Post not yet marked as solved
I have a similar question - can anyone tell the difference between dispatch_main and CFRunLoopRun on a daemon's main function? What reasons are there to pick one over the other?
Post not yet marked as solved
Hi,
This also happens with an App that is compiled with Xcode 14, and still happens on latest beta (7). Did anyone experience such crashes?
Also opened a ticket: FB11447626
Post not yet marked as solved
I do not think this is a MDM issue. My understanding is that NEFilterPacketProvider and NEFilterDataProvider are guaranteed > to support TCP and UDP traffic. ICMP traffic happened to work, but was never documented. My advice here would be to open > up a bug report, since you seen a change in behavior, so that this matter can be further weighed in on by our internal teams. > Please post a the Feedback ID here also if you go this route. Optionally, you can also open a TSI with a sample project and I can do some further digging on this as well.
@meaton this is strange, as for packet filter there is no documentation whatsoever that it supports only TCP/UDP: https://developer.apple.com/documentation/networkextension/nefilterpacketprovider?language=objc
Moreover, on several lab sessions on WWDC we were answered that Packet Filter is the right solution for filtering non-TCP/UDP flows.
In any case, we have opened a support ticket: FB9847349
Post not yet marked as solved
Hi,
We are seeing this issue on our end as well.
I guess the status here: https://developer.apple.com/system-status/ is wrong?
Post not yet marked as solved
Hi Matt, have you seen anything like that before? Maybe do you know of some workaround?
This started on 11.3.
We have opened 3 relevant Bugs for it:
FB9127408
FB9127413
Post not yet marked as solved
Update - apparently this happens only on 3rd party LAN adapters only, and not ones created by Apple.
When network interface is changed between LAN adapter to Wi-Fi, or the other way around.
Post not yet marked as solved
Providers are meant to provide network data collection (statistics for existing connections), in addition to some firewall capabilities - network isolation for an endpoint, connection dropping etc.
Both providers are needed since DataProvider does not supply protocols other than TCP/UDP. This means if we want to achieve complete network isolation for an endpoint, or firewall capabilities for ICMP for example, we must use PacketFilter as well.
Usually there isn't any network effect to our usage - Just in the cases I have mentioned above. In both cases PacketFilter is actually configured as pass-through, without any action performed.
Post not yet marked as solved
Hi Matt,
Is there an update on this issue?
We have filed a bug report FB8922584
Post not yet marked as solved
Hi Matt,
I have seen this is a common issue, experienced by many (by the number of threads on this forum). Opened FB9076102.
Post not yet marked as solved
Hi,
Following on that, does anyone know if there is a workaround for that?
If not, I'll file a relevant bug report, as Quinn suggested.
Post not yet marked as solved
Hi Eskimo,
It's been a year now since this question was asked, and caching mechanism is still undocumented.
Is there a plan to add documentation to it anytime soon?
Post not yet marked as solved
Since I did not receive any response, Created also bug report: FB8966904
Post not yet marked as solved
Hi,
We are seeing the same issue. It seems like ARC is not closing previous mach service before the upgrade.
Post not yet marked as solved
Hi,
Those crashes still occur, repeatedly. It does not matter if we reduce functionality for FilterDataProvider, or even not collect statistics for UserEventAgent (in this case we receive crashes on remoted daemon, which causes network to halt, and in a few minutes the machine to crash).
With the attached spindump from the moment of the crash, it seems very likely this is an OS issue (kernel deadlock). Is this a known issue? Is there a workaround we can manage?
We have several hundreds of machines with Network Extension installed, that repeatedly crash.
Attached is a spindump from the moment of the crash:
spindump - https://developer.apple.com/forums/content/attachment/bb57fa48-5619-4b73-bc96-b7300c6984f1
Panic log:
panic.log - https://developer.apple.com/forums/content/attachment/067ff188-1512-449a-9a0c-ce0949704080
Just before remoted crashed I can see in system.log:
Nov 26 15:19:21 TLVMAC62Y1JGH6 Console[37400]: BUG in libdispatch client: vnode, monitored resource vanished before the source cancel handler was invoked { 0x600000fc2c00[source], ident: 6 / 0x6, handler: 0x7fff6f54dc0c }
Also opened ticket: FB8906238, But solution I was given (to upgrade to 11.1 beta version) is of course not a possible solution for customers.
Thanks! That will solve our issues with that. Is there a way to extract source app for a packet with packet filter? I see there is a context, but I'm not sure what and how we can extract from it.
