Solved

Hi there, I am developing a software with Network Extension and it is half way through. One of the requirement is to fetch back local tcp port from a tcp flow that connect to remote endpoint by createTCPConnection(). I can get the local tcp port with connection.localAddress after the the connection is connected. But that is a bit late. If it is possible to get it from createTCPConnection, that will be perfect. But seen from the document, createTCPConnection has only remoteEndpoint, no localEndpoint. Thanks in advance if any suggestion.

Hi there, I am using AppProxyProvider that generates a app proxy. It captures tcp, udp flows and connect to remote endpoints by createTCPConnection() createUDPSession(). In most cases it just works well. There is one thing quite annoying: while browsing with a web browser, sometimes the app proxy can restart itself, seems related to some connection that broken. Is there any suggestion to avoid such app proxy reconnect itself even if any underlying connection is broken? Thanks in advance.

Hi there, When I check the SSLContext class, it says  most of the api deprecated: 10.15, use Network.framework instead. Do you have any suggest on the example code of using this new tls implementation with Network.framework? Thanks and regards

Hi there, Currently I am able to use the app proxy with NENetworkRule setup with separate port. Is it possible to setup the rule with a range of port without the need list one port after the other? Thanks in advance for any suggestion.

Hi there, I am using AppProxyProvider. While doing some speed test, via some web sites, it raised some error like below and the appproxy restart itself. "app receive buffer is full, queueing *** bytes" "failed to write a message: no buffer space available" Good thing is that no crash happens. Wonder what is going on with the TCPFlow: no fast enough to handle incoming data? Any way to avoid that? Thanks in advance for any suggestion.

Hi there, I am using AppProxyProvider and it can capture packets as I defined. But when I try to exclude traffics with excludedNetworkRules, but it seems does not work. Below is my code for setting things up. I capture all 443 port traffic for includedNetworkRules and exclude facebook.com for excludedNetworkRules. But facebook.com:443 traffic is still captured. private func includeRules() - [NENetworkRule] { // Web mode let hosts = [("0.0.0.0", "443")] var rules: [NENetworkRule] = [] for host in hosts { let ep = NWHostEndpoint(hostname: host.0, port: host.1) let rule = NENetworkRule.init(remoteNetwork: ep, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .outbound) rules.append(rule) } return rules } private func excludeRules() - [NENetworkRule] { let hosts = [("facebook.com", "443")] var rules: [NENetworkRule] = [] for host in hosts { let ep = NWHostEndpoint(hostname: host.0, port: host.1) let rule = NENetworkRule.init(remoteNetwork: ep, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .outbound) rules.append(rule) } return rules } ... settings.includedNetworkRules = includeRules() settings.excludedNetworkRules = excludeRules() If I replace like below in excludeRules() by replacing facebook.com domain name with its ip address, then all 443 port traffics is not captured at all. let hosts = [("157.240.8.35", "443")] Am I doing anything wrong? Thanks in advance for any suggestion.

Hi there, In order to get the remote tcp port from a NEAppProxyTCPFlow, what I did is: (NEAppProxyTCPFlow as! NWHostEndpoint).port But I do not think that is a good way of achieving it. Is there any proper way for it? And I believe the ip address can be fetched by: NEAppProxyTCPFlow.remoteHostName Is that right? Thanks in advance for any suggestion.

Hi there, I am using NetworkExtension and would like to create tcp connection to localhost. With below code, faced some strange problems: appproxy restart itself periodically with all the traffic during the test. import NetworkExtension let ep = NWHostEndpoint(hostname: "127.0.0.1", port: String(8888)) let connection = createTCPConnection(to: ep, enableTLS: false, tlsParameters: nil, delegate: nil) Wonder what is the correct way to achieving that? Thanks in advance for any suggestion.

Hi there, With Network NWEndpoint, I can construct it like below. let proxyEp = Network.NWEndpoint.hostPort(host: Network.NWEndpoint.Host("127.0.0.1"), port: Network.NWEndpoint.Port("8888")!) But how about constructing a NetworkExtension NWEndpoint? Do I have to use NWHostEndpoint? Thanks in advance for any suggestion.

