dstMac
self.udpHole?.send(type: .register, data: try register.serializedData(), remoteAddress: remoteAddress)
}
case .refreshAuth(let refreshAuthEvent):
SDLLogger.shared.log("[SDLContext] refresh auth: \(refreshAuthEvent.networkID)", level: .info)
self.doRegisterSuper()
case .networkShutdown(let shutdownEvent):
let alertNotice = NoticeMessage.alert(alert: shutdownEvent.message)
self.noticeClient?.send(data: alertNotice)
// 退
let error = NSError(domain: "com.jihe.punchnet.tun", code: -2)
self.provider.cancelTunnelWithError(error)
}
}
private func doRegisterSuper() {
//
var registerSuper = SDLRegisterSuper()
registerSuper.pktID = 0
registerSuper.clientID = self.config.clientId
registerSuper.networkID = self.config.networkAddress.networkId
registerSuper.mac = self.config.networkAddress.mac
registerSuper.ip = self.config.networkAddress.ip
registerSuper.maskLen = UInt32(self.config.networkAddress.maskLen)
registerSuper.hostname = self.config.hostname
registerSuper.pubKey = self.rsaCipher.pubKey
registerSuper.accessToken = self.config.accessToken
if let registerSuperData = try? registerSuper.serializedData() {
SDLLogger.shared.log("[SDLContext] will send register super")
self.udpHole?.send(type: .registerSuper, data: registerSuperData, remoteAddress: self.config.stunSocketAddress)
// 5
Task {
try await Task.sleep(for: .seconds(5))
self.checkRegisterState()
}
}
}
//
private func checkRegisterState() {
if self.state == .unregistered {
SDLLogger.shared.log("[SDLContext] register super failed, retry")
self.doRegisterSuper()
}
}
private func handleRegister(remoteAddress: SocketAddress, register: SDLRegister) async throws {
let networkAddr = config.networkAddress
SDLLogger.shared.log("register packet: \(register), network_address: \(networkAddr)", level: .debug)
// tun,
if register.dstMac == networkAddr.mac && register.networkID == networkAddr.networkId {
// ack
var registerAck = SDLRegisterAck()
registerAck.networkID = networkAddr.networkId
registerAck.srcMac = networkAddr.mac
registerAck.dstMac = register.srcMac
self.udpHole?.send(type: .registerAck, data: try registerAck.serializedData(), remoteAddress: remoteAddress)
// , super-nodenatudpnat
let session = Session(dstMac: register.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
SDLLogger.shared.log("SDLContext didReadRegister get a invalid packet, because dst_ip not matched: \(register.dstMac)", level: .warning)
}
}
private func handleRegisterAck(remoteAddress: SocketAddress, registerAck: SDLRegisterAck) async {
// tun,
let networkAddr = config.networkAddress
if registerAck.dstMac == networkAddr.mac && registerAck.networkID == networkAddr.networkId {
let session = Session(dstMac: registerAck.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
SDLLogger.shared.log("SDLContext didReadRegisterAck get a invalid packet, because dst_mac not matched: \(registerAck.dstMac)", level: .warning)
}
}
private func handleData(data: SDLData) async throws {
guard let aesKey = self.aesKey else {
return
}
let mac = LayerPacket.MacAddress(data: data.dstMac)
let networkAddr = config.networkAddress
guard (data.dstMac == networkAddr.mac || mac.isBroadcast() || mac.isMulticast()) else {
return
}
guard let decyptedData = try? self.aesCipher.decypt(aesKey: aesKey, data: Data(data.data)) else {
return
}
let layerPacket = try LayerPacket(layerData: decyptedData)
self.flowTracer.inc(num: decyptedData.count, type: .inbound)
// arp
switch layerPacket.type {
case .arp:
// arp
if let arpPacket = ARPPacket(data: layerPacket.data) {
if arpPacket.targetIP == networkAddr.ip {
switch arpPacket.opcode {
case .request:
SDLLogger.shared.log("[SDLContext] get arp request packet", level: .debug)
let response = ARPPacket.arpResponse(for: arpPacket, mac: networkAddr.mac, ip: networkAddr.ip)
await self.routeLayerPacket(dstMac: arpPacket.senderMAC, type: .arp, data: response.marshal())
case .response:
SDLLogger.shared.log("[SDLContext] get arp response packet", level: .debug)
await self.arpServer.append(ip: arpPacket.senderIP, mac: arpPacket.senderMAC)
}
} else {
SDLLogger.shared.log("[SDLContext] get invalid arp packet: \(arpPacket), target_ip: \(SDLUtil.int32ToIp(arpPacket.targetIP)), net ip: \(SDLUtil.int32ToIp(networkAddr.ip))", level: .debug)
}
} else {
SDLLogger.shared.log("[SDLContext] get invalid arp packet", level: .debug)
}
case .ipv4:
guard let ipPacket = IPPacket(layerPacket.data), ipPacket.header.destination == networkAddr.ip else {
return
}
//
let identitySnapshot = self.snapshotPublisher.current()
if let ruleMap = identitySnapshot.lookup(data.identityID) {
let proto = ipPacket.header.proto
switch TransportProtocol(rawValue: proto) {
case .udp, .tcp:
if let dstPort = ipPacket.getDstPort(), ruleMap.isAllow(proto: proto, port: dstPort) {
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects([packet])
}
case .icmp:
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects([packet])
default:
()
}
} else {
//
if let sessionToken = self.sessionToken {
var policyRequest = SDLPolicyRequest()
policyRequest.clientID = self.config.clientId
policyRequest.networkID = self.config.networkAddress.networkId
policyRequest.mac = self.config.networkAddress.mac
policyRequest.srcIdentityID = data.identityID
policyRequest.dstIdentityID = self.config.identityId
policyRequest.sessionToken = sessionToken
await self.policyRequesterActor.submitPolicyRequest(using: self.udpHole, request: &policyRequest)
}
}
default:
SDLLogger.shared.log("[SDLContext] get invalid packet", level: .debug)
}
}
//
// public func flowReportTask() {
// Task {
// //
// self.flowTracerCancel = Timer.publish(every: 60.0, on: .main, in: .common).autoconnect()
// .sink { _ in
// Task {
// let (forwardNum, p2pNum, inboundNum) = await self.flowTracer.reset()
// await self.superClient?.flowReport(forwardNum: forwardNum, p2pNum: p2pNum, inboundNum: inboundNum)
// }
// }
// }
// }
// , 线packetFlow
private func startReader() {
//
self.readTask?.cancel()
//
self.readTask = Task.detached(priority: .high) {
while true {
if Task.isCancelled {
return
}
let (packets, numbers) = await self.provider.packetFlow.readPackets()
for (data, number) in zip(packets, numbers) where number == 2 {
if let ipPacket = IPPacket(data) {
await self.dealPacket(packet: ipPacket)
}
}
}
}
}
//
private func dealPacket(packet: IPPacket) async {
let networkAddr = self.config.networkAddress
if SDLDNSClient.Helper.isDnsRequestPacket(ipPacket: packet) {
let destIp = packet.header.destination_ip
SDLLogger.shared.log("[DNSQuery] destIp: \(destIp), int: \(packet.header.destination.asIpAddress())", level: .debug)
self.dnsClient?.forward(ipPacket: packet)
return
}
let dstIp = packet.header.destination
// , ip
if dstIp == networkAddr.ip {
let nePacket = NEPacket(data: packet.data, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects([nePacket])
return
}
// arpmac
if let dstMac = await self.arpServer.query(ip: dstIp) {
await self.routeLayerPacket(dstMac: dstMac, type: .ipv4, data: packet.data)
}
else {
SDLLogger.shared.log("[SDLContext] dstIp: \(dstIp.asIpAddress()) arp query not found, broadcast", level: .debug)
// arp广
let arpReqeust = ARPPacket.arpRequest(senderIP: networkAddr.ip, senderMAC: networkAddr.mac, targetIP: dstIp)
await self.routeLayerPacket(dstMac: ARPPacket.broadcastMac , type: .arp, data: arpReqeust.marshal())
}
}
private func routeLayerPacket(dstMac: Data, type: LayerPacket.PacketType, data: Data) async {
let networkAddr = self.config.networkAddress
// 2
let layerPacket = LayerPacket(dstMac: dstMac, srcMac: networkAddr.mac, type: type, data: data)
guard let udpHole = self.udpHole, let aesKey = self.aesKey, let encodedPacket = try? self.aesCipher.encrypt(aesKey: aesKey, data: layerPacket.marshal()) else {
return
}
//
var dataPacket = SDLData()
dataPacket.networkID = networkAddr.networkId
dataPacket.srcMac = networkAddr.mac
dataPacket.dstMac = dstMac
dataPacket.ttl = 255
dataPacket.identityID = self.config.identityId
dataPacket.data = encodedPacket
let data = try! dataPacket.serializedData()
// 广
if ARPPacket.isBroadcastMac(dstMac) {
// super_node
udpHole.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
}
else {
// session
if let session = await self.sessionManager.getSession(toAddress: dstMac) {
SDLLogger.shared.log("[SDLContext] send packet by session: \(session)", level: .debug)
udpHole.send(type: .data, data: data, remoteAddress: session.natAddress)
self.flowTracer.inc(num: data.count, type: .p2p)
}
else {
// super_node
udpHole.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
//
self.flowTracer.inc(num: data.count, type: .forward)
//
Task.detached {
await self.puncherActor.submitRegisterRequest(using: udpHole, request: .init(srcMac: networkAddr.mac, dstMac: dstMac, networkId: networkAddr.networkId))
}
}
}
}
//
private func setNetworkSettings(networkAddress: SDLConfiguration.NetworkAddress, dnsServer: String) async throws {
let routes: [NEIPv4Route] = [
NEIPv4Route(destinationAddress: networkAddress.netAddress, subnetMask: networkAddress.maskAddress),
NEIPv4Route(destinationAddress: dnsServer, subnetMask: "255.255.255.255"),
]
// Add code here to start the process of connecting the tunnel.
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
networkSettings.mtu = 1250
// DNS
let networkDomain = networkAddress.networkDomain
let dnsSettings = NEDNSSettings(servers: [dnsServer])
dnsSettings.searchDomains = [networkDomain]
dnsSettings.matchDomains = [networkDomain]
dnsSettings.matchDomainsNoSearch = false
networkSettings.dnsSettings = dnsSettings
let ipv4Settings = NEIPv4Settings(addresses: [networkAddress.ipAddress], subnetMasks: [networkAddress.maskAddress])
//
//NEIPv4Route.default()
ipv4Settings.includedRoutes = routes
networkSettings.ipv4Settings = ipv4Settings
//
try await self.provider.setTunnelNetworkSettings(networkSettings)
}
// , 线packetFlow
func readPackets() async -> [Data] {
let (packets, numbers) = await self.provider.packetFlow.readPackets()
return zip(packets, numbers).compactMap { (data, number) in
return number == 2 ? data : nil
}
}
private func spawnLoop(_ body: @escaping () async throws -> Void) -> Task<Void, Never> {
return Task.detached {
while !Task.isCancelled {
do {
try await body()
} catch is CancellationError {
break
} catch {
try? await Task.sleep(nanoseconds: 2_000_000_000)
}
}
}
}
// todo
private func triggerPolicy() async {
//
if let sessionToken = self.sessionToken {
var policyRequest = SDLPolicyRequest()
policyRequest.clientID = self.config.clientId
policyRequest.networkID = self.config.networkAddress.networkId
policyRequest.mac = self.config.networkAddress.mac
policyRequest.srcIdentityID = 1234
policyRequest.dstIdentityID = self.config.identityId
policyRequest.sessionToken = sessionToken
await self.policyRequesterActor.submitPolicyRequest(using: self.udpHole, request: &policyRequest)
}
}
deinit {
self.udpHole = nil
self.dnsClient = nil
}
}
private extension UInt32 {
// ip
func asIpAddress() -> String {
return SDLUtil.int32ToIp(self)
}
}

