Porting App proxy to Network Extension

App & System Services Drivers
jeev2k OP
Created Aug ’20
Replies 6
Boosts 0
Views 847
Participants 2
We already have a proxy implemented in user mode .

Now with new Network Extension on Catalina we are implementing a Transparent App Proxy .

with this, should we reimplement the full user mode proxy code inside this Transparent App Proxy .

Is there a simple way were I can simply redirect the flow to the existing proxy ?

Answered by Systems Engineer in 626946022
Yes, for the remote side of the connection, NWTCPConnection or nw_connection_t / NWConnection will work. Once you have that open you can open the flow and read from the remote side of the connection and write to the flow. Likewise, read from the flow and write to the remote side of the connection.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Replies  6
Boosts  0
Views  847
Participants  2
Systems Engineer OP
Apple
Aug ’20
You can technically point the remote side of the connection anywhere, there is nothing stopping you from doing that because you control both sides of the connection in your Transparent Proxy (flow and remote sides). Just be sure that wherever you are pointing the remote connection that the new receiving end can handle the connection.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
jeev2k OP
Aug ’20
many thank you Matt.

as you have said "point the remote side of the connection anywhere"
how to make it point to our proxy (127.0.0.1 and our port) ?
0
jeev2k OP
Aug ’20
By "point the remote side of the connection anywhere" do you mean

  • to connect to our proxy using NWTCPConnection ?

  • Or can I modify in handleNewFlow the NEAppProxyFlow's destination IP/Port to my proxy ?

sorry if it is a very basic question .


0
Systems Engineer OP
Apple
Aug ’20
Accepted Answer
Yes, for the remote side of the connection, NWTCPConnection or nw_connection_t / NWConnection will work. Once you have that open you can open the flow and read from the remote side of the connection and write to the flow. Likewise, read from the flow and write to the remote side of the connection.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
jeev2k OP
Aug ’20
thank you Matt . this gives a lot of clarity.
0
Systems Engineer OP
Apple
Aug ’20
No problem. Glad to help.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Porting App proxy to Network Extension
First post date Last post date
 
 
Q