SimpleTunnel: Customized Networking Using the NetworkExtension Framework: Version 1.3, 2016-10-04

Updated to Swift 3

The Network Extension framework exposes APIs that give you the ability to customize the networking features of iOS and OS X. This sample project demonstrates how to:

- Use the NEPacketTunnelProvider class to implement a custom VPN tunneling protocol. - Use the NETunnelProviderManager class to create and manage VPN configurations that use the custom VPN tunneling protocol. - Use the NEAppProxyProvider class to implement a custom transparent network proxy protocol. - Use the NEAppProxyProviderManager class to manage VPN configurations that use the transparent network proxy protocol. - Use the NEFilterControlProvider and NEFilterDataProvider classes to implement a custom on-device content filtering service. - Use the NEFilterManager class to configure the custom filtering service.

Signed-off-by: Liu Lantao <[email protected]>

Author: Lax

SimpleTunnel/AppProxy/AppProxyClientTunnel.swift

@@ -18,15 +18,15 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	var tunnel: ClientTunnel?
 
 	/// The completion handler to call when the tunnel is fully established.
-	var pendingStartCompletion: (NSError? -> Void)?
+	var pendingStartCompletion: ((NSError?) -> Void)?
 
 	/// The completion handler to call when the tunnel is fully disconnected.
-	var pendingStopCompletion: (Void -> Void)?
+	var pendingStopCompletion: ((Void) -> Void)?
 
 	// MARK: NEAppProxyProvider
 
 	/// Begin the process of establishing the tunnel.
-	override func startProxyWithOptions(options: [String : AnyObject]?, completionHandler: (NSError?) -> Void) {
+	override func startProxy(options: [String : Any]?, completionHandler: @escaping (Error?) -> Void) {
 
 		let newTunnel = ClientTunnel()
 		newTunnel.delegate = self
@@ -41,7 +41,7 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	}
 
 	/// Begin the process of stopping the tunnel.
-	override func stopProxyWithReason(reason: NEProviderStopReason, completionHandler: () -> Void) {
+	override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
 
 		// Clear out any pending start completion handler.
 		pendingStartCompletion = nil
@@ -51,7 +51,7 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	}
 
 	/// Handle a new flow of network data created by an application.
-	override func handleNewFlow(flow: (NEAppProxyFlow?)) -> Bool {
+	override func handleNewFlow(_ flow: (NEAppProxyFlow?)) -> Bool {
 		var newConnection: ClientAppProxyConnection?
 
 		guard let clientTunnel = tunnel else { return false }
@@ -73,9 +73,9 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	// MARK: TunnelDelegate
 
 	/// Handle the event of the tunnel being fully established.
-	func tunnelDidOpen(targetTunnel: Tunnel) {
+	func tunnelDidOpen(_ targetTunnel: Tunnel) {
 		guard let clientTunnel = targetTunnel as? ClientTunnel else {
-			pendingStartCompletion?(SimpleTunnelError.InternalError as NSError)
+			pendingStartCompletion?(SimpleTunnelError.internalError as NSError)
 			pendingStartCompletion = nil
 			return
 		}
@@ -84,7 +84,7 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	}
 
 	/// Handle the event of the tunnel being fully disconnected.
-	func tunnelDidClose(targetTunnel: Tunnel) {
+	func tunnelDidClose(_ targetTunnel: Tunnel) {
 
 		// Call the appropriate completion handler depending on the current pending tunnel operation.
 		if pendingStartCompletion != nil {
@@ -103,34 +103,34 @@ class AppProxyProvider: NEAppProxyProvider, TunnelDelegate {
 	}
 
