Thanks for response and here issue in pid value change is due to 'var ip: String' in my swift code. I have declared ip as 'String' type in swift and 'unsigned char[16]' type in C. Now I removed structure from swift and defined the struct in a C-style header file, and imported it into Swift using the Bridging-Header. I able to assign the values to all member variables in structure in C-style header file except for 'unsigned char ip[16]' I tried to assign value to unsigned char ip[16] type in C-style header from swift as below let host: String = remoteEndpoint.hostname as String event_info.ip = Array(host.utf8) But I am facing with compilation error Cannot assign value of type 'Array<String.UTF8View.Element>' (aka 'Array<UInt8>') to type '(UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8)' Please help me to assign value to unsigned char[16] type from swift. Sample code and structure defnition already available in the thread.

Thanks for your response. Is there any way to define same & single structure in both swift and c?

Are you calling handleNEEvent from somewhere in Swift code? I am not calling handleNEEvent() directly. But I am passing 'neeventinfos' structure through IOKit in handleNewFlow() to my kernel space. How your neeventinfot in Swift is defined? If it was imported from C++ header, your Swift code would cause build-time error. I have defined two different structures with same variables in both swift code and kernel space.

Thanks for reply. I am showing pid value using string format in swift and "%d" formatter in c++. Following is the my swift application structure & function. struct ne_event_info_s {   var lport: Int32   var rport: Int32   var ip_size: Int32   var ip: String   var pid: pid_t   var direction : Int32 } extension NEFilterFlow {   var sourceAppAuditTokenQ: audit_token_t? {     guard       let tokenData = self.sourceAppAuditToken,       tokenData.count == MemoryLayout<audit_token_t>.size     else { return nil }     return tokenData.withUnsafeBytes { buf in       buf.baseAddress!.assumingMemoryBound(to: audit_token_t.self).pointee     }   }       var pid: pid_t {     return audit_token_to_pid(sourceAppAuditTokenQ!)   } } override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {       guard let socketFlow = flow as? NEFilterSocketFlow,          let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,          let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {            return .allow()        } &#9;&#9;&#9; var event_info = ne_event_info_t(                              lport: Int32(localEndpoint.port) ?? 0,                              rport: Int32(remoteEndpoint.port) ?? 0,                              ip_size: Int32(remoteEndpoint.hostname.count),                              ip: String(remoteEndpoint.hostname),                              pid: flow.pid,                              direction: dir == 2 ? 1 : 0)        os_log("event_info.lport = %@", String(event_info.lport))        os_log("event_info.rport = %@", String(event_info.rport))        os_log("event_info.ip_size = %@", String(event_info.ip_size))        os_log("event_info.pid = %@", String(event_info.pid))        os_log("Direction = %@", String(event_info.direction)) } Following is C++ structure & function. typedef struct ne_event_info_s {   int lport;   int rport;   int ip_size;   unsigned char ip[16];   pid_t pid;   int direction; } ne_event_info_t; void handleNEEvent(ne_event_info_t *info,) {   os_log("handleNEEvent: pid:%d, lport:%d,rport: %d\n", info->pid, info->lport,info->rport); }

If I call the C++ APIs and If I link to console swift program, then running successfully. But I am facing the issues with SimpleFirewallExtension if I do same. Please help me.

One more thing, Here I have called C&#92;&#43;&#92;&#43; APIs and I have linked/added library to SimpleFirewallExtension target in SimpleFirewall app. Following is output when I run nm command on SimpleFirewallExtension target binary. 0000000100004c01 T NetopsFilterCommsExit 0000000100004b9f T NetopsFilterCommsInit 0000000100004f2c T _ZN15NetopsControl19NetopsControlExitEv 0000000100004e16 T ZN15NetopsControl19NetopsControlInitEv 0000000100004ed6 T ZN15NetopsControlC1Ev 0000000100004dd2 T ZN15NetopsControlC2Ev 0000000100004f5a T ZN15NetopsControlD1Ev 0000000100004ee0 T ZN15NetopsControlD2Ev 0000000100004a0e T ZN27NetopsKernelModuleAdapter15SendNetOpsEventEPviP18netopsreturninfo 00000001000049ee T ZN27NetopsKernelModuleAdapterC1Ev 00000001000049da T ZN27NetopsKernelModuleAdapterC2Ev 0000000100004a08 T ZN27NetopsKernelModuleAdapterD1Ev 0000000100004a02 T ZN27NetopsKernelModuleAdapterD2Ev 0000000100007630 S m_NetopsCtr

This was fixed by including libc++.

