I have an NEPacketTunnelProvider subclass setup and I'm able to see traffic entering the tunnel. I know I can set up new connections to encapsulate existing traffic in say a new TCP or UDP connection but is there any way to just resume traffic unmodified? For instance if an ICMP packet comes into the tunnel how can I send that ICMP packet unmodified through to it's set destination?
Post
Replies
Boosts
Views
Activity
Looking over the SimpleTunnel code example, how is the subclassed NEPacketTunnelProvider being used and the startTunnel() function being called? I've looked over the documentation and watched the "What's New in Network Extension and VPN" WWDC15 video and I'm not sure how it's actually started.
When I do a search for "PacketTunnelProvider" I don't see any references outside the file itself aside from the NSExtensionPrincipalClass entry in the associated Info.plist.
Is creating this file and having it present in a system extension enough to "activate" the PacketTunnelProvider class and call startTunnel()? What else must be done?
The SimpleTunnel example uses an App Extension since it's targeting iOS. Am I correct in thinking that for the macOS it should be a System Extension?
Hello, I'm trying to send a copy of an intercepted packet through the network stack again using sockets. I'm currently trying to do this using a raw socket with Swift code calling a C function that does the following:
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)
This results in an error:
Operation not permitted
I understand that raw sockets require root privileges. I'm calling this code from my network extension already. Is there anything else I have to do to get a raw socket working?
Is there a better way I should resend a packet that I've intercepted in my packet filter?
Hello I'm getting an error when I try to do the following:
NEFilterManager.shared().loadFromPreferences { loadError in
		DispatchQueue.main.async {
				var success = true
				if let error = loadError {
						os_log("Failed to load the filter configuration: %@", error.localizedDescription)
						success = false
				}
				completionHandler(success)
		}
}
The specific error I get is:
Failed to load configurations: Error Domain=NEConfigurationErrorDomain Code=11 "IPC failed" UserInfo={NSLocalizedDescription=IPC failed}
The code I'm testing is almost identical to Apple's SimpleFirewall example. The main difference is that I'm trying to kick things off immediately in the AppDelegate from applicationDidFinishLaunching(). I've gotten the SimpleFirewall example working so I cannot for the life of me figure out what's wrong here.