Hello, My app captures network events such as TCP/UDP/ICMP/HTTP/DNS. As kext is being deprecated, I am looking for ways to implement the same functionality via system extensions. Should I write a NEFilterDataProvider and inspect each flow to determine its nature? What is the recommended approach?

Hello, I have a scenario where I am writing a NEFilterDataProvider with NEFilterRules to monitor each network flow. My filter rule is to allow only network connections originating from a particular process and block the rest. Is there a way to specify such exclusions via NENetworkRule?

Hello, I need to do filtering at the flow level as well as the packet level. I saw in a previous thread https://developer.apple.com/forums/thread/128228 that there was an issue starting both kinds of filters in a single network extension. How can I achieve filtering at both these layers?