@Matt is there any way we can make specific process as trusted process with "NENetworkRule" for Network extension with its name or PID rather than network traffic characteristics which varies ?. so that network extension / content filters always allows the traffic.
I don't find this here https://developer.apple.com/documentation/networkextension/nenetworkrule
skandukuru
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
@Matt ,
We can check PID in handleNewFlow and allow the traffic as it is trusted process , but we would like to avoid that and stop filtering the traffic of a trusted process before handleNewflow with NEFilterRule as below . is it possible ?. and other thing is NE content filter is not able to handle the plenty traffic . I see it is limitation or bug in NE content filter . Let me know any README on how many network operations network extension content filter can handle ??.
class FilterDataProvider: NEFilterDataProvider {
override func startFilter(completionHandler: @escaping (Error?) -> Void) {
DGNetopsFilterCommsInit()
//For all traffic
let filterRules = ["0.0.0.0", "::"].map { address -> NEFilterRule in
let bothNetworkRule = NENetworkRule(remoteNetwork: nil,
remotePrefix: 0,
localNetwork: nil,
localPrefix: 0,
protocol: .any,
direction: .any )
return NEFilterRule(networkRule: bothNetworkRule, action: .filterData)
}
// Allow all flows that do not match the filter rules by default action as allow.
let filterSettings = NEFilterSettings(rules: filterRules, defaultAction: .allow)
apply(filterSettings) { error in
if let applyError = error {
os_log("Failed to apply filter settings: %@", applyError.localizedDescription)
}
completionHandler(error)
}
}
@Matt ,
We have opened a bug report here https://feedbackassistant.apple.com/feedback/8881629 . it has been more than a week . we don't see any action there ?. is it the right place ? whom should we contact ?. Thanks
@Matt , it has been more than 3 weeks with bug in open state https://feedbackassistant.apple.com/feedback/8900239 . How to make this acknowledged by Apple Engineering team . it is not necessarily fix , at-least the decision by engineering team
same here . is it possible to deactivate network extension without the user is prompted for credentials in order to approve?
Hello apple dev, did you get a chance to look at the above Q?