Hi1. Network extension documents are either in objective c or swiftDoes Network extension API support C++, if yes, is there any document?2. In the real world, Many Network extensions (e.g. Content filters) will be running developed by different vendors like Antivirus vendors, Firewall vendors, etc.How does Network Extension framework arbitrate/adjudicate among multiple Network Extension running simultaneously on the system?ThanksAnand

.(s)/HiMy query is specific to multiple NEAppProxyProvider and NEDNSProxyProvider providers on the machine.If multiple NEDNSProxyProvider(s) are on the machine and all are active at the same time. Which provider will receive the TCP/UDP segment first? which is instantiated first or instantiated last?My above question is NEAppProxyProvider providers too. Regards,Anand Choubey

HiI know the App Sandboxing must be enabled to distribute Network extension applications from macOS App.And As per the below document, Network Extension apps can also be distributed outside from the Mac App Store using a provisioning profile.https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_networking_networkextension?language=objcCould you please confirm if I disable App Sandbox for my "App Proxy" extension. whether I can distribute my app outside of the Mac App Store?Regards,Anand Choubey

/HiMy query is specific to multiple NEAppProxyProvider and NEDNSProxyProvider providers on macOS platform.If multiple NEAppProxyProvider/NEDNSProxyProvider(s) are on the machine and all are active at the same time. Which provider will receive the TCP/UDP segment first? which is instantiated first or instantiated last?Regards,Anand Choubey

HI,I would like to capture all the DNS requests in my Transparent App Proxy on macOS 10.15.4.First I tried different combinations but no luck:1 NENetworkRule *includeRule3 = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"" port:@"53"] prefix: 0 protocol:NENetworkRuleProtocolAny];It captures all TCP/UDP traffic along with DNS2. NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"53"] prefix: 0 protocol:NENetworkRuleProtocolAny];It does not capture anything.3. NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationHost:[NWHostEndpoint endpointWithHostname:@"" port:@"53"] protocol:NENetworkRuleProtocolAny];It also captures all TCP/UDP traffic along with DNS4. I setup DNS resolver: NSString *dnsServerIP = @"10.0.0.10"; NSArray<NSString *> *dnsServerList = [NSArray arrayWithObjects: dnsServerIP, nil]; NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers: dnsServerList]; NSString* TLD1 = @"com"; NSString* TLD2 = @"in"; NSArray<NSString *> *dnsMatchDomainList = [NSArray arrayWithObjects: TLD1, TLD2, nil]; dnsSettings.matchDomains = dnsMatchDomainList; dnsSettings.domainName = @"gp.com"; settings.DNSSettings = dnsSettings;I also setup Filter rule to capture DNS server IP address "10.0.0.10".NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"10.0.0.10" port:@"53"] prefix: 8 protocol:NENetworkRuleProtocolAny];No DNS request is captured.scutil --dns shows DNS resolver:DNS configuration (for service-specific queries)resolver #1 nameserver[0] : fe80::1 nameserver[1] : 10.0.0.10 service_identifier : 1 flags : Service-specific, Supplemental, Request A records, Request AAAA recordsStill DNS request is not received to Transparent App Proxy.Could you please help to get the right way to receive all the DNS requests to my Transparent App Proxy?Regards,Anand Choubey

Hi,I have NEAppProxyProvider based System Network extension on macOS 10.15.4. It is a transparent proxy. I have two queries:1. How to know Network extension already running i.e. Network preference shows 'connected' on App loading time therefore App will not try to load again?2. If NEAppProxyProvider transparent proxy gets crashed, how to enforce restart it again?Regards,Anand

