custom proxy

Hi,

I need to create a standalone app within a custom proxy.

this proxy uses tcp connections among the proxy and the client apps and communicates using udp with other phones o PCs.

the proxy logic is inside a process that manages and modifies packages before sending them.

is it possible create a kind of this application for ios?

Thank you very much

Angelo

Replies

Is your goal to proxy just the connections made by your app? Or connections made by all apps on the system?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

My idea is to create a custom proxy that a lot of applications have to use to communicate with external world.


Thank you very much

Angelo

But I don't mean that all apps have to use this proxy.

the proxy exposes a tcp port where the applications have to connect if they use my custom technology.


is it possible to create this scenario?

thank you very much

is it possible to create this scenario?

Not really. The obvious way to do this would be to have your app running in the background servicing requests from that port. However, iOS’s strict rules about multitasking prevent that.

You may be able to make progress using a Network Extension tunnel provider (either a packet tunnel provider or an app proxy provider) but it’s debatable whether that’s an appropriate use of that API. Tunnel providers were designed to allow folks to create custom VPN tunnels, and such tunnels normally operate autonomously, they don’t require opt in from other apps on the system.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Ok,

does Network Extension tunnel provider use a custom socket?

My proxy uses a lowlevel sockets and I don't understand if I can use directly my sockets or I have to forwarde the in/out traffic to my sockets.


Thank you very much

Angelo

does Network Extension tunnel provider use a custom socket? My proxy uses a lowlevel sockets and I don't understand if I can use directly my sockets or I have to forwarde the in/out traffic to my sockets.

I’m sorry but I don’t understand this. Let me explain the landscape a bit and hopefully that will let you clarify your question.

The basic architecture for Network Extension providers looks something like this [1].

                                   +----------+
                                   |          |
                                   X          |
                                   |          |
App A  App B  App C        Tunnel Provider    |
  |      |      |                  |          |
  |      |      |                  Y          |
  |      |      |                  |          |
=================== The Kernel ===============|==
                    |        |                |
                    |        |                |
                    |        |                |
      physical interface   virtual interface -+

Here all normal apps talk to the kernel and, if the traffic is destined for the tunnel provider, the kernel routes it out to a virtual interface which loops back into the top of the tunnel provider (X). The tunnel provider then itself talks to the kernel (Y) for transferring tunnelled traffic over the physical interface.

When building a tunnel provider you have no control over X. The API you use to interact with this virtual interface is fixed by the type of tunnel provider you’re creating:

  • Packet tunnel providers work with a single

    NEPacketTunnelFlow
    which they get from their
    packetFlow
    property.
  • App proxy providers work with an arbitrary number of flows (either

    NEAppProxyTCPFlow
    or
    NEAppProxyUDPFlow
    ) that they receive via their override of the
    -handleNewFlow:
    method.

In contrast, you have lots of options for transferring tunnelled traffic (Y). We generally recommend that you use

NWTCPConnection
or
NWUDPSession
, but that’s not required. Many tunnel providers are based on core code that they share with other platforms, and thus it makes sense for them to use BSD Sockets for this.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I need to stress that this is just a simplified model, not how things actually work. There’s a lot of complicating factors here, including:

  • User space networking
  • Packet tunnel providers vs app proxy providers