98
Tun/Punchnet/SDLDNSClient.swift Normal file
View File

@ -0,0 +1,98 @@
//
// DNSClient.swift
// Tun
//
// Created by on 2025/12/10.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
final class SDLDNSClient: ChannelInboundHandler {
typealias InboundIn = AddressedEnvelope<ByteBuffer>
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private var channel: Channel?
private let logger: SDLLogger
private let dnsServerAddress: SocketAddress
public let packetFlow: AsyncStream<Data>
private let packetContinuation: AsyncStream<Data>.Continuation
//
init(dnsServerAddress: SocketAddress, logger: SDLLogger) async throws {
self.dnsServerAddress = dnsServerAddress
self.logger = logger
(self.packetFlow, self.packetContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
}
func start() throws {
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
channel.pipeline.addHandler(self)
}
let channel = try bootstrap.bind(host: "0.0.0.0", port: 0).wait()
self.logger.log("[DNSClient] started", level: .debug)
self.channel = channel
}
func waitClose() async throws {
try await self.channel?.closeFuture.get()
}
// --MARK: ChannelInboundHandler delegate
func channelRead(context: ChannelHandlerContext, data: NIOAny) {
let envelope = unwrapInboundIn(data)
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
self.logger.log("[DNSClient] read data: \(buffer), from: \(remoteAddress)", level: .debug)
let len = buffer.readableBytes
if let bytes = buffer.readBytes(length: len) {
self.packetContinuation.yield(Data(bytes))
}
}
func channelInactive(context: ChannelHandlerContext) {
self.packetContinuation.finish()
}
func forward(ipPacket: IPPacket) {
guard let channel = self.channel else {
return
}
let buffer = channel.allocator.buffer(bytes: ipPacket.data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: self.dnsServerAddress, data: buffer)
channel.pipeline.eventLoop.execute {
channel.writeAndFlush(envelope, promise: nil)
}
}
deinit {
try? self.group.syncShutdownGracefully()
self.packetContinuation.finish()
}
}
extension SDLDNSClient {
struct Helper {
static let dnsServer: String = "100.100.100.100"
// dns
static let dnsDestIpAddr: UInt32 = 1684300900
// dns
static func isDnsRequestPacket(ipPacket: IPPacket) -> Bool {
return ipPacket.header.destination == dnsDestIpAddr
}
}
}

13
Tun/Punchnet/SDLFlowTracerActor.swift → Tun/Punchnet/SDLFlowTracer.swift
View File

@ -6,9 +6,10 @@
//
import Foundation
import Darwin
//
actor SDLFlowTracerActor {
final class SDLFlowTracer {
enum FlowType {
case forward
case p2p
@ -19,7 +20,14 @@ actor SDLFlowTracerActor {
private var p2pFlowBytes: UInt32 = 0
private var inFlowBytes: UInt32 = 0
private let lock = NSLock()
func inc(num: Int, type: FlowType) {
lock.lock()
defer {
lock.unlock()
}
switch type {
case .inbound:
self.inFlowBytes += UInt32(num)
@ -31,13 +39,14 @@ actor SDLFlowTracerActor {
}
func reset() -> (UInt32, UInt32, UInt32) {
lock.lock()
defer {
self.forwardFlowBytes = 0
self.inFlowBytes = 0
self.p2pFlowBytes = 0
lock.unlock()
}
return (forwardFlowBytes, p2pFlowBytes, inFlowBytes)
}
}

17
Tun/Punchnet/SDLLogger.swift
View File

@ -5,7 +5,7 @@
// Created by on 2024/3/13.
//
import Foundation
import os.log
import os
public class SDLLogger: @unchecked Sendable {
public enum Level: Int8, CustomStringConvertible {
@ -28,19 +28,18 @@ public class SDLLogger: @unchecked Sendable {
}
}
private let level: Level
private let log: OSLog
static let shared = SDLLogger(level: .debug)
public init(level: Level) {
private let level: Level
private let log: Logger
private init(level: Level) {
self.level = level
self.log = OSLog(subsystem: "com.jihe.punchnet", category: "punchnet")
self.log = Logger(subsystem: "com.jihe.punchnet", category: "punchnet")
}
public func log(_ message: String, level: Level = .debug) {
if self.level.rawValue <= level.rawValue {
//os_log("%{public}@: %{public}@", log: self.log, type: .debug, level.description, message)
NSLog("\(level.description): \(message)")
}
self.log.info("\(message, privacy: .public)")
}
}

