Hi,Is anybody know that whether I can send http request from network extension or not?the idea is that I want to check the inbound/outbound data before deciding allow or drop them, so I have 2 questions here:1. In the NEFilterDataProvider class description, it says "The sandbox prevents the Filter Data Provider extension from moving network content outside of its address space by blocking all network access, IPC, and disk write operations." that means I cannot send the network content to the server or other process for checking?2. if I just want to send http request from network extension, is it possible?thanks in advance.

Hi,I downloaded FilteringNetworkTraffic and added a FilterPacketProvider to intercept network packet with following info.plist:<key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.filter-packet</key> <string>$(PRODUCT_MODULE_NAME).FilterPacketProvider</string> </dict>but the callback function and packetHandler closure do not work at all? thanks!

Hi Experts,I know there are replacements for KAUTH, socket and IP filters in system extension according to https://developer.apple.com/support/kernel-extensions/.Could you please share with me the replacement for interface filters in the network extension? thanks.https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/NKEConceptual/interface_filter_nke/interface_filter_nke.html#//apple_ref/doc/uid/TP40001858-CH230-SW1

Hi Experts,Instruments 11.1 has the option to choose to profile a LunachDaemon by selecting the relevant launchd plist file. Then when you start to record it shows an alert with:Waiting for /Library/LaunchDaemons/com.mydaemon.plistPlease take appropriate action to initiate the launch of '/Library/LaunchDaemons/com.mydaemon.plist.'With a Cancel button.I noticed the daemon has been restarted but Instruments does nothing, it's still waiting...Any ideas? Thanks for your help!

Hi Experts,I created a simple deadlock program with dispatch concurrent queue but no label:dispatch_queue_t queueA = dispatch_queue_create(NULL, DISPATCH_QUEUE_CONCURRENT);dispatch_async(queueA, ^(){ NSLog(@"3:%@", [NSThread currentThread]); dispatch_barrier_sync(queueA, ^(){ NSLog(@"4:%@", [NSThread currentThread]); }); });the output of sample shows the dispatch queue is serial, not concurrent.2733 Thread_<multiple> DispatchQueue_25: (null) (serial) 2733 start_wqthread (in libsystem_pthread.dylib) + 13 [0x1003bce01] 2733 _pthread_wqthread (in libsystem_pthread.dylib) + 583 [0x1003bd0b7] 2733 _dispatch_worker_thread2 (in libdispatch.dylib) + 125 [0x1003572da] 2733 _dispatch_root_queue_drain (in libdispatch.dylib) + 334 [0x100356824] 2733 _dispatch_async_redirect_invoke (in libdispatch.dylib) + 769 [0x1003463b4] 2733 _dispatch_continuation_pop (in libdispatch.dylib) + 563 [0x1003472be] 2733 _dispatch_client_callout (in libdispatch.dylib) + 8 [0x100343f1b] 2733 _dispatch_call_block_and_release (in libdispatch.dylib) + 12 [0x100342e7c] 2733 __main_block_invoke_2.14 (in learn_oc) + 125 [0x10000176d] main.mm:249 2733 _dispatch_sync_f_slow (in libdispatch.dylib) + 223 [0x10035346c] 2733 __DISPATCH_WAIT_FOR_QUEUE__ (in libdispatch.dylib) + 301 [0x100353c90] 2733 _dispatch_thread_event_wait_slow (in libdispatch.dylib) + 33 [0x1003448ec] 2733 _dispatch_ulock_wait (in libdispatch.dylib) + 47 [0x10034480d] 2733 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7fff7e3e19de]But if I create the same concurrent queue with the label, the result is correct:dispatch_queue_t queueA = dispatch_queue_create("test", DISPATCH_QUEUE_CONCURRENT);2891 Thread_34199 DispatchQueue_25: test (concurrent) + 2891 start_wqthread (in libsystem_pthread.dylib) + 13 [0x1003bce01] + 2891 _pthread_wqthread (in libsystem_pthread.dylib) + 583 [0x1003bd0b7] + 2891 _dispatch_worker_thread2 (in libdispatch.dylib) + 125 [0x1003572da] + 2891 _dispatch_root_queue_drain (in libdispatch.dylib) + 334 [0x100356824] + 2891 _dispatch_async_redirect_invoke (in libdispatch.dylib) + 769 [0x1003463b4] + 2891 _dispatch_continuation_pop (in libdispatch.dylib) + 563 [0x1003472be] + 2891 _dispatch_client_callout (in libdispatch.dylib) + 8 [0x100343f1b] + 2891 _dispatch_call_block_and_release (in libdispatch.dylib) + 12 [0x100342e7c] + 2891 __main_block_invoke_2.15 (in learn_oc) + 125 [0x10000176d] main.mm:249 + 2891 _dispatch_sync_f_slow (in libdispatch.dylib) + 223 [0x10035346c] + 2891 __DISPATCH_WAIT_FOR_QUEUE__ (in libdispatch.dylib) + 301 [0x100353c90] + 2891 _dispatch_thread_event_wait_slow (in libdispatch.dylib) + 33 [0x1003448ec] + 2891 _dispatch_ulock_wait (in libdispatch.dylib) + 47 [0x10034480d] + 2891 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7fff7e3e19de]It seems like if there is a label in the queue, that means you want to uniquely identify it in debugging tools such as Instruments, sample, stackshots, and crash reports, or else the system somehow would change the queue?