HiI am facing weird issue, while loading Tranparent App proxy on macOS 10.15.4 (19E287) (Darwin 19.4.0) using OSSystemExtensionRequest, sysextd gets crashed. App receives SystemExtension com.test.client.test-Client.TestMacAppProxy request did fail: Error Domain=OSSystemExtensionErrorDomain Code=1 "(null)" in request: didFailWithError delegate method.Following logs are generated by sysextd before crash:default 17:26:10.287333+0530 sysextd attempting to realize extension with identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:10.298649+0530 sysextd Realizing target path: <private>default 17:26:10.299194+0530 sysextd Bundle class: UncachedBundledefault 17:26:10.322048+0530 sysextd staging extension with identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:10.383045+0530 sysextd Making activation decision for extension with teamID teamID("27W52P9M7Q"), identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:10.383088+0530 sysextd No extension policy -- activation decision is UserOptiondefault 17:26:10.383116+0530 sysextd validating extension with identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:11.093684+0530 sysextd waiting for external validation of extension with identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:11.094281+0530 nesessionmanager Validating system extension com.test.client.test-Client.TestMacAppProxydefault 17:26:11.094002+0530 sysextd attempting to realize extension with identifier com.test.client.test-Client.TestMacAppProxydefault 17:26:11.109415+0530 sysextd Realizing target path: <private>default 17:26:11.109797+0530 sysextd Bundle class: UncachedBundledefault 17:26:11.128982+0530 ReportCrash Parsing corpse data for process sysextd [pid 11854]App Proxy entitlement:<plist version="1.0"><plist version="1.0"><dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>dns-proxy</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>$(TeamIdentifierPrefix)com.example.app-group2</string> </array> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/Library/Logs/TestLogs/</string> </array></dict></plist>App proxy info.plist:<plist version="1.0"><dict> <key>CFBundleDevelopmentRegion</key> <string>$(DEVELOPMENT_LANGUAGE)</string> <key>CFBundleDisplayName</key> <string>TestClientMacAppProxy</string> <key>CFBundleExecutable</key> <string>$(EXECUTABLE_NAME)</string> <key>CFBundleIdentifier</key> <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>$(PRODUCT_NAME)</string> <key>CFBundlePackageType</key> <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string> <key>CFBundleShortVersionString</key> <string>2.0</string> <key>CFBundleVersion</key> <string>2</string> <key>LSMinimumSystemVersion</key> <string>$(MACOSX_DEPLOYMENT_TARGET)</string> <key>NSHumanReadableCopyright</key> <string>Copyright © 2020 Test, Inc. All rights reserved.</string> <key>NSSystemExtensionUsageDescription</key> <string></string> <key>NetworkExtension</key> <dict> <key>NEMachServiceName</key> <string>$(TeamIdentifierPrefix)com.example.app-group2.MySystemExtension</string> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.app-proxy</key> <string>AppProxyProvider</string> </dict> </dict></dict>Crash report:Process: sysextd [11854]Path: /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextdIdentifier: sysextdVersion: 35.100.1Code Type: X86-64 (Native)Parent Process: launchd [1]Responsible: sysextd [11854]User ID: 0Date/Time: 2020-05-27 17:26:11.129 +0530OS Version: Mac OS X 10.15.4 (19E287)Report Version: 12Anonymous UUID: 118067B6-A40A-F8BE-457E-DD9A538CD532Sleep/Wake UUID: 9235D660-727F-41A5-B4EF-D09B3DB093CCTime Awake Since Boot: 38000 secondsTime Since Wake: 8300 secondsSystem Integrity Protection: disabledCrashed Thread: 1 Dispatch queue: sysextd.extension_managerException Type: EXC_BAD_INSTRUCTION (SIGILL)Exception Codes: 0x0000000000000001, 0x0000000000000000Exception Note: EXC_CORPSE_NOTIFYTermination Signal: Illegal instruction: 4Termination Reason: Namespace SIGNAL, Code 0x4Terminating Process: exc handler [11854]Application Specific Information:dyld3 modeThread 0:0 libsystem_kernel.dylib 0x00007fff70c594da __semwait_signal_nocancel + 101 libsystem_c.dylib 