Merge branch 'crash_fix' into 'main'

Andre Fonseca · Andre Fonseca · commit 4e2606943b8a · 2026-02-13T15:20:49.000Z
Crash fix

See merge request ws/client/iosapp!1230
diff --git a/PacketTunnel/PacketTunnelProvider.swift b/PacketTunnel/PacketTunnelProvider.swift
@@ -55,14 +55,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
         // Check if tunnel was force disconnected (e.g., due to session invalidation)
         // This mirrors WireGuard's credential check but uses a flag since OpenVPN
         // credentials are embedded in tunnel config and can't be deleted
-        if preferences.getDisconnectReason() != DisconnectReason.unknown {
-            consoleLogger.debug("Tunnel start blocked - force disconnect flag is set")
-            logger.logI("PacketTunnelProvider", "Blocked tunnel start - force disconnect active", flushImmediately: true)
-            let error = NSError(domain: "com.windscribe", code: 50, userInfo: [
-                NSLocalizedDescriptionKey: "Session is invalid"
-            ])
-            completionHandler(error)
-        }
 
         guard
             let protocolConfiguration = protocolConfiguration as? NETunnelProviderProtocol,
@@ -190,25 +182,35 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
     }
 
     override func sleep(completionHandler: @escaping () -> Void) {
+        logger.logI("PacketTunnelProvider", "Device going to sleep.", flushImmediately: true)
         completionHandler()
     }
 
     override func wake() {
-        consoleLogger.debug("Device wake up.")
-        controlPlane?.checkTunnelHealth()
+        let currentTime = Date().timeIntervalSince1970
+        let lastWakeTime = preferences.getWireguardWakeupTime()
+        logger.logI("PacketTunnelProvider", "Device wakeup.", flushImmediately: true)
+        if lastWakeTime == 0 || currentTime - lastWakeTime >= 600 {
+            UserDefaults.standard.set(currentTime, forKey: "lastWakeTime")
+            preferences.saveWireguardWakeupTime(value: currentTime)
+            if preferences.getDisconnectReason() == DisconnectReason.unknown {
+                controlPlane?.checkTunnelHealth()
+            }
+        }
     }
 
