Hi, in almost all network filters there is the possibility to set a rule to allow or deny all network traffic coming from or going to a particular process, it can be done using the program path most of the time, or the boundle id in mac. Guess what... I need to implement such a filter. The problem comes when I try to use some of the new System Network Extension filtering classes. Mac provides the following options:
NEDataProvider. Using this filter I can get the process path, pid, boundle-id, what looks great, but... it only filters TCP/UDP protocols. What about all the remaining Layer 4 protocols??? It does not make any sense to me!!! And ups... wait a moment... this only works for new connections, you cannot filter existing connections!!!
NEPacketProvider. Using this filter I can filter all protocols above Layer 2 at any time, fantastic! Until... you realize that you cannot get the path, pid, boundle-id of the process generating/receiving the packet.
So, is there a way to implement such a filter?
Regards!