Post

Replies

Boosts

Views

Activity

Reply to SimpleFirewall with objective-c
Yes, I did. Inside the Info.plist for the extension, NEProviderClasses specified as a dict, with one element.For swift, this element is:com.apple.networkextension.filter-packet -> $(PRODUCT_MODULE_NAME).FilterPacketProviderFor objective-c, it is:com.apple.networkextension.filter-packet ->FilterPacketProvider(In both cases, FilterPacketProvider is indeed the name of the class I implement, that inherits from NEFilterPacketProvider).
Jan ’20
Reply to NEFilterPacketContext is Empty
Thanks Eskimo, that's useful.Following your advice, I am starting in the grand adventure of parsing packet bytes. I am not very familiar with that. Do you have a recommendation for a library that would help me in that regard ? My current plan is to use the library libcap (pcap). I wouldn't mind something a bit higher level, but it does not seem to be widespread.Also, if by any chance you have some random code lying around that could get me started on parsing the packet bytes, that would be fantastic.Thanks
Jan ’20
Reply to NEFilterDataProvider vs NEFilterPacketProvider
And also another quick question:I set up my app so that it now launches two system extensions: 1 for the NEFilterPacketProvider 1 for the NEFilterDataProvider.It seems set up correctly in the sense that when I set :providerConfiguration.filterSockets = false providerConfiguration.filterPackets = trueThen only my system extension for NEFilterPacketProvider will launch and work correctly. The other one is not launched.When I setproviderConfiguration.filterSockets = true providerConfiguration.filterPackets = falseThen only the system extension for NEFilterDataProvider will launch and work correctly.So this works correctly, and shows that my configuration is correct.However, if I set both to true, only the extension for NEFilterDataProvider will launch (even though I do send the activation message correctly for both). Do I need to add something to the config to allow my main app to launch 2 system extensions?Thanks!
Jan ’20
Reply to NEFilterDataProvider vs NEFilterPacketProvider
Yes, both filterDataProviderBundleIdentifier and filterPacketProviderBundleIdentifier are set correctly.I tried two ways : having two different targets and bundles for each extension. This didn't work, as explained above.I also tried having only 1 system extension, containing both the FilterDataProvider and FilterPacketProvider (in 2 different files). I also set up the Info.plist to look like this:<dict> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.filter-packet</key> <string>$(PRODUCT_MODULE_NAME).FilterPacketProvider</string> <key>com.apple.networkextension.filter-data</key> <string>$(PRODUCT_MODULE_NAME).FilterDataProvider</string> </dict></dict></plist>However, it still didn't work. Do you know what approach is the correct one (2 targets versus 1 target) ? Do you know what else I could be doing wrong?
Jan ’20
Reply to NEFilterDataProvider vs NEFilterPacketProvider
I realized that using 1 target per network extension (so 2 targets in total) is a non starter, because the main app can only have one NEFIlterManager, so couldn’t control both.So I focused on the solution of having 1 system extension that cumulates the two Filter%Provider, with this Info.plist: NEProviderClasses com.apple.networkextension.filter-packet $(PRODUCT_MODULE_NAME).FilterPacketProvider com.apple.networkextension.filter-data $(PRODUCT_MODULE_NAME).FilterDataProvider The extension loads fine, the problem is that only 1 FilterProvider receives the startFilter callback when I do this:func loadFilterConfiguration(completionHandler: @escaping (Bool) -> Void) { NEFilterManager.shared().loadFromPreferences { loadError in DispatchQueue.main.async { var success = true if let error = loadError { print("Failed to load the filter configuration: %@", error.localizedDescription) success = false } completionHandler(success) } } }loadFilterConfiguration { success in guard success else { print("Errrrror !") return } if (true) { let providerConfiguration = NEFilterProviderConfiguration() providerConfiguration.filterSockets = true providerConfiguration.filterPackets = true filterManager.providerConfiguration = providerConfiguration if let appName = Bundle.main.infoDictionary?["CFBundleName"] as? String { filterManager.localizedDescription = appName } } filterManager.isEnabled = true filterManager.saveToPreferences { saveError in DispatchQueue.main.async { if let error = saveError { os_log("%@", error.localizedDescription) return } os_log("%{public}s %{public}s", NEFilterManager.shared().providerConfiguration!.filterDataProviderBundleIdentifier!, NEFilterManager.shared().providerConfiguration!.filterPacketProviderBundleIdentifier! ) } } }Unless there is something I am doing wrong in the code above, this starts feeling like a bug in macOS. Both the filters should receive the startFilter callback, after this.Note that when I keep only 1 FIlter%Provider (either one) in my extension, it works fine, indicating there is no issue in the Filter%Provider code themselves.
Jan ’20
Reply to How to get BundleID from sourceAppAuditToken ?
Hi Eskimo, that is right, it is modularized and not deprecated. I was misled by the fact that when I type "import Darwin" it appears with a red strikethrough, which I mistakenly interpreted as deprecated.Thanks a lot for the code, I was indeed missing this. I was looking around for this info, but couldn't find the procedure you sent on "https://developer.apple.com/documentation/security/code_signing_services"Is there another source of documentation or code examples that you would recommend ?Thanks for the tip on using the code's designated identifier. I assume you mean kSecCodeInfoIdentifier. I will use this.Thanks a lot for your help!
Jan ’20