Cannot open Chrome UDP flows in Transparent Proxy Provider

App & System Services Networking
Pelea OP
Created 1w
Replies 3
Boosts 0
Views 169
Participants 2

We are implementing a Transparent Proxy for HTTPS (via TCP and QUIC). The following rules are set in startProxy:

settings.includedNetworkRules = [
    NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "443"), prefix: 0, protocol: .TCP),
    NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: "::", port: "443"), prefix: 0, protocol: .TCP),
    NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "443"), prefix: 0, protocol: .UDP),
    NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: "::", port: "443"), prefix: 0, protocol: .UDP)
]

Handling TCP connections seems to work fine. But opening UDP flows from Chrome (or Brave) always fails with

Error Domain=NEAppProxyFlowErrorDomain Code=2 "The peer closed the flow"

(Doing the same for Firefox works!)

BTW: We first create a remote UDP connection (using the Network framework) and when it is in the ready state, we use connection?.currentPath?.localEndpoint as the localEndpoint parameter in the open method of the flow.

Is it a known issue that QUIC connections from Chrome cannot be handled by a Transparent Proxy Provider?

Replies  3
Boosts  0
Views  169
Participants  2
DTS Engineer OP
Apple
1w
Doing the same for Firefox works!

And Safari?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Pelea OP
1w

With Safari flows it works as well.

0
Pelea OP
5d

And Safari?

It seems that it is a problem with Chromium-based UDP flows.

For Chromium, Chrome, Brave, Opera I get the "The peer closed the flow" errors, for Safari and Firefox not.

0
Cannot open Chrome UDP flows in Transparent Proxy Provider
First post date Last post date
 
 
Q