Im developing a VPN app, i was looking for to route App specific packets from the default en0
interface. I was wondering can I achieve this by using NKE?
Let say all data from Safari goes through ppp0 interface and all data from Chrome goes through en0.
I can't give you a 100% definite answer as I've never had to solve that specific problem before, and it doesn't seem to be documented anywhere. I can point you at a few things, which are where I would be focusing my research if I was being tasked with implementing such functionality.
- As of WWDC 2017, Network Kernel Extensions are deprecated. Apple wants you to create user-space "Network Extensions" instead. There are special VPN classes you can implement. In theory, these allow per-app rules (see "Per-App VPN"), but in practice they seem to be tied to MDM, which seems like an odd decision. You may want to get in touch with Apple about getting that changed if that conflicts with what you're trying to do. They're actively soliciting input on the Network Extension API.
- Network Kernel Extensions (NKE) are the more mature API. Routing happens between the "IP Filter" and "Interface Filter" stages. I'm not sure you can directly affect them through either of those filtering stages. Perhaps by removing packets using an interface filter on the default interface, and injecting them into your VPN interface's? I'm not sure that's wise though, and you may have trouble matching packets to the process that sent them at that stage of the network stack.
- You could try binding a socket to a specific interface device (using IP_BOUND_IF) from a socket filter NKE.
- The Berkeley Packet Filter (BPF) is also a possible solution.