How to update/edit excludedRoutes without re-set the TunnelNetworkSettings

App & System Services Networking
Appleaholic OP
Created Mar ’23
Replies 1
Boosts 0
Views 631
Participants 2

We have implemented System Extension with the capability of Packet Tunnel Provide.

Snapshot of code is

   let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
    
    /* DNS  settings. */
    let dnsSettings                          = NEDNSSettings(servers: dnsServerList)
    dnsSettings.matchDomains      = matchDomainList
    networkSettings.dnsSettings    = dnsSettings
    
    /* IPv4 settings */
    let ipV4Settings      = NEIPv4Settings(addresses: [tunnelAddress], subnetMasks: [tunnelSubnetMask])
    let includedRoute   = NEIPv4Route(destinationAddress: includeRouteIP, subnetMask:includeRouteSubnetMask)
    ipV4Settings.includedRoutes    = [includedRoutes]
    
    let excludedRoute   = NEIPv4Route(destinationAddress:excludedRouteId, subnetMask: excludedRouteSubnetMask)
    ipV4Settings.excludedRoutes       = [excludedRoute]
    
    networkSettings.ipv4Settings                 = ipV4Settings
    
    
    /* Set maximum transmission unit size in bytes */
    networkSettings.mtu                          = NSNumber(integerLiteral: mtuValue)
    

       setTunnelNetworkSettings(networkSettings) { [weak self] error in
        guard let self = self else { return }
        
        //business logic 
    }

And all is working fine

After some time based on some business logic we get some IPs that we want to exclude.

Question/Query

is it any way that we can update/edit the previous ipV4Settings.excludedRoutes list without resetting TunnelNetworkSettings

or any other API that we can use to edit the Routing Table directly?

Answered by DTS Engineer in 748005022

> any other API that we can use to edit the Routing Table directly?

Don’t modify the routing table directly. Doing that causes chaos because such changes are coordinated by System Configuration framework (well, it’s backing daemon, configd) in user space.

> is it any way that we can update/edit the previous ipV4Settings.excludedRoutes list without resetting TunnelNetworkSettings

I’m confused by your question here. If you want to update the tunnel’s setting, you call setTunnelNetworkSettings(…) with the new settings. The system detects what’s changed and applies the results. So, for example, it won’t tear down the tunnel just because you changed excludedRoutes.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  1
Boosts  0
Views  631
Participants  2
DTS Engineer OP
Apple
Mar ’23
Accepted Answer

> any other API that we can use to edit the Routing Table directly?

Don’t modify the routing table directly. Doing that causes chaos because such changes are coordinated by System Configuration framework (well, it’s backing daemon, configd) in user space.

> is it any way that we can update/edit the previous ipV4Settings.excludedRoutes list without resetting TunnelNetworkSettings

I’m confused by your question here. If you want to update the tunnel’s setting, you call setTunnelNetworkSettings(…) with the new settings. The system detects what’s changed and applies the results. So, for example, it won’t tear down the tunnel just because you changed excludedRoutes.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
How to update/edit excludedRoutes without re-set the TunnelNetworkSettings
First post date Last post date
 
 
Q