Remediate TunnelVision, TunnelCrack and fix "Exclude Local Networks" #3422
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…apter don't do it automatically
diegoreymendez
changed the title
diegoreymendez
commented
Nov 4, 2024
diegoreymendez
commented
Nov 4, 2024
| @@ -41,6 +41,9 @@ public enum FeatureFlag: String { | |||
|
|
|||
| /// https://app.asana.com/0/72649045549333/1208231259093710/f | |||
| case networkProtectionUserTips | |||
|
|
|||
| /// /// https://app.asana.com/0/72649045549333/1208617860225199/f | |||
| case networkProtectionEnforceRoutes | |||
There was a problem hiding this comment.
New remote feature flag for the enforce routes changes.
diegoreymendez
commented
Nov 4, 2024
| .targetting(self) | ||
|
|
||
| NSMenuItem(title: "Remove VPN configuration", action: #selector(NetworkProtectionDebugMenu.removeVPNConfiguration(_:))) | ||
| NSMenuItem(title: "Reset Site Issue Alert", action: #selector(NetworkProtectionDebugMenu.resetSiteIssuesAlert(_:))) |
There was a problem hiding this comment.
This was moved to organize the reset options: first go the general reset options, then single components, then subfeatures.
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionDebugMenu.swift
Outdated
Show resolved
Hide resolved
diegoreymendez
commented
Nov 4, 2024
Comment on lines
+323
to
+326
| Task { | ||
| try await Task.sleep(interval: 0.1) | ||
| try await debugUtilities.restartAdapter() | ||
| } |
There was a problem hiding this comment.
Wait a bit then restart the adapter so changes are applied. If we try to reset immediately the changes don't make it to the system extension in time.
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionTunnelController.swift
Show resolved
Hide resolved
diegoreymendez
commented
Nov 4, 2024
| @@ -349,23 +349,19 @@ final class NetworkProtectionTunnelController: TunnelController, TunnelSessionPr | |||
| protocolConfiguration.providerBundleIdentifier = Bundle.tunnelExtensionBundleID | |||
| protocolConfiguration.providerConfiguration = [ | |||
| NetworkProtectionOptionKey.defaultPixelHeaders: APIRequest.Headers().httpHeaders, | |||
| NetworkProtectionOptionKey.includedRoutes: includedRoutes().map(\.stringRepresentation) as NSArray | |||
There was a problem hiding this comment.
We're no longer going to pass routes. The extension will calculate the appropriate routes based on all the settings.
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionTunnelController.swift
Show resolved
Hide resolved
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionTunnelController.swift
Show resolved
Hide resolved
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionTunnelController.swift
Show resolved
Hide resolved
diegoreymendez
commented
Nov 4, 2024
DuckDuckGo/NetworkProtection/AppTargets/BothAppTargets/NetworkProtectionTunnelController.swift
Outdated
Show resolved
Hide resolved
samsymons
reviewed
Nov 8, 2024
samsymons
reviewed
Nov 8, 2024
LocalPackages/FeatureFlags/Sources/FeatureFlags/FeatureFlag.swift
Outdated
Show resolved
Hide resolved
Co-authored-by: Sam Symons <[email protected]>
…s-browser into diego/fix-tunnelvision-2
not-a-rootkit
approved these changes
Nov 11, 2024
diegoreymendez
added a commit
to duckduckgo/BrowserServicesKit
that referenced
this pull request
Nov 11, 2024
…1039) Task/Issue URL: https://app.asana.com/0/1206580121312550/1208686409805161/f Tech Design URL: https://app.asana.com/0/481882893211075/1208643192597095/f iOS PR: duckduckgo/iOS#3460 macOS PR: duckduckgo/macos-browser#3422 What kind of version bump will this require?: Major ## Description Remediate TunnelVision, TunnelCrack and fix "Exclude Local Networks".
diegoreymendez
added a commit
to duckduckgo/iOS
that referenced
this pull request
Nov 11, 2024
…3460) Task/Issue URL: https://app.asana.com/0/1206580121312550/1208686409805161/f Tech Design URL: https://app.asana.com/0/481882893211075/1208643192597095/f macOS PR: duckduckgo/macos-browser#3422 BSK PR: duckduckgo/BrowserServicesKit#1039 ## Description Remediate TunnelVision, TunnelCrack and fix "Exclude Local Networks".
samsymons
added a commit
that referenced
this pull request
Nov 12, 2024
# By Dax the Duck (5) and others # Via GitHub (3) and Juan Manuel Pereira (1) * main: Remediate TunnelVision, TunnelCrack and fix "Exclude Local Networks" (#3422) Sync: Send pixels for account removal + decoding issues (#3530) Send success pixel on successful data import (#3437) Bump version to 1.114.0 (304) Set marketing version to 1.114.0 Update embedded files Introduce report broken site prompt on triple refresh page (#3523) add state for import (#3485) Bump version to 1.113.0 (303) Do not use suggestion view controller visibility to set suggestion (#3529) Fix SwiftLint Fix SwiftLint Update phishing protection datasets to 1686837 (#3494) Bump version to 1.113.0 (302) Update permission string for location popup (#3526) Send auth state with sync unexpectedly disabled pixel (#3521) # Conflicts: # DuckDuckGo.xcodeproj/project.pbxproj # DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Task/Issue URL: https://app.asana.com/0/1206580121312550/1208686409805161/f
Tech Design URL: https://app.asana.com/0/481882893211075/1208643192597095/f
iOS PR: iOS PR: duckduckgo/iOS#3460
BSK PR: duckduckgo/BrowserServicesKit#1039
Description
Remediate TunnelVision, TunnelCrack and fix "Exclude Local Networks".
Testing
Test 1: External Users aren't affected
Prerequisites:
Steps:
excludeLocalNetworks, because whenenforceRoutesis OFF, you'll be able to access your local network devices, but when it's ON you won't be able to access those devices.Test 2: Internal Users get new routing
Prerequisites:
enforceRoutesremote feature flag is ON.Steps:
2. Star the VPN (the first time you start the VPN as an internal user, "Enforce routes" should be enabled).
3. Make sure you can access the internet.
4. Make sure you cannot access local devices.
Test 3: Internal Users can override enforce routes.
Prerequisites:
Steps:
Test 4: TunnelVision fixed when enforceRoutes is ON.
Prerequisites:
Steps:
Test 5: TunnelCrack blocks all VPN traffic.
Prerequisites:
Steps:
Please note: I'm suggesting we show a warning here, but this will be tackled as a follow-up task.
Definition of Done:
Internal references:
Pull Request Review Checklist
Software Engineering Expectations
Technical Design Template
Pull Request Documentation