I have a similar question - can anyone tell the difference between dispatch_main and CFRunLoopRun on a daemon's main function? What reasons are there to pick one over the other?

Hi, This also happens with an App that is compiled with Xcode 14, and still happens on latest beta (7). Did anyone experience such crashes? Also opened a ticket: FB11447626

Rebooting the machine solves the issue, but of course this is not a solution one can give to users.

I do not think this is a MDM issue. My understanding is that NEFilterPacketProvider and NEFilterDataProvider are guaranteed > to support TCP and UDP traffic. ICMP traffic happened to work, but was never documented. My advice here would be to open > up a bug report, since you seen a change in behavior, so that this matter can be further weighed in on by our internal teams. > Please post a the Feedback ID here also if you go this route. Optionally, you can also open a TSI with a sample project and I can do some further digging on this as well. @meaton this is strange, as for packet filter there is no documentation whatsoever that it supports only TCP/UDP: https://developer.apple.com/documentation/networkextension/nefilterpacketprovider?language=objc Moreover, on several lab sessions on WWDC we were answered that Packet Filter is the right solution for filtering non-TCP/UDP flows. In any case, we have opened a support ticket: FB9847349

Hi, We are seeing this issue on our end as well. I guess the status here: https://developer.apple.com/system-status/ is wrong?

Hi Matt, have you seen anything like that before? Maybe do you know of some workaround? This started on 11.3. We have opened 3 relevant Bugs for it: FB9127408 FB9127413

Update - apparently this happens only on 3rd party LAN adapters only, and not ones created by Apple. When network interface is changed between LAN adapter to Wi-Fi, or the other way around.

Providers are meant to provide network data collection (statistics for existing connections), in addition to some firewall capabilities - network isolation for an endpoint, connection dropping etc. Both providers are needed since DataProvider does not supply protocols other than TCP/UDP. This means if we want to achieve complete network isolation for an endpoint, or firewall capabilities for ICMP for example, we must use PacketFilter as well. Usually there isn't any network effect to our usage - Just in the cases I have mentioned above. In both cases PacketFilter is actually configured as pass-through, without any action performed.

Hi Matt, Is there an update on this issue? We have filed a bug report FB8922584

Hi Matt, I have seen this is a common issue, experienced by many (by the number of threads on this forum). Opened FB9076102.

Hi, Following on that, does anyone know if there is a workaround for that? If not, I'll file a relevant bug report, as Quinn suggested.

Hi Eskimo, It's been a year now since this question was asked, and caching mechanism is still undocumented. Is there a plan to add documentation to it anytime soon?

Since I did not receive any response, Created also bug report: FB8966904

Hi, We are seeing the same issue. It seems like ARC is not closing previous mach service before the upgrade.

Hi, Those crashes still occur, repeatedly. It does not matter if we reduce functionality for FilterDataProvider, or even not collect statistics for UserEventAgent (in this case we receive crashes on remoted daemon, which causes network to halt, and in a few minutes the machine to crash). With the attached spindump from the moment of the crash, it seems very likely this is an OS issue (kernel deadlock). Is this a known issue? Is there a workaround we can manage? We have several hundreds of machines with Network Extension installed, that repeatedly crash. Attached is a spindump from the moment of the crash: spindump - https://developer.apple.com/forums/content/attachment/bb57fa48-5619-4b73-bc96-b7300c6984f1 Panic log: panic.log - https://developer.apple.com/forums/content/attachment/067ff188-1512-449a-9a0c-ce0949704080 Just before remoted crashed I can see in system.log: Nov 26 15:19:21 TLVMAC62Y1JGH6 Console[37400]: BUG in libdispatch client: vnode, monitored resource vanished before the source cancel handler was invoked { 0x600000fc2c00[source], ident: 6 / 0x6, handler: 0x7fff6f54dc0c } Also opened ticket: FB8906238, But solution I was given (to upgrade to 11.1 beta version) is of course not a possible solution for customers.