I was trying macos 12.5 and was pleasantly surprised to find that tcp/udp originated by apps within the VM also gets captured by the transparent proxy running on the host, which is great! Tried this with Parallels VM and VMware VM, both works fine (guest OS being linux). But for some reason, traffic originated by apps from within a docker VM/container does not get captured by the transparent proxy (regardless of whether docker is using "big sur.framework” or “hypervisor.framework”).
Any idea why that might be the case ? I can post this same question in docker forums too, but is there something that apple advertises as "this is what you should do to get apps from within a VM captured by transparent proxy" - so that I can ask a more informed question in docker forums ?
Rgds,
Gopa.
GopaEG
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
Hi,
I have a simple UDP Transparent proxy test - I open udp socket from a python program and blast datagrams in a tight while loop, and in the proxy system extension code, I just echo the datagram - i.e. I do flow.readDatagram() and then write it back using flow.writeDatagram(). I try the above with datagram sizes upto 9000 bytes, it seems to work allright. I launch two dozen of these python tests parallely and all of them write data and read the data back.
The problem starts when I increase the datagramsize - say I make it 9100 bytes, the writes from the python test script often ends up with a "write(net): No buffer space available" - which is totally fine and understandable if the kernel runs out of buffers to store all these datagrams. But the issue is that if I kill all those python scripts and then try sending data to that destination at a much slower rate (like using a netcat), my transparent proxy code does not get the handleNewUDPFlow() callback. For every new flow/endpoint I usually see a bunch of logs which says handleNewUDPFlow with filter so and so etc.. - after ENOBUFS its radio silence, no callbacks, none of those logs.
It looks like some bug in the transparent proxy library, is this a test case anyone else has tried/faced similar issues ?
Rgds,
Gopa.