1749
Tun/Punchnet/SDLMessage.pb.swift
View File

File diff suppressed because it is too large Load Diff

109
Tun/Punchnet/SDLMessage.swift
View File

@ -21,38 +21,24 @@ enum SDLPacketType: UInt8 {
case queryInfo = 0x06
case peerInfo = 0x07
case ping = 0x08
case pong = 0x09
//
case event = 0x10
// ,
case command = 0x11
case commandAck = 0x12
//
case flowTracer = 0x15
case register = 0x20
case registerAck = 0x21
case stunRequest = 0x30
case stunReply = 0x31
case stunProbe = 0x32
case stunProbeReply = 0x33
//
case policyRequest = 0xb0
case policyResponse = 0xb1
case data = 0xFF
}
//
enum SDLUpgradeType: UInt32 {
case none = 0
case normal = 1
case force = 2
}
// Id
struct SDLIdGenerator: Sendable {
// id
@ -71,29 +57,6 @@ struct SDLIdGenerator: Sendable {
//
//
enum SDLEventType: UInt8 {
case natChanged = 0x03
case sendRegister = 0x04
case networkShutdown = 0xFF
}
enum SDLEvent {
case natChanged(SDLNatChangedEvent)
case sendRegister(SDLSendRegisterEvent)
case networkShutdown(SDLNetworkShutdownEvent)
}
// --MARK:
enum SDLCommandType: UInt8 {
case changeNetwork = 0x01
}
enum SDLCommand {
case changeNetwork(SDLChangeNetworkCommand)
}
// --MARK:
// Attr
enum SDLProbeAttr: UInt8 {
@ -112,55 +75,55 @@ enum SDLNAKErrorCode: UInt8 {
}
extension SDLV4Info {
func socketAddress() -> SocketAddress? {
func socketAddress() async throws -> SocketAddress {
let address = "\(v4[0]).\(v4[1]).\(v4[2]).\(v4[3])"
return try? SocketAddress.makeAddressResolvingHost(address, port: Int(port))
return try await SDLAddressResolver.shared.resolve(host: address, port: Int(port))
}
}
extension SDLStunProbeReply {
func socketAddress() -> SocketAddress? {
func socketAddress() async -> SocketAddress? {
let address = SDLUtil.int32ToIp(self.ip)
return try? SocketAddress.makeAddressResolvingHost(address, port: Int(port))
return try? await SDLAddressResolver.shared.resolve(host: address, port: Int(port))
}
}
// --MARK: ,
enum SDLHoleMessage {
case data(SDLData)
case signal(SDLHoleSignal)
}
enum SDLHoleInboundMessage {
case stunReply(SDLStunReply)
enum SDLHoleSignal {
case registerSuperAck(SDLRegisterSuperAck)
case registerSuperNak(SDLRegisterSuperNak)
case peerInfo(SDLPeerInfo)
case event(SDLEvent)
case stunProbeReply(SDLStunProbeReply)
case data(SDLData)
case register(SDLRegister)
case registerAck(SDLRegisterAck)
case policyReponse(SDLPolicyResponse)
}
// --MARK:
struct SDLSuperInboundMessage {
let msgId: UInt32
let packet: InboundPacket
enum InboundPacket {
case empty
case registerSuperAck(SDLRegisterSuperAck)
case registerSuperNak(SDLRegisterSuperNak)
case peerInfo(SDLPeerInfo)
case pong
case event(SDLEvent)
case command(SDLCommand)
}
func isPong() -> Bool {
switch self.packet {
case .pong:
return true
default:
return false
}
}
//
enum SDLEventType: UInt8 {
case dropMacs = 0x02
case natChanged = 0x03
case sendRegister = 0x04
case refreshAuth = 0x05
case networkShutdown = 0xFF
}
enum SDLEvent {
case dropMacs(SDLDropMacsEvent)
case natChanged(SDLNatChangedEvent)
case sendRegister(SDLSendRegisterEvent)
case refreshAuth(SDLRefreshAuthEvent)
case networkShutdown(SDLNetworkShutdownEvent)
}

49
Tun/Punchnet/SDLNetAddress.swift
View File

@ -1,49 +0,0 @@
//
// SDLIPAddress.swift
// Tun
//
// Created by on 2024/3/4.
//
import Foundation
struct SDLNetAddress {
let ip: UInt32
let maskLen: UInt8
// ip
var ipAddress: String {
return intToIpAddress(self.ip)
}
//
var maskAddress: String {
let len0 = 32 - maskLen
let num: UInt32 = (0xFFFFFFFF >> len0) << len0
return intToIpAddress(num)
}
//
var networkAddress: String {
let len0 = 32 - maskLen
let mask: UInt32 = (0xFFFFFFFF >> len0) << len0
return intToIpAddress(self.ip & mask)
}
init(ip: UInt32, maskLen: UInt8) {
self.ip = ip
self.maskLen = maskLen
}
private func intToIpAddress(_ num: UInt32) -> String {
let ip0 = (UInt8) (num >> 24 & 0xFF)
let ip1 = (UInt8) (num >> 16 & 0xFF)
let ip2 = (UInt8) (num >> 8 & 0xFF)
let ip3 = (UInt8) (num & 0xFF)
return "\(ip0).\(ip1).\(ip2).\(ip3)"
}
}

85
Tun/Punchnet/SDLNoticeClient.swift
View File

@ -19,61 +19,50 @@ import NIOCore
import NIOPosix
// sn-server
actor SDLNoticeClient {
final class SDLNoticeClient {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let remoteAddress: SocketAddress
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
let (writeStream, writeContinuation) = AsyncStream<Data>.makeStream(of: Data.self)
private var task: Task<Void, Never>?
private var channel: Channel
private let logger: SDLLogger
private let noticePort: Int
//
init(noticePort: Int, logger: SDLLogger) async throws {
init(noticePort: Int, logger: SDLLogger) throws {
self.logger = logger
self.remoteAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: noticePort)
self.noticePort = noticePort
let bootstrap = DatagramBootstrap(group: self.group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing {channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
.channelInitializer { channel in
channel.pipeline.addHandler(SDLNoticeClientInboundHandler())
}
.get()
self.logger.log("[SDLNoticeClient] started and listening on: \(self.asyncChannel.channel.localAddress!)", level: .debug)
self.channel = try bootstrap.bind(host: "0.0.0.0", port: 0).wait()
self.logger.log("[SDLNoticeClient] started", level: .debug)
}
func start() async throws {
try await self.asyncChannel.executeThenClose { inbound, outbound in
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
try await self.asyncChannel.channel.closeFuture.get()
throw SDLError.socketClosed
func start() {
let channel = self.channel
self.task = Task.detached {
guard let remoteAddress = try? await SDLAddressResolver.shared.resolve(host: "127.0.0.1", port: self.noticePort) else {
return
}
for await data in self.writeStream {
if Task.isCancelled {
break
}
group.addTask {
defer {
self.writeContinuation.finish()
}
for try await message in self.writeStream {
let buf = self.asyncChannel.channel.allocator.buffer(bytes: message)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: self.remoteAddress, data: buf)
try await outbound.write(envelope)
}
}
for try await _ in group {
let buf = channel.allocator.buffer(bytes: data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: remoteAddress, data: buf)
channel.eventLoop.execute {
channel.writeAndFlush(envelope, promise: nil)
}
}
}
}
//
@ -81,8 +70,22 @@ actor SDLNoticeClient {
self.writeContinuation.yield(data)
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
func waitClose() async throws {
try await self.channel.closeFuture.get()
}
deinit {
self.writeContinuation.finish()
self.task?.cancel()
try? self.group.syncShutdownGracefully()
}
}
extension SDLNoticeClient {
private class SDLNoticeClientInboundHandler: ChannelInboundHandler {
typealias InboundIn = AddressedEnvelope<ByteBuffer>
}
}

