NetworkExtension Cannot send packet

App & System Services Networking
SuloWang OP
Created Dec ’20
Replies 8
Boosts 0
Views 1.2k
Participants 4

  • (void)startTunnelWithOptions:(NSDictionary *)options completionHandler:(void (^)(NSError *))completionHandler

{

    log4cplusinfo("XDXVPNManager", "XDXPacketTunnelManager - Start Tunel !");

    NEPacketTunnelNetworkSettings *tunnelNetworkSettings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@XDXNETREMOTEADDRESS];

    tunnelNetworkSettings.MTU = [NSNumber numberWithInteger:XDXNETMTU];

    tunnelNetworkSettings.IPv4Settings = [[NEIPv4Settings alloc] initWithAddresses:[NSArray arrayWithObjects:@XDXNETTUNNELIPADDRESS, nil]  subnetMasks:[NSArray arrayWithObjects:@XDXNETSUBNETMASKS, nil]];

    tunnelNetworkSettings.IPv4Settings.includedRoutes = @[[NEIPv4Route defaultRoute]];



    [self setTunnelNetworkSettings:tunnelNetworkSettings completionHandler:^(NSError * Nullable error) {

        if (error == nil) {

            log4cplusinfo("XDXVPNManager", "XDXPacketTunnelManager - Start Tunel Success !");

            completionHandler(nil);

        }else {

            log4cpluserror("XDXVPNManager", "XDXPacketTunnelManager - Start Tunel Failed - %s !",error.debugDescription.UTF8String);

            completionHandler(error);

            return;

        }

    }];

    weak typeof(self) weakSelf = self;

    [self.packetFlow readPacketsWithCompletionHandler:^(NSArray<NSData *> * Nonnull packets, NSArray<NSNumber *> * _Nonnull protocols) {

        BOOL ret = [weakSelf.packetFlow writePackets:packets withProtocols:protocols];

    }];

}

ret == YES, But the phone connect to my hot can not receive the packet, and the debug navigator no network data
Replies  8
Boosts  0
Views  1.2k
Participants  4
Systems Engineer OP
Apple
Dec ’20
In this case the packets that you are reading from the TUN interface in readPacketsWithCompletionHandler are written back to the tun interface on writePackets and creating a loop. So, no traffic is actually hitting the network. Checkout the updated documentation on this here.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
SuloWang OP
Dec ’20
How do I tunnel packets from devices connected to my hot spot to the server? thank you
0
Systems Engineer OP
Apple
Dec ’20

How do I tunnel packets from devices connected to my hot spot to the server?

This is something you will need to work with your server side team on, but essentially, once you have read the packet flow from the virtual interface, you will need to perform any custom logic that is required by your business application for your custom packet flow and then send it over the wire to your VPN server. Likewise you will then need to read the packet flow from the wire and then write it back to the virtual interface.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
18061266213 OP
Dec ’20
How does network extension use "NEPacketTunnelFlow" to send data packets through udp and receive data in the network extension
0
Systems Engineer OP
Apple
Dec ’20
@18061266213
When you readPacketObjects from NEPacketTunnelFlow they are delivered from the virtual interface as raw IP packets and it would be up to you parse the IP packet to detect if the transport protocol is UDP / TCP and then send the packet over the wire as you see fit.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Systems Engineer OP
Apple
Dec ’21

@Cares

and written back to the tun interface on writePackets. But , I cannot read the modified Packet from the TUN interface in readPacketsWithCompletionHandler, where did the packet go?

When you modify the packet and write it back to the interface it's the same as sending the packet back to the VPN, so you have created a loop here and the traffic does not egress the system. Try writing the modified packet to the network and then receiving the packet from the network and writing it back to the virtual interface.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Systems Engineer OP
Apple
Dec ’21

@Cares

Here is the workflow that is recommended to use when processing packets from the virtual interface with NEPacketTunnelFlow. Read a packet from the interface with one of the readPacket functions. Fit this packet data into your own custom IP or VPN packet and send it over the network to your VPN server with an API like NWConnection or NWTCPConnection. Let your VPN server process the packet. Next, read the data sent back from the network and fit this data again into an NEPacket format that the system can understand. This would be similar to the packet that was original read. Then, take that NEPacket, or the Data, and write it back to the virtual interface. Any deviation from this pattern or path could end up in stange behavior.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Systems Engineer OP
Apple
Dec ’21

@Cares

Write the modified IP packet back to the VPN TUN interface;

This sounds like nothing meaningful will happen because you did not respond with anything from the network.

Regarding:

Then my proxy server can forward data by tcp socket, not IP packet; Among them, the proxy server is a local proxy, and both the proxy server and the VPN client run in the same process. Can my idea succeed? The key is whether the proxy server can accept the modified packet?

If you want a proxy, then use a proxy client such as NEAppProxyProvider, do not use a VPN to try and intercept traffic and use some complex IP packet forwarding logic to try and make this work. What you are describing is not a recommended workflow for NEPacketTunnelProvider, if you read traffic from the virtual interface with NEPacketTunnelProvider it is expected that you send it to the VPN server, receive the traffic from the VPN server and then write it back to the virtual interface.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
NetworkExtension Cannot send packet
First post date Last post date
 
 
Q