@DTS Engineer for the system as a whole example: testyoutube.com ping, curl, or any browser etc visits testyoutube.com, i want to resolve it by Transparent Proxy.

Thanks much @DTS Engineer. During KeepAlive true, if process crashes after launch, what best can be done to minimise crash loop or at-least minimising system instability or excessive resource caused by crash loop?

@DTS Engineer Any specific reason why apple has not added remoteEndpoint to NEAppProxyUDPFlow but remoteEndpoint is available for NEAppProxyTCPFlow?

The trick is to allow the flow and then block all of its traffic until you’ve decided what to do. @DTS Engineer As per this trick, lets say we returns true to allow the flow, later on different queue/thread we decided to handover the flow to kernel, that's not possible right? in this case, only options left are to close the flow, or send it to actual destination, or send it to proxy. No way it can be handed over to kernel which happens after returning false from this method.

@eskimo an ES sysex always has demand. You mean if i add com.apple.developer.endpoint-security.client to YES in capabilities, then it will auto launch after installation? Any help on how to request this entitlement? Or any configuration which can cause demand for launch without using ES entitlements What are you trying to do with that code? There are few things we want to do such as monitoring interface changes using NWPathMonitor, start Unix domain server(there is another process which will connect to this server) etc

exit(0) in override stopXXXX stopping it

Hi @meaton @eskimo Did you get any chance to look at this issue?

Is there a v4 path available on the Network? If you try with Safari does this same behavior still happen? Yes, v4 path is available. Only Safari working fine, other browsers, Microsoft Team, curl etc are failing.

Hi @eskimo I am able to get process path associated with packet read in Packet tunnel. I am facing below problem with Safari: For Safari or any other apps which uses WKWebview having same process path: /Library/Apple/System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking Any ways to distinguish wether it is safari or other wkwebview apps? Related Problem: https://developer.apple.com/forums/thread/693528 In this thread, app proxy can help but in packet tunnel no such options exposed.

Hi @eskimo How did you get into the situation described scenario 2? I have create pkg installer. Installer does following steps in root mode: Execute script to uninstall existing system extension. This script uses current app from application folder. Removes current app from application folder using sudo rm -rf Replace new app in application folder Run script to Install new version of system extension. Problem: In step 1, due to some reason uninstallation fails, such as system prompts password for uninstallation, if by mistake user presses cancel button We get into scenario 2 if uninstallation fails. Normally the system prevents that I have noticed, if we manually delete app using finder then macOS prompt for uninstalling its extension.

I have created an utun interface(utun5) with address 10.0.0.0, then we installed VPN with address 10.0.0.0/8. I observed that new utun interface(utun4) created by VPN having the same address 10.0.0.0 only. What is the use of giving CIDR range instead of specific ip? utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.0 --> 10.0.0.1 netmask 0xff000000 nd6 options=201<PERFORMNUD,DAD> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet6 fe80::bed0:74ff:fe37:92be%utun4 prefixlen 64 scopeid 0x1e inet 10.0.0.0 --> 10.0.0.0 netmask 0xff000000 inet6 2001:db8:: prefixlen 120 nd6 options=201<PERFORMNUD,DAD>

Hi @eskimo @meaton One doubt here, lets say 10.0.0.0 address is already in use by other utun. Now new VPN Interface is getting created with address 10.0.0.0/8. Will macOS assigns ip from the range 10.0.0.0/8 other than 10.0.0.0?

Hi @eskimo Looks like ip 239.255.255.250 is multicast address (Simple Service Discovery Protocol - SSDP) I have following questions: is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule? What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets? when multicast entitlement needed?

Hi @eskimo, any thoughts on this?

@anoojkrishnan How did you solved this probelm?