0x00007fff70b695e4 nanosleep$NOCANCEL + 1852 libsystem_c.dylib 0x00007fff70b8cf38 sleep$NOCANCEL + 413 libdispatch.dylib 0x00007fff70ac93da _dispatch_queue_cleanup2 + 1564 libsystem_pthread.dylib 0x00007fff70d15054 _pthread_tsd_cleanup + 5515 libsystem_pthread.dylib 0x00007fff70d17512 _pthread_exit + 706 libsystem_pthread.dylib 0x00007fff70d14e08 pthread_exit + 427 libdispatch.dylib 0x00007fff70ac4fce dispatch_main + 998 sysextd 0x0000000102bef860 0x102be7000 + 349129 sysextd 0x0000000102bef099 0x102be7000 + 3292110 libdyld.dylib 0x00007fff70b12cc9 start + 1Thread 1 Crashed:: Dispatch queue: sysextd.extension_manager0 sysextd 0x0000000102c2d29e 0x102be7000 + 2873901 sysextd 0x0000000102c187ab 0x102be7000 + 2026672 sysextd 0x0000000102c10a0a 0x102be7000 + 1705063 sysextd 0x0000000102c1802f 0x102be7000 + 2007514 sysextd 0x0000000102c18098 0x102be7000 + 2008565 com.apple.Foundation 0x00007fff392de4f3 __NSXPCCONNECTION_IS_CALLING_OUT_TO_EXPORTED_OBJECT_S1__ + 106 com.apple.Foundation 0x00007fff392689be -[NSXPCConnection _decodeAndInvokeMessageWithEvent:flags:] + 23637 com.apple.Foundation 0x00007fff3921fb29 message_handler + 2108 libxpc.dylib 0x00007fff70d572bc _xpc_connection_call_event_handler + 569 libxpc.dylib 0x00007fff70d561cb _xpc_connection_mach_event + 93410 libdispatch.dylib 0x00007fff70ab96f8 _dispatch_client_callout4 + 911 libdispatch.dylib 0x00007fff70acebc9 _dispatch_mach_msg_invoke + 43512 libdispatch.dylib 0x00007fff70abeaf6 _dispatch_lane_serial_drain + 26313 libdispatch.dylib 0x00007fff70acf71c _dispatch_mach_invoke + 48114 libdispatch.dylib 0x00007fff70abeaf6 _dispatch_lane_serial_drain + 26315 libdispatch.dylib 0x00007fff70abf5d6 _dispatch_lane_invoke + 36316 libdispatch.dylib 0x00007fff70ac8c09 _dispatch_workloop_worker_thread + 59617 libsystem_pthread.dylib 0x00007fff70d13a3d _pthread_wqthread + 29018 libsystem_pthread.dylib 0x00007fff70d12b77 start_wqthread + 15Thread 2:0 libsystem_kernel.dylib 0x00007fff70c59502 __sigsuspend_nocancel + 101 libdispatch.dylib 0x00007fff70ac949a _dispatch_sigsuspend + 362 libdispatch.dylib 0x00007fff70ac9476 _dispatch_sig_thread + 53Thread 3:0 libsystem_pthread.dylib 0x00007fff70d12b68 start_wqthread + 0Thread 1 crashed with X86 Thread State (64-bit): rax: 0x000070000f899d70 rbx: 0x000070000f899d70 rcx: 0x0000000000000000 rdx: 0x0000000000000001 rdi: 0x000070000f899d70 rsi: 0xffffffff00000001 rbp: 0x000070000f899e10 rsp: 0x000070000f899d60 r8: 0x0000000000000000 r9: 0x0000000000000ae0 r10: 0x00007fff8edbfc40 r11: 0xfffff00a26891d78 r12: 0x00007ff5e9007f70 r13: 0x000070000f899d70 r14: 0x00007fff89d68098 r15: 0x00007fff89d7f430 rip: 0x0000000102c2d29e rfl: 0x0000000000010202 cr2: 0x00007fff975d10e8Logical CPU: 6Error Code: 0x00000000Trap Number: 6Binary Images: 0x102be7000 - 0x102c65fff sysextd (35.100.1) <8A4A86EE-EEAC-34BF-80C3-5DCD8D71E102> /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd 0x102ef9000 - 0x102f0fff7 com.apple.security.csparser (3.0 - 59306.101.1) <EEE7ED0C-8625-3A9A-A1FB-F118800AB125> /System/Library/Frameworks/Security.framework/Versions/A/PlugIns/csparser.bundle/Contents/MacOS/csparser 0x103039000 - 0x1030caeff dyld (750.5) <1F893B81-89A5-3502-8510-95B97B9F730D> /usr/lib/dyldExternal Modification Summary: Calls made by other processes targeting this process: task_for_pid: 1 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 11251599 thread_create: 0 thread_set_state: 2721VM Region Summary:ReadOnly portion of Libraries: Total=513.8M resident=0K(0%) swapped_out_or_unallocated=513.8M(100%)Writable regions: Total=100.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=100.7M(100%) VIRTUAL REGIONREGION TYPE SIZE COUNT (non-coalesced)=========== ======= =======Activity Tracing 256K 1Dispatch continuations 16.0M 1Kernel Alloc Once 8K 1MALLOC 74.7M 38MALLOC guard page 16K 4STACK GUARD 56.0M 4Stack 9752K 4VM_ALLOCATE 8K 2__DATA 13.6M 221__DATA_CONST 268K 14__FONT_DATA 4K 1__LINKEDIT 388.1M 4__OBJC_RO 32.2M 1__OBJC_RW 1888K 1__TEXT 125.7M 222__UNICODE 564K 1mapped file 27.2M 3shared memory 580K 8=========== ======= =======TOTAL 746.7M 531Please note I removed loaded dylibs to reduce the crash report size.