 	/// Handle the server sending a configuration.
-	func tunnelDidSendConfiguration(targetTunnel: Tunnel, configuration: [String : AnyObject]) {
+	func tunnelDidSendConfiguration(_ targetTunnel: Tunnel, configuration: [String : AnyObject]) {
 		simpleTunnelLog("Server sent configuration: \(configuration)")
 
 		guard let tunnelAddress = tunnel?.remoteHost else {
-			let error = SimpleTunnelError.BadConnection
+			let error = SimpleTunnelError.badConnection
 			pendingStartCompletion?(error as NSError)
 			pendingStartCompletion = nil
 			return
 		}
 
-		guard let DNSDictionary = configuration[SettingsKey.DNS.rawValue] as? [String: AnyObject], DNSServers = DNSDictionary[SettingsKey.Servers.rawValue] as? [String] else {
+		guard let DNSDictionary = configuration[SettingsKey.DNS.rawValue] as? [String: AnyObject], let DNSServers = DNSDictionary[SettingsKey.Servers.rawValue] as? [String] else {
 			self.pendingStartCompletion?(nil)
 			self.pendingStartCompletion = nil
 			return
 		}
 
 		let newSettings = NETunnelNetworkSettings(tunnelRemoteAddress: tunnelAddress)
 
-		newSettings.DNSSettings = NEDNSSettings(servers: DNSServers)
+		newSettings.dnsSettings = NEDNSSettings(servers: DNSServers)
 		if let DNSSearchDomains = DNSDictionary[SettingsKey.SearchDomains.rawValue] as? [String] {
-			newSettings.DNSSettings?.searchDomains = DNSSearchDomains
+			newSettings.dnsSettings?.searchDomains = DNSSearchDomains
 		}
 
 		simpleTunnelLog("Calling setTunnelNetworkSettings")
 
 		self.setTunnelNetworkSettings(newSettings) { error in
 			if error != nil {
-				let startError = SimpleTunnelError.BadConfiguration
+				let startError = SimpleTunnelError.badConfiguration
 				self.pendingStartCompletion?(startError as NSError)
 				self.pendingStartCompletion = nil
 			}

SimpleTunnel/AppProxy/AppProxyProvider.swift

@@ -19,7 +19,7 @@ class ClientAppProxyConnection : Connection {
 	let appProxyFlow: NEAppProxyFlow
 
 	/// A dispatch queue used to regulate the sending of the connection's data through the tunnel connection.
-	lazy var queue: dispatch_queue_t = dispatch_queue_create("ClientConnection Handle Data queue", nil)
+	lazy var queue: DispatchQueue = DispatchQueue(label: "ClientConnection Handle Data queue", attributes: [])
 
 	// MARK: Initializers
 
@@ -36,16 +36,16 @@ class ClientAppProxyConnection : Connection {
 	}
 
 	/// Send an "Open" message to the SimpleTunnel server, to begin the process of establishing a flow of data in the SimpleTunnel protocol.
-	func open(extraProperties: [String: AnyObject]) {
+	func open(_ extraProperties: [String: AnyObject]) {
 		guard let clientTunnel = tunnel as? ClientTunnel else {
 			// Close the NEAppProxyFlow.
-			let error: SimpleTunnelError = .BadConnection
+			let error: SimpleTunnelError = .badConnection
 			appProxyFlow.closeReadWithError(error as NSError)
 			appProxyFlow.closeWriteWithError(error as NSError)
 			return
 		}
 
-		let properties = createMessagePropertiesForConnection(identifier, commandType:.Open, extraProperties:extraProperties)
+		let properties = createMessagePropertiesForConnection(identifier, commandType:.open, extraProperties:extraProperties)
 
 		clientTunnel.sendMessage(properties) { error in
 			if let error = error {
@@ -57,37 +57,37 @@ class ClientAppProxyConnection : Connection {
 	}
 
 	/// Handle the result of sending a data message to the SimpleTunnel server.
-	func handleSendResult(error: NSError?) {
+	func handleSendResult(_ error: NSError?) {
 	}
 
