Building a Simple DNS Filter with Packet Tunnel - Need Help with TUN Writeback

Hi everyone,

I’m currently experimenting with building a simple DNS filter using Apple’s Packet Tunnel framework. Here’s the flow I’m trying to implement:

1. Create a TUN interface
2. Set up a UDP socket
3. Read packets via packetFlow.readPackets
4. Parse the raw IP packet
5. Forward the UDP payload through the socket
6. Receive the response from the server
7. Reconstruct the IP packet with the response
8. Write it back to the TUN interface using packetFlow.writePackets

Here’s an example of an intercepted IP packet (DNS request):

45 00 00 3c 15 c4 00 00 40 11 93 d1 c0 a8 00 64 08 08 08 08 ed 6e 00 35 00 28 e5 c9 7f da 01 00 00 01 00 00 00 00 00 00 04 74 69 6d 65 05 61 70 70 6c 65 03 63 6f 6d 00 00 01 00 01

And here’s the IP packet I tried writing back into the TUN interface (DNS response):

45 00 00 89 5e 37 40 00 40 11 0b 11 08 08 08 08 c0 a8 00 64 00 35 ed 6e 00 75 91 e8 7f da 81 80 00 01 00 04 00 00 00 00 04 74 69 6d 65 05 61 70 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0c fb 00 11 04 74 69 6d 65 01 67 07 61 61 70 6c 69 6d 67 c0 17 c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 74 fd c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 74 7d c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 54 fb

Unfortunately, it seems the packet is not being written back correctly to the TUN interface. I’m not seeing any expected DNS response behavior on the device.

Also, I noticed that after creating the TUN, the interface address shows up as 0.0.0.0:0 in Xcode. The system log includes this message when connecting the VPN:

NWPath does not have valid interface: satisfied (Path is satisfied), interface: utun20[endc_sub6], ipv4, dns, expensive, uses cellular

Does anyone know how to properly initialize the TUN so that the system recognizes it with a valid IP configuration? Or why my written-back packet might be getting ignored?

Any help would be appreciated!