How can the Packet provider be configured to filter tunnel traffic ?
I believe that this is your question so I will attempt to answer this. It sounds like based on your description you have a
NEPacketTunnelProvider, a
NEFilterDataProvider, and a
NEFilterPacketProvider in your environment. If content filtering is your goal, then
you do not need a
NEPacketTunnelProvider as tunneling to null/loop is good for demonstration purposes but should not be done to actually tunnel traffic over the network or send it to another provider like
NEFilterPacketProvider. When I debug content filter scenario's like this I often start with one provider, in this case it is usually
NEFilterDataProvider and I run observations on the traffic in one terminal. Next, if all goes well, I bring in
NEFilterPacketProvider in another terminal and you should be able to see both running side by side.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com