 	/// Handle errors that occur on the connection.
-	func handleErrorCondition(flowError: NEAppProxyFlowError? = nil, notifyServer: Bool = true) {
+	func handleErrorCondition(_ flowError: NEAppProxyErrorDomain? = nil, notifyServer: Bool = true) {
 
 		guard !isClosedCompletely else { return }
 
-		tunnel?.sendCloseType(.All, forConnection: identifier)
+		tunnel?.sendCloseType(.all, forConnection: identifier)
 
-		closeConnection(.All)
+		closeConnection(.all)
 	}
 
 	/// Send a "Data" message to the SimpleTunnel server.
-	func sendDataMessage(data: NSData, extraProperties: [String: AnyObject] = [:]) {
-		dispatch_async(queue) {
+	func sendDataMessage(_ data: Data, extraProperties: [String: AnyObject] = [:]) {
+		queue.async {
 
 			guard let clientTunnel = self.tunnel as? ClientTunnel else { return }
 
 			// Suspend further writes to the tunnel until this write operation is completed.
-			dispatch_suspend(self.queue)
+			self.queue.suspend()
 
 			var dataProperties = extraProperties
-			dataProperties[TunnelMessageKey.Data.rawValue] = data
+			dataProperties[TunnelMessageKey.Data.rawValue] = data as AnyObject?
 
-			let properties = createMessagePropertiesForConnection(self.identifier, commandType: .Data, extraProperties:dataProperties)
+			let properties = createMessagePropertiesForConnection(self.identifier, commandType: .data, extraProperties:dataProperties)
 
 			clientTunnel.sendMessage(properties) { error in
 
 				// Resume the queue to allow subsequent writes.
-				dispatch_resume(self.queue)
+				self.queue.resume()
 
 				// This will schedule another read operation on the NEAppProxyFlow.
 				self.handleSendResult(error)
@@ -98,30 +98,30 @@ class ClientAppProxyConnection : Connection {
 	// MARK: Connection
 
 	/// Handle the "Open Completed" message received from the SimpleTunnel server for this connection.
-	override func handleOpenCompleted(resultCode: TunnelConnectionOpenResult, properties: [NSObject: AnyObject]) {
-		guard resultCode == .Success else {
+	override func handleOpenCompleted(_ resultCode: TunnelConnectionOpenResult, properties: [NSObject: AnyObject]) {
+		guard resultCode == .success else {
 			simpleTunnelLog("Failed to open \(identifier), result = \(resultCode)")
-			handleErrorCondition(.PeerReset, notifyServer: false)
+			handleErrorCondition(.peerReset, notifyServer: false)
 			return
 		}
 
 		guard let localAddress = (tunnel as? ClientTunnel)?.connection!.localAddress as? NWHostEndpoint else {
 			simpleTunnelLog("Failed to get localAddress.")
-			handleErrorCondition(.Internal)
+			handleErrorCondition(.internal)
 			return
 		}
 
 		// Now that the SimpleTunnel connection is open, indicate that we are ready to handle data on the NEAppProxyFlow.
-		appProxyFlow.openWithLocalEndpoint(localAddress) { error in
-			self.handleSendResult(error)
+		appProxyFlow.open(withLocalEndpoint: localAddress) { error in
+			self.handleSendResult(error as NSError?)
 		}
 	}
 
-	override func closeConnection(direction: TunnelConnectionCloseDirection) {
+	override func closeConnection(_ direction: TunnelConnectionCloseDirection) {
 		self.closeConnection(direction, flowError: nil)
 	}
 
