Hi, I have a dynamic library libmowglicore.dylib, which works fine in non sandboxed enviroment(command line cpp project). libmowglicore.dylib is signed, it shows valid on disk. When i add it to network extension project, network extension getting crash on launch. 0 dyld 0x102c8e81c dyld3::MachOFile::compatibleSlice(Diagnostics&, void const*, unsigned long, char const*, dyld3::Platform, bool, dyld3::GradedArchs const&) + 76 1 dyld 0x102c72b9c invocation function for block in dyld4::JustInTimeLoader::makeJustInTimeLoaderDisk(Diagnostics&, dyld4::RuntimeState&, char const*, dyld4::Loader::LoadOptions const&, bool, unsigned int) + 96 2 dyld 0x102c72b9c invocation function for block in dyld4::JustInTimeLoader::makeJustInTimeLoaderDisk(Diagnostics&, dyld4::RuntimeState&, char const*, dyld4::Loader::LoadOptions const&, bool, unsigned int) + 96 3 dyld 0x102c77fcc dyld4::SyscallDelegate::withReadOnlyMappedFile(Diagnostics&, char const*, bool, void (void const*, unsigned long, bool, dyld4::FileID const&, char const*) block_pointer) const + 132 4 dyld 0x102c72b08 dyld4::JustInTimeLoader::makeJustInTimeLoaderDisk(Diagnostics&, dyld4::RuntimeState&, char const*, dyld4::Loader::LoadOptions const&, bool, unsigned int) + 204 Crash Dumps How to debug it?

Hi, We have NEPacketTunnelProvider which creates a virtual interface. I am trying to Read and write virtual interface in separate process(c++ command line project). Read works fine, but write is not working. Reading packet in separate process as below: int bpf = 0; for (int i = 0; i < 99; ++i) { snprintf(buf, 11, "/dev/bpf%i", i); bpf = open(buf, O_RDWR); if (bpf != -1) break; } struct ifreq interface; strcpy(interface.ifr_name, interfaceName.c_str()); if(ioctl(bpf, BIOCSETIF, &interface) > 0) { return errno; } unsigned int one = 1; if (ioctl(bpf, BIOCIMMEDIATE, &one) == -1) { return errno; } int bufLength = 1; if (ioctl(bpf, BIOCGBLEN, &bufLength) == -1) { return errno; } if (ioctl(bpf, BIOCPROMISC, NULL) == -1) { return errno; } //Reading bpf as below readBytes = (int)read(bpf, bpfBuffer, bufLength); **Whenever traffic routed to Packet Tunnel provider interface as per network rule, Read works fine in this process(separate c++ process). We are able to read valid packet. ** //Writing as below ssize_t writtenBytes = write(bpf, packet, size); if (writtenBytes < 1) { return false; } else { return true; } Above write API is not giving any error, returning byte written correctly. But after write, packet is not reaching to application which generated traffic. For example, for ping, it is showing 1 packets transmitted, 0 packets received, 100.0% packet loss I also tried sending it over raw socket. Since separate process is command line and not sandboxed, raw socket getting openned. `ssize_t bytes = sendto (fRawSocket, packet, size, 0, (sockaddr*) dest, sizeof(*dest)); //dest is packet tunnel virtual interface ip addres` This also not returning any error but this packet is also not reaching to application which generated traffic. There is packetFlow.writePacketObjects which works fine in swift. but due to some architecture constraint, i am reading and writing packet in separate process. is this something macOS doesn't allow or i am doing something wrong?

I am trying to pause NEFilterFlow and then resuming NEFilterFlow from function **handleInboundData** let goingToApply = someFunctionWithClosure { applied in if applied { let verdict: NEFilterNewFlowVerdict = .allow() self.resumeFlow(flow, with: verdict) } } if goingToApply == true { return .pause() } The line self.resumeFlow(flow, with: verdict) crashing with following exception: terminating with uncaught exception of type NSException *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NEFilterNewFlowVerdict passBytes]: unrecognized selector sent to instance 0x10b8662a0' Crash dump showing below logs: Thread 3 Crashed:: Dispatch queue: NEFilterExtensionProviderContext queue 0 libsystem_kernel.dylib 0x1b7aa6d78 __pthread_kill + 8 1 libsystem_pthread.dylib 0x1b7adbee0 pthread_kill + 288 2 libsystem_c.dylib 0x1b7a16340 abort + 168 3 libc++abi.dylib 0x1b7a96b18 abort_message + 132 4 libc++abi.dylib 0x1b7a86a54 demangling_terminate_handler() + 336 5 libobjc.A.dylib 0x1b797c320 _objc_terminate() + 144 6 libc++abi.dylib 0x1b7a95eb4 std::__terminate(void (*)()) + 20 7 libc++abi.dylib 0x1b7a95e50 std::terminate() + 64 8 libdispatch.dylib 0x1b79181c8 _dispatch_client_callout + 40 9 libdispatch.dylib 0x1b791f8a8 _dispatch_lane_serial_drain + 668 10 libdispatch.dylib 0x1b7920404 _dispatch_lane_invoke + 392 11 libdispatch.dylib 0x1b792ac98 _dispatch_workloop_worker_thread + 648 12 libsystem_pthread.dylib 0x1b7ad8360 _pthread_wqthread + 288 13 libsystem_pthread.dylib 0x1b7ad7080 start_wqthread + 8 Why this exception is occurring for .allow() verdict only. For .drop() it is not crashing. No where i'm calling passBytes method on NEFilterNewFlowVerdict

