Thought that too, but I do not see any new flow when calling ping.
Same as with raw sockets.
EDIT: saw you wrote NEFilterPacketProvider. It is not possible using DataProvider?
Also, in what way can I get packet type in PacketProvider?
Sorry, I forgot to mention that part - macOS
Post not yet marked as solved
Hi Matt,
This crash doesn't sound Extension related, and yet it happens only when extension is installed.
Also - I am struggling with attaching instruments to Network Extension, As I keep getting:
Unable to acquire required task port
I am compiling the extension in debug mode with get-task-allow entitlement, and disabled hardened-runtime. It is signed with development provisioning profile. is there anything else I am missing?
Post not yet marked as solved
So what might cause the crash, if network extension is not even in the stack trace?
Also, we have been seeing a lot of issues when trying to attach to signed processes with Instruments (even when signed for debug), is there a way around it?
Won't that just allow me to get audit_token for my own process? as I'm not able to call task_info for any other process (as I can't get it's task port)
Hi,You might need to approve Full Disk Access to your extension.This is done in System Preferences -> Security & Privacy -> Privacy -> Full Disk AccessMaybe @eskimo can explain why it is required/not included as part of the entitlements.
Hi @eskimo,It's been more than a month, with no answer on this or the bug I have opened.After moving from EndpointSecurity daemon to a SystemExtension, thing have gotten even worse, with compilation time of a test project raising from 8-9 minutes to 15-16 minutes (with minimum to none actions taken in between receiving the ES_EVENT_TYPE_AUTH_EXEC message and authorizing it).Am I missing something? We cannot use the caching mechanism, untill we know what actually is being cached - if executable is changed, is cache invalidated? For Anti-virus/security products, this is kind of crucial.
Post not yet marked as solved
That's just not correct..I can start mentioning:- com.apple.developer.endpoint-security.client- com.apple.developer.system-extension.install- com.apple.security.application-groups- com.apple.security.cs.allow-jitetc.
Post not yet marked as solved
Were there any changes in the Mach Service in the latest beta? I can't seem to use the Mach Service in the same manner as before.
Post not yet marked as solved
Issue is - even after granting approval manually, permission is still denied.Is there a requirement for an executable to be bundeled in an app in order to be approved for Full Disk Access?
