NEPacketTunnelNetworkSettings excludedRoutes not working for few ip's such as: 239.255.255.250

App & System Services Networking
faisalIkwal OP
Created Aug ’23
Replies 4
Boosts 1
Views 989
Participants 2

Hi, We are observing few NEPacketTunnelNetworkSettings excludedRoutes ip's in PacketTunnel even-though it is added in exclude routes.

As you can see in network setting where we have added destinationAddress = 239.255.255.0 destinationSubnetMask = 255.255.255.0 in exclude route, still traffic of IP 239.255.255.250 coming to packet tunnel.

We also observing other IP's traffic that is not added in include route such as: 20.192.170.9

//Network Settings for Packet Tunnel  
IPv4Settings = {
        configMethod = PPP
        addresses = (
            10.10.10.10,
        )
        subnetMasks = (
            255.255.255.255,
        )
        includedRoutes = (
            {
                destinationAddress = 10.10.10.10
                destinationSubnetMask = 255.255.255.255
                gatewayAddress = 10.10.10.10
            },
        )
        excludedRoutes = (
            {
                destinationAddress = 192.168.0.0
                destinationSubnetMask = 255.255.0.0
            },
            {
                destinationAddress = 10.0.0.0
                destinationSubnetMask = 255.0.0.0
            },
            {
                destinationAddress = 127.0.0.1
                destinationSubnetMask = 255.255.255.255
            },
            {
                destinationAddress = 172.16.0.0
                destinationSubnetMask = 255.240.0.0
            },
            {
                destinationAddress = 239.255.255.0
                destinationSubnetMask = 255.255.255.0
            },
        )

am i doing something wrong in setting NEPacketTunnelNetworkSettings?

Answered by DTS Engineer in 763684022

is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

Most multicast programs explicitly control the interface, or interfaces, that they want to send on. That is, they look through the interface list, filter out the interfaces that they don’t care about, and explicitly send a copy of the multicast datagram to the remaining interfaces. In that case the system will pass the multicast datagram to your provider regardless of the routing rules.

This can happen with unicast datagrams as well, if the program binds a flow to a specific interface. You can learn more about this in the various posts hung off Extra-ordinary Networking. Search for the term scope.

What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

The datagram gets dropped. As to whether that’ll cause problems, it depends on what the program is doing. For an SSDP client, it just won’t find any services.

when multicast entitlement needed?

See the Local Network Privacy FAQ.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  4
Boosts  1
Views  989
Participants  2
faisalIkwal OP
Aug ’23

Hi @eskimo,

any thoughts on this?

0
DTS Engineer OP
Apple
Aug ’23

any thoughts on this?

Not off the top of my head.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
faisalIkwal OP
Sep ’23

Hi @eskimo

Looks like ip 239.255.255.250 is multicast address (Simple Service Discovery Protocol - SSDP)

I have following questions:

  • is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

  • What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

  • when multicast entitlement needed?

0
DTS Engineer OP
Apple
Sep ’23
Accepted Answer

is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

Most multicast programs explicitly control the interface, or interfaces, that they want to send on. That is, they look through the interface list, filter out the interfaces that they don’t care about, and explicitly send a copy of the multicast datagram to the remaining interfaces. In that case the system will pass the multicast datagram to your provider regardless of the routing rules.

This can happen with unicast datagrams as well, if the program binds a flow to a specific interface. You can learn more about this in the various posts hung off Extra-ordinary Networking. Search for the term scope.

What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

The datagram gets dropped. As to whether that’ll cause problems, it depends on what the program is doing. For an SSDP client, it just won’t find any services.

when multicast entitlement needed?

See the Local Network Privacy FAQ.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
NEPacketTunnelNetworkSettings excludedRoutes not working for few ip's such as: 239.255.255.250
First post date Last post date
 
 
Q