251
Tun/Punchnet/SDLUDPHole.swift Normal file
View File

@ -0,0 +1,251 @@
//
// SDLUDPHoleActor 2.swift
// punchnet
//
// Created by on 2026/1/28.
//
//
// SDLanServer.swift
// Tun
//
// Created by on 2024/1/31.
//
import Foundation
import NIOCore
import NIOPosix
import SwiftProtobuf
// sn-server
final class SDLUDPHole: ChannelInboundHandler {
typealias InboundIn = AddressedEnvelope<ByteBuffer>
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private var channel: Channel?
public let signalStream: AsyncStream<(SocketAddress, SDLHoleSignal)>
private let signalContinuation: AsyncStream<(SocketAddress, SDLHoleSignal)>.Continuation
public let dataStream: AsyncStream<SDLData>
private let dataContinuation: AsyncStream<SDLData>.Continuation
// channelready
private var cont: CheckedContinuation<Void, Never>?
private var isReady: Bool = false
enum HoleEvent {
case ready
case closed
}
//
init() throws {
(self.signalStream, self.signalContinuation) = AsyncStream.makeStream(of: (SocketAddress, SDLHoleSignal).self, bufferingPolicy: .unbounded)
(self.dataStream, self.dataContinuation) = AsyncStream.makeStream(of: SDLData.self, bufferingPolicy: .unbounded)
}
func start() throws {
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
channel.pipeline.addHandler(self)
}
let channel = try bootstrap.bind(host: "0.0.0.0", port: 0).wait()
SDLLogger.shared.log("[UDPHole] started", level: .debug)
self.channel = channel
}
func channelIsActived() async {
await withCheckedContinuation { c in
if isReady {
c.resume()
} else {
self.cont = c
}
}
}
func waitClose() async throws {
try await self.channel?.closeFuture.get()
}
// --MARK: ChannelInboundHandler delegate
func channelActive(context: ChannelHandlerContext) {
guard !isReady else {
return
}
self.isReady = true
self.cont?.resume()
self.cont = nil
}
func channelRead(context: ChannelHandlerContext, data: NIOAny) {
let envelope = unwrapInboundIn(data)
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
do {
if let message = try decode(buffer: &buffer) {
switch message {
case .data(let data):
self.dataContinuation.yield(data)
case .signal(let signal):
self.signalContinuation.yield((remoteAddress, signal))
}
} else {
SDLLogger.shared.log("[SDLUDPHole] decode message, get null", level: .warning)
}
} catch let err {
SDLLogger.shared.log("[SDLUDPHole] decode message, get error: \(err)", level: .warning)
}
}
func channelInactive(context: ChannelHandlerContext) {
self.signalContinuation.finish()
self.dataContinuation.finish()
context.close(promise: nil)
}
func errorCaught(context: ChannelHandlerContext, error: any Error) {
context.close(promise: nil)
}
func getLocalAddress() -> SocketAddress? {
return self.channel?.localAddress
}
// MARK:
func send(type: SDLPacketType, data: Data, remoteAddress: SocketAddress) {
guard let channel = self.channel else {
return
}
var buffer = channel.allocator.buffer(capacity: data.count + 1)
buffer.writeBytes([type.rawValue])
buffer.writeBytes(data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: remoteAddress, data: buffer)
_ = channel.eventLoop.submit {
channel.writeAndFlush(envelope, promise: nil)
}
}
// --MARK:
private func decode(buffer: inout ByteBuffer) throws -> SDLHoleMessage? {
let rawType = buffer.getInteger(at: 0, endianness: .big, as: UInt8.self)
guard let type = buffer.readInteger(as: UInt8.self),
let packetType = SDLPacketType(rawValue: type) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 11: \(rawType)")
return nil
}
switch packetType {
case .data:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let dataPacket = try? SDLData(serializedBytes: bytes) else {
return nil
}
return .data(dataPacket)
case .register:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerPacket = try? SDLRegister(serializedBytes: bytes) else {
return nil
}
return .signal(.register(registerPacket))
case .registerAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerAck = try? SDLRegisterAck(serializedBytes: bytes) else {
return nil
}
return .signal(.registerAck(registerAck))
case .stunProbeReply:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let stunProbeReply = try? SDLStunProbeReply(serializedBytes: bytes) else {
return nil
}
return .signal(.stunProbeReply(stunProbeReply))
case .registerSuperAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperAck = try? SDLRegisterSuperAck(serializedBytes: bytes) else {
return nil
}
return .signal(.registerSuperAck(registerSuperAck))
case .registerSuperNak:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperNak = try? SDLRegisterSuperNak(serializedBytes: bytes) else {
return nil
}
return .signal(.registerSuperNak(registerSuperNak))
case .peerInfo:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let peerInfo = try? SDLPeerInfo(serializedBytes: bytes) else {
return nil
}
return .signal(.peerInfo(peerInfo))
case .policyResponse:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let policyResponse = try? SDLPolicyResponse(serializedBytes: bytes) else {
return nil
}
return .signal(.policyReponse(policyResponse))
case .event:
guard let eventVal = buffer.readInteger(as: UInt8.self),
let event = SDLEventType(rawValue: eventVal),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 15")
return nil
}
switch event {
case .dropMacs:
guard let dropMacsEvent = try? SDLDropMacsEvent(serializedBytes: bytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 16")
return nil
}
return .signal(.event(.dropMacs(dropMacsEvent)))
case .natChanged:
guard let natChangedEvent = try? SDLNatChangedEvent(serializedBytes: bytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 16")
return nil
}
return .signal(.event(.natChanged(natChangedEvent)))
case .sendRegister:
guard let sendRegisterEvent = try? SDLSendRegisterEvent(serializedBytes: bytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 17")
return nil
}
return .signal(.event(.sendRegister(sendRegisterEvent)))
case .refreshAuth:
guard let refreshAuthEvent = try? SDLRefreshAuthEvent(serializedBytes: bytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 17")
return nil
}
return .signal(.event(.refreshAuth(refreshAuthEvent)))
case .networkShutdown:
guard let networkShutdownEvent = try? SDLNetworkShutdownEvent(serializedBytes: bytes) else {
SDLLogger.shared.log("[SDLUDPHole] decode error 18")
return nil
}
return .signal(.event(.networkShutdown(networkShutdownEvent)))
}
default:
SDLLogger.shared.log("SDLUDPHole decode miss type: \(type)")
return nil
}
}
deinit {
try? self.group.syncShutdownGracefully()
self.channel?.close(promise: nil)
}
}

15
Tun/Punchnet/SDLUtil.swift
View File

@ -30,6 +30,21 @@ struct SDLUtil {
return "\(ip0).\(ip1).\(ip2).\(ip3)"
}
public static func ipv4StrToInt32(_ ip: String) -> UInt32? {
let parts = ip.split(separator: ".")
guard parts.count == 4 else {
return nil
}
var result: UInt32 = 0
for part in parts {
guard let byte = UInt8(part) else { return nil }
result = (result << 8) | UInt32(byte)
}
return result
}
// ip
public static func inSameNetwork(ip: UInt32, compareIp: UInt32, maskLen: UInt8) -> Bool {
if ip == compareIp {

1
Tun/Punchnet/SessionManager.swift
View File

@ -6,6 +6,7 @@
//
import Foundation
import NIOCore
import Darwin
struct Session {
// ip,

77
punchnet/Core/KeychainStore.swift Normal file
View File

@ -0,0 +1,77 @@
//
// KeychainStore.swift
// punchnet
//
// Created by on 2026/1/19.
//
import Foundation
import Security
enum KeychainError: Error {
case unexpectedStatus(OSStatus)
}
final class KeychainStore {
public static var shared: KeychainStore = .init(service: Bundle.main.bundleIdentifier!)
private let service: String
private init(service: String) {
self.service = service
}
func save(_ data: Data, account: String) throws {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account,
kSecValueData: data
]
//
SecItemDelete(query as CFDictionary)
let status = SecItemAdd(query as CFDictionary, nil)
guard status == errSecSuccess else {
throw KeychainError.unexpectedStatus(status)
}
}
func load(account: String) throws -> Data? {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account,
kSecReturnData: true,
kSecMatchLimit: kSecMatchLimitOne
]
var result: AnyObject?
let status = SecItemCopyMatching(query as CFDictionary, &result)
if status == errSecItemNotFound {
return nil
}
guard status == errSecSuccess else {
throw KeychainError.unexpectedStatus(status)
}
return result as? Data
}
func delete(account: String) throws {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account
]
let status = SecItemDelete(query as CFDictionary)
guard status == errSecSuccess || status == errSecItemNotFound else {
throw KeychainError.unexpectedStatus(status)
}
}
}

