Hi,
I am developing a Firewall using NEFilterDataProvider. I am trying to see what happens when a connection fails, such as when SSHing to a non-existent IP address. The following happens:
handleNewFlow is called and I can get the following information:
Since the Local IP and LocalPort is not defined at this point, I return the "peek" verdict and wait for the information to be there in the handleXDataFromFlow callback:
But, since the connection fails, handleXDataCompleteForFlow gets called instead:
Now, the problem comes when I return a verdict in the handleXDataCompleteForFlow. Regardless of it being allowVerdict or dropVerdict, I get the following error in the console, originating from my System Extension:
Should failed connections be handled somehow differently? Is there a more reliable way to detect those cases rather than checking if the localIP/localPort is 0 in the handleXDataCompleteForFlow callback?
Thanks
I am developing a Firewall using NEFilterDataProvider. I am trying to see what happens when a connection fails, such as when SSHing to a non-existent IP address. The following happens:
handleNewFlow is called and I can get the following information:
Code Block language handleNewFlow uuid: D89B5B5D-793C-4940-CA63-5B1444830300 direction: 2, pid: 23910, programPath: /usr/bin/ssh, protocol: 6, localip: 0.0.0.0, localport: 0, remoteip: 192.168.1.80, remoteport: 22
Since the Local IP and LocalPort is not defined at this point, I return the "peek" verdict and wait for the information to be there in the handleXDataFromFlow callback:
Code Block language return [NEFilterNewFlowVerdict filterDataVerdictWithFilterInbound:YES peekInboundBytes:1 filterOutbound:YES peekOutboundBytes:1];
But, since the connection fails, handleXDataCompleteForFlow gets called instead:
Code Block language handleInboundDataCompleteForFlow uuid: D89B5B5D-793C-4940-CA63-5B1444830300 direction: 2, pid: 23910, programPath: /usr/bin/ssh, protocol: 6, localip: 0.0.0.0, localport: 0, remoteip: 192.168.1.80, remoteport: 22
Now, the problem comes when I return a verdict in the handleXDataCompleteForFlow. Regardless of it being allowVerdict or dropVerdict, I get the following error in the console, originating from my System Extension:
Code Block language Write operation on the socket failed (Invalid argument)
Should failed connections be handled somehow differently? Is there a more reliable way to detect those cases rather than checking if the localIP/localPort is 0 in the handleXDataCompleteForFlow callback?
Thanks