Hi, my target is mac and I am using network extension autogenerated by xcode ( selected "network extension " project)Content filter capability of extension is using.

System Extension.

Hello, Matt Thank you for response. I did some experimentations, but didn't reach success. just to clarity, my goal looks like(as I can imagine): any_app <----> network extension(based on NEAppProxyProvider) aka transparent proxy < --- > my_smart_proxy < --- > internet i.e. ne sext catches traffic any application, forward it to mysmartproxy, the last one determines if there is sensitive data and blocks the connection if true or allows otherwise - just pass all in- and out-data from any app to internet and vice versa. So, my steps: in - (void)startProxyWithOptions: completionHandler: I've opened connection to my mysmartproxy in that way: conn = [ self createTCPConnectionToEndpoint:[ NWHostEndpoint endpointWithHostname:@"127.0.0.1" port:@"11234"]                             enableTLS:NO                           TLSParameters:nil                             delegate:nil]; in handleNewFlow: I did [ flow openWithLocalEndpoint:nil completionHandler: ], after that in completionHandler perform [tcpFlow readDataWithCompletionHandler:], in appropriate handler I tried to write recieved data to my mysmartproxy via [ self->conn write:data completionHandler:]. Every time error is occurs: 2020-06-25 14:31:13.281 com.gtb.my_ext[52343:1028084] NWTCPConnection:write error: 'The operation couldn’t be completed. (kNWErrorDomainPOSIX error 57 - Socket is not connected)' and indeed - there is no any connection to my proxy, I can confirm it looking in mysmartproxy's logs. So, what is wrong? just in case: I've configured sext with disabled sandbox.

And one more: even if connection to proxy was successful and [ self->conn write:data completionHandler:] performs without error how can I receive response from proxy and put it back to the flow(via -[NEAppProxyTCPFlow writeData:withCompletionHandler:])? I saw (void)readLength:completionHandler: and (void)readMinimumLength:maximumLength:completionHandler: methods in NWTCPConnection class, but I don't understand how can specify required length? 'cause in general I don't know size of response from any site/service in internet.

I would recommend setting up an observer to monitor the connection status using NWTCPConnectionState. Make sure the connection goes into NWTCPConnectionStateConnected before write data to the connection I did it, connection hangs in NWTCPConnectionStateConnecting status forever. Is any way how to understand reason of such behaviour?