Hi there, I am using NEAppProxyProvider to filter a scope of port traffics. Am I am trying to capture all port traffic (except udp port 53) like below. There are mainly two problems with below approach: Sometimes it works that can capture all traffic, but sometimes it cannot. All the time, udp 53 traffic is always captured in. Is this a bug? private func buildRules(fullMode: Bool) - [NENetworkRule] { var hosts = [("", "")] var rules: [NENetworkRule] = [] hosts = [("0.0.0.0", "0...52"), ("0.0.0.0", "54...65535"),] for host in hosts { let ep = NWHostEndpoint(hostname: host.0, port: host.1) let rule = NENetworkRule.init(remoteNetwork: ep, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .outbound) rules.append(rule) } } ... let settings = NETransparentProxyNetworkSettings.init(tunnelRemoteAddress: "127.0.0.1") settings.includedNetworkRules = buildRules() settings.excludedNetworkRules = nil settings.dnsSettings = NEDNSSettings(servers: ["1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4"]) setTunnelNetworkSettings(settings) { [unowned self] (error) in ...

Hi there, I am using AppProxyProvider and DNSProxyProvider together. When using only one of them, it works well so far. But when putting together the two things, no traffic through. For example, nslookup google.com doesn't work anymore. So just to confirm with you: is it allowed to use these two at the same time? Thanks in advance for any suggestion.

Hi there, I am using AppProxyProvider. It seems that there is some problem to visit some website going through appproxy even if it is only pass through all traffics. How to reproduce: With AppProxyProvider, setup the filter rule and capture only tcp 80 and 443. Then passthrough all traffic between tcp flow and remote connection. Then try to visit site: http://13.210.37.51 With chrome browser, there is no content shown. But if visit the same site without going through appproxy, all good. Digging more into the trace got, it seems might have something to do with below error: ⛔️FZ$--read from TCP connection error: Optional(Error Domain=kNWErrorDomainPOSIX Code=96 "No message available on STREAM" UserInfo={NSDescription=No message available on STREAM}) Optional(13.210.37.51:80) fzmacappproxy 11:18:16.988853+1000 Thanks in advance for any suggestion.

Hi there, This is for making it a separate thread for this capturing all udp traffic case that causes network gone. I am using this filter setting: for seg in 1...254 { if seg != 127 { hosts = [("\(seg).0.0.0", "0")] for host in hosts { let ep = NWHostEndpoint(hostname: host.0, port: host.1) let rule = NENetworkRule.init(remoteNetwork: ep, remotePrefix: 8, localNetwork: nil, localPrefix: 0, protocol: .UDP, direction: .outbound) rules.append(rule) } } } It works since the beginning as expecting capturing all udp traffic including port 53 ones. But then after around three hours time, network is gone like below: ping apple.com ... Request timeout for icmp_seq 14745 ping: sendto: No route to host Request timeout for icmp_seq 14746 ping: sendto: No route to host When issue happens, appproxy network service is still connected and running, but my wifi network service becomes unconnected (as self-assigned IP) and not recoverable. Only by removing the appproxy service and reconnect wifi, can it recover. I have tried for udp both NWUDPSession and NWConnection, but with the same result. Would like to see with your suggestion as got your point before saying: Proxying UDP flows is something that can be done without a crash. Thanks in advance.

Hi there, I have a set of filter code based on AppProxyProvider that works pretty well: it just work capture in tcp and udp traffic using NWConnection. Unfortunately recently I upgraded to 11.5 Beta then everything goes wrong: the bandwidth as tested via some website, say, fast.com will drop after running for several minutes to 2Mbps for both upload/download (although my broadband's normal speed is 50Mbps ). I capture in only tcp traffic to port 80 and 443. I wonder is it some bug in network extension or some API level change I need to adapt to. Checked the release note, but nothing mentioned about any change around network extension. That blocks our beta plan! Thanks in advance for any suggestion.