Is the pauseVerdict + resumeFlow:withVerdict: mechanism reliable?

Question

tartempion OP

Created Jul ’20

Replies 2

Boosts 0

Participants 1

I have a NEFilterDataProvider subclass with the handleNewFlow: method overridden.

The custom method just does this:

Check if we're dealing with AFINET or AFINET6.
gather some data using the audit token and proc_pidpath
send a XPC to another process with a completionHandler.
pause the flow by returning [NEFilterNewFlowVerdict pauseVerdict]

When the completionHandler is called, it calls:

[self resumeFlow:theFlow withVerdict:[NEFilterNewFlowVerdict allowVerdict]];

So far what I'm observing is that this does not work as expected:

the network connections work for a while.
then web pages are no more displayed in Safari.
based on some logs, it looks like that the DNS requests do not complete.

The XPC listener does reply almost immediately and I can see that the resumeFlow: call is correctly called.

Yet, it looks like the flow is not resumed.

Questions:

Is the pauseVerdict + resumeFlow:withVerdict: mechanism reliable?

What could be checked since step-by-step-debugging shows that the expected steps are performed to resume the flows?

Boost

Answer 1

tartempion OP

Aug ’20

Just out of curiosity, has anyone been able to make the pause + resume workflow work?

0

Answer 2

tartempion OP

Aug ’20

So it turns out that the "issue" was in my code.

The - resumeFlow:withVerdict: method was called from an instance of a subclass of NEFilterDataProvider that was not listed in the Info.plist file of the .systemextension bundle.

0