Hi. I implementing an AppProxyProvider that has to handle all TCP flows. This is the rule (based on https://developer.apple.com/forums/thread/667431):
NENetworkRule * filterRule = [[NENetworkRule new] initWithRemoteNetwork: nil remotePrefix: 0 localNetwork: nil localPrefix: 0 protocol:NENetworkRuleProtocolTCP direction:NETrafficDirectionOutbound];
proxySettings.includedNetworkRules = @[filterRule];
This is shown in the console log:
[Extension *****]: provider set tunnel configuration to tunnelRemoteAddress = <14-char-str> includedNetworkRules = ( { matchRemotePrefix = 0 matchProtocol = <3-char-str> matchDirection = <8-char-str> appliesToLoopback = NO }, ) isFullyTransparent = YES
This is working OK. But when I add an exclude rule (in order to sort out the issue mentioned in https://developer.apple.com/forums/thread/660195) the behaviour of the AppProxyProvider is strange: there is no any incoming flow. This is the rule:
NWHostEndpoint * tunnelHostIpRuleEndpoint = [NWHostEndpoint endpointWithHostname: @"xx.xx.xx.xx" port:@"0"];
NENetworkRule * tunnelHostIpRule = [[NENetworkRule new] initWithDestinationNetwork:tunnelHostIpRuleEndpoint prefix:0 protocol:NENetworkRuleProtocolTCP];
proxySettings.excludedNetworkRules = @[tunnelHostIpRule];
And this is shown in the console log:
[Extension ******]: provider set tunnel configuration to tunnelRemoteAddress = <14-char-str> includedNetworkRules = ( { matchRemotePrefix = 0 matchProtocol = <3-char-str> matchDirection = <8-char-str> appliesToLoopback = NO }, ) excludedNetworkRules = ( { matchRemoteEndpoint = xx.xx.xx.xx:0 matchRemotePrefix = 0 matchProtocol = <3-char-str> matchDirection = <8-char-str> appliesToLoopback = NO }, ) isFullyTransparent = YES
My expectation is that all flows be handled by the AppProxyProvider except the flows that match with the IP set in the exclude rule for any port.
Can you please advice if this is a bug or expected behaviour and recommend some option to accomplish my goal? Thanks