Taking flow ahead in App Proxy

In the transparent app proxy once i get called at handleNewFlow. then i call openWithLocalEndpoint


i have few questions:

  1. thereafter do i have to keep calling send, receive just like normal socket program?
  2. if yes, which apis are to be used ?
  3. how is the function readDataWithCompletionHandler used in this context ?


this is as good as implementing a complete proxy .

is my above understanding right ?


i have a simple use case is of redirecting all the http traffic to my local application (different then the system extension) which will act like a proxy. is it possible to redirect this flow transparently to my application proxy running on localhost ?

Accepted Reply

thank you Matt.

Replies

After you've decided you are going to handle the flow you can utilize NEAppProxyTCPFlow and NWConnection to delegate any extended input / output actions you wish to achieve. For example:


// Where flow is flow: NEAppProxyTCPFlow
NWConnection(to: flow.remoteEndpoint.nwEndpoint, using: .tcp)


| thereafter do i have to keep calling send, receive just like normal socket program?

| if yes, which apis are to be used ?

| how is the function readDataWithCompletionHandler used in this context ?

|

| this is as good as implementing a complete proxy .

| is my above understanding right ?


Theoretically, yes, you should be able to direct this traffic to a local server on your system. Make sure when you do this to take a second look at the performance impact you incur, if any, by doing this.

| i have a simple use case is of redirecting all the http traffic to my local application

| (different then the system extension) which will act like a proxy. is it possible to

| redirect this flow transparently to my application proxy running on localhost ?


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Thanku Matt.


Instead of NWConnection i am using socket functions to connect to remote.

With socket APIs the connect to remote socket fails with Operation not permitted .


is it okay to use socket? if not,any other c/objective c based api apart from NWConnection which is Swift only.

There is technically nothing stopping you from using a BSD socket here. You probably just have an easier time with NWConnection because a lot of the leg work has been done for you already in Network Framework.

| With socket APIs the connect to remote socket fails with Operation not permitted .

|

| is it okay to use socket? if not,any other c/objective c based api apart from

| NWConnection


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

thank you Matt.