[NetworkExtension] Getting full URL of a network flow from NEFilterControlProvider extension?

Question

Created Jul ’20

Replies 4

Boosts 0

Views 3.4k

Participants 3

When implementing the Network Extension Filter, I'm able to retrieve the full URL of a network flow in the NEFilterDataProvider part of the filter. I do this in the handleFlow overloaded method. However, I'm not able to do the same in the same method in the NEFilterControlProvider part of the filter. Instead of a full URL, it gives me a truncated host name. For example, the data provider part would have

Code Block https://www.google.com/search?q=search+terms&ie=UTF-8&oe=UTF-8&hl=en-us&client=safari

But the control provider would have

Code Block https://www.google.com/search

How would I be able to get the full URL in the control provider part?

Boost

Answer 1

Systems Engineer OP

Apple

Jul ’20

I was doing some testing yesterday and was able to get the full URL with parameters using code that looks like this:

Code Block swiftoverride func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
	let url = flow.url?.absoluteString ?? "No URL"
	os_log(.debug, log: self.log, "New flow with url: %{public}@", url)
	/* ... */
}

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

bigreddog OP

Jul ’20

@meaton
Is this the handleNewFLow method in the NEFilterDataProvider or the NEFilterControlProvider? Both of them have this method. The issue is that as of now, I'm only able to get the full URL from the Data Provider, not the Control Provider.

0

Answer 3

Systems Engineer OP

Apple

Jul ’20

Right, sorry, this was the NEFilterDataProvider. On the NEFilterControlProvider side of the things I did some digging to try and get to the bottom of what is expected for the URLs delivered in handleNewFlow and in the end I couldn't come up a concrete set of rules on what to expect here, i.e., just a hostname or an entire URL with parameters. My recommendation here would be to open an enhancement request to document this specific scenario. Please respond back with the Feedback ID of your enhancement request.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 4

macduck OP

Aug ’20

From what I understand it was always like. I got a reply from Eskimo like two years ago where he said that providing full url is security risk, so...

0