HI, I am new to network extensions and content filters. In my MacBook Pro, I have one "c\+\+ application in user space, one kernel module and IOKit interface between them to exchange messages. I have some hook functions for network operations APIs like socket(), connect(). If any network operation performs, I catch them in hook functions and I will perform policy evaluations on them in kernel and will perform my own actions. Now I want to remove hook functions in kernel and I want to catch network operations using content filters in my c++ application at userspace. Once I catch network operations using content filter, I want to evaluate my own polices on them and will perform my own actions based on the result. I have done some R&D about this but not found samples on content filters in objective-c or c++ except simplefirewall example in swift language. Anyone pls provide some samples in objective c or c\+\+ to register network extensions, to catch all non-browser network operations, to extract local & remote address (port & ip) details. So that I can refer the samples to get network operation details at user space in my c++ application, I will send those details to kernel using IOKit to evaluate my own rules and perform my own actions. Thanks.

HI, I am trying to understand simplefirewall example in content filters but it looks difficult for me because I am new to swift language. What are required steps to view the operations on an IP & port using content filter and How to evaluate my own rules and my own actions on filtered rule data Any one please provide the steps.

Hi, I modified content filter SimpleFirewall example as below to run build/Release//com.digitalguardian.dgsysext.systemextension/Contents/MacOS/com.digitalguardian.dgsysext on my terminal without using UI and tried to filter the data. But It is not working as expected & none of function have not invoked from FilterDataProvider I have removed SimpleFirewall target & kept SimpleFirewall Extension target only. I have removed 'IPCConnection.shared.startListener()' in main.swift Even I have tried by adding enableFilterConfiguration() functionality which is available in ViewController.swift to the main.swift. But no use. Any one pls help me on this.

Hi, I have one c\+\+ library in Macbook Pro. I am trying to call one of the API of c\+\+ lib in my swift file using Bridge-Header. I have included header & library path and included my c++ library. I have fixed all compilation errors and but facing with below linking errors. How to link C\+\+ library to swift program language? Please help me. Undefined symbols for architecture x86_64:  "std::terminate()", referenced from:    ___clang_call_terminate in libNetopsFilterLib.dylib(NetopsControl.o)  "operator delete(void*)", referenced from:    _NetopsFilterCommsInit in libNetopsFilterLib.dylib(NetopsFilterInterface.o)    _NetopsFilterCommsExit in libNetopsFilterLib.dylib(NetopsFilterInterface.o)    NetopsControl::NetopsControl() in libNetopsFilterLib.dylib(NetopsControl.o)  "operator new(unsigned long)", referenced from:    _NetopsFilterCommsInit in libNetopsFilterLib.dylib(NetopsFilterInterface.o)    NetopsControl::NetopsControl() in libNetopsFilterLib.dylib(NetopsControl.o)  "___cxa_begin_catch", referenced from:    ___clang_call_terminate in libNetopsFilterLib.dylib(NetopsControl.o)  "___gxx_personality_v0", referenced from:    _NetopsFilterCommsInit in libNetopsFilterLib.dylib(NetopsFilterInterface.o)    Dwarf Exception Unwind Info (__eh_frame) in libNetopsFilterLib.dylib(NetopsFilterInterface.o)    NetopsControl::NetopsControl() in libNetopsFilterLib.dylib(NetopsControl.o)    NetopsControl::~NetopsControl() in libNetopsFilterLib.dylib(NetopsControl.o)    Dwarf Exception Unwind Info (__eh_frame) in libNetopsFilterLib.dylib(NetopsControl.o) ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation)

I have a SimpleFirewall app in swift language and I have C\+\+ library in my MacBook Pro. I have couple of APIs as part of C++ libraries. One of API is message logging API also. I have called APIs in library from my SimpleFirewall app and have linked C++ library to my SimpleFirewall app with help bridge header wrapper file. All are compiled well. After running my simplefirewall app, None of C++ library API (even file logging API also) haven't executed their functionality even though APIs are invoked from my simplefirewall swift program. What may be the possible reason? Please help me.

Hi, I am trying to send pid_t type value from swift language application to kernel space through IOKit by using C++ library. While I am printing 'pid_t' value in swift application it is showing proper value but it is not showing same value in C++ library function. I have declared variable with type pid_t in both swift application and c++ library. I tried same for other type variable like Int32 in swift and int in C\+\+ library. Here values are showing properly. Is there any difference between swift and C++ for pid_t type?