HiI am facing weird issue, while loading Tranparent App proxy on macOS 10.15.4 (19E287) (Darwin 19.4.0) using OSSystemExtensionRequest, sysextd gets crashed. App receives SystemExtension <<My extension id>> request did fail: Error Domain=OSSystemExtensionErrorDomain Code=1 "(null)" in request: didFailWithError delegate method.Following logs are generated by sysextd before crash:default 17:26:10.287333+0530 sysextd attempting to realize extension with identifier <<My extension id>>default 17:26:10.298649+0530 sysextd Realizing target path: <private>default 17:26:10.299194+0530 sysextd Bundle class: UncachedBundledefault 17:26:10.322048+0530 sysextd staging extension with identifier <<My extension id>>default 17:26:10.383045+0530 sysextd Making activation decision for extension with teamID teamID("<<My team id>>"), identifier <<My extension id>>default 17:26:10.383088+0530 sysextd No extension policy -- activation decision is UserOptiondefault 17:26:10.383116+0530 sysextd validating extension with identifier <<My extension id>>default 17:26:11.093684+0530 sysextd waiting for external validation of extension with identifier<<My extension id>>default 17:26:11.094281+0530 nesessionmanager Validating system extension <<My extension id>>default 17:26:11.094002+0530 sysextd attempting to realize extension with identifier <<My extension id>>default 17:26:11.109415+0530 sysextd Realizing target path: <private>default 17:26:11.109797+0530 sysextd Bundle class: UncachedBundledefault 17:26:11.128982+0530 ReportCrash Parsing corpse data for process sysextd [pid 11854]App Proxy entitlement:<plist version="1.0"><plist version="1.0"><dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>dns-proxy</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>$(TeamIdentifierPrefix)com.example.app-group2</string> </array> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/Library/Logs/TestLogs/</string> </array></dict></plist>App proxy info.plist:<plist version="1.0"><dict>... <key>NSSystemExtensionUsageDescription</key> <string></string> <key>NetworkExtension</key> <dict> <key>NEMachServiceName</key> <string>$(TeamIdentifierPrefix)com.example.app-group2.MySystemExtension</string> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.app-proxy</key> <string>AppProxyProvider</string> </dict> </dict></dict>Crash report:Process: sysextd [11854]Path: /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextdIdentifier: sysextdVersion: 35.100.1Code Type: X86-64 (Native)Parent Process: launchd [1]Responsible: sysextd [11854]User ID: 0Date/Time: 2020-05-27 17:26:11.129 +0530OS Version: Mac OS X 10.15.4 (19E287)Report Version: 12Anonymous UUID: 118067B6-A40A-F8BE-457E-DD9A538CD532Sleep/Wake UUID: 9235D660-727F-41A5-B4EF-D09B3DB093CCTime Awake Since Boot: 38000 secondsTime Since Wake: 8300 secondsSystem Integrity Protection: disabledCrashed Thread: 1 Dispatch queue: sysextd.extension_managerException Type: EXC_BAD_INSTRUCTION (SIGILL)Exception Codes: 0x0000000000000001, 0x0000000000000000Exception Note: EXC_CORPSE_NOTIFYTermination Signal: Illegal instruction: 4Termination Reason: Namespace SIGNAL, Code 0x4Terminating Process: exc handler [11854]Application Specific Information:dyld3 modeThread 0:0 libsystem_kernel.dylib 0x00007fff70c594da __semwait_signal_nocancel + 101 libsystem_c.dylib 0x00007fff70b695e4 nanosleep$NOCANCEL + 1852 libsystem_c.dylib 0x00007fff70b8cf38 sleep$NOCANCEL + 413 libdispatch.dylib 0x00007fff70ac93da _dispatch_queue_cleanup2 + 1564 libsystem_pthread.dylib 0x00007fff70d15054 _pthread_tsd_cleanup + 5515 libsystem_pthread.dylib 0x00007fff70d17512 _pthread_exit + 706 libsystem_pthread.dylib 0x00007fff70d14e08 pthread_exit + 427 libdispatch.dylib 0x00007fff70ac4fce dispatch_main + 998 