Bugs in SimpleFirewall example

Question

Created Oct ’20

Replies 1

Boosts 0

Participants 2

I believe I have found a small bug in the SimpleFirewall example which may effect others. If you have developer mode enabled on your system (systemextensionsctl developer on), the extension will be replaced each time it is activated (as if it were being updated). When the extension is replaced, the previous currentConnection (in IPCConnection.swift) will fail silently.

Steps to reproduce:

System Extension developer mode must be turned on.
Launch SimpleFirewall app and press Start.
Attempt to open a connection on the port being filtered.
Observe you are prompted whether to allow the connection.
Press Stop, wait a moment, and press Start again.
Attempt to open a connection on the port being filtered.
Observe you are no longer prompted, the call to promptUser from the extension fails silently.

While this only effects developers, it was confusing why my variation of the extension didn't work. I was able to fix this issue by adding some code to reset the connection after the extension is replaced.

I think there's another bug in the promptUser method in the ViewController.

>>>> let window = view.window else {
os_log("Got a promptUser call without valid flow info: %@", flowInfo)
responseHandler(true)
return
}

Calling into the UI from outside the main thread is unsafe. The last guard let condition needs to be moved into the async block below.

Kind regards, - Peter Sichel

Boost

Answer 1

kimiwanano OP

Jul ’23

Hello, I am trying to use the example (SimpleFirewall) of the network extension. Now I have completed the necessary profile configuration and other content. After I try to run, a corresponding small window will pop up, but no matter how long after I click start, no matter what connection I send, it does not respond and display. I would like to know how your step 3 is achieved? How can I make it display the proper function?

0