Hi, I have took Content Filter Simple Firewall example from Apple site and modified as per my requirement and I able to compile & run with my developer id account. Here I had signing settings as below at Build Settings: Code Signing Identity -> Apple Developer Development Team -> <My Team ID> Provisional Profile -> Automatic Now I want to change the signing procedure with help of new provisional certificate without developer account. For this, We have created & downloaded provisional certificate and I have modified as below at Build Settings: Code Signing Identity -> Placed Empty value Development Team -> Placed Empty value Provisional Profile -> Automatic And we are running a script as below for code signing from Build Phases section. cp "$PROJECT_DIR/install/MacDistribution_NetworkExtension.provisionprofile" "$TARGET_BUILD_DIR/$WRAPPER_NAME/Contents/embedded.provisionprofile" touch "$TARGET_BUILD_DIR/$WRAPPER_NAME" codesign -vfs "Developer ID Application: Test, Inc. (ABCDEFGH)" --entitlements "$PROJECT_DIR/install/dgnetopsfilter.plist" --timestamp "$TARGET_BUILD_DIR/$WRAPPER_NAME" My application å extension is compiled But my app is not asking for permissions for registration and my network extension is not running. How to compile and run Content Filter Simple Firewall with provisional certificate? Please help me. I have a doubt, Is Code Signing with Apple Development mandatory to run Content Filters?

HI, Simple Firewall Content Filter example is not prompting for 'Security Preferences' for permissions if I changed the code signing through script. If I have tried with Apple developer or If I have tried by attaching provisional profile in x-code for code signing, this is working fine. But It is not working if I have tried to provide code sign through a script at Build Phases in xcode. To make code sign from script, I have changed 'Code Sign Style' to Automatic from manual. I have verified code sign details using codesign -vvvv -d -r- <process name> command on both working & non-working SimpleFirewall processes. I have noticed difference in 'designated' tag and remaining tags are same for both. The difference is lack of one leaf node in non-working one as below. For Non-working one: designated => identifier "com.test.sample" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = ABCD1234XYZ For working one: $ designated => anchor apple generic and identifier "com.test.sample" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = ABCD1234XYZ) Code sign command in script: cp "<path>/MacDistribution_NetworkExtension.provisionprofile" "$TARGET_BUILD_DIR/$WRAPPER_NAME/Contents/embedded.provisionprofile" touch "$TARGET_BUILD_DIR/$WRAPPER_NAME" codesign -vfs "Developer ID Application: Sample Test, Inc. (ABCD1234XYZ)" --entitlements "<path>/SimpleFirewallExtension.entitlements" --timestamp "$TARGET_BUILD_DIR/$WRAPPER_NAME" Please help me to fix the issue.

HI, I have Simple Firewall Content filter example which available in online. This is working fine in both SIP enabled & disabled case If I have tried with Apple Developer. Also It is working if SIP is disabled & we do code sign by attaching provisional profile. But Also It is not working if SIP is enabled and code sign by attaching provisional profile. Is this problem with certificate or entitlement? What may be the problem? Please help. I am getting below errors default 15:42:19.757925+0530 sysextd request contains no authorizationref default 15:42:19.758070+0530 sysextd shouldMoveAppToTrash: file:///Applications/SimpleFirewall.app/ (requestor: /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder) default 15:42:19.758588+0530 sysextd Realizing target path: file:///Applications/SimpleFirewall.app/Contents/Library/SystemExtensions/com.sample.simplefirewall.systemextension/ default 15:42:19.758832+0530 sysextd Bundle class: UncachedBundle default 15:42:19.769768+0530 sysextd shouldMoveAppToTrash: no extensions found, allowing delete default 15:42:56.485811+0530 sysextd attempting to realize extension with identifier com.sample.simplefirewall default 15:42:56.497551+0530 sysextd Realizing target path: file:///Applications/SimpleFirewall.app/Contents/Library/SystemExtensions/com.sample.simplefirewall.systemextension/ default 15:42:56.497812+0530 sysextd Bundle class: UncachedBundle default 15:42:56.517482+0530 sysextd staging extension with identifier com.sample.simplefirewall default 15:42:56.540700+0530 sysextd Making activation decision for extension with teamID teamID("BGLHCMSU7"), identifier com.sample.simplefirewall default 15:42:56.540740+0530 sysextd No extension policy -- activation decision is UserOption default 15:42:56.540766+0530 sysextd validating extension with identifier com.sample.simplefirewall default 15:42:56.554285+0530 sysextd MacOS error: 3 default 15:42:56.557821+0530 sysextd Error checking with notarization daemon: 3 error 15:42:56.559103+0530 sysextd bundle code signature is not valid - does not satisfy requirement: -67050 code failed to satisfy specified code requirement(s) default 15:42:56.559453+0530 sysextd extension failed to validate! uninstalling... default 15:42:56.559500+0530 sysextd uninstalling invalid extension com.sample.simplefirewall default 15:42:56.565893+0530 sysextd finished uninstalling extension com.sample.simplefirewall Following is my 'SimpleFDirewall' app entitlement <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>com.apple.application-identifier</key>     <string>BGLHCMSU7.com.sample.simplefirewall</string>     <key>com.apple.developer.team-identifier</key>     <string>BGLHCMSU7</string>     <key>com.apple.developer.system-extension.install</key>     <true/>     <key>com.apple.security.app-sandbox</key>     <true/>     <key>com.apple.security.application-groups</key>     <array>         <string>BGLHCMSU7.com.sample.simplefirewall</string>     </array>     <key>com.apple.developer.networking.networkextension</key>     <array>         <string>content-filter-provider-systemextension</string>     </array> </dict> </plist> Following is my 'SimpleFirewallExtension' entitlement: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>com.apple.application-identifier</key>     <string>BGLHCMSU7.com.sample.simplefirewall</string>     <key>com.apple.developer.team-identifier</key>     <string>BGLHCMSU7</string>     <key>com.apple.security.app-sandbox</key>     <true/>     <key>com.apple.security.application-groups</key>     <array>         <string>BGLHCMSU7.com.sample.simplefirewall</string>     </array>     <key>com.apple.developer.networking.networkextension</key>     <array>         <string>content-filter-provider-systemextension</string>     </array> </dict> </plist>

