How to start NEAppProxyProvider?

Hey everyone, I try to figure out how it is possible to say the OS to call my overridden function "startProxy(options...)" from my extension. I have all the entitlements and profiles to build and run the app, but the function is not called.

Do I have to configure something ( maybe the NEAppProxyProviderManager.shared() ? ) in the containing main app that the operating systems knows that there is a proxy to use?


I had a look at the SimpleTunnel implementation from Apple, but I don't get it where in the code the system it told that it has to start using the proxy extension.


PS: Is it possible to test the AppProxyProvider without having a running proxy server anywhere? For example to say the serveraddress is the local gateway ,pass the data to it and it handles them as a normal packets from the device?


Thanks and greets,

effe2402

Up vote post of effe2402 Down vote post of effe2402
6.7k views
Posted by
effe2402
Reply
Add a Comment

Replies

My case is a bit different, there is not any VPN server.

To be clear, this is not an intended use case of the app proxy provider facility. You may be able to get this to work, but it’s not what it was designed to do.

How can I forward the flows to their destinations?

That would involve you opening a connection to the destination, using a TCP API of your choice, and than routing traffic between the 

NEAppProxyTCPFlow
and that TCP connection.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I started using NWTCPConnection, I create a tcpConnection with remoteEndpoint of tcpflow. And with KVO I listen state of connection but it doesn't change it is always Connecting. Before creating the tpcConnection I don't call any function from tcpFlow like open, read and write. Do you have any suggestions? 

let provider = NEProvider()
let connection = provider.createTCPConnection(to: tcpFlow.remoteEndpoint,
                                                          enableTLS: true,
                                                          tlsParameters: nil,
                                                          delegate: nil)
Posted by
Krypton
Up vote reply of Krypton Down vote reply of Krypton
Add a Comment

With regards line 1, you’re not supposed to construct an 

NEProvider
like this; rather, you should call this on 
self
, which is itself an 
NEProvider
.

If that doesn’t help you should use an RVI packet trace to see whether your connection attempt actually triggers any traffic on the wire. QA1176 Getting a Packet Trace describes how to take such a trace.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Good point thanks. I get an error from process kernel, which is did not match for AppProxyProvider. Do you have any idea? Might be related with entitlements?

Posted by
Krypton
Up vote reply of Krypton Down vote reply of Krypton
Add a Comment

Your RVI packet trace showed “an error from process kernel”? What does that mean?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi ,


Why the completionHandler block was not called after calling '-(void)readDataWithCompletionHandler:' of NEAppProxyTCPFlow?


The Managed APP has sent data, and I have got an instance of NEAppProxyTCPFlow from '-(void)handleNewFlow:'

and call '-(void)openWithLocalEndpoint: completionHandler:' also succeeded.



Thanks,

SKtt

Posted by
SKtt
Up vote reply of SKtt Down vote reply of SKtt
Add a Comment