sysextd 0x0000000102bef860 0x102be7000 + 349129 sysextd 0x0000000102bef099 0x102be7000 + 3292110 libdyld.dylib 0x00007fff70b12cc9 start + 1Thread 1 Crashed:: Dispatch queue: sysextd.extension_manager0 sysextd 0x0000000102c2d29e 0x102be7000 + 2873901 sysextd 0x0000000102c187ab 0x102be7000 + 2026672 sysextd 0x0000000102c10a0a 0x102be7000 + 1705063 sysextd 0x0000000102c1802f 0x102be7000 + 2007514 sysextd 0x0000000102c18098 0x102be7000 + 2008565 com.apple.Foundation 0x00007fff392de4f3 __NSXPCCONNECTION_IS_CALLING_OUT_TO_EXPORTED_OBJECT_S1__ + 106 com.apple.Foundation 0x00007fff392689be -[NSXPCConnection _decodeAndInvokeMessageWithEvent:flags:] + 23637 com.apple.Foundation 0x00007fff3921fb29 message_handler + 2108 libxpc.dylib 0x00007fff70d572bc _xpc_connection_call_event_handler + 569 libxpc.dylib 0x00007fff70d561cb _xpc_connection_mach_event + 93410 libdispatch.dylib 0x00007fff70ab96f8 _dispatch_client_callout4 + 911 libdispatch.dylib 0x00007fff70acebc9 _dispatch_mach_msg_invoke + 43512 libdispatch.dylib 0x00007fff70abeaf6 _dispatch_lane_serial_drain + 26313 libdispatch.dylib 0x00007fff70acf71c _dispatch_mach_invoke + 48114 libdispatch.dylib 0x00007fff70abeaf6 _dispatch_lane_serial_drain + 26315 libdispatch.dylib 0x00007fff70abf5d6 _dispatch_lane_invoke + 36316 libdispatch.dylib 0x00007fff70ac8c09 _dispatch_workloop_worker_thread + 59617 libsystem_pthread.dylib 0x00007fff70d13a3d _pthread_wqthread + 29018 libsystem_pthread.dylib 0x00007fff70d12b77 start_wqthread + 15Thread 2:0 libsystem_kernel.dylib 0x00007fff70c59502 __sigsuspend_nocancel + 101 libdispatch.dylib 0x00007fff70ac949a _dispatch_sigsuspend + 362 libdispatch.dylib 0x00007fff70ac9476 _dispatch_sig_thread + 53Thread 3:0 libsystem_pthread.dylib 0x00007fff70d12b68 start_wqthread + 0Thread 1 crashed with X86 Thread State (64-bit): rax: 0x000070000f899d70 rbx: 0x000070000f899d70 rcx: 0x0000000000000000 rdx: 0x0000000000000001 rdi: 0x000070000f899d70 rsi: 0xffffffff00000001 rbp: 0x000070000f899e10 rsp: 0x000070000f899d60 r8: 0x0000000000000000 r9: 0x0000000000000ae0 r10: 0x00007fff8edbfc40 r11: 0xfffff00a26891d78 r12: 0x00007ff5e9007f70 r13: 0x000070000f899d70 r14: 0x00007fff89d68098 r15: 0x00007fff89d7f430 rip: 0x0000000102c2d29e rfl: 0x0000000000010202 cr2: 0x00007fff975d10e8Logical CPU: 6Error Code: 0x00000000Trap Number: 6Binary Images: 0x102be7000 - 0x102c65fff sysextd (35.100.1) <8A4A86EE-EEAC-34BF-80C3-5DCD8D71E102> /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd 0x102ef9000 - 0x102f0fff7 com.apple.security.csparser (3.0 - 59306.101.1) <EEE7ED0C-8625-3A9A-A1FB-F118800AB125> /System/Library/Frameworks/Security.framework/Versions/A/PlugIns/csparser.bundle/Contents/MacOS/csparser 0x103039000 - 0x1030caeff dyld (750.5) <1F893B81-89A5-3502-8510-95B97B9F730D> /usr/lib/dyldExternal Modification Summary: Calls made by other processes targeting this process: task_for_pid: 1 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 11251599 thread_create: 0 thread_set_state: 2721VM Region Summary:ReadOnly portion of Libraries: Total=513.8M resident=0K(0%) swapped_out_or_unallocated=513.8M(100%)Writable regions: Total=100.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=100.7M(100%) VIRTUAL REGIONREGION TYPE SIZE COUNT (non-coalesced)=========== ======= =======Activity Tracing 256K 1Dispatch continuations 16.0M 1Kernel Alloc Once 8K 1MALLOC 74.7M 38MALLOC guard page 16K 4STACK GUARD 56.0M 4Stack 9752K 4VM_ALLOCATE 8K 2__DATA 13.6M 221__DATA_CONST 268K 14__FONT_DATA 4K 1__LINKEDIT 388.1M 4__OBJC_RO 32.2M 1__OBJC_RW 1888K 1__TEXT 125.7M 222__UNICODE 564K 1mapped file 27.2M 3shared memory 580K 8=========== ======= =======TOTAL 746.7M 531Please note I removed loaded dylibs to reduce the crash report size.Regards,Anand