40
punchnet/Core/NoticeMessage.swift
View File

@ -11,9 +11,7 @@ import NIOCore
struct NoticeMessage {
enum InboundMessage {
case none
case upgradeMessage(prompt: String, address: String)
case alertMessage(alert: String)
case ip(ip: String)
}
static func decodeMessage(buffer: inout ByteBuffer) -> InboundMessage {
@ -23,23 +21,10 @@ struct NoticeMessage {
switch type {
case 0x01:
if let len0 = buffer.readInteger(as: UInt16.self),
let prompt = buffer.readString(length: Int(len0)),
let len1 = buffer.readInteger(as: UInt16.self),
let address = buffer.readString(length: Int(len1)) {
return .upgradeMessage(prompt: prompt, address: address)
}
case 0x02:
if let len0 = buffer.readInteger(as: UInt16.self),
let alert = buffer.readString(length: Int(len0)) {
return .alertMessage(alert: alert)
}
case 0x03:
if let len0 = buffer.readInteger(as: UInt16.self),
let ipAddress = buffer.readString(length: Int(len0)) {
return .ip(ip: ipAddress)
}
default:
return .none
}
@ -47,39 +32,16 @@ struct NoticeMessage {
return .none
}
static func upgrade(prompt: String, address: String) -> Data {
static func alert(alert: String) -> Data {
var data = Data()
data.append(contentsOf: [0x01])
data.append(contentsOf: lenBytes(UInt16(prompt.count)))
data.append(prompt.data(using: .utf8)!)
data.append(contentsOf: lenBytes(UInt16(address.count)))
data.append(address.data(using: .utf8)!)
return data
}
static func alert(alert: String) -> Data {
var data = Data()
data.append(contentsOf: [0x02])
data.append(contentsOf: lenBytes(UInt16(alert.count)))
data.append(alert.data(using: .utf8)!)
return data
}
static func ipAdress(ip: String) -> Data {
var data = Data()
data.append(contentsOf: [0x03])
data.append(contentsOf: lenBytes(UInt16(ip.count)))
data.append(ip.data(using: .utf8)!)
return data
}
private static func lenBytes(_ value: UInt16) -> [UInt8] {
let byte1 = UInt8((value >> 8) & 0xFF)
let bytes2 = UInt8(value & 0xFF)

52
punchnet/Core/SDLAPI.swift
View File

@ -12,7 +12,7 @@ struct JSONRPCResponse<T: Decodable>: Decodable {
let error: JSONRPCError?
}
struct JSONRPCError: Decodable {
struct JSONRPCError: Error, Decodable {
let code: Int
let message: String
let data: String?
@ -20,8 +20,21 @@ struct JSONRPCError: Decodable {
struct SDLAPI {
static let baseUrl: String = "https://punchnet.s5s8.com/api"
static let testBaseUrl: String = "http://127.0.0.1:19082/test"
enum Mode {
case debug
case prod
}
static let mode: Mode = .debug
static var baseUrl: String {
switch mode {
case .debug:
return "http://127.0.0.1:18082/test"
case .prod:
return "https://punchnet.s5s8.com/api"
}
}
struct Upgrade: Decodable {
let upgrade_type: Int
@ -71,4 +84,37 @@ struct SDLAPI {
return try JSONDecoder().decode(JSONRPCResponse<NetworkProfile>.self, from: data)
}
static func loginWithAccountAndPassword<T: Decodable>(clientId: String, username: String, password: String, as: T.Type) async throws -> T {
let params: [String:Any] = [
"client_id": clientId,
"username": username,
"password": password
]
return try await doPost(path: "/login_with_account", params: params, as: T.self)
}
private static func doPost<T: Decodable>(path: String, params: [String: Any], as: T.Type) async throws -> T {
let postData = try! JSONSerialization.data(withJSONObject: params)
var request = URLRequest(url: URL(string: baseUrl + path)!)
request.httpMethod = "POST"
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpBody = postData
let (data, _) = try await URLSession.shared.data(for: request)
let rpcResponse = try JSONDecoder().decode(JSONRPCResponse<T>.self, from: data)
if let result = rpcResponse.result {
return result
} else if let error = rpcResponse.error {
throw error
} else {
throw DecodingError.dataCorrupted(
.init(
codingPath: [],
debugDescription: "Invalid JSON-RPC response: \(String(data: data, encoding: .utf8) ?? "")"
)
)
}
}
}

46
punchnet/Core/SystemConfig.swift
View File

@ -23,26 +23,36 @@ struct SystemConfig {
static let superPort = 18083
// stun
static let stunServers = "118.178.229.213:1265,1266;118.178.229.213:1265,1266"
static let stunServers = "118.178.229.213:1365,1366;118.178.229.213:1365,1366"
//static let stunServers = "127.0.0.1:1265,1266;127.0.0.1:1265,1266"
static func getOptions(networkCode: String, token: String, clientId: String, hostname: String, noticePort: Int) -> [String:NSObject]? {
static func getOptions(networkId: UInt32, networkDomain: String, ip: String, maskLen: UInt8, accessToken: String, identityId: UInt32, hostname: String, noticePort: Int) -> [String: NSObject]? {
guard let superIp = DNSResolver.resolveAddrInfos(superHost).first else {
return nil
}
let clientId = getClientId()
let mac = getMacAddress()
let options = [
"version:": version as NSObject,
"installed_channel": installedChannel as NSObject,
"client_id": clientId as NSObject,
"network_code": networkCode as NSObject,
"token": token as NSObject,
"access_token": accessToken as NSObject,
"identity_id": identityId as NSObject,
"super_ip": superIp as NSObject,
"super_port": superPort as NSObject,
"stun_servers": stunServers as NSObject,
"remote_dns_server": superIp as NSObject,
"hostname": hostname as NSObject,
"notice_port": noticePort as NSObject
"notice_port": noticePort as NSObject,
"network_address": [
"network_id": networkId as NSObject,
"ip": ip as NSObject,
"mask_len": maskLen as NSObject,
"mac": mac as NSObject,
"network_domain": networkDomain as NSObject
] as NSObject
]
return options
@ -60,4 +70,30 @@ struct SystemConfig {
}
}
// mac
public static func getMacAddress() -> Data {
let key = "gMacAddress2"
let userDefaults = UserDefaults.standard
if let mac = userDefaults.value(forKey: key) as? Data {
return mac
}
else {
let mac = generateMacAddress()
userDefaults.setValue(mac, forKey: key)
return mac
}
}
// mac
private static func generateMacAddress() -> Data {
var macAddress = [UInt8](repeating: 0, count: 6)
for i in 0..<6 {
macAddress[i] = UInt8.random(in: 0...255)
}
return Data(macAddress)
}
}

14
punchnet/Views/IndexView.swift
View File

@ -222,8 +222,6 @@ struct IndexView: View {
}
.alert(isPresented: $showStunAlert) {
switch self.message {
case .upgradeMessage(let prompt, _):
Alert(title: Text(prompt))
case .alertMessage(let alert):
Alert(title: Text(alert))
default:
@ -250,9 +248,6 @@ struct IndexView: View {
switch message {
case .none:
()
case .ip(let ip):
self.showIpAdress = true
self.ipAddress = ip
default:
self.message = message
self.showStunAlert = true
@ -269,10 +264,11 @@ struct IndexView: View {
self.ipAddress = ""
try await vpnManager.disableVpn()
case .disconnected:
let clientId = SystemConfig.getClientId()
NSLog("[IndexView] use token: \(self.token), network_code: \(networkCode)")
// token使token
try await vpnManager.enableVpn(options: SystemConfig.getOptions(networkCode: self.networkCode, token: self.token, clientId: clientId, hostname: self.hostname, noticePort: self.noticeServer.port)!)
// let clientId = SystemConfig.getClientId()
// NSLog("[IndexView] use token: \(self.token), network_code: \(networkCode)")
// // token使token
// try await vpnManager.enableVpn(options: SystemConfig.getOptions(networkCode: self.networkCode, token: self.token, clientId: clientId, hostname: self.hostname, noticePort: self.noticeServer.port)!)
()
}
}

