A bad time to ask, I'm sure, since everyone is busy with WWDC.
- What is the difference between
filterSocketsandfilterPackets? In terms of code and classes, I mean. (For my very simple test, if I setfilterSocketsto true, it just doesn't seem to work.) - Related to that: with
filterPacketsset to true, what data isNEFilterPacketProvider.packetHandlergetting? It looks like a subset of an ethernet packet on my system (which, in fact, does have wired ethernet!). But it's missing some of the wire bits (the preamble and SFP), and the length is wrong. (Eg., the handler is given bytes of length 1514, but the ethernet length field is 1500 -- but there are 16 bytes before the length field, plus the two bytes of the length/type.) I suppose it's possible it's not an ethernet packet, but it certainly looks like one, just... slightly wrong.
What is the difference between filterSockets and filterPackets? In terms of code and classes, I mean.
From a very high level, filterPackets is used to instantiate the NEFilterPacketProvider to making filtering decisions based on network packets that are being routed to the provided. filterSockets is used to instantiate a NEFilterDataProvider to make filtering decisions based at a connection level. It is possible to have both providers running at the same time, but in-practice I find using one or the other typically works for most filtering needs.
Related to that: with filterPackets set to true, what data is NEFilterPacketProvider.packetHandler getting?
packetHandler should be getting network packets to make filtering decision on. If you see an inconsistency here, I would recommend opening a bug report with a focused sample. Please add the Feedback ID here.