XPC via NEMachServiceName

I am looking at the code from SimpleExtensionFirewall and notice that it's using XPC to communicate.

Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension?

Also macOS, using the Network Extension (Not system extension) is this available also?

I am looking back at the SimpleTunnel example but it seems very dated.

Thanks!
Up vote post of mikeKane Down vote post of mikeKane
1.5k views
Posted by
mikeKane
Reply
Add a Comment

Replies

Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension?

The communication taking place in SimpleFirewall is communication from the container to the provider and also from the provider to the container app. This is done specifically for example purposes. For communication to container app to the provider sendMessageToExtension is a good approach, especially on iOS. In iOS why would you need to communicate from the provider to the container app?

Also macOS, using the Network Extension (Not system extension) is this available also?

Network System Extension are available only on macOS. iOS uses Network Extensions. Note that on macOS, Network System Extension are a modern alternative to Network Kernel Extensions.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
Hey Matt thanks for your reply.

We constantly are sending messages back and forth from container to the provider and back. We have a running daemon that updates the UI with statistics, setting updates and network changes relevant to the user. We currently use SendMessageToExtension but its not ideal. I would much rather use XPC (NEMachServices), is this available on iOS?

Our current macOS uses the Network Extension ( we will send to the App Store ) and would like to use XPC there also, is it possible with a sandboxed app?


Posted by
mikeKane
Up vote reply of mikeKane Down vote reply of mikeKane
Add a Comment

We constantly are sending messages back and forth from container to the provider and back.

On macOS this is a common workflow when the container app is used to approve flows etc..

On iOS connecting with a MachServiceName with initWithMachServiceName is not available. Connecting from the container app to the extension via sendMessageToExtension is instead the recommended approach.


Our current macOS uses the Network Extension ( we will send to the App Store ) and would like to use XPC there also, is it possible with a sandboxed app?

Your best bet would be to ask App Review about using the com.apple.security.temporary-exception.mach-lookup.global-name entitlement in your app.

Checkout App Sandbox Temporary Exception Entitlements for more information.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment