4 Replies
      Latest reply on May 27, 2020 12:21 AM by jeev2k
      jeev2k Level 1 Level 1 (0 points)

        In the transparent app proxy once i get called at handleNewFlow. then i call openWithLocalEndpoint

         

        i have few questions:

        1. thereafter do i have to keep calling send, receive just like normal socket program?
        2. if yes, which apis are to be used ?
        3. how is the function readDataWithCompletionHandler used in this context ?

         

        this is as good as implementing a complete proxy .

        is my above understanding right ?

         

        i have a simple use case is of redirecting all the http traffic to my local application (different then the system extension) which will act like a proxy. is it possible to redirect this flow transparently to my application proxy running on localhost ?

        • Re: Taking flow ahead in App Proxy
          meaton Apple Staff Apple Staff (220 points)

          After you've decided you are going to handle the flow you can utilize NEAppProxyTCPFlow and NWConnection to delegate any extended input / output actions you wish to achieve. For example:

           

          // Where flow is flow: NEAppProxyTCPFlow
          NWConnection(to: flow.remoteEndpoint.nwEndpoint, using: .tcp)

           

          | thereafter do i have to keep calling send, receive just like normal socket program?

          | if yes, which apis are to be used ?

          | how is the function readDataWithCompletionHandler used in this context ?

          |

          | this is as good as implementing a complete proxy .

          | is my above understanding right ?

           

          Theoretically, yes, you should be able to direct this traffic to a local server on your system.  Make sure when you do this to take a second look at the performance impact you  incur, if any, by doing this.

          | i have a simple use case is of redirecting all the http traffic to my local application

          | (different then the system extension) which will act like a proxy. is it possible to

          | redirect this flow transparently to my application proxy running on localhost ?

           

          Matt Eaton

          DTS Engineering, CoreOS

          meaton3 at apple.com

            • Re: Taking flow ahead in App Proxy
              jeev2k Level 1 Level 1 (0 points)

              Thanku Matt.

               

              Instead of NWConnection i am using socket functions to connect to remote.

              With socket APIs the connect to remote socket fails with Operation not permitted .

               

              is it okay to use socket? if not,any other c/objective c based api apart from NWConnection which is Swift only.

                • Re: Taking flow ahead in App Proxy
                  meaton Apple Staff Apple Staff (220 points)

                  There is technically nothing stopping you from using a BSD socket here. You probably just have an easier time with NWConnection because a lot of the leg work has been done for you already in Network Framework.

                  | With socket APIs the connect to remote socket fails with Operation not permitted .

                  |

                  | is it okay to use socket? if not,any other c/objective c based api apart from

                  | NWConnection

                   

                  Matt Eaton

                  DTS Engineering, CoreOS

                  meaton3 at apple.com