NEFilterConfigurationDidChangeNotification not being sent: is this the expected behavior?

Let's imagine that a Network Extension is running fine.

In System Preferences.app > Network, the extension is listed as "Running".

  • Case 1:

You then remove the Network Extension through the Network pref pane by selecting the corresponding row and clicking - and then the Apply button.

When you try to re-enable the Network Extension using the NEFilterManager API, at the end of the re-enabling process, the NEFilterConfigurationDidChangeNotification is posted.

That's fine.

  • Case 2:

You make the Network Extension inactive through the Network pref pane by selecting it, choosing Make Service Inactive using the action menu and then clicking the Apply button.

When you try to re-activate the Network Extension using the NEFilterManager API, at the end of the re-activation process, the NEFilterConfigurationDidChangeNotification is NOT posted.

Question:

Is the behavior of case 2 the expected one? If it is (or if it's not), how are we supposed to know that the Network Extension was correctly reactivated?
Up vote post of tartempion Down vote post of tartempion
809 views
Posted by
tartempion
Reply
Add a Comment

Replies

For case 2, did you confirm that the filter stopped running and did become inactive? For example, did you see that your filter was no longer processing flows?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

  • The background process of the Network Extension is still running.

  • The flows are not processed anymore.

I can't help thinking that the management of Network Extensions is unreliable in Catalina and Big Sur.

For the record, even the Network Preference Pane does not report correctly the changing state of the Network Extension:

  1. Make a network extension inactive (+ Apply). => It's correctly displayed as "Not running".

  2. Re-enable the network extension from the embedding app.

  3. Qui the embedding application since you will never get the notification.

  4. Wait.

Sometimes, but rarely, the Network Extension will switch back to the "Running" state in the Network Pref Pane.
Most of the time, you have to quit System Preferences (1) and then reopen System Preferences for the Network Extension state to be displayed as "Running".


[1] switching to another Pref pane and then back to Network is not enough.
Posted by
tartempion
Up vote reply of tartempion Down vote reply of tartempion
Add a Comment
Problem is still there in 10.15.7 and 11.0 beta 9.

I thought I could work around this issue by polling the enabled state of the NEFilterManager but it turns out that, if the Network Extension has been removed manually from the Network Pref pane list, when you try to reload the Network Extension, the enabled state is set to YES before the Allow dialog is validated.


Posted by
tartempion
Up vote reply of tartempion Down vote reply of tartempion
Add a Comment