Set NENetworkRule for an NEAppProxyProvider

Question

vcozma OP

Created Aug ’19

Replies 4

Boosts 0

Views 1.8k

Participants 3

Hi,

I'm trying to implement a transparent proxy on macOS Catalina, as presented at WWDC 2019.

The system extensions implements a class that extends NEAppProxyProvider.

In order to receive data flows I need to set a NENetworRule instance. But NEAppProxyProvider has no apply method.

Any ideea how can this be done?

Thanks,

Vlad

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’19

I believe the workflow is as follows:

The system starts your proxy and calls

-startProxyWithOptions:completionHandler:

.

You allocate an

NETransparentProxyNetworkSettings

and fill out the

includedNetworkRules

and

excludedNetworkRules

properties.

You call

-setTunnelNetworkSettings:completionHandler:

to apply that.

When that completes, you call the completion handler you got in step 1.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

vcozma OP

Aug ’19

Thanks for your help.

Just one more thing: in my app, when I try to enable the system extension, i have a code similar to this:

let proxyMgr = NETransparentProxyManager.shared()

proxyMgr.isEnabled = true

proxyMgr.saveToPreferences { saveError in

DispatchQueue.main.async {

if let error = saveError {

os_log("Failed to save the filter configuration: %@", error.localizedDescription)

self.status = .stopped

return

}

self.registerWithProvider()

}

It always exits with error 'Missing protocol or protocol has invalid type'.

What protocol should I set for a transparent proxy?

0

Answer 3

DTS Engineer OP

Apple

Aug ’19

I must admit to not having tried this, but I’m presuming that you’ll need a

NETunnelProviderProtocol

.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

alzix OP

Jan ’21

NETransparentProxyNetworkSettings settings docs suggest that :

If the port string of remoteNetwork is 0 or the empty string, then the rule matches traffic on any port coming from the remote network. If remoteNetworkis nil, the rule matches any remote network.

in my application i'm want to capture all outbound traffic. So calling the constructor with nil

Code Block objective-cNENetworkRule* rule = [[NENetworkRule alloc]
              initWithRemoteNetwork:nil
              remotePrefix:0
              localNetwork:nil
              localPrefix:0
              protocol:NENetworkRuleProtocolAny
              direction:NETrafficDirectionOutbound
              ];

i'm getting an error when applying the settings:

Error Domain=NETunnelProviderErrorDomain Code=1 "Missing NETunnelNetworkSettings tunnelRemoteAddress" UserInfo={NSLocalizedDescription=Missing NETunnelNetworkSettings tunnelRemoteAddress

what am i doing wrong?

0