NEFilterDataProvider filterDataVerdictWithFilterInbound issue

App & System Services General
GreyLuo OP
Created Nov ’23
Replies 2
Boosts 0
Views 589
Participants 1 
- (NEFilterNewFlowVerdict *)handleNewFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    int PEEKSIZE = 512;
    NEFilterNewFlowVerdict *flowVerdict = [NEFilterNewFlowVerdict filterDataVerdictWithFilterInbound:YES
                                                                                   peekInboundBytes:PEEKSIZE
                                                                                  filterOutbound:YES
                                                                                peekOutboundBytes:PEEKSIZE];
    return flowVerdict;
}

- (NEFilterDataVerdict *)handleInboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [self handlePacket:flow withExtraInfo: extraInfo];
}

- (NEFilterDataVerdict *)handleOutboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [self handlePacket:flow withExtraInfo: extraInfo];
}

- (NEFilterDataVerdict *)handleInboundDataCompleteForFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [NEFilterDataVerdict allowVerdict];

}

- (NEFilterDataVerdict *)handleOutboundDataCompleteForFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [NEFilterDataVerdict allowVerdict];
}

1. Why are handleInboundDataFromFlow and handleOutboundDataFromFlow sometimes not called?

2. If filtering for a flow, is it necessary not only to handle handleInboundDataFromFlow and handleOutboundDataFromFlow, but also to handle handleInboundDataCompleteForFlow and handleOutboundDataCompleteForFlow to ensure that all packets are processed? This is to avoid situations where some packets do not have a verdict returned, leading to a loss of internet connectivity.

3. In the context of flow handling, does handleInboundDataFromFlow or handleInboundDataCompleteForFlow get called exclusively, and similarly, does handleOutboundDataFromFlow or handleOutboundDataCompleteForFlow get called exclusively?

Replies  2
Boosts  0
Views  589
Participants  1
GreyLuo OP
Nov ’23

why do all flows droped ? I want each flow can be filter by handleInboundDataFromFlow or handleOutboundDataFromFlow, but sometimes , handleInboundDataFromFlow and handleOutboundDataFromFlow did not called , the following codes will cause all flows droped, why ?

- (NEFilterDataVerdict *)handleInboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    //DDLogDebug(@"handleInboundDataFromFlow: %lu", [readBytes length]);
    NSMutableDictionary *extraInfo = [NSMutableDictionary dictionary];
    if ([self isUDPProtocol: flow]) {
        //so far, we only support UDP dns
        NSDictionary *dnsInfo = [DNSPacketParseHelper parsePacket: readBytes];
        if (dnsInfo) {
            extraInfo[@"dns"] = dnsInfo;
            DDLogDebug(@"DNS packet parsed: %@", dnsInfo);
        }
    } else if ([self isTCPProtocol: flow]) {
        //so far, we only support http, not support https
        NSDictionary *httpInfo = [HttpPacketParseHelper extractHTTPFieldsFromTCPData: readBytes isOutboundPacket: YES];
        if (httpInfo && httpInfo.allKeys.count > 0) {
            extraInfo[@"http"] = httpInfo;
            DDLogDebug(@"Http packet parsed: %@", httpInfo);
        }
    }
    return [self handlePacket:flow withExtraInfo: extraInfo];
}

- (NEFilterDataVerdict *)handleOutboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    //DDLogDebug(@"handleOutboundDataFromFlow: %lu", [readBytes length]);
    NSMutableDictionary *extraInfo = [NSMutableDictionary dictionary];
    if ([self isUDPProtocol: flow]) {
        //so far, we only support UDP dns
        NSDictionary *dnsInfo = [DNSPacketParseHelper parsePacket: readBytes];
        if (dnsInfo) {
            extraInfo[@"dns"] = dnsInfo;
            DDLogDebug(@"DNS packet parsed: %@", dnsInfo);
        }
    } else if ([self isTCPProtocol: flow]) {
        //so far, we only support http, not support https
        NSDictionary *httpInfo = [HttpPacketParseHelper extractHTTPFieldsFromTCPData: readBytes isOutboundPacket: YES];
        if (httpInfo && httpInfo.allKeys.count > 0) {
            extraInfo[@"http"] = httpInfo;
            DDLogDebug(@"Http packet parsed: %@", httpInfo);
        }
    }
    return [self handlePacket:flow withExtraInfo: extraInfo];
}

- (NEFilterDataVerdict *)handleInboundDataCompleteForFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [NEFilterDataVerdict allowVerdict];

}

- (NEFilterDataVerdict *)handleOutboundDataCompleteForFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    return [NEFilterDataVerdict allowVerdict];
}
0
GreyLuo OP
Nov ’23 
- (NEFilterNewFlowVerdict *)handleNewFlow:(NEFilterFlow *)flow {
    DDLogDebug(@"method '%s' invoked  for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString);
    int PEEKSIZE = 512;
    NEFilterNewFlowVerdict *flowVerdict = [NEFilterNewFlowVerdict filterDataVerdictWithFilterInbound:YES
                                                                                   peekInboundBytes:PEEKSIZE
                                                                                  filterOutbound:YES
                                                                                peekOutboundBytes:PEEKSIZE];
    return flowVerdict;
}

handleOutboundDataFromFlow and handleInboundDataCompleteForFlow will not be called when PEEKSIZE == 0 ? all flows will be drop ?

0
NEFilterDataProvider filterDataVerdictWithFilterInbound issue
First post date Last post date
 
 
Q