21
punchnet/Views/Login/LoginState.swift Normal file
View File

@ -0,0 +1,21 @@
//
// LoginState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
@Observable
class UserContext {
var isLogined: Bool = false
var loginCredit: LoginCredit?
enum LoginCredit {
case token(token: String, networkdId: Int)
case accountAndPasword(account: String, password: String, networkId: Int)
}
}

218
punchnet/Views/Login/LoginView.swift Normal file
View File

@ -0,0 +1,218 @@
//
// LoginView.swift
// punchnet
//
// Created by on 2026/1/15.
//
import SwiftUI
import Observation
//
struct LoginView: View {
@State private var loginMode: LoginMode = .account
enum LoginMode {
case token
case account
}
var body: some View {
VStack {
Text("PunchNet")
.font(.system(size: 16, weight: .medium))
HStack(alignment: .center, spacing: 30) {
Button {
self.loginMode = .token
} label: {
HStack {
Image("logo")
.resizable()
.clipped()
.frame(width: 25, height: 25)
Text("密钥登陆")
.foregroundColor(self.loginMode == .token ? .blue : .black)
}
.contentShape(Rectangle())
}
.buttonStyle(.plain)
Button {
self.loginMode = .account
} label: {
HStack {
Image("logo")
.resizable()
.clipped()
.frame(width: 25, height: 25)
Text("账户登陆")
.foregroundColor(self.loginMode == .account ? .blue : .black)
}
.contentShape(Rectangle())
}
.buttonStyle(.plain)
}
Group {
switch loginMode {
case .token:
LoginTokenView()
case .account:
LoginAccountView()
}
}
Spacer()
}
.frame(width: 400, height: 400)
}
}
struct LoginTokenView: View {
@Environment(UserContext.self) var userContext: UserContext
@State private var token: String = ""
var body: some View {
TextField("认证密钥", text: $token)
.multilineTextAlignment(.leading)
.textFieldStyle(PlainTextFieldStyle())
.frame(width: 200, height: 25)
.background(Color.clear)
.foregroundColor(Color.black)
.overlay(
Rectangle()
.frame(height: 1)
.foregroundColor(.blue)
.padding(.top, 25)
, alignment: .topLeading)
Rectangle()
.overlay {
Text("登陆")
.font(.system(size: 14, weight: .regular))
.foregroundColor(.black)
}
.frame(width: 120, height: 35)
.foregroundColor(Color(red: 74 / 255, green: 207 / 255, blue: 154 / 255))
.cornerRadius(5.0)
.onTapGesture {
print("call me here")
}
}
}
struct LoginAccountView: View {
@Environment(UserContext.self) var userContext: UserContext
@State private var username: String = ""
@State private var password: String = ""
@State private var showAlert = false
@State private var errorMessage = ""
struct LoginResult: Decodable {
var accessToken: String
var networkId: Int
enum CodingKeys: String, CodingKey {
case accessToken = "access_token"
case networkId = "network_id"
}
}
var body: some View {
VStack {
TextField("手机号/邮箱", text: $username)
.multilineTextAlignment(.leading)
.textFieldStyle(PlainTextFieldStyle())
.frame(width: 200, height: 25)
.background(Color.clear)
.foregroundColor(Color.black)
.overlay(
Rectangle()
.frame(height: 1)
.foregroundColor(.blue)
.padding(.top, 25)
, alignment: .topLeading)
SecureField("密码", text: $password)
.multilineTextAlignment(.leading)
.textFieldStyle(PlainTextFieldStyle())
.frame(width: 200, height: 25)
.background(Color.clear)
.foregroundColor(Color.black)
.overlay(
Rectangle()
.frame(height: 1)
.foregroundColor(.blue)
.padding(.top, 25)
, alignment: .topLeading)
Button {
if self.username.isEmpty {
self.showAlert = true
self.errorMessage = "账号不能为空"
} else if self.password.isEmpty {
self.showAlert = true
self.errorMessage = "密码不能为空"
} else {
Task {
await self.doLogin()
}
}
} label: {
Text("登陆")
.font(.system(size: 14, weight: .regular))
.foregroundColor(.black)
.frame(width: 120, height: 35)
}
.frame(width: 120, height: 35)
.background(Color(red: 74 / 255, green: 207 / 255, blue: 154 / 255))
.cornerRadius(5.0)
}
.alert(isPresented: $showAlert) {
Alert(title: Text("错误提示"), message: Text("账号密码为空"))
}
}
//
private func doLogin() async {
// let clientId = SystemConfig.getClientId()
// do {
// let loginResult = try await SDLAPI.loginWithAccountAndPassword(clientId: clientId, username: self.username, password: self.password, as: LoginResult.self)
//
// print(loginResult.accessToken)
//
// // KeychainStore
// let store = KeychainStore.shared
// if let tokenData = loginResult.accessToken.data(using: .utf8) {
// try store.save(tokenData, account: self.username)
// }
//
// await MainActor.run {
// self.userContext.isLogined = true
// self.userContext.loginCredit = .accountAndPasword(account: username, password: password, networkId: loginResult.networkId)
// }
//
// } catch let err as JSONRPCError {
// await MainActor.run {
// self.showAlert = true
// self.errorMessage = err.message
// }
// } catch {
// await MainActor.run {
// self.showAlert = true
// self.errorMessage = ""
// }
// }
}
}
#Preview {
LoginView()
}

154
punchnet/Views/Network/NetworkConnctedView.swift Normal file
View File

@ -0,0 +1,154 @@
//
// NetworkConnctedView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct NetworkConnctedView: View {
@Bindable var state: NetworkState
var body: some View {
Group {
switch state.showModel {
case .resource:
NetworkResourceGroupView(state: self.state)
case .device:
NetworkDeviceGroupView(state: self.state)
}
}
}
}
//
struct NetworkResourceGroupView: View {
@Bindable var state: NetworkState
var body: some View {
LazyVGrid(columns: Array(repeating: GridItem(.flexible()), count: 3), spacing: 8) {
ForEach(self.state.resources, id: \.id) { resource in
NetworkResourceView(resource: resource)
}
}
}
}
struct NetworkResourceView: View {
var resource: NetworkState.Resource
var body: some View {
VStack {
HStack {
Text(resource.status == 1 ? "yes" : "no")
Text(resource.name)
.font(.system(size: 14, weight: .regular))
}
Text(resource.schema)
.font(.system(size: 14, weight: .regular))
.padding(.leading, 30)
}
}
}
//
struct NetworkDeviceGroupView: View {
@Bindable var state: NetworkState
@State private var selectedId: Int?
var body: some View {
NavigationSplitView {
List(self.state.devices, id: \.id, selection: $selectedId) { device in
NetworkDeviceHeadView(device: device)
}
.listStyle(.sidebar)
.onChange(of: selectedId) {
self.state.changeSelectedDevice(deviceId: selectedId)
}
.onAppear {
if selectedId == nil {
selectedId = self.state.devices.first?.id
}
}
} detail: {
NetworkDeviceDetailView(device: $state.selectedDevice)
}
}
}
struct NetworkDeviceHeadView: View {
var device: NetworkState.Device
var body: some View {
VStack {
HStack {
Text(device.status == 1 ? "yes" : "no")
Text(device.name)
.font(.system(size: 14, weight: .regular))
}
Text(device.ipv4)
.font(.system(size: 14, weight: .regular))
.padding(.leading, 30)
}
}
}
struct NetworkDeviceDetailView: View {
@Binding var device: NetworkState.Device?
var body: some View {
Group {
if let device {
List {
Section {
HStack {
Text("连接状态")
Text("\(device.status)")
Spacer()
}
HStack {
Text("虚拟IPv4")
Text("\(device.ipv4)")
Spacer()
}
HStack {
Text("虚拟IPv6")
Text("\(device.ipv6)")
Spacer()
}
HStack {
Text("操作系统")
Text("\(device.system)")
Spacer()
}
}
Section("服务列表") {
ForEach(device.resources, id: \.id) { resource in
HStack {
Text("\(resource.name)")
Text("\(resource.schema)")
}
}
}
}
} else {
EmptyView()
}
}
}
}

