Hi, I am experiencing following crashes intermittently in macOS network extension. Sometime in an hour or two or three. I don't see anywhere references to my project code hence i am unable to understand this crashes. Anyone please point me into right direction from here: Crash Dumps Samples: Process: com.skyhighsecurity.epclient.networkextension [39224] Path: /Library/SystemExtensions/*/com.skyhighsecurity.epclient.networkextension Identifier: com.skyhighsecurity.epclient.networkextension Version: 1.0 (1) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 0 Date/Time: 2023-03-20 13:46:51.6991 +0530 OS Version: macOS 12.6.3 (21G419) Report Version: 12 Anonymous UUID: 72617D4C-9E91-7141-D71D-9CB5BDADAA25 Sleep/Wake UUID: B462FD28-68B4-4B46-84EB-D16E29760748 Time Awake Since Boot: 32000 seconds Time Since Wake: 5 seconds System Integrity Protection: disabled Crashed Thread: 3 Dispatch queue: NEFilterExtensionProviderContext queue Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x0000000182e26104 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace SIGNAL, Code 5 Trace/BPT trap: 5 Terminating Process: exc handler [39224] Application Specific Information: BUG IN CLIENT OF LIBPLATFORM: os_unfair_lock is corrupt Abort Cause 1949042982 Thread 0: 0 libsystem_kernel.dylib 0x182dd5d70 __sigsuspend_nocancel + 8 1 libdispatch.dylib 0x182c5b5e0 _dispatch_sigsuspend + 48 2 libdispatch.dylib 0x182c5b5b0 _dispatch_sig_thread + 60 Thread 1: 0 libsystem_pthread.dylib 0x182e07078 start_wqthread + 0 Thread 2: 0 libsystem_pthread.dylib 0x182e07078 start_wqthread + 0 Thread 3 Crashed:: Dispatch queue: NEFilterExtensionProviderContext queue 0 libsystem_platform.dylib 0x182e26104 _os_unfair_lock_corruption_abort + 88 1 libsystem_platform.dylib 0x182e21184 _os_unfair_lock_lock_slow + 328 2 libsystem_pthread.dylib 0x182e07640 pthread_mutex_destroy + 64 3 Foundation 0x183d7ac18 -[_NSXPCConnectionClassCache dealloc] + 48 4 libobjc.A.dylib 0x182cb7c58 objc_object::sidetable_release(bool, bool) + 260 5 NetworkExtension 0x19148b798 -[NEFilterSocketFlow .cxx_destruct] + 40 6 libobjc.A.dylib 0x182c9d8e4 object_cxxDestructFromClass(objc_object*, objc_class*) + 116 7 libobjc.A.dylib 0x182c94b0c objc_destructInstance + 80 8 libobjc.A.dylib 0x182c94ab8 _objc_rootDealloc + 80 9 NetworkExtension 0x19148246c -[NEFilterDataExtensionProviderContext handleSocketSourceEventWithSocket:] + 132 10 libdispatch.dylib 0x182c481b4 _dispatch_client_callout + 20 11 libdispatch.dylib 0x182c4b670 _dispatch_continuation_pop + 500 12 libdispatch.dylib 0x182c5e8e0 _dispatch_source_invoke + 1596 13 libdispatch.dylib 0x182c4f784 _dispatch_lane_serial_drain + 376 14 libdispatch.dylib 0x182c50404 _dispatch_lane_invoke + 392 15 libdispatch.dylib 0x182c5ac98 _dispatch_workloop_worker_thread + 648 16 libsystem_pthread.dylib 0x182e08360 _pthread_wqthread + 288 17 libsystem_pthread.dylib 0x182e07080 start_wqthread + 8

Hi, I want to know if i can ask NEPacketTunnelProvider to reroute traffic from virtual utun to physical interface? Let me break it down: As per includedRoutes, Traffic came on NEPacketTunnelProvider virtual interface(utun). After parsing packet if in case for some condition matches (such as port number etc), i want to route it via physical interface. Can we achieve this? Raw Socket can't be opened in System Extension hence i can't go via this route. I don't see any ways in NEPacketTunnelProvider / NEPacketTunnelNetworkSettings to achieve this.

Hi, I have applied below rule let filterRules = ["0.0.0.0", "::"].map { address -> NEFilterRule in       let localNetwork = NWHostEndpoint(hostname: address, port: "0")       let networkRule = NENetworkRule(remoteNetwork: nil,                           remotePrefix: 0,                           localNetwork: localNetwork,                           localPrefix: 0,                           protocol: .TCP,                           direction: .any)       return NEFilterRule(networkRule: networkRule, action: .filterData)     } I have written below code in method: override func handleInboundData if remoteEndpoint.hostname == "10.207.135.79" { os_log(.debug, log: self.log, "dropping for 10.207.135.79.");         return .drop() } From device 10.207.135.79 i am trying to send TCP as below: 1. ssh userName@10.213.175.1 It is getting drop as expected. kex_exchange_identification: Connection closed by remote host 2. Send via netcat(nc) nc 10.213.175.1 8888 During netcat, it's not getting drop. 3. Send via curl(nc) curl 10.213.175.1:8888 During curl, it's not getting drop. 10.213.175.1 is IP where system extension filter provider running. is this expected behaviour?

Hello, I have created raw socket as below rawSockfd = socket(AF_INET,SOCK_RAW,IPPROTO_IP) Added flag 5 sec SO_RCVTIMEO, IP_HDRINCL to 1 via setsockopt. Sending IP Packet as below: struct sockaddr_in connection = getSockAddr(dstIPAddress);  long bytes = sendto(rawSockfd, (uint8_t *)packet, size, 0, (struct sockaddr *)&connection, sizeof(struct sockaddr)); I am trying to receive as below: long rsize = recvfrom(rawSock, buffer, size, 0, (struct sockaddr *)&connection, (socklen_t *)&addrlen); This works fine for ICMP, UDP. recvfrom able to read packet back. We are facing issue during TCP. recvfrom returns error: Resource temporarily unavailable after 5 sec timeout. If we remove timeout flag SO_RCVTIMEO then it gets stuck forever. TCPdump shows following logs on destination. Instead of SYN ACK it's getting Reset: 09:21:03.972632 IP 10.215.179.1.54745 > 10.207.134.154.8181: Flags [SEW], seq 358899317, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 426499980 ecr 0,sackOK,eol], length 0 09:21:03.972755 IP 10.207.134.154.8181 > 10.215.179.1.54745: Flags [R.], seq 0, ack 358899318, win 0, length 0 is this something macOS not sending TCP response back to rawsocket or something is wrong in my code?