Hi, I have an app and network extension. As part of app, I have couple of APIs to activate/deactivate/enable/disable the network extension and exits from the app. I can do these operations by providing the argument to the app and I able to perform all operations from the terminal. I have another C++ application, as part of this application i am handling activate/deactivate/enable/disable operations by invoking app with help of system() API. Here I able to activate/enable/disable the network extension but failed to deactivate the network extension and I am getting below error. Failed to authorize right 'com.apple.system-extensions.admin' by client '/Applications/NetopsFilter.app' [1298] for authorization created by '/Applications/NetopsFilter.app' [1298] (3,0) (-60007) (engine 106) error. Pls help to fix my issue.

Hi, I am new to objective-c. I tried to run an app as part of my launchd application using openApplicationAtURL() API but I failed. I did R &amp;D also but I haven't found any example I have an app NetopsFilter.app and If I run this app with '--uninstallFilter' argument then it will deactivate the network extension. I tried from terminal and it is successfully deactivating the extension after entering the credentials in the popup. App path: /Applications/NetopsFilter.app argument: --uninstallFilter I tried as below but failed. Please help me to fix this. How can I pass arguments, necessary configuration settings to the API.   NSWorkspace *workspace = [NSWorkspace sharedWorkspace];   NSURL *url = [NSURL fileURLWithPath:[workspace fullPathForApplication:@"/Applications/NetopsFilter.app/Contents/MacOS/NetopsFilter"]];  NSArray *arguments = [NSArray arrayWithObjects:@"--uninstallFilter", nil];    [workspace openApplicationAtURL:url configuration:(NSWorkspaceOpenConfiguration *)arguments nil]; Thanks

HI, I have a Content Filter Network extension program to filter the network data. I am using API in C&#92;&#43;&#92;&#43; library with bridge header for internal purpose. As part of the of C++ library API, I am trying to create new file But It is failed to open with "Operation not permitted" error. How to fix this. Please help me.

I have an API with variable arguments in C++ library. I am trying to call this API from swift language. But I am facing with compilation errors as below. If I tried by removing variable arguments from the API then it is compiling. Please help to fix the error with variable arguments. API is void netops_log(enum log_level loglevel, const char *format, ...); Compilation errors: FilterDataProvider.swift:73:9: error: 'netops_log' is unavailable: Variadic function is unavailable     netops_log(LOGLEVEL_DEBUG, "Starting the filter... from NE")     ^~~~~~~~~~~~ __ObjC.netops_log:2:13: note: 'netops_log' has been explicitly marked unavailable here public func netops_log(_ loglevel: log_level, _ format: UnsafePointer<Int8>!, _ varargs: Any...)       ^

I went through online but I haven't found way to convert variable type function handling. Can any one help to convert below C++ API to swift language: void netops_log(log_level level, const char *format, ...); void netops_log(log_level level, const char *format, ...) {   char msg[4096] = "";   va_list args;   va_start(args, format);   vsnprintf(msg, 4095, format, args);   LogMsg(level, msg);   va_end(args); } Here, LogMsg(log_level level, const void *msg) is C++ api in a library. Thanks.

Hi, I have Content Filter simple firewall app. I am dropping SSH connection as part my app as per my policy evaluation result and I am expecting my custom error type EACCES(permission denied) whenever user tries SSH But drop() is returning with EBADF (Bad file descriptor). Is it possible to return my custom error type as part of drop()? Below is sample code I have. override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { &#9;&#9; DispatchQueue.global(qos: .default).async { &#9;&#9;&#9;&#9; // errortype is EACCES for drop case and errorType is 0 for allow case  &#9;&#9;&#9;&#9;userVerdict = errortype == 0 ? .allow() : .drop()  &#9;&#9;&#9;&#9;self.resumeFlow(flow, with: userVerdict) &#9;&#9; } &#9;&#9; return .pause() }