How to add URL instead of ip address in excludedRoutes in NEIPv4Settings?

Question

Created Mar ’23

Replies 2

Boosts 0

Participants 3

We have implemented System Extension with the capability of Packet Tunnel Provider. Our Tunnel is full tunnel, so we are getting all packets for all traffic. We want to exclude some traffic from your tunnel based on URL.

NEIPv4Settings provides traffic exclusion based on ip addresses.
ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "x.x.x.x", subnetMask: x.x.x.x")

is any way that we can do this exclusion based on URL?

Like:- ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationURL: URL(String: "example.com"))

Boost

Answer 1

MobileTen OP

Mar ’23

If it is not documented, then you cannot do it. You must resolve the DNS name to an IP address per the API requirement.

0

Answer 2

DTS Engineer OP

Apple

Mar ’23

Expanding on MobileTen’s comment…

IMPORTANT You use the term URL when I think you mean domain name. Routing based on the URL — for example, where you see https://example.com/ but don’t see https://example.com/foo — is impossible at this level of the networking stack, so I’m going to assume you meant domain name.

Packet tunnels operate in either destination IP or source app (per-app VPN) mode. In destination IP mode routing is done based on… the destination IP. There is no strict correlation between a domain name and an IP address:

A single IP address can have multiple domain names
A single domain name can have multiple IP addresses

Given this background, what you’re asking for isn’t feasible. You can try to implement this yourself — by resolving the domain name and applying the resulting IP addresses to excludedRoutes — but you’re likely to run into the same fundamental limitations.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0