The correct realization of NEFilterDataProvider

App & System Services Networking
Ihor_Yachmenov OP
Created Mar ’21
Replies 2
Boosts 0
Views 554
Participants 2

I am examining how to correctly realize NEFilterDataProvider follows this documentation.

https://developer.apple.com/library/archive/samplecode/SimpleTunnel/Introduction/Intro.html

I don’t have Xcode 8.0 therefore I can’t run this code from the documentation I observe that this project contain framework <SimpleTunnelServices> I don’t fully understand what do this framework I was understood that this framework needs to realise custom network protocol, consequently, I have thoughts that for <NEFilterDataProvider> need custom network protocol, I am right?

Or I incorrectly understand this example?

At the current time, the VPN of the app based on IPSec protocol and I want to extend the functionality add <NEFilterDataProvider> but when I did use documentation from Apple, I have a little confused, are you can correct my thoughts about that to correct way?

If in short can I create <NEFilterDataProvider> based on IPSec protocol or I must realize a custom Network Protocol?
Replies  2
Boosts  0
Views  554
Participants  2
Systems Engineer OP
Apple
Mar ’21

If in short can I create <NEFilterDataProvider> based on IPSec protocol or I must realize a custom Network Protocol?

NEFilterDataProvider is an API to observe and content filter traffic on a device. It should not be used to tunnel traffic or route traffic to another location, like a VPN tunnel would tunnel traffic via IPSec. On iOS NEFilterDataProvider can only be run on supervised devices. What is your end goal here? Is it to create a content filter or a VPN. Keeping in mind that it is not supported to create a content filter using a VPN, i.e., using a Packet Tunnel to observe traffic and making blocking / allow decisions inside your Packet Tunnel.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Ihor_Yachmenov OP
Mar ’21

It should not be used to tunnel traffic or route traffic to another location like a VPN tunnel would tunnel traffic via IPSec.



This is bad for me, I am will try to describe my end goal, because now I fully confused and don’t know how solved my problem.

Give me please your professional view on this problem.

I have the app it’s like a simple browser(WKWebView) but with the opportunity to give access to the site if it is will be blocked.

My goal:

  1. Distribute app to Mac Appstore or just like .dmg it is doesn’t matter which one.

  2. Will give access to blocked sites.

My problem:

  1. How I can give access to the blocked site? How I can do this? Proxy or VPN. Proxy on WKWebView I can’t use, consequently need use VPN or SystemProxy.

  2. If I will be using a VPN or system proxy, I need to fix the problem with traffic from the whole system. How I can do this? Because I can’t allow myself to pass traffic from the whole system to my server, this is very expensive.

What are you can recommend in this situation? If I did select the wrong tools for this problem please correct me.

I am thinking about VPN connection from the whole system and then Create filter but now I am confused because I think it’s a bad way.
How would you solve this problem?
I am read a lot of information about NetworkExtension and have few ideas but now I think that they all maybe don’t be work.
0
The correct realization of NEFilterDataProvider
First post date Last post date
 
 
Q