Add udp shadowsocks proxy support to mullvad ios

[buggmagnet]

This PR adds Shadowsocks obfuscation capabilities to the Packet Tunnel.
It cannot be used as of yet, but there is a test called testRunningShadowsocksObfuscatorProxy that makes use of the newly introduced obfuscation protocol.

---

This change is 

[linear]

IOS-882 Add UDP Shadowsocks proxy support to `mullvad-ios`

[buggmagnet]

Reviewable status: 0 of 12 files reviewed, 2 unresolved discussions

---

mullvad-ios/src/tunnel_obfuscator_proxy/ffi.rs line 10 at r1 (raw file):

static INIT_LOGGING: Once = Once::new();

#[allow(dead_code)]

note to self : this shouldn't be necessary, investigate

---

ios/MullvadRustRuntimeTests/UnsafeListener.swift line 11 at r1 (raw file):

import Network

class UnsafeListener<T: Connection> {

note to self: Re add warning comment to not use this in production

[dlon]

Reviewed 4 of 12 files at r1.
Reviewable status: 4 of 12 files reviewed, 3 unresolved discussions (waiting on @buggmagnet)

---

mullvad-ios/src/tunnel_obfuscator_proxy/mod.rs line 23 at r1 (raw file):

        peer: SocketAddr,
        obfuscation_protocol: TunnelObfuscatorProtocol,
    ) -> io::Result<Self> {

Nit: Method could be infallible (just return Self { .. }).

[rablador]

Reviewed 12 of 12 files at r1, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @buggmagnet)

---

ios/MullvadRustRuntimeTests/UDPConnection.swift line 75 at r1 (raw file):

        return try await withCheckedThrowingContinuation { continuation in
            nwConnection.receiveMessage { data, _, _, error in
                guard let data else {

Can there be data and error at the same time? Also, wouldn't checking for error first be more interesting since it could give us a hint of what's going on. As it is now we might never get to it if data is empty.

---

ios/MullvadRustRuntime/TunnelObfuscator.swift line 14 at r1 (raw file):

import Network

public enum TunnelObfuscationProtocol {

Not sure there's a good alternative for a name here, but it's somewhat confusing with both TunnelObfuscationProtocol and TunnelObfuscatorProtocol.

---

ios/MullvadRustRuntime/TunnelObfuscator.swift line 75 at r1 (raw file):

            let obfuscationProtocol = switch obfuscationProtocol {
            case .udpOverTcp: TunnelObfuscatorProtocol(0)

This int param means very little on the Swift side. Can we use an enum with raw value or something else instead?

[buggmagnet]

Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @rablador)

---

ios/MullvadRustRuntimeTests/UDPConnection.swift line 75 at r1 (raw file):

Previously, rablador (Jon Petersson) wrote…

Can there be data and error at the same time? Also, wouldn't checking for error first be more interesting since it could give us a hint of what's going on. As it is now we might never get to it if data is empty.

Whilst it's technically valid to read a UDP datagram of size 0, in our case it's not a desired behaviour.
We can make sure to check for errors before data (or the lack thereof) though

---

ios/MullvadRustRuntime/TunnelObfuscator.swift line 14 at r1 (raw file):

Previously, rablador (Jon Petersson) wrote…

Not sure there's a good alternative for a name here, but it's somewhat confusing with both TunnelObfuscationProtocol and TunnelObfuscatorProtocol.

Yes it's not great I agree, I'll think of something better.

---

ios/MullvadRustRuntime/TunnelObfuscator.swift line 75 at r1 (raw file):

Previously, rablador (Jon Petersson) wrote…

This int param means very little on the Swift side. Can we use an enum with raw value or something else instead?

Unfortunately, due to how C enums are imported in Swift it's not straightforward to do so.

The other complication comes from the fact that the header file for FFI functions is automatically generated.
We have ways around this but that would require further customisation of the automatically imported FFI header, which is a lot of work.

I would like to do that, but that would probably be a better candidate for a hack day.
For now, I think this is an acceptable tradeoff.

[rablador]

Reviewed 6 of 6 files at r2, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @buggmagnet)

[rablador]

Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

[rablador]

Reviewed 2 of 2 files at r4, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

[mojganii]

Reviewable status: complete! all files reviewed, all discussions resolved