I want my iOS app to be able to create raw sockets.
I tried creating raw BSD sockets and even tried creating them using CFSocket api.
As I understand that creating raw sockets on linux requires root previlige. So, both these requests fail.
Is there any alternative to raw sockets here, for being able to send raw ip packets out to a interface and adding the ip headers ourselves ?
Thanking You,
Anant Sah
As I understand that creating raw sockets on linux requires root [privileges].
Correct.
Is there any alternative to raw sockets here, for being able to send raw ip packets out to a interface and adding the ip headers ourselves ?
The most common use case for raw IP is ICMP, and iOS has special affordances for that. The SimplePing sample code shows how to do ICMP in a way that doesn’t require root privileges.
If that’s insufficient then you are, alas, out of luck. General raw IP requires root privileges and iOS apps can’t run with root privileges. If this is important to you, I recommend that you file an enhancement request describing your requirements.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thankyou for your reply.
No I wished to be able to add my own ip headers to tcp packets and then send them out through the physical interface.
ICMP is not the scenario I am looking for.
The raw socket create call returns with -1.
I am getting ip packets out of the virtual utun0 interface to my packettunnelprovider, and I wished to send these original packets out through the physical interface, changing the src from virtual ip to actual ip, without encapsulating them.
If the original socket that created these packets were bound to both the virtual and main interface, the return packets will be delivered to it.
And for that I needed raw sockets.
Now I am trying a different approach . I will reassemble the underlying tcp packets that I get from utun0 to get the original data. I will send out the original data on a new tcp connection.
And when I get the reply back on this new connection - I will create tcp packets of it again, add virtual ip header and send it to the virtual utun0 iterface.
I know its complex, will have to take care of tcp sequence numbers and all, but I am looking forward for it to work.
Thanking You,
Anant Sah
Now I am trying a different approach . I will reassemble the underlying tcp packets that I get from utun0 to get the original data.
Oh boy, have fun with that (-:
What do you plan to do with UDP? ICMP? Other IP protocols?
Regardless, it sounds like the current packet tunnel provider architecture isn’t a great match for your VPN architecture. Feel free to file an enhancement request for the former describing the requirements of the latter. Please post your bug number, just for the record.
You should also feel free to file a bug requesting that we allow iOS apps to access raw IP. That security restriction should go the way of the dinosaurs IMO.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"I will try to handle all protocols individually. I know that is far from perfect. App proxy directly gives application level data, but it only works for managed apps.
So, we have no other option than to go with Packet Tunneling.
Once I get tcp working, other protocols should be comparitively straightforward, mainly UDP.
I would file a request for raw sockets, infact it seems there are many questions by people requesting the same thing.
Thanking You,
Anant Sah
Hi Anantsah
I'm also looking for a way to just forward IP packets from the virtual interface. Have you been successful with the approach to reassemble the tcp packets? Is there a way to contact you outside the forum?
best
amreinse
lwip can forward IP packets from the virtual interface.
How this helps on iOS?