NEPacketTunnelNetworkSettings excludedRoutes not working for few ip's such as: 239.255.255.250

Hi, We are observing few NEPacketTunnelNetworkSettings excludedRoutes ip's in PacketTunnel even-though it is added in exclude routes.

As you can see in network setting where we have added destinationAddress = 239.255.255.0 destinationSubnetMask = 255.255.255.0 in exclude route, still traffic of IP 239.255.255.250 coming to packet tunnel.

We also observing other IP's traffic that is not added in include route such as: 20.192.170.9

//Network Settings for Packet Tunnel  
IPv4Settings = {
        configMethod = PPP
        addresses = (
            10.10.10.10,
        )
        subnetMasks = (
            255.255.255.255,
        )
        includedRoutes = (
            {
                destinationAddress = 10.10.10.10
                destinationSubnetMask = 255.255.255.255
                gatewayAddress = 10.10.10.10
            },
        )
        excludedRoutes = (
            {
                destinationAddress = 192.168.0.0
                destinationSubnetMask = 255.255.0.0
            },
            {
                destinationAddress = 10.0.0.0
                destinationSubnetMask = 255.0.0.0
            },
            {
                destinationAddress = 127.0.0.1
                destinationSubnetMask = 255.255.255.255
            },
            {
                destinationAddress = 172.16.0.0
                destinationSubnetMask = 255.240.0.0
            },
            {
                destinationAddress = 239.255.255.0
                destinationSubnetMask = 255.255.255.0
            },
        )

am i doing something wrong in setting NEPacketTunnelNetworkSettings?

Up vote post of faisalIkwal Down vote post of faisalIkwal
683 views
Posted by
faisalIkwal
Reply
Add a Comment

Accepted Reply

is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

Most multicast programs explicitly control the interface, or interfaces, that they want to send on. That is, they look through the interface list, filter out the interfaces that they don’t care about, and explicitly send a copy of the multicast datagram to the remaining interfaces. In that case the system will pass the multicast datagram to your provider regardless of the routing rules.

This can happen with unicast datagrams as well, if the program binds a flow to a specific interface. You can learn more about this in the various posts hung off Extra-ordinary Networking. Search for the term scope.

What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

The datagram gets dropped. As to whether that’ll cause problems, it depends on what the program is doing. For an SSDP client, it just won’t find any services.

when multicast entitlement needed?

See the Local Network Privacy FAQ.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

Hi @eskimo,

any thoughts on this?

Posted by
faisalIkwal
Up vote reply of faisalIkwal Down vote reply of faisalIkwal
Add a Comment

any thoughts on this?

Not off the top of my head.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi @eskimo

Looks like ip 239.255.255.250 is multicast address (Simple Service Discovery Protocol - SSDP)

I have following questions:

  • is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

  • What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

  • when multicast entitlement needed?

Posted by
faisalIkwal
Up vote reply of faisalIkwal Down vote reply of faisalIkwal
Add a Comment

is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule?

Most multicast programs explicitly control the interface, or interfaces, that they want to send on. That is, they look through the interface list, filter out the interfaces that they don’t care about, and explicitly send a copy of the multicast datagram to the remaining interfaces. In that case the system will pass the multicast datagram to your provider regardless of the routing rules.

This can happen with unicast datagrams as well, if the program binds a flow to a specific interface. You can learn more about this in the various posts hung off Extra-ordinary Networking. Search for the term scope.

What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets?

The datagram gets dropped. As to whether that’ll cause problems, it depends on what the program is doing. For an SSDP client, it just won’t find any services.

when multicast entitlement needed?

See the Local Network Privacy FAQ.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment