User Profile

Hi, I am writing a transparent proxy (using NETransparentProxyProvider) which could potentially multiplex thousands of flows. When i've done this in the past on other platforms i've used libev or epoll - but NEAppProxyFlow (such as NEAppProxyTcpFlow) don't work with any of those approaches afaict, it doesn't even appear to work with swift-nio - what is the recommended way to multiplex thousands of flows? I still intend to use swift-nio when i manage the real sockets (which proxy the flows), but how do i multiplex the NEAppProxyFlows themselves? Can someone suggest a highly scalable design? I'm new to this, and haven't found a good solution yet. Thanks

With the release of Big Sur - Network Kernel extensions are now officially inaccessible. However I cannot find the equivalent functionality I need in the new Network Extensions API. In my company's NKE (network kernel extension) - we were able to control the routing of packets in a specific application by hooking socket binds and/or rewriting the source IP of outgoing packets for that application. Doing this we could control which interface those packets went through for that application (so called split tunneling). I cannot see how to do something similar with the new System Extension/Network Extension APIs, even those updated for Big Sur. Is it possible to achieve this in Big Sur? Which APIs should i be looking at? Thanks!

Using "content filters" we can simply allow/reject packets - but how do we actually modify packets (or sockets)?Say i want to globally intercept socket bind() events and force sockets to bind to a different address, is this possible using Network Extensions?It's absolutely possible using the deprecated NKE API, further, this is also possible on Windows using WFP and a very nice API there too! - but i cannot figure out how to do this using Network Extensions. This is an extremely important capability!