-	func closeConnection(direction: TunnelConnectionCloseDirection, flowError: NEAppProxyFlowError?) {
+	func closeConnection(_ direction: TunnelConnectionCloseDirection, flowError: NEAppProxyErrorDomain?) {
 		super.closeConnection(direction)
 
 		var error: NSError?
@@ -159,32 +159,32 @@ class ClientAppProxyTCPConnection : ClientAppProxyConnection {
 	/// Send an "Open" message to the SimpleTunnel server, to begin the process of establishing a flow of data in the SimpleTunnel protocol.
 	override func open() {
 		open([
-				TunnelMessageKey.TunnelType.rawValue: TunnelLayer.App.rawValue,
-				TunnelMessageKey.Host.rawValue: (TCPFlow.remoteEndpoint as! NWHostEndpoint).hostname,
-				TunnelMessageKey.Port.rawValue: Int((TCPFlow.remoteEndpoint as! NWHostEndpoint).port)!,
-				TunnelMessageKey.AppProxyFlowType.rawValue: AppProxyFlowKind.TCP.rawValue
+				TunnelMessageKey.TunnelType.rawValue: TunnelLayer.app.rawValue as AnyObject,
+				TunnelMessageKey.Host.rawValue: (TCPFlow.remoteEndpoint as! NWHostEndpoint).hostname as AnyObject,
+				TunnelMessageKey.Port.rawValue: Int((TCPFlow.remoteEndpoint as! NWHostEndpoint).port)! as AnyObject,
+				TunnelMessageKey.AppProxyFlowType.rawValue: AppProxyFlowKind.tcp.rawValue as AnyObject
 			])
 	}
 
 	/// Handle the result of sending a "Data" message to the SimpleTunnel server.
-	override func handleSendResult(error: NSError?) {
+	override func handleSendResult(_ error: NSError?) {
 		if let sendError = error {
 			simpleTunnelLog("Failed to send Data Message to the Tunnel Server. error = \(sendError)")
-			handleErrorCondition(.HostUnreachable)
+			handleErrorCondition(.hostUnreachable)
 			return
 		}
 
 		// Read another chunk of data from the source application.
-		TCPFlow.readDataWithCompletionHandler { data, readError in
-			guard let readData = data where readError == nil else {
+		TCPFlow.readData { data, readError in
+			guard let readData = data , readError == nil else {
 				simpleTunnelLog("Failed to read data from the TCP flow. error = \(readError)")
-				self.handleErrorCondition(.PeerReset)
+				self.handleErrorCondition(.peerReset)
 				return
 			}
 
-			guard readData.length > 0 else {
+			guard readData.count > 0 else {
 				simpleTunnelLog("\(self.identifier): received EOF on the TCP flow. Closing the flow...")
-				self.tunnel?.sendCloseType(.Write, forConnection: self.identifier)
+				self.tunnel?.sendCloseType(.write, forConnection: self.identifier)
 				self.TCPFlow.closeReadWithError(nil)
 				return
 			}
@@ -194,11 +194,11 @@ class ClientAppProxyTCPConnection : ClientAppProxyConnection {
 	}
 
 	/// Send data received from the SimpleTunnel server to the destination application, using the NEAppProxyTCPFlow object.
-	override func sendData(data: NSData) {
-		TCPFlow.writeData(data) { error in
+	override func sendData(_ data: Data) {
+		TCPFlow.write(data) { error in
 			if let writeError = error {
 				simpleTunnelLog("Failed to write data to the TCP flow. error = \(writeError)")
-				self.tunnel?.sendCloseType(.Read, forConnection: self.identifier)
+				self.tunnel?.sendCloseType(.read, forConnection: self.identifier)
 				self.TCPFlow.closeWriteWithError(nil)
 			}
 		}
@@ -229,17 +229,17 @@ class ClientAppProxyUDPConnection : ClientAppProxyConnection {
 	/// Send an "Open" message to the SimpleTunnel server, to begin the process of establishing a flow of data in the SimpleTunnel protocol.
 	override func open() {
 		open([
-				TunnelMessageKey.TunnelType.rawValue: TunnelLayer.App.rawValue,
-				TunnelMessageKey.AppProxyFlowType.rawValue: AppProxyFlowKind.UDP.rawValue
+				TunnelMessageKey.TunnelType.rawValue: TunnelLayer.app.rawValue as AnyObject,
+				TunnelMessageKey.AppProxyFlowType.rawValue: AppProxyFlowKind.udp.rawValue as AnyObject
 			])
 	}
 
