NetworkExtension Flow source of traffic

Is there a way to determine what application the NEFlow traffic is coming from?

Replies

NEAppProxyFlow has a

metaData
property of type NEFlowMetaData. This, in turn, has both
sourceAppUniqueIdentifier
and
sourceAppSigningIdentifier
properties.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I am trying to determine the traffic coming from in NEFilter extentions, not the NEAppProxy extension. Is this possible in the NEFilter network extensions?

Is this possible in the NEFilter network extensions?

No. If you'd like to see such support added in the future, I encourage you to file an enhancement request describing your requirements.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi, eskimo


I implement a NEPacketTunnelProvider Extension, when I read out the NEPacket from the packetTunnelProvider's pacekFlow property, why the metaData of NEPacket is always NULL? I want to get the "sourceAppSigningIdentifier" from it to determin from which App every packet come from.


Or Is there other methods to achieve the purpose?


thanks

I implement a NEPacketTunnelProvider Extension, when I read out the NEPacket from the packetTunnelProvider's pacekFlow property, why the metaData of NEPacket is always NULL?

Are you running the packet tunnel provider in per-app VPN mode? Only per-app VPN (either an app proxy or a packet tunnel provider in per-app VPN mode) has access to this metadata.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,



Following the docs (And the SimpleTunnel example - with mods), we've come to use



readPacketObjects instead of readPackets (self.packetFlow.readPacketObject {...}) This giving access to the nepacket (https://developer.apple.com/documentation/networkextension/nepacket) and therefore the metadata (https://developer.apple.com/documentation/networkextension/nepacket/2118332-metadata). But as suggested above, is always nil... are you saying this is the case unless we use per-app-vpn? The docs don't make this clear under:



https://developer.apple.com/documentation/networkextension/nepackettunnelprovider (Which shows https://developer.apple.com/documentation/networkextension/nepackettunnelprovider/1406185-packetflow where we can readPacketObject)



Thanks.

are you saying this is the case unless we use per-app-vpn?

Yes. This metadata is only available to per-app VPN configurations (either an app proxy or a packet tunnel provider in per-app VPN mode).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for the clarification... and a per-app VPN configurations is only possible in a MDM environment?

a per-app VPN configurations is only possible in a MDM environment?

On iOS, yes. MDM allows you to tag a specific app with a

VPNUUID
value, which is then matched up with the
VPNUUID
value you associate with the VPN configuration. On macOS you can do this via the App-to-Per-App VPN Mapping payload (
com.apple.vpn.managed.appmapping
) but that payload is not supported on iOS.

See the Configuration Profile Reference for details.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi


Need some clarification.


How can we get the DesignatedRequirement and SigningIdentifier of an app to configure the per-app VPN for macOS??


Thanks

You can do this using

codesign
:
$ codesign -d --requirements - /Applications/TextEdit.app
Executable=/Applications/TextEdit.app/Contents/MacOS/TextEdit
designated => identifier "com.apple.TextEdit" and anchor apple
$
$ codesign -d -v /Applications/TextEdit.app
Executable=/Applications/TextEdit.app/Contents/MacOS/TextEdit
Identifier=com.apple.TextEdit
…

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

And can we create a local VPN on a user device so that data remain in the user's device without any involvement of a remote server?