Hi Experts,I created a simple deadlock program with dispatch concurrent queue but no label:dispatch_queue_t queueA = dispatch_queue_create(NULL, DISPATCH_QUEUE_CONCURRENT);dispatch_async(queueA, ^(){ NSLog(@"3:%@", [NSThread currentThread]); dispatch_barrier_sync(queueA, ^(){ NSLog(@"4:%@", [NSThread currentThread]); }); });the output of sample shows the dispatch queue is serial, not concurrent.2733 Thread_<multiple> DispatchQueue_25: (null) (serial) 2733 start_wqthread (in libsystem_pthread.dylib) + 13 [0x1003bce01] 2733 _pthread_wqthread (in libsystem_pthread.dylib) + 583 [0x1003bd0b7] 2733 _dispatch_worker_thread2 (in libdispatch.dylib) + 125 [0x1003572da] 2733 _dispatch_root_queue_drain (in libdispatch.dylib) + 334 [0x100356824] 2733 _dispatch_async_redirect_invoke (in libdispatch.dylib) + 769 [0x1003463b4] 2733 _dispatch_continuation_pop (in libdispatch.dylib) + 563 [0x1003472be] 2733 _dispatch_client_callout (in libdispatch.dylib) + 8 [0x100343f1b] 2733 _dispatch_call_block_and_release (in libdispatch.dylib) + 12 [0x100342e7c] 2733 __main_block_invoke_2.14 (in learn_oc) + 125 [0x10000176d] main.mm:249 2733 _dispatch_sync_f_slow (in libdispatch.dylib) + 223 [0x10035346c] 2733 __DISPATCH_WAIT_FOR_QUEUE__ (in libdispatch.dylib) + 301 [0x100353c90] 2733 _dispatch_thread_event_wait_slow (in libdispatch.dylib) + 33 [0x1003448ec] 2733 _dispatch_ulock_wait (in libdispatch.dylib) + 47 [0x10034480d] 2733 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7fff7e3e19de]But if I create the same concurrent queue with the label, the result is correct:dispatch_queue_t queueA = dispatch_queue_create("test", DISPATCH_QUEUE_CONCURRENT);2891 Thread_34199 DispatchQueue_25: test (concurrent) + 2891 start_wqthread (in libsystem_pthread.dylib) + 13 [0x1003bce01] + 2891 _pthread_wqthread (in libsystem_pthread.dylib) + 583 [0x1003bd0b7] + 2891 _dispatch_worker_thread2 (in libdispatch.dylib) + 125 [0x1003572da] + 2891 _dispatch_root_queue_drain (in libdispatch.dylib) + 334 [0x100356824] + 2891 _dispatch_async_redirect_invoke (in libdispatch.dylib) + 769 [0x1003463b4] + 2891 _dispatch_continuation_pop (in libdispatch.dylib) + 563 [0x1003472be] + 2891 _dispatch_client_callout (in libdispatch.dylib) + 8 [0x100343f1b] + 2891 _dispatch_call_block_and_release (in libdispatch.dylib) + 12 [0x100342e7c] + 2891 __main_block_invoke_2.15 (in learn_oc) + 125 [0x10000176d] main.mm:249 + 2891 _dispatch_sync_f_slow (in libdispatch.dylib) + 223 [0x10035346c] + 2891 __DISPATCH_WAIT_FOR_QUEUE__ (in libdispatch.dylib) + 301 [0x100353c90] + 2891 _dispatch_thread_event_wait_slow (in libdispatch.dylib) + 33 [0x1003448ec] + 2891 _dispatch_ulock_wait (in libdispatch.dylib) + 47 [0x10034480d] + 2891 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7fff7e3e19de]It seems like if there is a label in the queue, that means you want to uniquely identify it in debugging tools such as Instruments, sample, stackshots, and crash reports, or else the system somehow would change the queue?

Hi Experts,Do you know is there any way to disable and remove a system extension with root(no source code)? I try systemextensionsctl, but it needs to disable SIP.Thanks in advance.