I am trying to get ports used by processes. It can be done via lsof on macOS, i am trying to do it via libproc. #include <iostream> #include <libproc.h> int main(int argc, const char * argv[]) { pid_t pids[3072]; int count = proc_listpids(PROC_ALL_PIDS, 0, pids, sizeof(pids)); for (int i = 0; i < count; i++) { char buffer[1024]; for (int j = 1; j < 50000; j++) { //port range int ret = proc_pidfileportinfo(pids[i], j, PROC_PIDFILEPORTVNODEPATHINFO, buffer, sizeof(buffer)); if(ret != 0) { printf("proc_pidfileportinfo returned %d bytes of data\n", ret); printf("%s\n", name); } } } return 0; } proc_pidfileportinfo function is not working for any port, i tried iterating till 50K. What i am doing wrong with proc_pidfileportinfo? how to properly use proc_pidfileportinfo?

Hi, We have following settings for NEPacketTunnelProvider with include rules having all IPv4 network traffic be routed. Exclude rule having 8.8.8.8 & 10.212.24.222. In this case dns request packets are not going out. let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "xxxxx") settings.ipv4Settings = NEIPv4Settings(addresses: ["10.10.10.10"], subnetMasks: ["255.255.255.255"]) settings.ipv4Settings?.includedRoutes = [NEIPv4Route(destinationAddress: "0.0.0.0", subnetMask: "0.0.0.0")] or the below one settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()] settings.ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "8.8.8.8", subnetMask: "255.255.255.255"), NEIPv4Route(destinationAddress: "10.212.24.222", subnetMask: "255.255.255.255")] settings.mtu = 1500 If we are changing tunnel settings as below, then dns request packets are coming out in pcap dumps. settings.ipv4Settings?.includedRoutes = [ NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "8.0.0.0", subnetMask: "255.0.0.0") ] settings.ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "8.8.8.8", subnetMask: "255.255.255.255"), NEIPv4Route(destinationAddress: "10.212.24.222", subnetMask: "255.255.255.255")] Why the former 0.0.0.0 / defaultcase not working? How to include all traffic be routed in packet tunnel by excluding selective traffic?

Hi, I am experiencing following crashes intermittently in macOS network extension. Sometime in an hour or two or three. I don't see anywhere references to my project code hence i am unable to understand this crashes. Anyone please point me into right direction from here: Crash Dumps Samples: Process: com.skyhighsecurity.epclient.networkextension [39224] Path: /Library/SystemExtensions/*/com.skyhighsecurity.epclient.networkextension Identifier: com.skyhighsecurity.epclient.networkextension Version: 1.0 (1) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 0 Date/Time: 2023-03-20 13:46:51.6991 +0530 OS Version: macOS 12.6.3 (21G419) Report Version: 12 Anonymous UUID: 72617D4C-9E91-7141-D71D-9CB5BDADAA25 Sleep/Wake UUID: B462FD28-68B4-4B46-84EB-D16E29760748 Time Awake Since Boot: 32000 seconds Time Since Wake: 5 seconds System Integrity Protection: disabled Crashed Thread: 3 Dispatch queue: NEFilterExtensionProviderContext queue Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x0000000182e26104 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace SIGNAL, Code 5 Trace/BPT trap: 5 Terminating Process: exc handler [39224] Application Specific Information: BUG IN CLIENT OF LIBPLATFORM: os_unfair_lock is corrupt Abort Cause 1949042982 Thread 0: 0 libsystem_kernel.dylib 0x182dd5d70 __sigsuspend_nocancel + 8 1 libdispatch.dylib 0x182c5b5e0 _dispatch_sigsuspend + 48 2 libdispatch.dylib 0x182c5b5b0 _dispatch_sig_thread + 60 Thread 1: 0 libsystem_pthread.dylib 0x182e07078 start_wqthread + 0 Thread 2: 0 libsystem_pthread.dylib 0x182e07078 start_wqthread + 0 Thread 3 Crashed:: Dispatch queue: NEFilterExtensionProviderContext queue 0 libsystem_platform.dylib 0x182e26104 _os_unfair_lock_corruption_abort + 88 1 libsystem_platform.dylib 0x182e21184 _os_unfair_lock_lock_slow + 328 2 libsystem_pthread.dylib 0x182e07640 pthread_mutex_destroy + 64 3 Foundation 0x183d7ac18 -[_NSXPCConnectionClassCache dealloc] + 48 4 libobjc.A.dylib 0x182cb7c58 objc_object::sidetable_release(bool, bool) + 260 5 NetworkExtension 0x19148b798 -[NEFilterSocketFlow .cxx_destruct] + 40 6 libobjc.A.dylib 0x182c9d8e4 object_cxxDestructFromClass(objc_object*, objc_class*) + 116 7 libobjc.A.dylib 0x182c94b0c objc_destructInstance + 80 8 libobjc.A.dylib 0x182c94ab8 _objc_rootDealloc + 80 9 NetworkExtension 0x19148246c -[NEFilterDataExtensionProviderContext handleSocketSourceEventWithSocket:] + 132 10 libdispatch.dylib 0x182c481b4 _dispatch_client_callout + 20 11 libdispatch.dylib 0x182c4b670 _dispatch_continuation_pop + 500 12 libdispatch.dylib 0x182c5e8e0 _dispatch_source_invoke + 1596 13 libdispatch.dylib 0x182c4f784 _dispatch_lane_serial_drain + 376 14 libdispatch.dylib 0x182c50404 _dispatch_lane_invoke + 392 15 libdispatch.dylib 0x182c5ac98 _dispatch_workloop_worker_thread + 648 16 libsystem_pthread.dylib 0x182e08360 _pthread_wqthread + 288 17 libsystem_pthread.dylib 0x182e07080 start_wqthread + 8

