How to configure NEFilterDataprovider

Question

Created Apr ’21

Replies 1

Boosts 0

Participants 2

due to SimpleFirewall example I tried to convert it for iOS, but there is several vagus that I couldn't solve them.

1 - first here is used NENetworkRule and NEFilterSettings but both of them are available for mac apps, and I couldn't find any alternative for iOS

Code Block let filterRules = ["0.0.0.0", "::"].map { address -> NEFilterRule in
let localNetwork = NWHostEndpoint(hostname: address, port: FilterDataProvider.localPort)
let inboundNetworkRule = NENetworkRule(remoteNetwork: nil, remotePrefix: 0, localNetwork: localNetwork, localPrefix: 0, protocol: .TCP, direction: .inbound)
            return NEFilterRule(networkRule: inboundNetworkRule, action: .filterData)
}
 // Allow all flows that do not match the filter rules.
let filterSettings = NEFilterSettings(rules: filterRules, defaultAction: .allow)
apply(filterSettings) { error in
            if let applyError = error {
                os_log("Failed to apply filter settings: %@", applyError.localizedDescription)
            }
            completionHandler(error)
}

2 - I wanted to configure with NEFilterProviderConfiguration and I realized if I want to config a device as a client base, I must configure with vendorConfiguration ( is it correct??) , but the problem is there isn't any document for it, I just realized I must pass a [String : Any]? dictionary to it, and the value must be NSSecureCoding and I don't know how to make that dictionary?, I guess the key is the host name but I don't know how to fill the value!.

3 - and the third problem is I wanted to configure NEFilterManager with the datafilterprovider's bundle, but it doesn't have any property to set. how can I connect the project to filterprovider target in iOS

Boost

Answer 1

Systems Engineer OP

Apple

Apr ’21

1 - first here is used NENetworkRule and NEFilterSettings but both of them are available for mac apps, and I couldn't find any alternative for iOS

Great point, to work around this as a test case for iOS just skip the NENetworkRule's and return the completion handler after any other setup you are performing.

2 - I wanted to configure with NEFilterProviderConfiguration and I realized if I want to
config a device as a client base, I must configure with vendorConfiguration ( is it
correct??) , but the problem is there isn't any document for it, I just realized I must
pass a [String : Any]? dictionary to it, and the value must be NSSecureCoding and I
don't know how to make that dictionary?, I guess the key is the host name but I don't
know how to fill the value!.

Configuring the vendorConfiguration is not a requirement to get the provider off the ground, as I have enabled a NEFilterDataProvider for testing purposes with:

Code Block objective-cNEFilterManager *sharedManager = [NEFilterManager sharedManager];
[[NEFilterManager sharedManager] loadFromPreferencesWithCompletionHandler:^( NSError * _Nullable error) {
    if (error != nil) {
        /* Handle Error */
        return;
    }
    if (sharedManager.providerConfiguration == nil) {
        NEFilterProviderConfiguration *providerConfig = [[NEFilterProviderConfiguration alloc] init];
        providerConfig.filterSockets = YES;
        providerConfig.organization = @"Testing Organization";
        sharedManager.providerConfiguration = providerConfig;
        sharedManager.localizedDescription = @"Filter Test Bed";
    }
    sharedManager.enabled = YES;
    
    [sharedManager saveToPreferencesWithCompletionHandler:^( NSError * _Nullable error) {
        dispatch_async(dispatch_get_main_queue(), ^{
            if (error != nil) {
                /* Handle Error */
                return;
            } else {
                /* Handle Success */
            }
        });
    }];
}];

As to your more specific question though; this dictionary can be setup with custom data that you define the keys and values for. An example of this would be a VendorConfig dictionary from the MDM payload:

Code Block xml<key>VendorConfig</key>
<dict>
	<key>host</key>
	<string>https://example.com</string>
	<key>test</key>
	<string>Value</string>
</dict>

3 - and the third problem is I wanted to configure NEFilterManager with the
datafilterprovider's bundle, but it doesn't have any property to set. how can I connect
the project to filterprovider target in iOS

Great question. On iOS this is not done like it is done in macOS with a Network System Extension. In the provider's target make sure this is set in the Info.plist:

Code Block xml<key>NSExtension</key>
<dict>
    <key>NSExtensionPointIdentifier</key>
    <string>com.apple.networkextension.filter-data</string>
    <key>NSExtensionPrincipalClass</key>
    <string>FilterDataProvider</string>
</dict>

And the Network Extension contains the entitlement for:

Code Block xml<key>com.apple.developer.networking.networkextension</key>
<array>
	<string>content-filter-provider</string>
</array>

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0