     // MARK: - TunnelCredentialsManaging
 
+    @MainActor
     func deleteCredentials(error: NSError) {
         guard !isCancelling else {
             logger.logI("PacketTunnelProvider", "Already cancelling tunnel, ignoring duplicate call.", flushImmediately: true)
             return
         }
+        controlPlane = nil
         isCancelling = true
         // OpenVPN credentials are passed per-connection, not stored persistently
         // Log the action for visibility
-        consoleLogger.debug("Credentials invalidated for OpenVPN tunnel.")
         logger.logI("PacketTunnelProvider", "OpenVPN credentials invalidated.", flushImmediately: true)
         if vpnReachability.isTracking {
             vpnReachability.stopTracking()
@@ -245,10 +247,22 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
             self.startHandler = nil
                 // Initialize control plane when tunnel is ready
                 if controlPlane == nil {
-                    controlPlane = ControlPlane(apiUtil: apiUtil,api: api,preferences: preferences,credentialsManager:self, tunnelProvider: self, consoleLogger: self.consoleLogger)
+                    controlPlane = ControlPlane(
+                        apiUtil: apiUtil,
+                        api: api,
+                        preferences: preferences,
+                        consoleLogger: self.consoleLogger,
+                        onTunnelShouldStop: { @MainActor [weak self] reason, error in
+                            guard let self = self else { return }
+                            self.logger.logI("PacketTunnelProvider", "Control plane requested tunnel stop for reason: \(reason.rawValue)", flushImmediately: true)
+                            self.deleteCredentials(error: error)
+                        }
+                    )
+                }
+                if preferences.getDisconnectReason() == DisconnectReason.unknown {
+                    consoleLogger.debug("Tunnel connected, checking tunnel health.")
+                    controlPlane?.checkTunnelHealth()
                 }
-                consoleLogger.debug("Tunnel connected, checking tunnel health.")
-                controlPlane?.checkTunnelHealth()
         case .disconnected:
             guard let stopHandler = stopHandler else { return }
             if vpnReachability.isTracking {
@@ -258,8 +272,10 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
             self.stopHandler = nil
         case .reconnecting:
             reasserting = true
-            consoleLogger.debug("Reconnecting, checking tunnel health.")
-            controlPlane?.checkTunnelHealth()
+            if preferences.getDisconnectReason() == DisconnectReason.unknown {
+                logger.logI("PacketTunnelProvider", "Reconnecting, checking tunnel health.", flushImmediately: true)
+                controlPlane?.checkTunnelHealth()
+            }
         default:
             break
         }
@@ -277,12 +293,15 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
             startHandler(error)
             self.startHandler = nil
         } else {
-            guard !isCancelling else {
-                logger.logI("PacketTunnelProvider", "Already cancelling tunnel, ignoring error handler call.", flushImmediately: true)
-                return
+            DispatchQueue.main.async { [weak self] in
+                guard let self = self else { return }
+                guard !self.isCancelling else {
+                    self.logger.logI("PacketTunnelProvider", "Already cancelling tunnel, ignoring error handler call.", flushImmediately: true)
+                    return
+                }
+                self.isCancelling = true
+                self.cancelTunnelWithError(error)
             }
-            isCancelling = true
-            cancelTunnelWithError(error)
         }
     }
 }
diff --git a/Windscribe/Managers/VPN/ControlPlane.swift b/Windscribe/Managers/VPN/ControlPlane.swift
@@ -18,32 +18,44 @@ class ControlPlane {
     private let apiUtil: APIUtilService
     private let api: WSNetServerAPI
     private let preferences: Preferences
+    private let onTunnelShouldStop: @MainActor (DisconnectReason, NSError) -> Void
 
     private var runningHealthCheck = false
-    private weak var credentialsManager: TunnelCredentialsManaging?
-    private weak var tunnelProvider: NEPacketTunnelProvider?
+    private var lastHealthCheckTime: TimeInterval = 0
 
     init(
         apiUtil: APIUtilService,
         api: WSNetServerAPI,
         preferences: Preferences,
-        credentialsManager: TunnelCredentialsManaging?,
-        tunnelProvider: NEPacketTunnelProvider,
-        consoleLogger: Logger
+        consoleLogger: Logger,
+        onTunnelShouldStop: @escaping @MainActor (DisconnectReason, NSError) -> Void
     ) {
         self.apiUtil = apiUtil
         self.api = api
         self.preferences = preferences
-        self.credentialsManager = credentialsManager
-        self.tunnelProvider = tunnelProvider
         self.consoleLogger = consoleLogger
+        self.onTunnelShouldStop = onTunnelShouldStop
     }
 
     /// Called from packet tunnel provider when tunnel health is not good (handshake fails, wake up, etc.)
     func checkTunnelHealth() {
         // Skip health check for custom configs
         guard !preferences.isCustomConfigSelected() else { return }
-        guard !runningHealthCheck else { return }
+        guard !runningHealthCheck else {
+            consoleLogger.debug("Health check already running, skipping.")
+            return
+        }
+
+        // Throttle health checks to once every 10 seconds
+        let currentTime = Date().timeIntervalSince1970
+        if lastHealthCheckTime > 0 && currentTime - lastHealthCheckTime < 10 {
+            consoleLogger.debug("Health check throttled (last check was \(Int(currentTime - self.lastHealthCheckTime))s ago), skipping.")
+            return
+        }
+
+        // Set flag BEFORE dispatching to prevent race condition
+        runningHealthCheck = true
+        lastHealthCheckTime = currentTime
 
         DispatchQueue.global().async { [weak self] in
             self?.performHealthCheck()
@@ -52,7 +64,6 @@ class ControlPlane {
 
     /// Performs the actual health check by fetching session
     private func performHealthCheck() {
-        runningHealthCheck = true
         consoleLogger.debug("Requesting user session update.")
 