Hi, I want to know if i can ask NEPacketTunnelProvider to reroute traffic from virtual utun to physical interface? Let me break it down: As per includedRoutes, Traffic came on NEPacketTunnelProvider virtual interface(utun). After parsing packet if in case for some condition matches (such as port number etc), i want to route it via physical interface. Can we achieve this? Raw Socket can't be opened in System Extension hence i can't go via this route. I don't see any ways in NEPacketTunnelProvider / NEPacketTunnelNetworkSettings to achieve this.

Hi, I have applied below rule let filterRules = ["0.0.0.0", "::"].map { address -> NEFilterRule in       let localNetwork = NWHostEndpoint(hostname: address, port: "0")       let networkRule = NENetworkRule(remoteNetwork: nil,                           remotePrefix: 0,                           localNetwork: localNetwork,                           localPrefix: 0,                           protocol: .TCP,                           direction: .any)       return NEFilterRule(networkRule: networkRule, action: .filterData)     } I have written below code in method: override func handleInboundData if remoteEndpoint.hostname == "10.207.135.79" { os_log(.debug, log: self.log, "dropping for 10.207.135.79.");         return .drop() } From device 10.207.135.79 i am trying to send TCP as below: 1. ssh userName@10.213.175.1 It is getting drop as expected. kex_exchange_identification: Connection closed by remote host 2. Send via netcat(nc) nc 10.213.175.1 8888 During netcat, it's not getting drop. 3. Send via curl(nc) curl 10.213.175.1:8888 During curl, it's not getting drop. 10.213.175.1 is IP where system extension filter provider running. is this expected behaviour?

Hello, I have created raw socket as below rawSockfd = socket(AF_INET,SOCK_RAW,IPPROTO_IP) Added flag 5 sec SO_RCVTIMEO, IP_HDRINCL to 1 via setsockopt. Sending IP Packet as below: struct sockaddr_in connection = getSockAddr(dstIPAddress);  long bytes = sendto(rawSockfd, (uint8_t *)packet, size, 0, (struct sockaddr *)&connection, sizeof(struct sockaddr)); I am trying to receive as below: long rsize = recvfrom(rawSock, buffer, size, 0, (struct sockaddr *)&connection, (socklen_t *)&addrlen); This works fine for ICMP, UDP. recvfrom able to read packet back. We are facing issue during TCP. recvfrom returns error: Resource temporarily unavailable after 5 sec timeout. If we remove timeout flag SO_RCVTIMEO then it gets stuck forever. TCPdump shows following logs on destination. Instead of SYN ACK it's getting Reset: 09:21:03.972632 IP 10.215.179.1.54745 > 10.207.134.154.8181: Flags [SEW], seq 358899317, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 426499980 ecr 0,sackOK,eol], length 0 09:21:03.972755 IP 10.207.134.154.8181 > 10.215.179.1.54745: Flags [R.], seq 0, ack 358899318, win 0, length 0 is this something macOS not sending TCP response back to rawsocket or something is wrong in my code?