It is clear that Packets that are read from NEPacketTunnelFlow are meant to be sent over a tunnel connection to a remote server for injection into a remote network. They are not meant to be dropped or re-injected back into the system.
In my usecase:
-
NEPacketTunnelProvider is separate process. which reads the packet using packetFlow.readPacketObjects
-
Send it over to other process i.e privileged helper(Non-bundle/command line tool/non sandboxed) via UDS IPC.
-
Helpers send to to remote tunnel and return back the packet to NEPacketTunnelFlow via same IPC.
-
NEPacketTunnelProvider uses packetFlow.writePacketObjects to inject packets.
Things works fine. We don't distribute it via Appstore.
We are now attempting to implement a on device bypass mechanism from helper tool side. Could you please suggest if there is any approach I could try, even if it involves proceeding at my own risk?