Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Lubbo
@lubbo
@zhuhaow Do you think this can work? Better/lighter alternatives?
zhuhaow
@zhuhaow
What do you want? Block certain website? Just write a dns module yourself (copy code from NEKit) and route dns packet to it.
Lubbo
@lubbo
You mean modifying DNSServer to implement the blocking logic then regiter it to TUNInterface which forwards packets from packetFlow using its input() method?
The problem is that it seems only few dns requests are passing through NetworkExtension packetFlow... I can see only those related to apple.com and icloud.com ...
I'm investigating, I would be sure I've properly configured NEPacketTunnelNetworkSettings
Lubbo
@lubbo
I don't understand what's the difference of providing NEIPv4Settings with NEIPv4Route.default includedRoutes instead of not providing NEIPv4Settings at all.
Apple Documentation is not very complete for this framework
Not providing NEIPv4Setting the Proxy works well and all Apps communicate properly but DNS query are not intercepted. If I provide NEIPv4Settings some apps don't work even if I don't block them (i.e. WhatsApp) and I can intercept only limited DNS query.
Lubbo
@lubbo
Maybe there's a DNS caching in iOS that avoid query retransmission, that's because I can't see all queries? And maybe there's a way to flush it?
btw: I'm reading deeply into your NEKit and I can only thank you about a great work!
zhuhaow
@zhuhaow
I think the DNS cache (most likely mdnsresponder) will be invalidated when VPN status changes. It's really unlikely you can get only a portion of the dns requests.
I'm not quite sure why you want to use RuleManager. You don't need NEKit at all (maybe a little part of it). You just need to hijack the DNS requests and respond accordingly.
张同
@425589643
support ssr?
Lubbo
@lubbo
@zhuhaow Can you suggest me a way to intercept in the NetworkExtension only DNS request and exclude other communications?
zhuhaow
@zhuhaow
Set dns server to some ip then route that ip to tun?
Lubbo
@lubbo
You mean the DNS settings in the NEPacketTunnelNetworkSettings? In this way NetworkExtension will receive all traffic, the DNS requests will be directed to that IP and I can manage it, but I also need to route others to the NEKit proxy to be forwarded?
Or setting only the DNS settings in the NEPacketTunnelNetworkSettings, only DNS request are intercepted by NetworkExtension?
Ke Li
@cnnblike
Just one quick question, is it possible to use NEKit as a way to route package to different remote address? Like I want to route all traffic to "www.example.com" to VPN remote "www.name1.com" while routing all traffic to "www.example2.com" to VPN remote "www.name2.com"?
zhuhaow
@zhuhaow
@lubbo If you want just dns traffic, then just route packets sent to dns server to tun interface (add the ip address to route table).
zhuhaow
@zhuhaow
@cnnblike Can you clarify what is package (I think you mean packets, but still) and VPN remote? NEKit does not work as a VPN or work with one. I’m not sure what you want to achieve but seems like you want to CNAME www.name1.com to www.example.com? Then hijack dns request or run your own dns server (on remote).
Ke Li
@cnnblike
@zhuhaow yeah, it should be packet :D Let me explain, I need have two different app, one contacting www.example1.com, while another using www.example2.com, want I'm expecting is modify the packet with different rule before the packet is sent out from iOS device. Is it possible with NEKit?
typo. I need have two different app -> I have two different app
typo again want -> what
Ke Li
@cnnblike
it's more like a MITM proxy for different app, not on remote server side, but on iOS side
Ke Li
@cnnblike
guess I should dive deep into the source code, though I'm not that familiar with the Swift-style of organizing code. thanks anyway.
Cimonk
@cimonk
请问有人用过这哥们的https://github.com/JayZhao/tun2socks 来处理TCP包吗?
目前用NEKIT大老的成功跑起来一下子后會crash,虽然已经有把MAXNWTCPSocketReadDataSize调低
看到先前2017年时有人说使用过/JayZhao/tun2socks 好似稳定 但我现在用swift 5是编译过了,但是封包没有通过去的感觉
AliThink
@AliThink
尝试过,还是会crash
Cimonk
@cimonk
请问 @AliThink 您后来如何解呢? 烦请指点一下 谢谢
目前因为遇到IM和影音串流平台的影片大都是走TCP,因应这样的需求必须启用tun2socks
且还需要不同rules去区分是否代理,故想说使用大老做的NEKit较为好用
AliThink
@AliThink
没解决。。
Cheng Zhang
@sing1ee
NEPacketTunnelProvider的packetFlow读到的是ip packet数据么?我用c++实现了一套socket,想在这里和NEPacketTunnelProvider集成。 @zhuhaow
zhuhaow
@zhuhaow
Cheng Zhang
@sing1ee
我现在用的一个socket库,是基于lwip做得一个用户态协议栈,需要走这个才能访问server,这里该怎么集成?请教一下
这个socket,我理解接受的应该是数据,而pakcetFlow读出来的是ip packet,要自己拆么
zhuhaow
@zhuhaow
不是很确定你指的是什么。不过这种难道不应该看你用的库的文档么
tanqci
@tanqci

