That's pretty much the question: we've got a tunnel provider, and I think the OS' ability to handle a captive portal situation is better than I could do, so is there a way to find out if we are in one, and if so wait for it to be handled by the user before we start doing things?
Great question. The general answer here is that there is no API to recognize if the user is in a captive portal session here from any of the NETunnelProvider APIs. I'm not sure whether this is iOS or macOS, but over in the SystemConfiguration APIs there is CNMarkPortalOnline for macOS, but that assumes that the app is the one doing the authentication. Note that this is not recommended for iOS also. In general, if this is macOS, the SystemConfiguration API "may" provide more information here, but this would require a lot of digging around.
From the NEPacketTunnelProvider prospective you would need to see this captive portal traffic coming through the tunnel and then react to it. This is of course if you knew what this traffic was going to be for the portal.
Yeah, macOS, using Transparent Proxy Provider.
I tried using network reachability, but that didn't do it, alas.
Oh: also, if I can do it anywhere in the OS, that's fine -- I can tell the provider to disable itself for a while, easily enough.
I tried using network reachability, but that didn't do it, alas.
Yeah, I would stay away from Reachability.
Regarding:
Yeah, macOS, using Transparent Proxy Provider.
If you are not able to detect this with the SystemConfiguration APIs, or but detecting the traffic pattern through your NETransparentProxyProvider then this sounds like an enhancement request.
I filed a TSI. I suspect that it'll end in an Enhancement Request rather than a solution, alas. I'd love to be wrong. 😄 (And I just filed FB10449617 anyway.)