User Profile

MacOS Version: 14.3 (23D56) In my testing of PacketTunnelProvider on MacOS I have observed that when I do a system shutdown or reboot, PacketTunnelProvider::stopTunnelWithReason() is getting called with reason: NEProviderStopReasonUserInitiated. Note: when I try to disconnect the VPN from system settings PacketTunnelProvider::stopTunnelWithReason() is called with the same reason: NEProviderStopReasonUserInitiated. I am facing an issue here to identify what caused PacketTunnelProvider::stopTunnelWithReason(), system shutdown or any user action?

We have a test scenario where we install our app package on a Mac setup using MDM (Jamf). Below are the test steps and observation: This installation is done on this Mac with no user logged in. Installation is completed successfully. Now when an user log in on this mac machine, the expectation is that the app bundle will be started by the launchd (RunAtLoad). But the app is not started. When I check console logs I could see few logs around the app but from those logs I couldn't figure out why the app didn't start. I rebooted my test machine but that also didnt start my app. My app is not listed in 'launchctl list' command. My App bundle contains container app and a packet tunnel extension. Below is how my plist file looks like in '/Library/LaunchAgents/com.****.***ui.plist': { KeepAlive = 1; Label = "com.*****.client.****ui"; LimitLoadToSessionType = ( Aqua ); ProgramArguments = ( "/Applications/*********.app/Contents/MacOS/****Module" ); RunAtLoad = 1; SuccessfulExit = 1; Version = "110.200.0.100"; } In Console below are the last set of log which I could find related to my app: support_log.txt In above logs below statement mentions the extn which is related to my app bundle: 2024-03-19 15:48:55.256020+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] [Skipping first 85 of 95 entries] 2024-03-19 15:48:55.256051+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] entry: Thu Feb 8 20:48:26 2024 NetworkExtension.com.*****.client.*****-Client.*****ui.*****pkttunnel.104.2.12.191.104.2.12 (bundle) 0 0 0 0 0 0 Can someone please help me in understanding what could be wrong here, why would 'RunAtLoad' key word wont work here to start my app on user login or reboot? Note: Everything work fine when my app is installed with an user logged in to the test machine. Also App starts successfully if I run command 'lauchctl bootstrap gui/ /Library/LaunchAgents/com.****.****ui.plist' in the above mentioned test scenario where app didnt auto start by launchd: 'RunAtLoad'.

I have a cert in a key chain that contains a private key. I'd like to add an application to the access control "white list" for that key. I know how to do this using the graphical key chain tool, but I'd like to do it via the command line (inside post install script) or programmatically. Is it possible it do so?

Xcode Version 15.2 (15C500b) After upgrading Xcode from 14 to 15.2 I am not able to attach system extension (packettunnel) process to Instruments tools for memory debugging. Same is working fine with Xcode 14. Error displayed: "Process No Longer Exists". But the service is running and is listed in process list. % ps -ax | grep -i pkttunnel | grep -v grep 61910 ?? 0:01.04 /Library/SystemExtensions/5F4AF6EF-****-****-****-F11****9CE78/com.******.client.*****-Client.***ui.***pkttunnel.systemextension/Contents/MacOS/com.******.client.*****-Client.***ui.***pkttunnel.systemextension Note: I am able to attach a normal program to Instruments tool for memory debugging, I have noticed this issue with system extension processes only.

Platform: MacOS 12.0 I have an app bundle which contains an packet tunnel extension. I am not running my packettunnel extension in a Sandbox as I dont plan to post my app in Apple's App Store. I have an requirement to run privilege operations which I have run any place from the app. As we know the user app cannot run these privilege operations we can use the 'Service Management' api: SMJobBless to start a helper tool which can run these privileged tasks. But as I stated earlier I can run these privileged tasks from any place in the bundle, we have packettunnel extension which is running with root privileges. So looking at my above environment what would be recommended? do I really need to start a privileged helper tool or I can directly run these privileged operations from packettunnel extension? One advantage of running these privilege tasks in packettunnel extension I see is that it will not require additional an user authentication which is needed in case of using SMJobBless(), this will also avoid upgrade management of the helper tool.

Apple M2 Pro MacOs: 13.6 (22G120) In my system extension installer's postInstall script I have launch agent configured for the app as below: launchctl enable gui/$user_uid/com.mycompany.client.myproduct launchctl bootstrap gui/501 /Library/LaunchAgents/com.mycompany.myproduct.plist When I install the software using a local user, the service works fine without any issue and the service is shown listed in 'launchctl list' command: % launchctl list | grep -i mycompany 84714 0 com.mycompany.client.myproduct But when I login using on the same machine using a AD (Active Directory) user, the service/agent doesnt start and I don't see any entry service listed in 'launchctl list'. This is how my plist file looks like: % defaults read /Library/LaunchAgents/com.mycompany.myproduct.plist { CFBundleVersion = "200.200.200.200"; KeepAlive = 1; Label = "com.mycompany.client.myproduct"; LimitLoadToSessionType = ( Aqua ); ProgramArguments = ( "/Applications/mycompany.app/Contents/MacOS/Mycompany Module" ); RunAtLoad = 1; Version = "200.200.200.200"; } What am I missing here?

