while activating Network Extension with OSSystemExtensionRequest getting into didFailWithError with error code 8 .hitting the same error with even SIP disabled. anyone knows what this error code is and how to correct?

WWDC 2019 video shows that there is template for System Extesnion (Network Extension) in Xcode. i don't see any such template.my xcode version is 11.3.1.am i missing something here

it is clear that network extension can intercept the traffic from safari .;does it also intercept the traffic from chrome, edge, firefox and opera ?

when i activate network extension it is seen as activated enabled ; but when i deactivate it shows that it is terminated but waiting for reboot.i always thought the activation-deactivation thingy doesn't require any reboot . can you please guide ?

is it necessary to remove "App Sandbox entitlement" capability for Network extension ?is the above requirement also hold for all system extension ?

is "App Sandbox entitlement" required for Driverkit ?

can system extension be hosted in a dylib instead of an app ? I can load the dylib from an app . Is it possible to do so or an app is mandatory to host system extension ?

i have basic question . I need to comunicate data / message between a System Extension and application (this is not the container app for System Extension ). which IPC mechanism is recommended ? is socket communication good for the same ?

struggling to set NEFilterRule for NEFilterDataProvider in order to filter (or for that matter allow) all the traffic. have tried following : [NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"0"] [NWHostEndpoint endpointWithHostname:@"" port:@"0"] [NWHostEndpoint endpointWithHostname:@"0.0.0.0/0, " port:@"0"] [NWHostEndpoint endpointWithHostname:@"0.0.0.0/0, ::/0" port:@"0"] nothing of the above works . how to construct the NWHostEndpoint in order to handle all the traffic . thank you .

are handleNewFlow for NEFilterDataProvider Network Extension serialised ? can we assume that the flows would never come in parallel ? thank you .

seeing this error when I am trying to install my network extension: _macvnodechecksignature: /Applications/abc.app/Contents/MacOS/abc: code signature validation failed fatally: When validating /Applications/abc.app/Contents/MacOS/abc:   Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements:__ I have set the right entitlements as far as I know . is this error about entitlements or signature that is not obvious from the message . this is sseen on Catalina 10.15.6 the macOS Network extension is Developer ID signed . still facing this error . any idea what will fix this error ??

I am implementing Network Extension - NEFilterDataProvider. checking whether we get IP address and port for the flow in handleNewFlow ? how do we fetch the IP address & Port in this type of Network Extension (socket level ) ?? any pointer would help

I have to capture all traffic for only a particualar remote IP (e.g. 30.40.50.60) . i have tried to set NEFilterRule for NEFilterDataProvider as follow : host= [NWHostEndpoint endpointWithHostname:@"30.40.50.60" port:@"0"] Rule= [[NENetworkRule alloc] initWithDestinationNetwork:host prefix:0 protocol:NENetworkRuleProtocolAny]; FilterRule = [[NEFilterRule alloc] initWithNetworkRule:Rule action:NEFilterActionFilterData]; FilterRuleArray = [NSArray arrayWithObjects:FilterRule, nil]; FilterSettings = [[NEFilterSettings alloc] initWithRules:FilterRuleArray defaultAction:NEFilterActionAllow]; [self applySettings:FilterSettings completionHandler:^(NSError *error){}]; somehow I am still getting all the traffic in handleNewFlow . i wan it only for the particular IP address . not sure what is wrong here . any pointer on this will help .

After using OSSystemExtensionRequest deactivationRequestForExtension for Network Extension and after a reboot the extension is still seen with the status "uninstalling" so it looks like we require 2 reboots for deactivating the Extension. is it a known behaviour for system extension? how to achieve this with only 1 reboot programatically (not via systemextensionsctl reset) ?

when I install the Network extension I see 2 prompts : 1 is the prompt in Security And Privacy where the system ext is blocked and have to allow it after giving password 2nd is when I save the preferences (network ext) I see the Allow/Deny prompt . for 1st prompt it seems it displays the name of the product name of the container app . where is the name & icon taken for the 2nd allow / deny prompt ? how to modify it ?