@zhuhaow MACOS Catalina10.15.2
Xcode11.3/Xcode10.3
使用carthage导入NEKIT时遇到一个问题, NEKIT引用的 github "lexrus/MMDB-Swift" "0.3.0" 无法build,
* Building scheme "MMDB-iOS" in MMDB.xcodeproj
Build Failed
Task failed with exit code 65:
/usr/bin/xcrun xcodebuild -project /Users/daniel/Desktop/yunsheng-app/temp/vpn/NEKit-master/Carthage/Checkouts/MMDB-Swift/MMDB.xcodeproj -scheme MMDB-iOS -configuration Release -derivedDataPath /Users/daniel/Library/Caches/org.carthage.CarthageKit/DerivedData/11.3_11C29/MMDB-Swift/0.3.0 -sdk iphoneos ONLY_ACTIVE_ARCH=NO CODE_SIGNING_REQUIRED=NO CODE_SIGN_IDENTITY= CARTHAGE=YES archive -archivePath /var/folders/2l/ydn1n21s7vd1j30vw40ksv4r0000gn/T/MMDB-Swift SKIP_INSTALL=YES GCC_INSTRUMENT_PROGRAM_FLOW_ARCS=NO CLANG_ENABLE_CODE_COVERAGE=NO STRIP_INSTALLED_PRODUCT=NO (launched in /Users/daniel/Desktop/yunsheng-app/temp/vpn/NEKit-master/Carthage/Checkouts/MMDB-Swift

我试command line tools中使用xcode10.3,也是同样的报错,
我单独用carthage 去 github "lexrus/MMDB-Swift" "0.5.0" build是正常的, github "lexrus/MMDB-Swift" "0.3.0"就报错, 造成NEKIT无法引用, 请问有解决方案吗? 非常感谢

查看log, builtin-RegisterExecutionPolicyException /Users/daniel/Library/Caches/org.carthage.CarthageKit/DerivedData/11.3_11C29/MMDB-Swift/0.3.0/Build/Intermediates.noindex/ArchiveIntermediates/MMDB-iOS/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/MMDB.framework
note: Execution policy exception registration failed and was skipped: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" (in target 'MMDB-iOS' from project 'MMDB')
zhuhaow
@zhuhaow
我修一下
tanqci
@tanqci
@zhuhaow 非常感谢, 我的错误日志上传到了https://github.com/lexrus/MMDB-Swift/issues/11最后一个提问
zhuhaow
@zhuhaow
应该已经修复了
我还在等ci
zhuhaow
@zhuhaow
修复了
tanqci
@tanqci
太棒了, 编译的很顺利
AliThink
@AliThink
666
keshavkishore09
@keshavkishore09
We are using NEKIT framework to route our app traffic to local proxy server inside iOS make some modification at server and then send it to internet. This is MITM attack we are making for modifications. The problem with this implementation is, we have to switch on and off thr VPN if app goes foreground and background respectively for other apps to work seemlessly. Is there any way in NeKIT to identify from where this request is coming so that we can send other app requests through normal ISP and our app request through local proxy? @zhuhaow
tanqci
@tanqci
@zhuhaow 项目需要记录用户访问过的url和ip, 请问在PacketTunnelProvider.swift中, 有办法使用NEKIT的方法获取url和ip吗? 我使用self.packetFlow.readPackets { (packets: [Data], protocols: [NSNumber]) in
的办法, 一直无法获取
这里应该能获取到的
tanqci
@tanqci
@wangjinwei0806 非常感谢指点, 能更详细一点指导一下怎么调用HTTPHeader来获取访问的网址吗, 我看里边有 open var foundationURL: URL?
open var homemadeURL: NEKit.HTTPURL?
open var host: String
open var port: Int 但是不知道具体如何实现