NEFlowMetaData not available in Packet tunnel provider based Per-App VPN

Hello,


Im struggling to get metadata of NEPackets when running Packet tunnel provider in Per-App VPN mode.

According to the documentation of NEFlowMetaData and several (eskimos) posts on the forums here, the metadata should be avaliable for both App Proxy provider and Packet tunnel provider as long as they are run in Per-App mode, but this doesnt seem to be the case for me. With App Proxy provider, everything works as expected and the metadata are present, but when I change the provider type to Packet tunnel provider there is always nil - despite running the provider and Per-App mode and routing method being (correctly)

sourceApplication
.

Ive tested with both NETestAppMapping and real MDM deployment and tried it on both supervised and unsupervised ios device.


I guess Im missing something here, but Im out of ideas... Any hints please? 🙂

I can’t readily explain this.

What OS releases have you tested this on? Did you previously see it work and now it’s failing?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
(r. 60826385)

Hi, thanks for reponse 🙂

I used devices with iOS 12.4.1 (16G102) and iOS 13.2 (17B84). And no, I tried this few times in the past months (and also at least one other colleague did), but the metadata were always missing when we used packet tunnel provider...

Maybe there really is a bug in iOS..? I figured to reach out here first to confirm Im not missing something before filing a report.

This is interesting. We’ve seen reports from other developers along similar lines but weren’t able to reproduce the problem (r. 60826385). My advice is that you open a DTS tech support incident so that I, or maybe Matt, can look into this in more detail.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
An NEPacket returned by -[NEFilterPacketProvider delayCurrentPacket:] (called from its packetHandler callback) also yields a nil metadata object. Is this expected?

I'd like to acquire the affiliated application's pid, per the technique implied here.

NEFlowMetaData not available in Packet tunnel provider based Per-App VPN
 
 
Q