Post not yet marked as solved
+1. Need answers to these questions and I would like to add two more questions.4. Can we pause and resume with the verdict for these callbacks? While trying this, extension got crashed stating the following reason.Application Specific Information:*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Cannot resume a flow that is not paused'terminating with uncaught exception of type NSExceptionabort() called5. What is the safest way to call resume function to avoid such crashes? Is there an API available to check the state of the flow?
Thanks Eskimo, As of now my kext is NKE. I think i can handle. If possible please let me know the steps for I/O Kit as well.
Post not yet marked as solved
No error messages? Crashes? If not include packetHandler closure and try. Looks like a weird behaviour.In fact I don't see any advantage of having 2 extensions, You can have 1 extension with 2 providers.(which is working for me)
Post not yet marked as solved
load the 2 system extensions? Suppose to be one. Otherwise code looks ok to me."FilterPacketProvider init" got this log atlest?1. Put breakpoint and check whether providerConfiguration.filterPackets hit.2. Look for errors category in the output of log stream.3. At last try this as well, systemextensionctl reset and restart.Hope this helps you.
Post not yet marked as solved
I have done this in swift, where I can combine both providers (packet and data) under single extension. But in objective-c I couldn't.If you are over installing your extension there could be a chance that latest changes would have not picked up. If so increment bundle version of the extension and try.
Post not yet marked as solved
Porvider's initializer and startFilter method also called. Issue is only with the PacketHandler closure (in Objective-C only)
Post not yet marked as solved
I am also facing same issue. packetHandler is never called. Socket filter is working as expected. Issue is only with packet filter. And any idea how to inspect "packetBytes" payload? Like to which struct we can type cast it?
Thanks eskimo,Had configuration issues now it is working.
In Plist NEProviderClasses:com.apple.networkextension.filter-packet -> $(PRODUCT_MODULE_NAME).FilterPacketProviderclass FilterPacketProvider: NEFilterPacketProvider {
override init() {
super.init()
os_log("filter packet provider init")
}
override func startFilter(completionHandler: @escaping (Error?) -> Void) {
filterConfiguration.filterPackets = true
filterConfiguration.filterPacketProviderBundleIdentifier = "com.example.apple-samplecode.SimpleFirewall2V8AEFFU8N.SimpleFirewallExtension"
os_log("FilterPacketProvider::startFilter")
packetHandler = { (context, interface, direction, packetBytes, packetLength) in
os_log("FilterPacketProvider::allow")
return .allow
}
completionHandler(nil)
}
override func stopFilter(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
// Add code here to tear down the filter
completionHandler()
}
}I don't see any of the log messages. Am i still missing some parts?
Hi Eskimo, Thanks for the code, really useful. (a) W.r.t firewall I want to filter ICMP, IGMP protocol as well. With NEFilterDataProvider I can able to control only TCP and UDP protocols alone. So I am checking whether I can do that with NEFilterPacketProvider. If possible please let me know how to filter those NON TCP and UDP based protocols. (b) How to extract data/info from packetBytes (UnsafeRawPointer) and NEFilterPacketContext provided by packetHandler closureThanks.
Hi, Could you please post the working code of callback function, packetHandler closure and list of methods that we need to override. I am stuck with this.Thanks.
Post not yet marked as solved
I just want to build and run the sample “SimpleFirewall” project.I am enrolled to Apple developer enterprise program. when i used Apple/macOS Development certificate i am getting the following error.Your development team, “XXXXXXXXXXX”, does not support the Network Extensions capability.Then i skipped the signing part for both App and extension then build succeed. But while running the same i don’t get any prompt to authorize. Meanwhile in system.log i can see the following lines repeatedly.com.apple.xpc.launchd[1] (com.apple.sysextd[1289]): Service exited due to SIGILL | sent by exc handler[1289]com.apple.xpc.launchd[1] (com.apple.sysextd): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.Is code sign is mandatory? If not please throw some light how to run and test this locally.Since you are able to run the sample i believe you could help me to resolve this.PS:Xcode 11 beta 2System Integrity Protection status: disabled.Running the application as root.Thanks,Rishr