75
punchnet/Views/Network/NetworkDisconnctedView.swift Normal file
View File

@ -0,0 +1,75 @@
//
// NetworkDisconnctedView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct NetworkDisconnctedView: View {
@Bindable var state: NetworkState
var body: some View {
ZStack {
Color.clear
VStack {
Button {
Task {
try await startVpn()
}
} label: {
Text("连接")
.font(.system(size: 14, weight: .regular))
.padding([.top, .bottom], 8)
.padding([.leading, .trailing], 30)
.foregroundColor(.white)
}
.background(Color(red: 74/255, green: 207/255, blue: 154/255))
.cornerRadius(5)
.frame(width: 120, height: 35)
Button {
Task {
try await VPNManager.shared.disableVpn()
}
} label: {
Text("关闭")
.font(.system(size: 14, weight: .regular))
.padding([.top, .bottom], 8)
.padding([.leading, .trailing], 30)
.foregroundColor(.white)
}
.background(Color(red: 74/255, green: 207/255, blue: 154/255))
.cornerRadius(5)
.frame(width: 120, height: 35)
}
}
}
//
private func startVpn() async throws {
let clientId = SystemConfig.getClientId()
let options = SystemConfig.getOptions(networkId: 8,
networkDomain: "punchnet.com",
ip: "10.211.179.1",
maskLen: 24,
accessToken: "accessToken1234",
identityId: 1234,
hostname: "mysql",
noticePort: 1234)
// token使token
try await VPNManager.shared.enableVpn(options: options!)
}
}
//#Preview {
// NetworkDisconnctedView()
//}

111
punchnet/Views/Network/NetworkState.swift Normal file
View File

@ -0,0 +1,111 @@
//
// NetworkState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
@Observable
class NetworkState {
//
enum ConnectState {
case waitAuth
case connected
case disconnected
}
//
enum ShowMode {
case resource
case device
}
struct Resource {
var id: Int
var status: Int
var name: String
var schema: String
}
struct Device {
var id: Int
var status: Int
var name: String
var ipv4: String
var ipv6: String
var system: String
var resources: [Resource]
func hash(into hasher: inout Hasher) {
hasher.combine(id)
}
static func == (lhs: Self, rhs: Self) -> Bool {
return lhs.id == rhs.id
}
}
struct NetworkModel {
var name: String
}
//
var connectState: ConnectState = .disconnected
var model: NetworkModel = .init(name: "123@abc.com的网络")
var showModel: ShowMode = .device
//
var isOn: Bool = false {
didSet {
if isOn {
self.connectState = .connected
} else {
self.connectState = .disconnected
}
}
}
//
var selectedDevice: Device?
var resources: [Resource] = [
.init(id: 1, status: 1, name: "OA", schema: "http://100.92.108.1:8080"),
.init(id: 2, status: 0, name: "数据资源", schema: "http://100.92.108.1:8080"),
.init(id: 3, status: 1, name: "OA", schema: "http://100.92.108.1:8080"),
.init(id: 4, status: 0, name: "TEST", schema: "http://100.92.108.1:8080"),
.init(id: 10, status: 1, name: "YES", schema: "http://100.92.108.1:8080"),
.init(id: 11, status: 0, name: "DEBUG", schema: "http://100.92.108.1:8080"),
]
var devices: [Device] = [
]
init() {
self.devices = [
.init(id: 1, status: 1, name: "test1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 2, status: 1, name: "test2", ipv4: "192.168.1.2", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 3, status: 1, name: "test3", ipv4: "192.168.1.3", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 4, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 5, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 15, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 25, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 35, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 45, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
.init(id: 55, status: 1, name: "阿里云1", ipv4: "192.168.1.1", ipv6: "fa9d.fa9d.fa9d.fa9d", system: "MacOS 12", resources: self.resources),
]
}
func changeSelectedDevice(deviceId: Int?) {
if let deviceId {
if let device = self.devices.first(where: { $0.id == deviceId}) {
self.selectedDevice = device
}
}
}
}

82
punchnet/Views/Network/NetworkView.swift Normal file
View File

@ -0,0 +1,82 @@
//
// NetworkView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct NetworkView: View {
@State private var state = NetworkState()
var body: some View {
VStack {
HStack {
VStack {
HStack(alignment: .center) {
Text(state.model.name)
Text(">")
Spacer()
}
HStack {
Toggle("", isOn: $state.isOn)
.toggleStyle(SwitchToggleStyle(tint: .green))
Text("已连接")
Spacer()
}
}
.frame(width: 320)
//
HStack {
Button {
self.state.showModel = .resource
} label: {
Text("资源")
}
Button {
self.state.showModel = .device
} label: {
Text("设备")
}
}
Spacer()
}
Group {
switch state.connectState {
case .waitAuth:
NetworkWaitAuthView(state: self.state)
case .connected:
NetworkConnctedView(state: self.state)
case .disconnected:
NetworkDisconnctedView(state: self.state)
}
}
Spacer()
}
.padding(.top, 10)
.padding(.leading, 10)
.toolbar {
ToolbarItem(placement: .primaryAction) {
Button {
print("clicked")
} label: {
Image(systemName: "gearshape")
}
}
}
}
}
#Preview {
NetworkView()
}

18
punchnet/Views/Network/NetworkWaitAuthView.swift Normal file
View File

@ -0,0 +1,18 @@
//
// NetworkWaitAuthView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct NetworkWaitAuthView: View {
@Bindable var state: NetworkState
var body: some View {
Color.clear
.overlay {
Text("等待确认中")
}
}
}

28
punchnet/Views/RootView.swift Normal file
View File

@ -0,0 +1,28 @@
//
// RootView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct RootView: View {
@State private var userContext = UserContext()
var body: some View {
Group {
if userContext.isLogined {
NetworkView()
.environment(userContext)
} else {
LoginView()
.environment(userContext)
}
}
}
}
#Preview {
RootView()
}

40
punchnet/Views/Settings/SettingsAboutView.swift Normal file
View File

@ -0,0 +1,40 @@
//
// SettingsAboutView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsAboutView: View {
var body: some View {
VStack(alignment: .leading, spacing: 8) {
Text("关于PunchNet")
HStack {
Text("当前版本")
Text("v1.25(arm64)")
Text("检查更新")
}
Button {
} label: {
Text("用户反馈")
}
HStack {
Text("隐私政策")
Text("服务条款")
}
}
.padding()
}
}
#Preview {
SettingsAboutView()
}

131
punchnet/Views/Settings/SettingsAccountView.swift Normal file
View File

@ -0,0 +1,131 @@
//
// SettingsAccountView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct SettingsAccountView: View {
@State var state: SettingsState = SettingsState()
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading) {
Text("账户")
AccountCreditView()
AccountCreditView()
TokenCreditView()
AccountCreditView()
TokenCreditView()
Text("网络")
HStack(alignment: .top) {
Text("默认网络")
VStack(alignment: .leading) {
Menu {
ForEach(state.networks, id: \.id) { network in
Button(network.name) {
self.state.selectedNetwork = network
}
}
} label: {
Text(state.selectedNetwork.name)
.padding()
.background(Color.gray.opacity(0.2))
.cornerRadius(5)
}
Button {
} label: {
Text("进入管理平台")
}
}
Button {
} label: {
Text("详情")
}
}
}
}
.padding()
}
}
extension SettingsAccountView {
//
struct AccountCreditView: View {
var body: some View {
HStack {
Image("logo")
.resizable()
.frame(width: 20, height: 20)
Text("13012345678")
Spacer()
Button {
} label: {
Text("修改密码")
}
Button {
} label: {
Text("退出登陆")
}
}
.frame(width: 400)
}
}
// Token
struct TokenCreditView: View {
var body: some View {
HStack {
Image("logo")
.resizable()
.frame(width: 20, height: 20)
Text("key_001")
Spacer()
Button {
} label: {
Text("退出登陆")
}
}
.frame(width: 400)
}
}
}
#Preview {
SettingsAccountView()
}