HiI am working Transparent App proxy on macOS platform.Filter rule is set:NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationHost:[NWHostEndpoint endpointWithHostname:@"example.com" port:@"0"] protocol:NENetworkRuleProtocolAny];As per the document: Matches all TCP and UDP traffic to hosts in the "example.com" DNS domain, including all DNS queries for names in the example.com DNS domain.Documented behaviour was working for all the applications e.g. Chrome, Safar, curl etc till 10.15.4. BUT dcoumeted behaviour stopped working in 10.15.5 for Chrome only (Please note there was no Chrome update) i.e. all other applications like Safari, curl etc. working fine.Regards,Anand Choubey

Hi,I am building Transparent app proxy on 10.15.5. I setup DNS resolver in the app proxy.NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers: dnsServerList];NSString* TLD1 = @"com";NSArray<NSString *> *dnsMatchDomainList = [NSArray arrayWithObjects: TLD1, nil];dnsSettings.matchDomains = dnsMatchDomainList;dnsSettings.domainName = @"gp.com";settings.DNSSettings = dnsSettings;getaddrinfo or DNSServiceGetAddrInfo is called later with any com domain(e.g. apple.com) from same system extension, getaddrinfo/DNSServiceGetAddrInfo gets blocked forever. The same result is with asynchrous DNSServiceGetAddrInfo calls.Could you please help me guide to solve it?Please note, if getaddrinfo is called from third party app, it works fine.

