NEPacketTunnelFlow

hi,eskimo:

I want to ask what data is there in the packets in the readPacketsWithCompletionHandler: method? Such as Tcp, upd

Up vote post of Alistar Down vote post of Alistar
3.0k views
Posted by
Alistar
Reply
Add a Comment

Accepted Reply

if the 

includedRoutes
attribute uses 
[NEIPv4Route defaultRoute]
, does it mean that all data on the phone will enter the tunnel?

Kinda. This causes the default route to switch to your VPN interface (it becomes the primary interface), and thus most traffic will be routed via your provider. However, there are exceptions, including:

  • Traffic generated by your provider (for obvious reasons)

  • Traffic for locally-connected networks

  • Traffic that targets a specific interface

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

If you call 

-readPacketsWithCompletionHandler:
then your completion handler is passed an array of packets and an array of protocols. The latter has an entry for each packet telling you whether the packet is UDP or TCP IPv4 or IPv6.

Generally I recommend that you use the newer 

-readPacketObjectsWithCompletionHandler:
method, which calls the completion handler with an array of 
NEPacket
objects, where each packet has a 
data
property and a 
protocolFamily
property.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you for your reply

I still have a problem, according to thepost, PacketTunnelProvider can only proxy HTTP. If he only configures the HTTP proxy, then -readPacketsWithCompletionHandler: or -readPacketObjectsWithCompletionHandler: can read UDP data?

-readPacketsWithCompletionHandler: What are the values of the method's protocols? What do you mean separately? I saw from the log that there is 2 this value.

Posted by
Alistar
Up vote reply of Alistar Down vote reply of Alistar
Add a Comment

[I must apologies for my previous post; I got confused and posted incorrect info, which I’ve corrected now.]

I saw from the log that there is 2 this value.

Right. That’s the value of 

AF_INET
, indicating that this is an IPv4 packet. The other value you’re likely to see is 30, that is, 
AF_INET6
.

Neither of these help you distinguish between the various protocols running over IP. To do that you’ll have to parse the IPv4 or IPv6 header (depending on the packet protocol number) to find the IP protocol number, which is likely to be either 6 (

IPPROTO_TCP
) or 17 ( 
IPPROTO_UDP
).

I still have a problem, according to thepost, PacketTunnelProvider can only proxy HTTP.

You are mixing up your layers here. A packet tunnel provider is connected at the IP layer, so it receives IP packets. In addition, any VPN can configure a set of custom proxies that apply when the VPN becomes the primary interface. If the VPN does that then HTTP[S] clients will use those proxies. However, the IP traffic generated by the HTTP[S] requests going to the proxy will still pass through the packet tunnel provider [1].

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Assuming they are routed via the default route. If the IP address of the proxy happens to hit a specific route — for example, a locally attached network, or a network that your provider has specifically excluded using the 

excludedRoutes
property — they’ll be routed via the associated interface.
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

If NEIPv4Settings.includedRoutes uses [NEIPv4Route defaultRoute], in -readPacketObjectsWithCompletionHandler: whether it is ip data read from the entire tunnel, including UDP, TCP?

Posted by
Alistar
Up vote reply of Alistar Down vote reply of Alistar
Add a Comment

I’m sorry but I can’t parse that question.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I’m sorry, It can be my uncle's unclearness. I mean, if the includedRoutes attribute uses [NEIPv4Route defaultRoute], does it mean that all data on the phone will enter the tunnel?

Posted by
Alistar
Up vote reply of Alistar Down vote reply of Alistar
Add a Comment

if the 

includedRoutes
attribute uses 
[NEIPv4Route defaultRoute]
, does it mean that all data on the phone will enter the tunnel?

Kinda. This causes the default route to switch to your VPN interface (it becomes the primary interface), and thus most traffic will be routed via your provider. However, there are exceptions, including:

  • Traffic generated by your provider (for obvious reasons)

  • Traffic for locally-connected networks

  • Traffic that targets a specific interface

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Thank you very much, I can read the data now.

But in the data I read, how do I split the header of an ip packet? For example, printing the header of UDP data in the console.

Posted by
Alistar
Up vote reply of Alistar Down vote reply of Alistar
Add a Comment

iOS does not have APIs for parsing IP packets. You’ll have to write this yourself (or use some third-party library).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment