FilterPacket - StartFilter not working with objective-c

Hi,

When trying to create a simple app with a NEFilterPacketProvider, it seems that the class is not created, and StartFilter does not run.

Here is my configuration code in the app that installs the extension:
Code Block objective-c
- (void) enableFilterConfiguration
{  
  void(^loadCompHandler)(NSError* error) = ^(NSError* error){
    if (error != nil)
    {
      NSLog(@"loadFromPreferences failed with error: %@", error);
      return;
    }
     
    if ([NEFilterManager sharedManager].providerConfiguration == nil)
    {
      NSLog(@"Setting up filterProviderConfig");
      NEFilterProviderConfiguration* filterProviderConfig = [[NEFilterProviderConfiguration alloc] init];
      filterProviderConfig.filterPackets = YES;
      filterProviderConfig.filterSockets = NO;
      [NEFilterManager sharedManager].providerConfiguration = filterProviderConfig;
    }
     
    NSLog(@"Saving to preferences");
     
    [[NEFilterManager sharedManager] setEnabled:YES];
     
    void(^saveCompHandler)(NSError* error) = ^(NSError* error){
      if (error != nil)
      {
        NSLog(@"saveToPreferences failed with error: %@", error);
      }
    };
    [[NEFilterManager sharedManager] saveToPreferencesWithCompletionHandler:saveCompHandler];
  };
   
  [[NEFilterManager sharedManager] loadFromPreferencesWithCompletionHandler:loadCompHandler];
}


And here is the code of the extension:
Code Block objective-c
- (instancetype)init
{
  NSLog(@"FilterPacketProvider init");
  self = [super init];
   
  return self;
}
- (void)startFilterWithCompletionHandler:(void (^)(NSError *error))completionHandler {
  NSLog(@"Starting filter");
  self.packetHandler = ^NEFilterPacketProviderVerdict(NEFilterPacketContext * _Nonnull context, nw_interface_t _Nonnull interface, NETrafficDirection direction, const void * _Nonnull packetBytes, const size_t packetLength) {
    NSLog(@"Packet caught");
    return NEFilterPacketProviderVerdictAllow;
  };
  NSError* error;
  completionHandler(error);
}
- (void)stopFilterWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler {
  completionHandler();
}


None of the logs in the extension code are printed.

When running the "SimpleFirewall" sample code, it works. The only difference I can think of is that it's in Swift while my code is in objective-c.

Has anyone succeeded in implementing this?

Thanks!

Up vote post of hadorco Down vote post of hadorco
595 views
Posted by
hadorco
Reply
Add a Comment

Replies

From the host app side the project is essentially performing 3 tasks when starting the SimpleFirewall project;

1) Uses OSSystemExtensionManager to submit a request to install the System Extension for SimpleFirewall.

2) On success of (1) the NEFilterManager configuration is loaded, defined, and saved to preferences (saveToPreferences).

3 On success of (2) an IPC handler is called to register communication from the host app to the provider extension.

If you have ported this functionality to Objective-C and startFilter is not called in your filter provider extension checkout the Console app filtered on the name of your project. This should provide you insight into what is going wrong. Also, when debugging this sort of issue I like to take out all of the functionality in the Network Extension and just add logs that the filter provider is at least being reached.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com


Posted by
meaton
Post not yet marked as solved Up vote reply of meaton Down vote reply of meaton
Add a Comment
In Console.app, check also for the errors reported by sysextd.

It's possible to implement it in Obj-C. I've just succeeded in seeing the first bytes in an Obj-C implementation after going through a lot of issues mainly related to bundle identifiers, app ids, app groups, xpc names, extension name.

Naive (b/c the other word is censored) question:

  • is the System Extension listed as running in the System Preferences > Network pref pane?

Posted by
tartempion
Post not yet marked as solved Up vote reply of tartempion Down vote reply of tartempion
Add a Comment
Thanks for the assistance, it seems that when I added the IPC connection call, it started working and I can see logs from the extension.
Posted by
hadorco
Up vote reply of hadorco Down vote reply of hadorco
Add a Comment

Hello,

Is replying that late still useful ? Maybe...

So, is the following really ok ?

NSError* error; // UNINITIALIZED
completionHandler(error);

If I understand Obj-C correctly, error will contain garbage since it is not static and not initialized explicitely. Calling completionHandler(error) with a non nil value will probably make macOS think that some error has occurred in startFilterWithCompletionHandler:

calling `completionHandler(nil);£ may fix the issue.

Marc

Posted by
marcLaf
Up vote reply of marcLaf Down vote reply of marcLaf
Add a Comment