Hi,
We use the NEFilterControlProvider and NEFilterDataProvider network extension in our product to do content filtering and blocking certain websites loaded on browsers.
From iOS 16.1 we are observing that the extensions are not getting any browser flow objects.
We tested on iOS 15.5, 15.7, 16.0 as well and it is working on these versions.
Is this a known regression wrt Control Filter network extension in iOS 16.1 onwards. If yes, do we have an ETA on when this will be patched?
Post
Replies
Boosts
Views
Activity
Hi,
We have a VPN solution based on NEPacketTunnelProvider. Our requirement is to be able to get UDP based dns traffic and perform dns resolutions for all dns queries, while the VPN is in split tunnel mode.
Earlier, till iOS 15.x, we used to use the approach mentioned by @Quinn in this link https://developer.apple.com/forums/thread/35027?answerId=122209022#122209022, where our VPN was in split tunnel and we used to use the wildcard match domain option to get all the dns queries in the VPN. We used to use the public dns servers like google dns servers (8.8.8.8, 8.8.4.4) in our vpn. In our NEDNSSettings of the NEPacketTunnelNetworkSettings, we have dnsProtocol set to "clear text" and the servers set to the above public dns servers.
From iOS 16 onwards, we are observing that despite specifying the clearText dns protocol, we are receiving encrypted dns packets probably because of system automatically using DoT or DoH, as the public dns servers does support this.
This is breaking multiple flows in our app.
This seems to be a regression in iOS 16, because the DNSSettings of the VPN should be respected by the platform. Is this a known issue on apple side? If yes, are there any tentative dates for fixing this?
Hi,
We are trying the new per app Content filter feature released with iOS 16 on managed devices. We push a configuration file via the MDM onto the device which contains the ContentFilterUUID field as mentioned in the WWDC tutorial
After this, the NEFilterControlProvider network extension starts on the device and we expect to do the content filtering using that.
In the content filter profile, we have set "FilterBrowsers" key to true and "FilterSockets" key to false.
Also, we have assigned the profile to chrome application.
Our expectation is that when we load a URL in chrome, if it is present in our filter, it should be blocked. But we are observing that this is not happening.
On further investigation we found that no NEBrowserFlow traffic was received by our NEFilterControlProvider extension.
We changed the "FilterSockets" key to true, and were able to see NESocketFlow traffic coming, but not the NEBrowserFlow traffic.
We tried with the same profile on a supervised device without the contentFilterUUID field to make the profile device wide, and it was able to filter properly.
Please let us know if this is a known issue and any tentative ETA for the fix. We have created a FB assistant bug as well (11637934)
Other than this, we wanted to understand if we can assign the per app CF to Safari app as well. Safari being the default browser for majority of users, not able to put Content filtering on it, will hamper our content filtering use case
Hi,
I was working on a feature based on dns packet parsing in the VPN solution of my app on iOS.
I was using the dns_parse_packet api from dnsutils.h class, which was able to parse dns requests and reply packets from raw bytes quite efficiently.
I had tested this flow on iOS 15.2 but after updating to iOS 15.5 this api does not seem to work anymore.
Has this API been deprecated or is this a bug in iOS 15.5?