Is there a way to get the socket descriptor of the started VPN Tunnel on iPhone so that I could use it in a C++ library

Question

In the simpleTunnel sample app provided by apple, the container app and the packet tunnel provider use IPC for communication.

Whenever connect toggle button is enabled startVPNTunnel() API will be called and the OS starts the packet tunnel provider which in turn calls the overrided method startTunnelWithOptions(). This is where we start our connection to the VPN server. startTunnelWithOptions in turn calls startTunnel which calls createTCPConnectionToEndpoint (connection = provider.createTCPConnectionToEndpoint(endpoint, enableTLS:false, TLSParameters:nil, delegate:nil))

How do we get the socket descriptor from this connection (so that I could use it in another C++ library that sends SSL and other custom messages) ? (connnection is an instance of the class NWTCPConnection, but NWTCPConnection doesn't seem to contain the socket descriptor)

Answer 1

Try something like:

let tunFd = self.packetFlow.value(forKeyPath: "socket.fileDescriptor") as! Int32;

And send tunFd to your C/C++ side to use as file-descriptor and/or socket.

See also How to parse network-extension packets?

Note that although Apple recommends against using this method in production, it's end-year 2021, and works just fine yet.

Apple claims that "iOS is in the process of moving to a user space networking stack."
(but they did not change anything yet)