Hi there,
This is the question when using dnsproxy together with appproxy.
In case I need to filter all udp traffic through appproxy. How about dns traffic to port 53? It will go through both appproxy and dnsproxy!
Do I need to return false inside appproxy for outbound 53 udp traffic without even open the flow?
Any conflict of such usage?
Thanks in advance for any suggestion.
Regards Richard
Do I need to return false inside appproxy for outbound 53 udp traffic without even open the flow? Any conflict of such usage?
Just as a data point, I have tested the compatibility between NEDNSProxyProvider and NETransparentProxyProvider on Big Sur, and these two providers were able to run together, so there should not be inherit functionality conflicts there. Now, as you are pointing out, there could be flow copying collisions between the two providers so there could be a case for your NETransparentProxyProvider to return false for UDP traffic, but you may not always be able to identify that the UDP traffic is port 53 in handleNewUDPFlow, so I would test this scenario out. There could also be a case to let your NETransparentProxyProvider handle all of the DNS and UDP flows on the system if that is something you want to do too. It's really up to you on how you want to approach this.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com