 	/// Handle the result of sending a "Data" message to the SimpleTunnel server.
-	override func handleSendResult(error: NSError?) {
+	override func handleSendResult(_ error: NSError?) {
 
 		if let sendError = error {
 			simpleTunnelLog("Failed to send message to Tunnel Server. error = \(sendError)")
-			handleErrorCondition(.HostUnreachable)
+			handleErrorCondition(.hostUnreachable)
 			return
 		}
 
@@ -251,50 +251,50 @@ class ClientAppProxyUDPConnection : ClientAppProxyConnection {
 		guard datagramsOutstanding == 0 else { return }
 
 		// Read a new set of datagrams from the source application.
-		UDPFlow.readDatagramsWithCompletionHandler { datagrams, remoteEndPoints, readError in
+		UDPFlow.readDatagrams { datagrams, remoteEndPoints, readError in
 
 			guard let readDatagrams = datagrams,
-				readEndpoints = remoteEndPoints
-				where readError == nil else
+				let readEndpoints = remoteEndPoints
+				, readError == nil else
 			{
 				simpleTunnelLog("Failed to read data from the UDP flow. error = \(readError)")
-				self.handleErrorCondition(.PeerReset)
+				self.handleErrorCondition(.peerReset)
 				return
 			}
 
 			guard !readDatagrams.isEmpty && readEndpoints.count == readDatagrams.count else {
 				simpleTunnelLog("\(self.identifier): Received EOF on the UDP flow. Closing the flow...")
-				self.tunnel?.sendCloseType(.Write, forConnection: self.identifier)
+				self.tunnel?.sendCloseType(.write, forConnection: self.identifier)
 				self.UDPFlow.closeReadWithError(nil)
 				return
 			}
 
 			self.datagramsOutstanding = readDatagrams.count
 
-			for (index, datagram) in readDatagrams.enumerate() {
+			for (index, datagram) in readDatagrams.enumerated() {
 				guard let endpoint = readEndpoints[index] as? NWHostEndpoint else { continue }
 
-				simpleTunnelLog("(\(self.identifier)): Sending a \(datagram.length)-byte datagram to \(endpoint.hostname):\(endpoint.port)")
+				simpleTunnelLog("(\(self.identifier)): Sending a \(datagram.count)-byte datagram to \(endpoint.hostname):\(endpoint.port)")
 
 				// Send a data message to the SimpleTunnel server.
 				self.sendDataMessage(datagram, extraProperties:[
-						TunnelMessageKey.Host.rawValue: endpoint.hostname,
-						TunnelMessageKey.Port.rawValue: Int(endpoint.port)!
+						TunnelMessageKey.Host.rawValue: endpoint.hostname as AnyObject,
+						TunnelMessageKey.Port.rawValue: Int(endpoint.port)! as AnyObject
 					])
 			}
 		}
 	}
 
 	/// Send a datagram received from the SimpleTunnel server to the destination application.
-	override func sendDataWithEndPoint(data: NSData, host: String, port: Int) {
+	override func sendDataWithEndPoint(_ data: Data, host: String, port: Int) {
 		let datagrams = [ data ]
 		let endpoints = [ NWHostEndpoint(hostname: host, port: String(port)) ]
 
 		// Send the datagram to the destination application.
-		UDPFlow.writeDatagrams(datagrams, sentByEndpoints: endpoints) { error in
+		UDPFlow.writeDatagrams(datagrams, sentBy: endpoints) { error in
 			if let error = error {
 				simpleTunnelLog("Failed to write datagrams to the UDP Flow: \(error)")
-				self.tunnel?.sendCloseType(.Read, forConnection: self.identifier)
+				self.tunnel?.sendCloseType(.read, forConnection: self.identifier)
 				self.UDPFlow.closeWriteWithError(nil)
 			}
 		}