+1. Need answers to these questions and I would like to add two more questions.4. Can we pause and resume with the verdict for these callbacks? While trying this, extension got crashed stating the following reason.Application Specific Information:*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Cannot resume a flow that is not paused'terminating with uncaught exception of type NSExceptionabort() called5. What is the safest way to call resume function to avoid such crashes? Is there an API available to check the state of the flow?

Thanks Eskimo, As of now my kext is NKE. I think i can handle. If possible please let me know the steps for I/O Kit as well.

No error messages? Crashes? If not include packetHandler closure and try. Looks like a weird behaviour.In fact I don't see any advantage of having 2 extensions, You can have 1 extension with 2 providers.(which is working for me)

load the 2 system extensions? Suppose to be one. Otherwise code looks ok to me."FilterPacketProvider init" got this log atlest?1. Put breakpoint and check whether providerConfiguration.filterPackets hit.2. Look for errors category in the output of log stream.3. At last try this as well, systemextensionctl reset and restart.Hope this helps you.

I have done this in swift, where I can combine both providers (packet and data) under single extension. But in objective-c I couldn't.If you are over installing your extension there could be a chance that latest changes would have not picked up. If so increment bundle version of the extension and try.

Porvider's initializer and startFilter method also called. Issue is only with the PacketHandler closure (in Objective-C only)

I am also facing same issue. packetHandler is never called. Socket filter is working as expected. Issue is only with packet filter. And any idea how to inspect "packetBytes" payload? Like to which struct we can type cast it?

Thanks eskimo,Had configuration issues now it is working.

In Plist NEProviderClasses:com.apple.networkextension.filter-packet -> $(PRODUCT_MODULE_NAME).FilterPacketProviderclass FilterPacketProvider: NEFilterPacketProvider { override init() { super.init() os_log("filter packet provider init") } override func startFilter(completionHandler: @escaping (Error?) -> Void) { filterConfiguration.filterPackets = true filterConfiguration.filterPacketProviderBundleIdentifier = "com.example.apple-samplecode.SimpleFirewall2V8AEFFU8N.SimpleFirewallExtension" os_log("FilterPacketProvider::startFilter") packetHandler = { (context, interface, direction, packetBytes, packetLength) in os_log("FilterPacketProvider::allow") return .allow } completionHandler(nil) } override func stopFilter(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { // Add code here to tear down the filter completionHandler() } }I don't see any of the log messages. Am i still missing some parts?

Hi Eskimo, Thanks for the code, really useful. (a) W.r.t firewall I want to filter ICMP, IGMP protocol as well. With NEFilterDataProvider I can able to control only TCP and UDP protocols alone. So I am checking whether I can do that with NEFilterPacketProvider. If possible please let me know how to filter those NON TCP and UDP based protocols. (b) How to extract data/info from packetBytes (UnsafeRawPointer) and NEFilterPacketContext provided by packetHandler closureThanks.

Hi, Could you please post the working code of callback function, packetHandler closure and list of methods that we need to override. I am stuck with this.Thanks.