Thanks!The queries are for macOS.Regards,Anand Choubey
Post
Replies
Boosts
Views
Activity
Thanks meaton!You would like to say: "Network Extension will *NOT* need to run in the sandbox. Did you miss NOT in your reply?Could you please me let me know what is the purpose of AppSand box in App Proxy Network extension if it can not be disabled outside of Mac App Store?Regards,Anand Choubey
Thanks, meaton!I developed two App Proxy Extensions with the Same rules. It shows whichever instantiate later, receives the Flow. I would like to confirm it.Is there any command which can show me all the Network rule set by different Extensions on the macOS system? It will help us to debug the interoperability issues in the field?Regards,Anand Choubey
Yes, transparent proxy means NEAppProxyProvider. NETransparentProxyManager should be used in your app to configure the proxy.
Thanks!I am using NEAppProxyProvider, As per the documentation NEAppProxyProvider "DNS Handling": "The App Proxy Provider can specify the DNS resolver configuration that will be used by these applications using the...."https://developer.apple.com/documentation/networkextension/neappproxyprovider?language=objcCould you please help me understand how to make a DNS resolver with NEAppProxyProvider as per the above documentation?Can NEAppProxyProvider receive a DNS request using any filter or DNS resolver?Regards,Anand Choubey
You need to do couple of things apart from Developer ID signing:1. Change entitlement content-filter-provider to content-filter-provider-systemextension manually:Look at the below document:https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_networking_networkextension?language=objc.2 Notarize your app.Regards,Anand Choubey
Thanks Matt!Yes, I set up DNS resolver and configures following rule to capture all DNS request whose TLD (Top level domain) is "com".NENetworkRule *includeRule2 = [[NENetworkRule alloc] initWithDestinationHost:[NWHostEndpoint endpointWithHostname:@"*.com" port:@"53"] protocol:NENetworkRuleProtocolAny];And handleNewUDPFlow is implemented too.Now all the DNS requests whose TLD is com, is received by my App proxy code. dig command request is NOT recieved. Any recommendation, how to receive the "dig" dns request.It looks like w/o adding TLD, my app proxy does not receive any DNS request.I would like to capture all the out going DNS request in my Transparent app proxy without configuring TLDs. TLDs are in hundreds. Maintaining and Adding individual TLDs is difficult job and it may impact negatively overall performance of the system.Can it be done without adding Top level domains in filter rules?Regards,Anand Choubey
Thanks Matt!
Hi EskimoI filed bug ( FB7717328) with relevent info and my code. Please let me know if I should give more info.Regards,Anand Choubey
Hi eldredI am facing same issue.Did you get the solution of it?Thanks
Thanks EskimoTwo Network extension enablment flows were triggered at same time that leads to the crash. Now I fixed it.Regards,Anand Choubey
Sorry, I missed question:Could you please confirm whether behaviour change this is bug in 10.15.5?Thanks
Thanks Matt!It is not intemittent. dns resolution is never received.If matchDomainsNoSearch is set to YES.getaddrinfo throws error:error in getaddrinfo: nodename nor servname provided, or not knownAny recommendation to solve this issue?Regards,Anand Choubey
Thanks Matt!Try using a different DNS server and see if you start getting traffic there...Sorry, I did not get your suggestion. How to use different DNS server in getaddrinfo?We do not have any access policy on machine. Or do I miss your point?I missed one strange point before:If Network extension is disconnected from Network Preferences, all the block calls returns with resolved IP address.Regards,
Thanks for your reply!But Acitivety Monitor shows different Process id for each extension. Is it correct? Regards,Anand Choubey