43
punchnet/Views/Settings/SettingsDeviceView.swift Normal file
View File

@ -0,0 +1,43 @@
//
// SettingsDeviceView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsDeviceView: View {
var body: some View {
VStack(alignment: .leading) {
Text("设备")
HStack {
Text("设备名称")
Text("史蒂夫的air")
Button {
} label: {
Text("修改")
}
}
HStack {
Text("虚拟IPv4")
Text("192.168.1.1")
}
HStack {
Text("虚拟IPv6")
Text("ab:ef:1")
}
Spacer()
}
}
}
#Preview {
SettingsDeviceView()
}

83
punchnet/Views/Settings/SettingsNetworkView.swift Normal file
View File

@ -0,0 +1,83 @@
//
// SettingsNetworkView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsNetworkView: View {
@State var state: SettingsState = SettingsState()
var body: some View {
VStack(alignment: .leading) {
Text("网络")
HStack(alignment: .top) {
Text("默认网络")
VStack(alignment: .leading) {
Menu {
ForEach(state.networks, id: \.id) { network in
Button(network.name) {
self.state.selectedNetwork = network
}
}
} label: {
Text(state.selectedNetwork.name)
.padding()
.background(Color.gray.opacity(0.2))
.cornerRadius(5)
}
Button {
} label: {
Text("进入管理平台")
}
}
Button {
} label: {
Text("详情")
}
}
HStack {
Text("出口节点")
Menu {
ForEach(state.exitNodes, id: \.id) { node in
Button(node.name) {
self.state.selectedExitNode = node
}
}
} label: {
Text(state.selectedExitNode.name)
}
}
HStack {
Text("授权状态")
Text("有效")
}
HStack {
Text("授权有效期")
Text("临时(至断开连接)")
}
}
}
}
#Preview {
SettingsNetworkView()
}

54
punchnet/Views/Settings/SettingsState.swift Normal file
View File

@ -0,0 +1,54 @@
//
// SettingsState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
@Observable
class SettingsState {
struct Network {
var id: Int
var name: String
}
struct ExitNode {
var id: Int
var name: String
}
var networks: [Network]
var selectedNetwork: Network
var exitNodes: [ExitNode]
var selectedExitNode: ExitNode
init() {
let networks: [Network] = [
.init(id: 1, name: "测试网络12"),
.init(id: 2, name: "测试网络13"),
.init(id: 3, name: "测试网络14"),
.init(id: 4, name: "测试网络15"),
.init(id: 5, name: "xyz"),
]
self.selectedNetwork = networks[0]
self.networks = networks
let exitNodes: [ExitNode] = [
.init(id: 1, name: "出口节点1"),
.init(id: 2, name: "出口节点12"),
.init(id: 3, name: "出口节点13"),
.init(id: 4, name: "出口节点14"),
.init(id: 5, name: "出口节点15"),
]
self.selectedExitNode = exitNodes[0]
self.exitNodes = exitNodes
}
}

27
punchnet/Views/Settings/SettingsSystemView.swift Normal file
View File

@ -0,0 +1,27 @@
//
// SettingsSystemView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsSystemView: View {
@State private var isOn: Bool = false
var body: some View {
VStack(alignment: .leading) {
Toggle("开机时启动", isOn: $isOn)
Toggle("启动时候自动连接", isOn: $isOn)
Toggle("启动时显示主界面", isOn: $isOn)
Toggle("自动安装更新", isOn: $isOn)
}
.padding()
}
}
#Preview {
SettingsSystemView()
}

53
punchnet/Views/Settings/SettingsUserIssueView.swift Normal file
View File

@ -0,0 +1,53 @@
//
// SettingsUserIssueView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsUserIssueView: View {
@State private var account: String = ""
@State private var text: String = ""
var body: some View {
VStack {
Text("用户反馈")
TextField("", text: $account)
.multilineTextAlignment(.leading)
.textFieldStyle(PlainTextFieldStyle())
.frame(width: 200, height: 25)
.background(Color.clear)
.foregroundColor(Color.black)
.overlay(
Rectangle()
.frame(height: 1)
.foregroundColor(.blue)
.padding(.top, 25)
, alignment: .topLeading)
TextEditor(text: $text)
.padding(4)
.overlay(alignment: .topLeading) {
if text.isEmpty {
Text("请输入内容")
.foregroundColor(.gray)
.padding(.leading, 8)
}
}
.frame(minHeight: 120)
.overlay(
RoundedRectangle(cornerRadius: 6)
.stroke(Color.gray.opacity(0.4))
)
}
.padding()
}
}
#Preview {
SettingsUserIssueView()
}

76
punchnet/Views/Settings/SettingsView.swift Normal file
View File

@ -0,0 +1,76 @@
//
// SettingsView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct SettingsView: View {
@State private var state = SettingsState()
@State private var hovering = false
@State private var selectedMenu: MenuItem = .accout
enum MenuItem: String, CaseIterable {
case accout = "账号"
case network = "网络"
case device = "设备"
case system = "软件"
case about = "关于"
}
var body: some View {
NavigationSplitView {
List(MenuItem.allCases, id: \.self) { menu in
HStack(alignment: .center) {
Rectangle()
.frame(width: 3, height: 25)
.foregroundColor(self.selectedMenu == menu ? .black : .clear)
Text(menu.rawValue)
Spacer()
}
.contentShape(Rectangle())
.onTapGesture {
self.selectedMenu = menu
}
.onHover { inside in
hovering = inside
if inside {
NSCursor.pointingHand.push()
} else {
NSCursor.pop()
}
}
}
.listStyle(.sidebar)
.border(Color.red)
} detail: {
VStack(alignment: .leading, spacing: 0) {
switch self.selectedMenu {
case .accout:
SettingsAccountView(state: self.state)
case .network:
SettingsNetworkView(state: self.state)
case .device:
SettingsDeviceView()
case .system:
SettingsSystemView()
case .about:
SettingsAboutView()
}
Spacer()
}
.padding()
.frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .topLeading)
}
}
}
#Preview {
SettingsView()
}

2
punchnet/punchnet.entitlements
View File

@ -22,5 +22,7 @@
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array/>
</dict>
</plist>

17
punchnet/punchnetApp.swift
View File

@ -44,7 +44,9 @@ struct punchnetApp: App {
var body: some Scene {
WindowGroup(id: "mainWindow") {
IndexView(noticeServer: self.noticeServer)
//IndexView(noticeServer: self.noticeServer)
//RootView()
NetworkDisconnctedView(state: NetworkState())
.onAppear {
//
guard let screenFrame = NSScreen.main?.frame else { return }
@ -61,7 +63,7 @@ struct punchnetApp: App {
window.setFrameOrigin(NSPoint(x: centerX, y: centerY))
}
}
.toolbar(.hidden)
//.toolbar(.hidden)
.navigationTitle("")
}
.commands {
@ -74,7 +76,7 @@ struct punchnetApp: App {
}
}
.windowResizability(.contentSize)
.windowToolbarStyle(.unified)
Window("", id: "abortPunchnet") {
AbortView()
@ -103,10 +105,11 @@ struct punchnetApp: App {
private func menuClick() {
switch self.vpnManager.vpnStatus {
case .disconnected:
Task {
let clientId = SystemConfig.getClientId()
try await vpnManager.enableVpn(options: SystemConfig.getOptions(networkCode: self.networkCode, token: self.token, clientId: clientId, hostname: self.hostname, noticePort: self.noticeServer.port)!)
}
// Task {
// let clientId = SystemConfig.getClientId()
// try await vpnManager.enableVpn(options: SystemConfig.getOptions(networkCode: self.networkCode, token: self.token, clientId: clientId, hostname: self.hostname, noticePort: self.noticeServer.port)!)
// }
()
case .connected:
Task {
try await vpnManager.disableVpn()

3
tracelog.sh Executable file
View File

@ -0,0 +1,3 @@
#! /bin/sh
log stream --predicate 'subsystem == "com.jihe.punchnet"' --info