Transparent Proxy tunnel samba connection

Hi,

I am implementing a transparent proxy for macOS, while most of the TCP connections are able to tunnel without any issue except for samba connection with port 445 or 135. When the finder trying to connect to samba server, the system will crash and reboot. From the code, system is crashing when calling system extension's handleNewFlow. Below is the part of the source code:

override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {

        if let TCPFlow = flow as? NEAppProxyTCPFlow {

            guard let remoteEndpoint = TCPFlow.remoteEndpoint as? NWHostEndpoint else {

                Logger.error("AppProxyProvider.handleNewFlow: Failed to get remote endpoint")

                return false

            }

            if Int(remoteEndpoint.port) == 445 || Int(remoteEndpoint.port) == 135 {
                return false // system crash after return
            }
}


Answered by stephenlem in 636747022
Just to update, the latest update Catalina 10.15.7 has fixed the issue.
Below is the problem report of the crash:

panic(cpu 0 caller 0xffffff80072469aa): Kernel trap at 0xffffff800723f193, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000000008, CR3: 0x000000001b78b000, CR4: 0x00000000003626e0
RAX: 0x0000000000000001, RBX: 0x0000000000000000, RCX: 0x0000000000000021, RDX: 0xffffff812509bbf0
RSP: 0xffffff812509bb68, RBP: 0xffffff812509bb90, RSI: 0x0000000000000000, RDI: 0x0000000000000000
R8: 0x0000000000000001, R9: 0x0000000000000002, R10: 0x0000000200011000, R11: 0x0000000000080009
R12: 0x0000000000000000, R13: 0x0000000000000001, R14: 0x0000000000000000, R15: 0xffffff812509bbf0
RFL: 0x0000000000010246, RIP: 0xffffff800723f193, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0x0000000000000008, Error code: 0x0000000000000000, Fault CPU: 0x0, PL: 0, VF: 1

Backtrace (CPU 0), Frame : Return Address
0xffffff812509b5c0 : 0xffffff800711a65d
0xffffff812509b610 : 0xffffff8007254a75
0xffffff812509b650 : 0xffffff80072465fe
0xffffff812509b6a0 : 0xffffff80070c0a40
0xffffff812509b6c0 : 0xffffff8007119d27
0xffffff812509b7c0 : 0xffffff800711a117
0xffffff812509b810 : 0xffffff80078c1abc
0xffffff812509b880 : 0xffffff80072469aa
0xffffff812509ba00 : 0xffffff80072466a8
0xffffff812509ba50 : 0xffffff80070c0a40
0xffffff812509ba70 : 0xffffff800723f193
0xffffff812509bb90 : 0xffffff8007566c76
0xffffff812509bc40 : 0xffffff8007565f7a
0xffffff812509bd20 : 0xffffff80076d1d85
0xffffff812509bd60 : 0xffffff80076fb894
0xffffff812509be30 : 0xffffff7f8b544496
0xffffff812509be90 : 0xffffff7f8b543d4e
0xffffff812509bee0 : 0xffffff7f8b53cfa9
0xffffff812509bfa0 : 0xffffff80070c013e
Kernel Extensions in backtrace:
com.apple.filesystems.smbfs(3.4.4)[FF9F31DA-C872-3A49-81FE-9AE0A5B2ED8E]@0xffffff7f8b50c000->0xffffff7f8b579fff
dependency: com.apple.kec.corecrypto(1.0)[804DD660-F561-3444-A076-05D7A52D65E3]@0xffffff7f88146000
dependency: com.apple.kext.triggers(1.0)[882413D2-4F99-341C-AD2A-D2C11D713252]@0xffffff7f8ace2000

BSD process name corresponding to current thread: kerneltask
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-dev

Mac OS version:
19G73

Kernel version:
Darwin Kernel Version 19.6.0: Sun Jul 5 00:43:10 PDT 2020; root:xnu-6153.141.1~9/RELEASE
X8664
Kernel UUID: 783946EA-6F11-3647-BF90-787AEA14B954
Kernel slide: 0x0000000006e00000
Kernel text base: 0xffffff8007000000
HIB text base: 0xffffff8006f00000
System model name: MacBookAir9,1 (Mac-0CFF9C7C2B63DF8D)
System shutdown begun: NO

System uptime in nanoseconds: 1495676069209
last loaded kext at 1495390957589: @filesystems.smbfs 3.4.4 (addr 0xffffff7f8b50c000, size 450560)
last unloaded kext at 984552888859: >!AThunderboltDPOutAdapter 6.2.6 (addr 0xffffff7f8b21d000, size 49152)
loaded kexts:
@filesystems.smbfs 3.4.4
>!AGraphicsDevicePolicy 5.2.6
@AGDCPluginDisplayMetrics 5.2.6
@fileutil 20.036.15
@filesystems.ntfs 3.14.3
>!AHV 1
|IOUserEthernet 1.0.1
|IO!BSerialManager 7.0.6f7
>!AUpstreamUserClient 3.6.8
>X86PlatformShim 1.0.0
>!APlatformEnabler 2.7.0d0
>AGPM 111.4.4
>pmtelemetry 1
>!A!IICLGraphics 14.0.7
@Dont
StealMacOS_X 7.0.0
>!AThunderboltIP 3.1.4
>!ABacklight 180.3
>BridgeAudioCommunication 6.70.7
>!AMCCSControl 1.14
>!ABridgeAudio!C 6.70.7
>!AGFXHDA 100.1.429
>!A!IPCHPMC 2.0.1
>!ATopCaseHIDEventDriver 3430.1
>!AHIDALSService 1
>!A!IICLLPGraphicsFramebuffer 14.0.7
>!A!ISlowAdaptiveClocking 4.0.0
>!AAVEBridge 6.1
@filesystems.exfat 1.4
@filesystems.autofs 3.0
@filesystems.apfs 1412.141.1
>BCMWLANFirmware4355.Hashstore 1
>BCMWLANFirmware4364.Hashstore 1
>BCMWLANFirmware4377.Hashstore 1
>!A!BModule 1
@filesystems.hfs.kext 522.100.5
@BootCache 40
@!AFSCompression.!AFSCompressionTypeDataless 1.0.0d1
@!AFSCompression.!AFSCompressionTypeZlib 1.0.0
>!AVirtIO 1.0
@private.KextAudit 1.0
>!ASmartBatteryManager 161.0.0
>!ABCMWLANBusInterfacePCIe 1
>!AACPIButtons 6.1
>!ASMBIOS 2.1
>!AACPIEC 6.1
>!AAPIC 1.7
$!AImage4 1
@nke.applicationfirewall 303
$TMSafetyNet 8
@!ASystemPolicy 2.0.0
|EndpointSecurity 1
>!AGraphicsControl 5.2.6
|IOAVB!F 850.1
>!ABacklightExpert 1.1.0
@!AGPUWrangler 5.2.6
>!ASMBus!C 1.0.18d1
>X86PlatformPlugin 1.0.0
>!AActuatorDriver 3440.1
|IONDRVSupport 576.1
>IOPlatformPlugin!F 6.0.0d8
>!AHS!BDriver 3430.1
>IO!BHIDDriver 7.0.6f7
>!AMultitouchDriver 3440.1
>!AInputDeviceSupport 3440.8
>!AHIDKeyboard 209
@!AGraphicsDeviceControl 5.2.6
|IOAccelerator!F2 438.7.3
|IOGraphics!F 576.1
|IOSlowAdaptiveClocking!F 1.0.0
@plugin.IOgPTPPlugin 840.3
|IOEthernetAVB!C 1.1.0
@kext.triggers 1.0
>usb.cdc.ncm 5.0.0
>usb.cdc 5.0.0
>usb.networking 5.0.0
>usb.!UHostCompositeDevice 1.2
>usb.!UHub 1.2
>usb.!UVHCIBCE 1.2
>usb.!UVHCI 1.2
>usb.!UVHCICommonBCE 1.0
>usb.!UVHCICommon 1.0
>!AEffaceableNOR 1.0
|IOBufferCopy!C 1.1.0
|IOBufferCopyEngine!F 1
|IONVMe!F 2.1.0
>IO!BHost!CPCIeTransport 7.0.6f7
|IO!BHost!CTransport 7.0.6f7
>!A!BDebug 1
>!AConvergedIPCOLYBTControl 1
>!A!BDebugService 1
>!AConvergedPCI 1
>!AThunderboltPCIDownAdapter 2.5.4
>!AThunderboltDPInAdapter 6.2.6
>!AThunderboltDPAdapter!F 6.2.6
>!AHPM 3.4.4
>!A!ILpssI2C!C 3.0.60
>!A!ILpssDmac 3.0.60
>!A!ILpssI2C 3.0.60
>!AThunderboltNHI 5.8.6
|IOThunderbolt!F 7.6.1
>usb.!UXHCIPCI 1.2
>usb.!UXHCI 1.2
|IOSurface 269.11
@filesystems.hfs.encodings.kext 1
|IOAudio!F 300.2
@vecLib.kext 1.2.0
>usb.!UHostPacketFilter 1.0
|IOUSB!F 900.4.2
>!AEFINVRAM 2.1
>!ABCMWLANCore 1.0.0
>mDNSOffloadUserClient 1.0.1b8
>IOImageLoader 1.0.0
|IOSerial!F 11
|IO80211!FV2 1200.12.2b1
|IOSkywalk!F 1
>!AEFIRuntime 2.1
>!AMultiFunctionManager 1
>corecapture 1.0.4
>!ASMCRTC 1.0
|IOSMBus!F 1.1
|IOHID!F 2.0.0
$quarantine 4
$sandbox 300.0
@kext.!AMatch 1.0.0d1
>!AKeyStore 2
>!UTDM 489.120.1
|IOSCSIBlockCommandsDevice 422.120.3
>!ACredentialManager 1.0
>!AFDEKeyStore 28.30
>!AEffaceable!S 1.0
>!AMobileFileIntegrity 1.0.5
@kext.CoreTrust 1
|CoreAnalytics!F 1
|IOTimeSync!F 840.3
|IONetworking!F 3.4
>DiskImages 493.0.0
|IO!B!F 7.0.6f7
|IO!BPacketLogger 7.0.6f7
>!ASSE 1.0
>KernelRelayHost 1
>!ASEPManager 1.0.1
>IOSlaveProcessor 1
|IOUSBMass!SDriver 157.140.1
|IOSCSIArchitectureModel!F 422.120.3
|IO!S!F 2.1
|IOUSBHost!F 1.2
>usb.!UCommon 1.0
>!UHostMergeProperties 1.2
>!ABusPower!C 1.0
|IOReport!F 47
>!AACPIPlatform 6.1
>!ASMC 3.1.9
>watchdog 1
|IOPCI!F 2.9
|IOACPI!F 1.4
@kec.pthread 1
@kec.corecrypto 1.0
@kec.Libm 1
Hello,

