NEFilterConfigurationDidChangeNotification not being sent: is this the expected behavior?

App & System Services Core OS
tartempion OP
Created Sep ’20
Replies 3
Boosts 0
Views 968
Participants 2
Let's imagine that a Network Extension is running fine.

In System Preferences.app > Network, the extension is listed as "Running".

  • Case 1:

You then remove the Network Extension through the Network pref pane by selecting the corresponding row and clicking - and then the Apply button.

When you try to re-enable the Network Extension using the NEFilterManager API, at the end of the re-enabling process, the NEFilterConfigurationDidChangeNotification is posted.

That's fine.

  • Case 2:

You make the Network Extension inactive through the Network pref pane by selecting it, choosing Make Service Inactive using the action menu and then clicking the Apply button.

When you try to re-activate the Network Extension using the NEFilterManager API, at the end of the re-activation process, the NEFilterConfigurationDidChangeNotification is NOT posted.

Question:

Is the behavior of case 2 the expected one? If it is (or if it's not), how are we supposed to know that the Network Extension was correctly reactivated?
Replies  3
Boosts  0
Views  968
Participants  2
Systems Engineer OP
Apple
Sep ’20
For case 2, did you confirm that the filter stopped running and did become inactive? For example, did you see that your filter was no longer processing flows?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
tartempion OP
Sep ’20

  • The background process of the Network Extension is still running.

  • The flows are not processed anymore.

I can't help thinking that the management of Network Extensions is unreliable in Catalina and Big Sur.

For the record, even the Network Preference Pane does not report correctly the changing state of the Network Extension:

  1. Make a network extension inactive (+ Apply). => It's correctly displayed as "Not running".

  2. Re-enable the network extension from the embedding app.

  3. Qui the embedding application since you will never get the notification.

  4. Wait.

Sometimes, but rarely, the Network Extension will switch back to the "Running" state in the Network Pref Pane.
Most of the time, you have to quit System Preferences (1) and then reopen System Preferences for the Network Extension state to be displayed as "Running".


[1] switching to another Pref pane and then back to Network is not enough.
0
tartempion OP
Oct ’20
Problem is still there in 10.15.7 and 11.0 beta 9.

I thought I could work around this issue by polling the enabled state of the NEFilterManager but it turns out that, if the Network Extension has been removed manually from the Network Pref pane list, when you try to reload the Network Extension, the enabled state is set to YES before the Allow dialog is validated.


0
NEFilterConfigurationDidChangeNotification not being sent: is this the expected behavior?
First post date Last post date
 
 
Q