         Task { [weak self] in
@@ -104,7 +115,9 @@ class ControlPlane {
         let error = NSError(domain: "com.windscribe", code: 50, userInfo: [
             NSLocalizedDescriptionKey: reason
         ])
-        credentialsManager?.deleteCredentials(error: error)
+
+        // Call the callback on main thread to handle tunnel cancellation
+        await onTunnelShouldStop(reason, error)
     }
 
     func getSession() async throws -> Session {
diff --git a/Windscribe/Managers/VPN/TunnelCredentialsManaging.swift b/Windscribe/Managers/VPN/TunnelCredentialsManaging.swift
@@ -9,6 +9,7 @@
 import Foundation
 
 /// Protocol for tunnel providers to manage their credentials
+/// Methods must be called on the main thread as they interact with NetworkExtension APIs
 public protocol TunnelCredentialsManaging: AnyObject {
-    func deleteCredentials(error: NSError)
+    @MainActor func deleteCredentials(error: NSError)
 }
diff --git a/WireGuardTunnel/PacketTunnelProvider.swift b/WireGuardTunnel/PacketTunnelProvider.swift
@@ -48,7 +48,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
 
     private lazy var adapter: WireGuardAdapter = .init(with: self) { _, message in
         if message.contains("Retrying handshake") {
-            self.controlPlane?.checkTunnelHealth()
+            if self.preferences.getDisconnectReason() == DisconnectReason.unknown {
+                self.controlPlane?.checkTunnelHealth()
+            }
         }
     }
 
@@ -118,9 +120,12 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
                     apiUtil: self.apiUtil,
                     api: self.api,
                     preferences: self.preferences,
-                    credentialsManager: self,
-                    tunnelProvider: self,
-                    consoleLogger: self.consoleLogger
+                    consoleLogger: self.consoleLogger,
+                    onTunnelShouldStop: { @MainActor [weak self] reason, error in
+                        guard let self = self else { return }
+                        self.logger.logI("PacketTunnelProvider", "Control plane requested tunnel stop for reason: \(reason.rawValue)", flushImmediately: true)
+                        self.deleteCredentials(error: error)
+                    }
                 )
 
 
@@ -155,8 +160,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
                 completionHandler(PacketTunnelProviderError.couldNotStartBackend)
 
             case .invalidState:
-                // Must never happen
-                fatalError()
+                completionHandler(PacketTunnelProviderError.couldNotStartBackend)
             }
         }
     }
@@ -203,21 +207,26 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {
             logger.logI("PacketTunnelProvider", "Device wake up.", flushImmediately: true)
             UserDefaults.standard.set(currentTime, forKey: "lastWakeTime")
             preferences.saveWireguardWakeupTime(value: currentTime)
-            controlPlane?.checkTunnelHealth()
+            if preferences.getDisconnectReason() == DisconnectReason.unknown {
+                controlPlane?.checkTunnelHealth()
+            }
         }
     }
 
     override func sleep(completionHandler: @escaping () -> Void) {
+        logger.logI("PacketTunnelProvider", "Device going to sleep.", flushImmediately: true)
         completionHandler()
     }
 
     // MARK: - TunnelCredentialsManaging
 
+    @MainActor
     func deleteCredentials(error: NSError) {
         guard !isCancelling else {
             logger.logI("PacketTunnelProvider", "Already cancelling tunnel, ignoring duplicate call.", flushImmediately: true)
             return
         }
+        controlPlane = nil
         isCancelling = true
         wgCrendentials.delete()
         logger.logI("PacketTunnelProvider", "Deleted WireGuard credentials.", flushImmediately: true)