Hi Experts,I can add WaitForDebugger to file in /Library/LaunchDaemon/*.plist to debug launch daemons from scratch with LLDB.Is it possible to debug a system extension from scratch with LLDB? Thanks a lot.

Hi, I have kernel panic and core dump file: Panic Report * panic(cpu 2 caller 0xffffff801265c266): "A kext releasing a(n) IOUSBInterface has corrupted the registry."@/SourceCache/xnu/xnu-6153.121.2/libkern/c++/OSObject.cpp:219 Backtrace (CPU 2), Frame : Return Address 0xffffff811e9a3d30 : 0xffffff801212bda1 0xffffff811e9a3db0 : 0xffffff801265c266 0xffffff811e9a3e00 : 0xffffff7f94857b6f 0xffffff811e9a3e20 : 0xffffff7f948579df 0xffffff811e9a3e40 : 0xffffff7f94857255 0xffffff811e9a3e70 : 0xffffff80126b3cad 0xffffff811e9a3eb0 : 0xffffff80126b379f 0xffffff811e9a3f30 : 0xffffff80126ae553 0xffffff811e9a3f70 : 0xffffff80126b4443 0xffffff811e9a3fb0 : 0xffffff80122125b7 I use "lldb -c [core.dump.file]" and "bt" to show the backtrace, but there is no symbols: thread #1: tid = 0x0000, 0xffffff8009abcecb, stop reason = signal SIGSTOP frame #0: 0xffffff8009abcecb frame #1: 0xffffff8009a1d636 frame #2: 0xffffff8009d4e45f frame #3: 0xffffff8009d4cf7d frame #4: 0xffffff8009d9e585 frame #5: 0xffffff8009d59942 frame #6: 0xffffff8009d58ebd frame #7: 0xffffff7f8b28c299 frame #8: 0xffffff8009d48dc1 frame #9: 0xffffff8009afc6ee frame #10: 0xffffff8009b103ee frame #11: 0xffffff8009b02bc9 frame #12: 0xffffff8009b03394 frame #13: 0xffffff8009de97ba Does anyone know how to symbolize it? I need the corresponding KDKs? Thanks!

///************************** // MyClass.m #import "MyClass.h" static MyClass *myClass = NULL; @implementation MyClass (MyClass *)sharedMyClass { myClass = NULL; myClass = [[MyClass alloc] init]; return myClass; } @end Hi Experts, I just want to know myClass is a static ObjC object, it will be automatically released by ARC when no one is referencing it anymore, so no memory leak? is it correct?

Hi Experts, If multiple NEFilterDataProvider/NEFilterPacketProvider(s) are on the machine and all are active at the same time. which provider will receive the TCP/UDP segment first? If one of network extension drops the flow or packet, then there is no chance for others to parse it? which is instantiated first or instantiated last if no earlyboot? Thanks a lot!

Do I need to release the block which passed to the dispatchbarrierasync when no ARC ? I noticed "The barrier block to submit to the target dispatch queue. This block is copied and retained until it finishes executing, at which point it is released." in dispatchbarrierasync.dispatch_block_t work = dispatch_block_create(0, ^{ //... }); if (work) { dispatchbarrierasync(dispatchQueue, work); auto res = dispatchblockwait(work, timeout); if (res) { // timeout, then cancel, I should release work here? dispatchblockcancel(work); } Blockrelease(work); // do I need to release work when no ARC? the dispatchbarrierasync would release it if it's executed? } } Thanks!

