Make HTTPS API call through the tunnel from within the Network Extension

Hi!

what is the best way to send a HTTPS (REST API) call from the Network Extension process, that will go through the tunnel that this NE set up?

By default all connection triggered from the tunnel process don't go through this tunnel.

Should I be using createTCPConnectionThroughTunnel to send the HTTPS request?

Any suggestions on how to implement this are most welcome :) Thank you!

Answered by Systems Engineer in 640427022

what is the best way to send a HTTPS (REST API) call from the Network Extension process, that will go through the tunnel that this NE set up?

The best way to send HTTP requests through the Network Extension tunnel is by using the container app. There are APIs like NWTCPConnection and NWUDPSession for making in-provider TCP and UDP calls through the tunnel, but these are low level network APIs.

Should I be using createTCPConnectionThroughTunnel to send the HTTPS request?

NWTCPConnection is not used for sending HTTP request. It operates lower on the protocol stack at the TCP level. Making HTTP requests is something that NSURLSession would normally handle and is an odd pattern to be sending dataTasks in the extension. If the network extension needs the response to a HTTP request for behavioral purposes, and the container app is alive, the container app can send the request on behalf of the extension and then forward the response to the extension with:
NETunnelProviderSession and session.sendProviderMessage(...)? Otherwise you will be responsible for building and maintaining an HTTP stack on top of an API like NWTCPConnection and this just seems like something you do not want to get into.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Accepted Answer

what is the best way to send a HTTPS (REST API) call from the Network Extension process, that will go through the tunnel that this NE set up?

The best way to send HTTP requests through the Network Extension tunnel is by using the container app. There are APIs like NWTCPConnection and NWUDPSession for making in-provider TCP and UDP calls through the tunnel, but these are low level network APIs.

Should I be using createTCPConnectionThroughTunnel to send the HTTPS request?

NWTCPConnection is not used for sending HTTP request. It operates lower on the protocol stack at the TCP level. Making HTTP requests is something that NSURLSession would normally handle and is an odd pattern to be sending dataTasks in the extension. If the network extension needs the response to a HTTP request for behavioral purposes, and the container app is alive, the container app can send the request on behalf of the extension and then forward the response to the extension with:
NETunnelProviderSession and session.sendProviderMessage(...)? Otherwise you will be responsible for building and maintaining an HTTP stack on top of an API like NWTCPConnection and this just seems like something you do not want to get into.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Make HTTPS API call through the tunnel from within the Network Extension
 
 
Q