Looks like iOS 15 has another issue with NE Content filtering framework.. So I just done some tests, found what.. I have NEFilterDataProvider and NEFilterControlProvider and intercept both Web and Socket flow, Data provider always returns NEFilterNewFlowVerdict.needRules() verdict. Now Flow gets intercepted by Control provider and... I can see Socket flow coming first to handleNewFlow() in Control provider when I run Safari or Chrome browsers. But even if I drop it by returning completionHandler(NEFilterControlVerdict.drop()) the next thing I get is Web flow coming to handleNewFlow(), which means it's impossible to block Web browsers by dropping Socket flow as even though I return drop verdict for Socket flow, WebKit based apps will be able to make a connection. I don't think that was the case with iOS 14... Any thoughts?

So we have our NEPacketTunnelProvider implementation and customers will be deploying it on their devices using MDM. All MDMs and Apple Configurator have VPN config section, where you can specify some Custom data as keys and values for Custom SSL VPN configuration. I can't figure it out how to read the data from NEPacketTunnelProvider subclass... Content Filters have filterConfiguration.vendorConfiguration to read custom data, but I can't find anything similar to get custom data from Tunnel Provider... Any hints?