Process: sysextd [633] Path: /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd Identifier: sysextd Version: 79.40.4 Code Type: X86-64 (Native) Parent Process: launchd [1] Responsible: sysextd [633] User ID: 0 Date/Time: 2020-11-21 19:06:59.948 +0800 OS Version: macOS 11.0.1 (20B50) Report Version: 12 Anonymous UUID: E7E0F5B9-898B-B40D-21A3-AF796FC8960A Time Awake Since Boot: 120 seconds System Integrity Protection: disabled Crashed Thread: 1 Dispatch queue: sysextd.extensionmanager Exception Type: EXCBADINSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXCCORPSENOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [633] Application Specific Information: dyld3 mode Fatal error: 'try!' expression unexpectedly raised an error: sysextd.ExtensionFinishUninstallingAction.actionErrors.outstandingreferences: file sysextd/extensionmanager.swift, line 422 Thread 0:: Dispatch queue: com.apple.main-thread 0 libsystemkernel.dylib 0x00007fff203185ce _ulockwait + 10 1 libdispatch.dylib 0x00007fff201a0f98 dlockwait + 44 2 libdispatch.dylib 0x00007fff201a122c dispatchgroupwaitslow + 49 3 libdispatch.dylib 0x00007fff201a3b37 dispatchblockwait + 212 4 sysextd 0x0000000104ff8c3f 0x104ff0000 + 35903 5 sysextd 0x0000000104ffb95f 0x104ff0000 + 47455 6 sysextd 0x0000000104ffb199 0x104ff0000 + 45465 7 libdyld.dylib 0x00007fff20366631 start + 1 Thread 1 Crashed:: Dispatch queue: sysextd.extensionmanager 0 libswiftCore.dylib 0x00007fff2c72f124 assertionFailure(::file:line:flags:) + 532 1 libswiftCore.dylib 0x00007fff2c784629 swiftunexpectedError + 585 2 sysextd 0x0000000105009168 0x104ff0000 + 102760 3 sysextd 0x000000010501047f 0x104ff0000 + 132223 4 sysextd 0x0000000105012018 0x104ff0000 + 139288 5 sysextd 0x0000000104ff8c86 0x104ff0000 + 35974 6 libdispatch.dylib 0x00007fff201ad1d5 dispatchblockasyncinvoke2 + 83 7 libdispatch.dylib 0x00007fff201a07c7 dispatchclientcallout + 8 8 libdispatch.dylib 0x00007fff201a65fe dispatchlaneserialdrain + 606 9 libdispatch.dylib 0x00007fff201a70cb dispatchlaneinvoke + 375 10 libdispatch.dylib 0x00007fff201b0c5d dispatchworkloopworkerthread + 819 11 libsystempthread.dylib 0x00007fff20348499 pthreadwqthread + 314 12 libsystempthread.dylib 0x00007fff20347467 startwqthread + 15 Thread 1 crashed with X86 Thread State (64-bit): rax: 0x0000000200000003 rbx: 0x0000000105066360 rcx: 0xfffffffe00000000 rdx: 0x0000000000000003 rdi: 0x00007fd5ddd06f08 rsi: 0x00000000000bcfa0 rbp: 0x00007000082ed2f0 rsp: 0x00007000082ed2a0 r8: 0x0000000000000110 r9: 0x000000000000001b r10: 0x00007fd5ddc00000 r11: 0x0000000000000000 r12: 0x0000000000000000 r13: 0x000000000000000b r14: 0x0000000000000001 r15: 0x00007fff2cab8944 rip: 0x00007fff2c72f124 rfl: 0x0000000000010246 cr2: 0x00007fff80068470 Logical CPU: 0 Error Code: 0x00000000 Trap Number: 6 Thread 1 instruction stream: 41 0f b6 c7 48 89 03 49-c7 46 10 01 00 00 00 41 A...H..I.F.....A bf 01 00 00 00 48 8b 7d-d0 e9 19 01 00 00 48 89 .....H.}......H. 4d c0 4c 89 65 c8 4c 89-e7 41 89 f4 e8 5b 8a 34 M.L.e.L..A...[.4 00 41 0f b6 cc 48 8d 7d-c0 48 89 de 48 8b 55 10 .A...H.}.H..H.U. 4d 89 f8 4d 89 e9 45 31-e4 41 56 ff 75 20 e8 29 M..M..E1.AV.u .) 18 00 00 48 83 c4 10 48-8b 7d c8 e8 cc 8a 34 00 ...H...H.}....4. [0f]0b 44 89 f9 c1 e9 06-44 89 f8 83 e0 3f c1 e0 ..D.....D....?.. <== 08 41 81 ff 00 08 00 00-73 0d 09 c8 ba c1 81 00 .A......s....... 00 48 8b 7d d0 eb 38 83-e1 3f 09 c8 44 89 f9 c1 .H.}..8..?..D... e9 0c c1 e0 08 41 81 ff-ff ff 00 00 48 8b 7d d0 .....A......H.}. 77 09 09 c8 ba e1 81 81-00 eb 14 83 e1 3f 09 c8 w............?.. 41 c1 ef 12 c1 e0 08 44-09 f8 ba f1 81 81 81 8d A......D........ Thread 1 last branch register state not available. Binary Images: 0x104ff0000 - 0x105073fff sysextd (79.40.4) <4ED43E22-4E63-3CA2-9354-AB354CE49D62> /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd

Hi Experts, How to use a variable in @available(macOS ver, *), I do not want to hard code like this: if (@available(macOS 10.16, *)) { //... } Thanks a lot!

Hi Experts, I knew there is LSEnvironment for defining environment variables to be set before launching. e.g. <key>LSEnvironment</key> <dict> <key>PATH</key> <string>/Users/flori/.rvm/gems/ruby-1.9.3-p362/bin:/Users/flori/.rvm/gems/ruby-1.9.3-p362@global/bin:/Users/flori/.rvm/rubies/ruby-1.9.3-p326/bin:/Users/flori/.rvm/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:</string> </dict> How about system extension? Thanks a lot.