The following call to getaddrinfo makes ‘PacketTunnelProvider’ system extension SIGSEGV: if (hostname != NULL) { int ret = getaddrinfo(hostname, port, &hints, results); if (ret != 0) { printf(“Failed to resolve host : %s by getaddrinfo, err : %d", hostname, ret); return false; } } Most of the time getaddrinfo() is working fine. Can someone please help in understanding what could be causing this crash. Can this caused due to stack corruption due to C++/C code switched to objective C? Below is the crash details: ------------------------------------- Translated Report (Full Report Below) ------------------------------------- Process: com.mycompany.client.product-Client.ui.pkttunnel [29951] Path: /Library/SystemExtensions/*/com.mycompany.client.product-Client.ui.pkttunnel Identifier: com.mycompany.client.product-Client.ui.pkttunnel Version: 1.0 (1) Code Type: X86-64 (Native) Parent Process: launchd [1] User ID: 0 Date/Time: 2023-08-18 20:04:43.6346 +0530 OS Version: macOS 13.5 (22G74) Report Version: 12 Bridge OS Version: 7.6 (20P6072) Anonymous UUID: F235BB2F-C030-0A58-E5C1-C3FE9796F29C Sleep/Wake UUID: C73181BF-B3A9-4DED-9556-897ED8C2E0A1 Time Awake Since Boot: 65000 seconds Time Since Wake: 37781 seconds System Integrity Protection: enabled Crashed Thread: 2 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000001e13dfa50 Exception Codes: 0x0000000000000001, 0x00000001e13dfa50 Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [29951] VM Region Info: 0x1e13dfa50 is not in any region. Bytes after previous region: 3477011025 Bytes before following region: 105545042363824 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL shared memory 111fef000-111ff0000 [ 4K] rw-/rw- SM=SHM ---> GAP OF 0x5ffeee010000 BYTES MALLOC_NANO 600000000000-600008000000 [128.0M] rw-/rwx SM=PRV Thread 0: 0 libsystem_kernel.dylib 0x7ff80ee222b2 __sigsuspend_nocancel + 10 1 libdispatch.dylib 0x7ff80eccbd2f _dispatch_sigsuspend + 36 2 libdispatch.dylib 0x7ff80eccbd0b _dispatch_sig_thread + 49 Thread 1: ******************** ******************** ******************** ******************** Thread 2 Crashed: 0 libobjc.A.dylib 0x7ff80eac64a9 objc_msgSend + 41 1 libobjc.A.dylib 0x7ff80eae6582 objc_object::sidetable_release(bool, bool) + 270 2 Network 0x7ff81553fa04 -[NWConcrete_nw_endpoint .cxx_destruct] + 52 3 libobjc.A.dylib 0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83 4 libobjc.A.dylib 0x7ff80eac8e31 objc_destructInstance + 99 5 libobjc.A.dylib 0x7ff80eac8dbf _objc_rootDealloc + 62 6 Network 0x7ff81553e05a -[NWConcrete_nw_endpoint dealloc] + 778 7 Network 0x7ff815c30f1a -[NWOSAddressEndpoint dealloc] + 74 8 Network 0x7ff815a175bf nw_array_dispose + 383 9 Network 0x7ff815718ab1 -[OS_nw_array dealloc] + 17 10 Network 0x7ff815bd2b3d -[NWConcrete_nw_path .cxx_destruct] + 93 11 libobjc.A.dylib 0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83 12 libobjc.A.dylib 0x7ff80eac8e31 objc_destructInstance + 99 13 libobjc.A.dylib 0x7ff80eac8dbf _objc_rootDealloc + 62 14 Network 0x7ff815bd29af -[NWConcrete_nw_path dealloc] + 127 15 Network 0x7ff815bd045a -[NWConcrete_nw_path_evaluator .cxx_destruct] + 58 16 libobjc.A.dylib 0x7ff80eacfa5b object_cxxDestructFromClass(objc_object*, objc_class*) + 83 17 libobjc.A.dylib 0x7ff80eac8e31 objc_destructInstance + 99 18 libobjc.A.dylib 0x7ff80eac8dbf _objc_rootDealloc + 62 19 Network 0x7ff815bd0377 -[NWConcrete_nw_path_evaluator dealloc] + 967 20 Network 0x7ff815a606ca nw_nat64_get_interface_state_internal + 2634 21 Network 0x7ff815a5f905 nw_nat64_copy_prefixes_internal + 101 22 Network 0x7ff815a5f482 nw_nat64_copy_prefixes + 210 23 Network 0x7ff815a62537 nw_nat64_synthesize + 215 24 libsystem_info.dylib 0x7ff80ee9447e _gai_nat64_synthesis + 309 25 libsystem_info.dylib 0x7ff80ee940c2 si_addrinfo + 886 26 libsystem_info.dylib 0x7ff80ee93caf getaddrinfo + 176 27 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3c2bb4 ******::resolvehostname(char const*, char const*, addrinfo, addrinfo**) + 32 28 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3c4e57 ******::udp_connect() + 323 29 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3c48c7 ******::ssl_create() + 129 30 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3c9014 ******::ssl_initiate_connect(fd_set&, fd_set&, int&) + 288 31 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3c3b3c ******::ssl_connect_thread(int) + 228 32 com.mycompany.client.product-Client.ui.pkttunnel 0x10f3cc691 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(int), int>>(void*) + 39 33 libsystem_pthread.dylib 0x7ff80ee5b1d3 _pthread_start + 125 34 libsystem_pthread.dylib 0x7ff80ee56bd3 thread_start + 15