does Network Extension tunnel provider use a custom socket? My proxy uses a lowlevel sockets and I don't understand if I can use directly my sockets or I have to forwarde the in/out traffic to my sockets.
I’m sorry but I don’t understand this. Let me explain the landscape a bit and hopefully that will let you clarify your question.
The basic architecture for Network Extension providers looks something like this [1].
+----------+
| |
X |
| |
App A App B App C Tunnel Provider |
| | | | |
| | | Y |
| | | | |
=================== The Kernel ===============|==
| | |
| | |
| | |
physical interface virtual interface -+
Here all normal apps talk to the kernel and, if the traffic is destined for the tunnel provider, the kernel routes it out to a virtual interface which loops back into the top of the tunnel provider (X). The tunnel provider then itself talks to the kernel (Y) for transferring tunnelled traffic over the physical interface.
When building a tunnel provider you have no control over X. The API you use to interact with this virtual interface is fixed by the type of tunnel provider you’re creating:
In contrast, you have lots of options for transferring tunnelled traffic (Y). We generally recommend that you use
NWTCPConnection
or
NWUDPSession
, but that’s not required. Many tunnel providers are based on core code that they share with other platforms, and thus it makes sense for them to use BSD Sockets for this.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
[1] I need to stress that this is just a simplified model, not how things actually work. There’s a lot of complicating factors here, including:
- User space networking
- Packet tunnel providers vs app proxy providers