2 Replies
      Latest reply on Feb 19, 2019 2:56 AM by thibault.ml
      thibault.ml Level 1 Level 1 (10 points)



        I was wondering why NEPacket's metadata was always nil in a packet tunnel.


        In writing a packet tunnel, it could be very interesting to know which app is making the request, not only for some good visualisation and understanding of where traffic is originating from, but also to potentially implement blacklists/whitelists through the VPN.

        I am aware of the Per-App VPN as well, but that is not enough because that only includes traffic from a whitelist, and that would also need to be set-up through MDM.


        What is a bit puzzling is that the documentation doesn't say when metadata could be set, although the headers actually do, stating:

        This property will only be non-nil when the routing method for the NEPacketTunnelProvider is NETunnelProviderRoutingMethodSourceApplication.


        However, NEPacket doesn't seem to be used anywhere else other than in a Packet Tunnel, so it is a bit confusing (although I guess it could be used internally by the Per-App VPN mechanism?)


        Am I doing something wrong? As in, is there a way for me to be able to get that metadata, that I may not be doing?


        If it isn't possible, I assume that'd be worth creating an enhancement request so that it's at least considered for future versions?

        • Re: Metadata in a packet tunnel
          eskimo Apple Staff Apple Staff (11,625 points)

          I was wondering why NEPacket’s metadata was always nil in a packet tunnel.

          The metadata is there to support per-app VPN, that is, source application routing mode.  You won’t get it in destination IP routing mode.

          If that would be useful to you, you should file an enhancement request describing your requirements.  Please post your bug number, just for the record.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"