XPC via NEMachServiceName

App & System Services Networking
mikeKane OP
Created Oct ’20
Replies 3
Boosts 0
Views 1.8k
Participants 2
I am looking at the code from SimpleExtensionFirewall and notice that it's using XPC to communicate.

Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension?

Also macOS, using the Network Extension (Not system extension) is this available also?

I am looking back at the SimpleTunnel example but it seems very dated.

Thanks!
Replies  3
Boosts  0
Views  1.8k
Participants  2
Systems Engineer OP
Apple
Oct ’20

Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension?

The communication taking place in SimpleFirewall is communication from the container to the provider and also from the provider to the container app. This is done specifically for example purposes. For communication to container app to the provider sendMessageToExtension is a good approach, especially on iOS. In iOS why would you need to communicate from the provider to the container app?

Also macOS, using the Network Extension (Not system extension) is this available also?

Network System Extension are available only on macOS. iOS uses Network Extensions. Note that on macOS, Network System Extension are a modern alternative to Network Kernel Extensions.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
mikeKane OP
Oct ’20
Hey Matt thanks for your reply.

We constantly are sending messages back and forth from container to the provider and back. We have a running daemon that updates the UI with statistics, setting updates and network changes relevant to the user. We currently use SendMessageToExtension but its not ideal. I would much rather use XPC (NEMachServices), is this available on iOS?

Our current macOS uses the Network Extension ( we will send to the App Store ) and would like to use XPC there also, is it possible with a sandboxed app?


0
Systems Engineer OP
Apple
Oct ’20

We constantly are sending messages back and forth from container to the provider and back.

On macOS this is a common workflow when the container app is used to approve flows etc..

On iOS connecting with a MachServiceName with initWithMachServiceName is not available. Connecting from the container app to the extension via sendMessageToExtension is instead the recommended approach.


Our current macOS uses the Network Extension ( we will send to the App Store ) and would like to use XPC there also, is it possible with a sandboxed app?

Your best bet would be to ask App Review about using the com.apple.security.temporary-exception.mach-lookup.global-name entitlement in your app.

Checkout App Sandbox Temporary Exception Entitlements for more information.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
XPC via NEMachServiceName
First post date Last post date
 
 
Q