Capture Network Events using System Extension

App & System Services Drivers
Nallu OP
Created Jun ’20
Replies 3
Boosts 0
Views 468
Participants 2
Hello,

My app captures network events such as TCP/UDP/ICMP/HTTP/DNS. As kext is being deprecated, I am looking for ways to implement the same functionality via system extensions. Should I write a NEFilterDataProvider and inspect each flow to determine its nature? What is the recommended approach?




Replies  3
Boosts  0
Views  468
Participants  2
Engineer OP
Apple
Jun ’20
NEFilterDataProvider is the right solution.
0
Nallu OP
Jun ’20
Thank you. In that case, I should use the NEFilterSocketFlow properties to identify each flow.

Is there a deadline before which the NEFilterNewFlowVerdict should be returned for the handleNewflow?
0
Engineer OP
Apple
Jun ’20
Correct, NEFilterSocketFlow is the one to use. The verdict must be return at the end of handleNewFlow. But there is also a verdict to pause and an API to resume out of band in case your provider wants to explicitly pause a flow.

0
Capture Network Events using System Extension
First post date Last post date
 
 
Q