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@`
`9`	`9`	`import Foundation`
`10`	`10`
`11`	`11`	`/// Protocol for tunnel providers to manage their credentials`
	`12`	`+/// Methods must be called on the main thread as they interact with NetworkExtension APIs`
`12`	`13`	`public protocol TunnelCredentialsManaging: AnyObject {`
`13`		`- func deleteCredentials(error: NSError)`
	`14`	`+ @MainActor func deleteCredentials(error: NSError)`
`14`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {`
`48`	`48`
`49`	`49`	`private lazy var adapter: WireGuardAdapter = .init(with: self) { _, message in`
`50`	`50`	`if message.contains("Retrying handshake") {`
`51`		`- self.controlPlane?.checkTunnelHealth()`
	`51`	`+ if self.preferences.getDisconnectReason() == DisconnectReason.unknown {`
	`52`	`+ self.controlPlane?.checkTunnelHealth()`
	`53`	`+ }`
`52`	`54`	`}`
`53`	`55`	`}`
`54`	`56`
`@@ -118,9 +120,12 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {`
`118`	`120`	`apiUtil: self.apiUtil,`
`119`	`121`	`api: self.api,`
`120`	`122`	`preferences: self.preferences,`
`121`		`- credentialsManager: self,`
`122`		`- tunnelProvider: self,`
`123`		`- consoleLogger: self.consoleLogger`
	`123`	`+ consoleLogger: self.consoleLogger,`
	`124`	`+ onTunnelShouldStop: { @MainActor [weak self] reason, error in`
	`125`	`+ guard let self = self else { return }`
	`126`	`+ self.logger.logI("PacketTunnelProvider", "Control plane requested tunnel stop for reason: \(reason.rawValue)", flushImmediately: true)`
	`127`	`+ self.deleteCredentials(error: error)`
	`128`	`+ }`
`124`	`129`	`)`
`125`	`130`
`126`	`131`
`@@ -155,8 +160,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {`
`155`	`160`	`completionHandler(PacketTunnelProviderError.couldNotStartBackend)`
`156`	`161`
`157`	`162`	`case .invalidState:`
`158`		`- // Must never happen`
`159`		`- fatalError()`
	`163`	`+ completionHandler(PacketTunnelProviderError.couldNotStartBackend)`
`160`	`164`	`}`
`161`	`165`	`}`
`162`	`166`	`}`
`@@ -203,21 +207,26 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelCredentialsManaging {`
`203`	`207`	`logger.logI("PacketTunnelProvider", "Device wake up.", flushImmediately: true)`
`204`	`208`	`UserDefaults.standard.set(currentTime, forKey: "lastWakeTime")`
`205`	`209`	`preferences.saveWireguardWakeupTime(value: currentTime)`
`206`		`- controlPlane?.checkTunnelHealth()`
	`210`	`+ if preferences.getDisconnectReason() == DisconnectReason.unknown {`
	`211`	`+ controlPlane?.checkTunnelHealth()`
	`212`	`+ }`
`207`	`213`	`}`
`208`	`214`	`}`
`209`	`215`
`210`	`216`	`override func sleep(completionHandler: @escaping () -> Void) {`
	`217`	`+ logger.logI("PacketTunnelProvider", "Device going to sleep.", flushImmediately: true)`
`211`	`218`	`completionHandler()`
`212`	`219`	`}`
`213`	`220`
`214`	`221`	`// MARK: - TunnelCredentialsManaging`
`215`	`222`
	`223`	`+ @MainActor`
`216`	`224`	`func deleteCredentials(error: NSError) {`
`217`	`225`	`guard !isCancelling else {`
`218`	`226`	`logger.logI("PacketTunnelProvider", "Already cancelling tunnel, ignoring duplicate call.", flushImmediately: true)`
`219`	`227`	`return`
`220`	`228`	`}`
	`229`	`+ controlPlane = nil`
`221`	`230`	`isCancelling = true`
`222`	`231`	`wgCrendentials.delete()`
`223`	`232`	`logger.logI("PacketTunnelProvider", "Deleted WireGuard credentials.", flushImmediately: true)`