Post not yet marked as solved
macOS 11.1 fixed RAW socket locking in Network Extension.
However one user reports another kernel deadlock with Network Extension, on macOS 11.1 20C69.
The deadlock seems to be caused by three processes:
Logs - https://developer.apple.com/forums/content/attachment/76470732-057b-4a5a-8898-f9c8a37c52d2
I failed to reproduce this issue, while the user can reproduce it consistently.
I wonder if anyone has also encountered this panic.
FB8968013 for full kernel panics.
Post not yet marked as solved
Hi all,
I run into a memory issue in NetworkExtension. I hope my NetworkExtension will filter all traffics (any hosts/ports, any protocol, any direction).
After running for 5 days, the NetworkExtension.framework keeps 20,000+ instances of NEFilterSocketFlow.
I don't believe a laptop will run 20,000 network connections at the same time, it seems like an issue from system frameworks.
I run the test on macOS 11.0.1 (20B29), it can also reproduced on macOS 11.1 (20C5048k).
I use the following snippet to reproduce the issue. To use this code, get a copy of "Filtering Network Traffic" sample code and replace the file.
FilterDataProvider.swift - https://developer.apple.com/forums/content/attachment/cee644fc-799f-4b76-8f2c-c8e792152e0e
FB8924681
Shay
Post not yet marked as solved
Hi,
I wonder if it is possible to show system extension's BundleDisplayName in Finder (like an application bundle)?
For example, I wish the Finder could show the CFBundleDisplayName "SymantecEndpointSecurity" (value from Info.plist or localized resources) instead of "com.symantec.mes.systemextension.systemextension".
Because the endpoint security client requires "Full Disk Access" (FDA), if user accidentally removes it, the system extension cannot work until user add it back to the list.
While it is possible to open the Finder window for user to drag system extension back to the FDA list, it would be much better if the user can see the system extension's localized BundleDisplayName instead of BundleIdentifier.
Is it possible with the current macOS?
Thanks in advance.
Shay
Post not yet marked as solved
Hi guys,
When playing with the Network Extension sample code, I find that, if the data-filter requests to filter TCP outbound traffic on port 443, apps using StoreKit for in-app purchase cannot get items for purchase.
A process named "appstoreagent" reports "failed to retrieve client crypto key" and then NSURLErrorDomain Code=-1005 "The network connection was lost."
If the network extension is disabled or explicitly allows https traffic in NEFilterSettings, this issue won't appear.
I have tested from macOS 10.15.0 to 10.15.6 along with 11.0 beta 3, the issue can be reproduced on all the macs that I have tested.
Ref FB7740498
Best regards,
Shay
Post not yet marked as solved
Hi guys,
Does anyone fail to connect IKEv1 (Cisco IPSec) VPN when using the "filtering network traffic" sample code?
I find that, if the SimpleFirewall is enabled, IKEv1 VPN will fail to connect. If SimpleFirewall is enabled after connecting VPN, no application will establish network connection (all TCP/UDP/ICMP will be dropped).
Is this expected behavior (that IKEv1 VPN is not compatible with data-filter)?
ref FB7742493
Best regards,
Shay
Shay39.