HiI want to share data between host app and network extension on macOS 10.15.5.As per the document, Adding App group in entitlments and using containerURLForSecurityApplicationGroupIdentifier are entry points.But containerURLForSecurityApplicationGroupIdentifier returns different locations. network extension returns "/var/root/Library/Group Containers/...". App returns ~/Library/Group Containers/..." I think, the API's fundamental behavior is correct. Could you please suggest how to share preferences between App Host and Network extension? Regards,Anand Choubey

HiI am wokring on two Network System Extensions (App Proxy and DNS Proxy) on 10.15. I would like send XPC messages betweek these extensions. In my implementation, I will always get "Connection Terminated" message, could not get idea how to move further.My Proxy has listner:- (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection { newConnection.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyListenerXPCProtocol)]; MyListenerXPCService *exportedObject = [DNSXPCService new]; newConnection.exportedObject = exportedObject; [newConnection resume];}-(void) startXPCListner { NSString *machServiceName = @"<<MY TEAM ID>>.com.example.app-group.MyLisetenerSystemExtension"; MyXPCServiceDelegate *delegate = [MyXPCServiceDelegate new]; xpcListener_ = [[NSXPCListener alloc] initWithMachServiceName: machServiceName]; xpcListener_.delegate = delegate; [xpcListener_ resume];}Lisetener entitlement file:Key "com.apple.security.temporary-exception.mach-register.global-name" array value is "<<MY TEAM ID>>.com.example.app-group.MyListenerSystemExtension"In Info.plist, NEMachServiceName has same <<MY TEAM ID>>.com.example.app-group.MyLisetenerSystemExtension".App Proxy message sender:-(void) sendTestXPCMsg { NSXPCConnection *_connectionToService = [[NSXPCConnection alloc] initWithMachServiceName: @"<<MY TEAM ID>>..com.example.app-group.MyListenerSystemExtension" options:0];//initWithServiceName:@"24W52P9M7W.com.example.app-group.MyListenerSystemExtension"]; <-- Tried with it, but same result. _connectionToService.remoteObjectInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyListenerXPCProtocol)]; _connectionToService.interruptionHandler = ^{ NSLog(@"Connection Terminated"); }; _connectionToService.invalidationHandler = ^{ NSLog(@"Connection invalidated"); }; [_connectionToService resume]; [[_connectionToService remoteObjectProxy] upperCaseString:@"hello" withReply:^(NSString *aString) { NSLog(@"Result string was: %@", aString); }];}Sender entitilement:com.apple.security.temporary-exception.mach-lookup.global-name array value is "<<MY TEAM ID>>.com.example.app-group.MyLisetenerSystemExtension".Whenever sender sends a message, it always receives "Connection Terminated" message. I also tried with removing entitlement but always same result.Could you please help me to solve it?Regards,Anand Choubey

Hi I am developing NEDNSProxyProvider System Extension on macOS 10.15+. My solution is monitor the DNS request and apply the policy based on domains in DNS request. The challenge is, NEDNSProxyProvider DNS Proxy does not flush existing DNS cache at start up of DNS Proxy. Therefore, Cached DNS requests are used by Apps, until DNS cache entry is expired. Due to this reason, my Application loses the visibility. "killall -HUP mDNSResponder" is not helping due to NEDNSProxyProvider Sandboxing. Is there anyway to flush the system DNS cache in NEDNSProxyProvider? Thanks

Hi I am developing App proxy network system extension on 10.15.5. Reachability callaback is registered using below method but reachability_callback is never called. 		sockaddr_in ipv4{}; 		ipv4.sin_family = AF_INET; 		ipv4.sin_len = sizeof(sockaddr_in); 		ipv4.sin_addr.s_addr = 0x08080808; /*dummy ip*/ 		SCNetworkReachabilityRef	reachableTarget = SCNetworkReachabilityCreateWithAddress(NULL, (sockaddr *)&ipv4); 		 Boolean ok = SCNetworkReachabilitySetCallback(reachableTarget, reachability_callback, NULL); 		ok = SCNetworkReachabilityScheduleWithRunLoop(reachableTarget, 																									CFRunLoopGetMain(), 																									kCFRunLoopDefaultMode 																									); } I know "defaultPath" can be used to detect the network change. I am trying to understand underlying root cause of this issue. Does reachability callback not work with CFRunLoopGetMain? Regards, Anand Choubey

Hi The same behaviour exist on latest Big Sur beta. I am developing a Transparent and DNS Network System Extension on macOS Big Sur. I request to help me solving Network System Extension initialization problem. These extensions are in the Single App. My Network extensions do not come up the first time of UI. UI needs to be restarted again i.e. OSSystemExtensionRequestDelegate:activationRequestForExtension should be reinitiated again. Console log shows during initialization: Failed to save configuration myext Client DNS Proxy: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo={NSLocalizedDescription=permission denied} Application logs show: App Proxy Logs: AppProxyManager Failed to save configurations, error: NEVPNErrorDomain / 5 DNS Proxy Application Logs: dnsproxymgr Failed to save configurations, error: NEConfigurationErrorDomain 10 App Proxy gets failed to start: Application logs: AppProxyManager Failed to start App Prxoy Description The operation couldn’t be completed. (NEVPNErrorDomain error 1.) Reason (null) Recovery suggestion (null) sudo systemextensionsctl list output shows extensions are enabled. -- com.apple.systemextension.networkextension enabled active teamID bundleID (version) name [state] * <<team id>> com.myext.client.myext-Client.myextClientMacAppProxy (1.0/1) myextMacAppProxy [activated enabled]<<team id>> com.myext.client.myext-Client.myextClientMacDNSProxy (1.0/1) myextMacDNSProxy [activated enabled]Activity Monitor shows, App Proxy and DNS Proxy System extensions are running. System Preferences Security and Privacy shows two entries after clicking on "Allow" button. Could you please recommend, how to debug it? Thanks