Thanks for response. I have UI to allow/deny web traffic internally in my custom code. So I can not use existing UI. I have modified as per your suggestions and working as expected if I run SimpleFirewall from Applications. But not working as expected if I run from other places. If I run SimpleFirewall from applications I am getting message to allow system extension from Security Preferences and monitoring web data. If I run SimpleFirewall from other place I am getting message like (null) Would you like to Filter Network Content to allow but not monitoring web data. Am I need to any other changes as part of activation request submission. pls help me

I want to remove UI and prompts from SimpleFirewall example. If I run SimpleFirewall application from command prompt, it should automatically get bundle identifier and by using this should create system activation request and go head to create filter configuration automatically and register with the system. For this I have changed ViewController.swift. I have tried by removing changing 'NSViewController' extension to 'NSObject' , removed override functions, changed startFilter() from UI handler to normal function and I invoked startFilter() from main of SimpleFirewall target. As per my expectation, it should submitRequest() and should get activation prompt to allow. But I unable to get activation prompt and haven't went calling "request()" method to enable the configuration. Note: Here I am running from terminal

I have tried by adding following functionality in ViewController.swift file under Controller.swift file as below and I have called Controller.start() from main.swift. But I facing with error "Fatal error: Failed to get the contents of file://build/Release/com.test.sysext.systemextension//Contents/Library/SystemExtensions: The file “SystemExtensions” couldn’t be opened because there is no such file" Declared  extensionBundle: Bundle Included func startFilter(_ sender: Any) as func start()' Included func stopFilter(_ sender: Any) as func stop() Included loadFilterConfiguration() and enableFilterConfiguration() Included func request(_ request: OSSystemExtensionRequest, didFinishWithResult result: OSSystemExtensionRequest.Result) under extension Controller: OSSystemExtensionRequestDelegate Any help please

Thanks for great response. As per your inputs, following are my steps to make tcp/udp traffic filtering from my c++ application. Will write a wrapper class in Objective-c which covers functionality in main.swift & FilterDataProvider.swift (NEProvider.startSystemExtensionMode(), startFilter(), handlerNewFlow()) I will call above Objective-c API (startSystemExtensionMode) to start System Extension Mode from my C++ application After above step & if my understanding is correct, If I perform any tcp operation then I will get into handleNewFlow() I will perform my custom polices and return NEFilterNewFlowVerdict. I am asking this for my confirmation purpose about my understanding. Please wont hesitate. I have noticed loadFilterConfiguration() API about NEFilterProviderConfiguration & var extensionBundle: Bundle in ViewController.swift and . Are these not required?

Thanks for your response. Here my intention is, I will remove my hooking calls and I want to write a functionality using content filters in my C&#92;&#43;&#92;&#43; application with Objective-C or Objective-C&#92;&#43;&#92;&#43;. This functionality should has ability to catch all TCP/UDP operations, I will perform my policies on these events by porting/calling my APIs and I don't want app functionality like in SimpleFirewall. Is this possible? or Is this should be an app to support content filters? To do this, as part of my application I am trying to write below functionality in main.swift & FilterDataProvider.swift files of SimpleFirewall using Objective-C. first I will register systemextension mode using NEProvider.startSystemExtensionMode() second will override startFilter() in FilterDataProvider & will write filter rule to catch all TCP/UDP operations third I will override handleNewFlow() & will evaluate my own polices by reading NEFilterSocketFlow parameters like port & ip. Apart from above three steps, Am I need to perform any other steps to catch TCP/UDP operations using Content Filter rules? I have noticed few functionality in SimpleFirewall at IPCConnection.swift (like startListener(), listener(), register()) & ViewController.swift (loadFilterConfiguration, extensionBundle, enableFilterConfiguration() ) files. I think these are related to app. Am I correct? Please help me on this.

Thanks for reply. I have one doubt. I want to add network extension support from my C&#92;&#43;&#92;&#43; application. Is it possible to add the support from my C&#92;&#43;&#92;&#43; application?