thank you a lot!

I am looking for audit_token_to_auid() description. What is the audit user ID? Is this value which is assigned to a user upon login and is inherited by every process he starts in the session? Thank you for your time and help!

Thank you for replay! I am afraid PID is not what I need. I need to find logged user which associated with process. I found the following description of audit user (non-official docs): Audit User ID is assigned to a user upon login and is inherited by every process even when the user's identity changes (for example, by switching user accounts with su - john). Is it true for macOS? Thank you for your help!

Thank you for support!

look like this issue has been fixed in 14.6.1

The application is using KEXT (Socket Filters) to intercept the traffic. I am looking for the way to implement new solution which is based on Network Extension. However, I have not found any obviously way how to intercept the outgoing traffic and have a possibility to modify it. Is it possible? If yes, what is the best practices? What is the simplest way to implement it? Thank you in advance.

thank you for the help!

Thank you for the help! If I want to start NETransparentProxyProvider, I have to set VPN configurations which is described by NEVPNProtocol. [NETransparentProxyManager sharedManager].protocolConfiguration So, looks like, I have to have running VPN server locally if I want to intercept desired outgoing network traffic. Can it be done by Network Extension Framework? Or I miss something.

Anyone ?