any update on above case?
[Hmmm, not sure why I didn’t see this go past earlier.]

This is a kernel panic. The kernel shouldn’t panic no matter what you do in your transparent proxy sysex. I encourage you to file a bug about this. Make sure to include that panic log.

Once you have the bug on file, please post the number here so that I can take another look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Filed the bug FB8186989

Filed the bug FB8186989

Thanks for that. I grabbed the panic log from the sysdiagnose you added to the bug and took a quick look. Unfortunately that didn’t reveal anything immediately obvious. At this point we’ll have to wait for the kernel team to take a detailed look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Hi eskimo,

any update? will this be resolved in next macOS update?

any update?

No. Your bug has landed in the right place but I can’t say anything beyond that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Hi eskimo,

There is change of behaviour after the 10.15.6 supplement update. Now the system will crash when handleNewFlow func return true. Before the update, system will always crash when handleNewFlow return true/false. I have filed the bug #FB8443686

override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
Code Block
if let TCPFlow = flow as? NEAppProxyTCPFlow {

guard let remoteEndpoint = TCPFlow.remoteEndpoint as? NWHostEndpoint else {
return false
}
Code Block
if Int(remoteEndpoint.port) == 445 {
return true // system crash after return
}
}
}
any update?

any update?

After 3 days? No.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Accepted Answer
Just to update, the latest update Catalina 10.15.7 has fixed the issue.
Transparent Proxy tunnel samba connection
 
 
Q