使用 macOS 网络扩展将传出 TCP 流量过滤到特定 IP
Filtering outgoing TCP traffic to specific IP with macOS Network Extension
我正在使用网络扩展来过滤到特定 IP 的传出 TCP 流量:
import NetworkExtension
import os.log
class FilterDataProvider: NEFilterDataProvider {
override func startFilter(completionHandler: @escaping (Error?) -> Void) {
let endpoint = NWHostEndpoint(hostname: "111.111.111.111", port: "0")
let networkRule = NENetworkRule(remoteNetwork: endpoint,
remotePrefix: 0,
localNetwork: nil,
localPrefix: 0,
protocol: .TCP,
direction: .outbound)
let filterRule = NEFilterRule(networkRule: networkRule, action: .filterData)
// Allow all flows that do not match the filter rules.
let filterSettings = NEFilterSettings(rules: [filterRule], defaultAction: .allow)
apply(filterSettings) { error in
if let applyError = error {
os_log("Failed to apply filter settings: %@", applyError.localizedDescription)
}
completionHandler(error)
}
}
override func stopFilter(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
completionHandler()
}
override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
guard let socketFlow = flow as? NEFilterSocketFlow,
let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,
let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {
return .allow()
}
os_log("Got a new flow with local endpoint %{public}@, remote endpoint %{public}@, direction %{public}@", localEndpoint, remoteEndpoint, flow.direction == .inbound ? "inbound" : "outbound")
return .allow()
}
}
但是,我也收到了我不感兴趣的 IP 的回调:
2021-06-02 06:58:53.333438-0700 0x1bf8 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 111.111.111.111:80, direction outbound
2021-06-02 06:59:27.487968-0700 0x1d11 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 111.222.111.222:80, direction outbound
2021-06-02 07:00:06.118907-0700 0x1d74 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 123.123.123.123:80, direction outbound
此外,当我尝试不仅拦截 TCP 流量还拦截 UDP,在 NENetworkRule 构造函数中提供“.all”而不是“.TCP”时,我开始接收来自和到达许多不同 IP 的出站和入站流量。
我做错了什么?谢谢
定义您希望允许的规则。然后,为所有不符合此规则的流量选择 defaultAction = NEFilterACtionFilterData。
NSMutableArray<NEFilterRule *>* rs = [NSMutableArray arayWithCapacity:1];
NEFilterRule*r=[[NEFilterRule alloc] initWithNetworkRule:[[NENetworkRule alloc]
initiWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"111.111.111.111" port:@"0"]
prefix:0
protocol:NENetworkRuleProtocolTCP
action:NEFilterActionAllow];
[rs addObject:r];
NEFIlterSettings* s = [[NEFilterSettings alloc] initWithRules:rs defaultAction:NEFilterACtionFilterData];
// 'self' is the packet filter provider implementation of yours
[self applySettings:s completionHandler^(NSError * e) { ... }
我至少解决了一个问题。 “remotePrefix”有子网掩码的意思。提供它的值为 0 是错误的。只抓取我感兴趣的IP,需要设置为32。描述here.
我正在使用网络扩展来过滤到特定 IP 的传出 TCP 流量:
import NetworkExtension
import os.log
class FilterDataProvider: NEFilterDataProvider {
override func startFilter(completionHandler: @escaping (Error?) -> Void) {
let endpoint = NWHostEndpoint(hostname: "111.111.111.111", port: "0")
let networkRule = NENetworkRule(remoteNetwork: endpoint,
remotePrefix: 0,
localNetwork: nil,
localPrefix: 0,
protocol: .TCP,
direction: .outbound)
let filterRule = NEFilterRule(networkRule: networkRule, action: .filterData)
// Allow all flows that do not match the filter rules.
let filterSettings = NEFilterSettings(rules: [filterRule], defaultAction: .allow)
apply(filterSettings) { error in
if let applyError = error {
os_log("Failed to apply filter settings: %@", applyError.localizedDescription)
}
completionHandler(error)
}
}
override func stopFilter(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
completionHandler()
}
override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
guard let socketFlow = flow as? NEFilterSocketFlow,
let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,
let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {
return .allow()
}
os_log("Got a new flow with local endpoint %{public}@, remote endpoint %{public}@, direction %{public}@", localEndpoint, remoteEndpoint, flow.direction == .inbound ? "inbound" : "outbound")
return .allow()
}
}
但是,我也收到了我不感兴趣的 IP 的回调:
2021-06-02 06:58:53.333438-0700 0x1bf8 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 111.111.111.111:80, direction outbound
2021-06-02 06:59:27.487968-0700 0x1d11 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 111.222.111.222:80, direction outbound
2021-06-02 07:00:06.118907-0700 0x1d74 Default 0x0 666 0 com.mycompany.MyApp: Got a new flow with local endpoint 0.0.0.0:0, remote endpoint 123.123.123.123:80, direction outbound
此外,当我尝试不仅拦截 TCP 流量还拦截 UDP,在 NENetworkRule 构造函数中提供“.all”而不是“.TCP”时,我开始接收来自和到达许多不同 IP 的出站和入站流量。
我做错了什么?谢谢
定义您希望允许的规则。然后,为所有不符合此规则的流量选择 defaultAction = NEFilterACtionFilterData。
NSMutableArray<NEFilterRule *>* rs = [NSMutableArray arayWithCapacity:1];
NEFilterRule*r=[[NEFilterRule alloc] initWithNetworkRule:[[NENetworkRule alloc]
initiWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"111.111.111.111" port:@"0"]
prefix:0
protocol:NENetworkRuleProtocolTCP
action:NEFilterActionAllow];
[rs addObject:r];
NEFIlterSettings* s = [[NEFilterSettings alloc] initWithRules:rs defaultAction:NEFilterACtionFilterData];
// 'self' is the packet filter provider implementation of yours
[self applySettings:s completionHandler^(NSError * e) { ... }
我至少解决了一个问题。 “remotePrefix”有子网掩码的意思。提供它的值为 0 是错误的。只抓取我感兴趣的IP,需要设置为32。描述here.