In my testing i am observing many times NEAppProxyFlow is running domain name for hostname field:
(tcpFlow.remoteEndpoint as! NWHostEndpoint).hostname.
I am not sure I am not changing anything in setting anywhere and it starts returning domain name. I dont have steps to re-produce this. Due to this my policy look ups are failing as I am expecting to get IP address all the time.
How can I make sure that '(tcpFlow.remoteEndpoint as! NWHostEndpoint).hostname' always return a ip address?
Below are some logs around this:
(tcpFlow.remoteEndpoint as! NWHostEndpoint).hostname.
I am not sure I am not changing anything in setting anywhere and it starts returning domain name. I dont have steps to re-produce this. Due to this my policy look ups are failing as I am expecting to get IP address all the time.
How can I make sure that '(tcpFlow.remoteEndpoint as! NWHostEndpoint).hostname' always return a ip address?
Below are some logs around this:
Code Block 2020-11-09 22:30:41.842395-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726.1 IPv4#655f88fe:443 waiting path (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: path:satisfied @0.061s, uuid: 9A4D9824-E905-45EE-9FB4-07B4E6B0A00F 2020-11-09 22:30:41.842583-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726.1 IPv4#655f88fe:443 in_progress socket-flow (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: flow:start_connect @0.061s 2020-11-09 22:30:42.014713-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726 Hostname#acf7adf9:443 in_progress resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: resolver:receive_dns @0.233s 2020-11-09 22:30:42.391795-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726.2 IPv4#bfba2279:443 initial path ((null))] event: path:start @0.610s 2020-11-09 22:30:42.392011-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726.2 IPv4#bfba2279:443 waiting path (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: path:satisfied @0.611s, uuid: DB896A4B-0054-48A3-B0A4-5ECF95C32670 2020-11-09 22:30:42.392356-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2726.2 IPv4#bfba2279:443 in_progress socket-flow (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: flow:start_connect @0.611s 2020-11-09 22:30:42.393115-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (NetworkExtension) [com.apple.networkextension:] (0): Flow 1907125168 is connecting 2020-11-09 22:30:42.393348-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (NetworkExtension) [com.apple.networkextension:] (1907125168): New flow: NEFlow type = stream, app = ksfetch, name = tools.google.com, 10.213.175.250:0 <-> 172.217.6.174:443, filter_id = , interface = en0 2020-11-09 22:30:42.393547-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (NetworkExtension) [com.apple.networkextension:] [Extension com.mcafee.containerapp]: Calling handleNewFlow with TCP ksfetch[{length = 20, bytes = 0x1af5d141044be4f949ec1beea77f1127d4a6ce56}] remote: tools.google.com:443 2020-11-09 22:30:42.395619-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (Security) [com.apple.securityd:security_exception] UNIX error exception: 1 2020-11-09 22:30:42.395710-0800 0x6b92d Error 0x0 353 0 com.mcafee.CMF.networkextension: PolicyDataStore: AddEventInfo Point product is DOWN. 2020-11-09 22:30:42.395713-0800 0x6b92d Error 0x0 353 0 com.mcafee.CMF.networkextension: EvaluateNwPolicies: Returned Reaction = AAC_REACTION_REDIRECT_DEFAULT 2020-11-09 22:30:42.395732-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: [com.mcafee.dev.PassThroughProxy:providerCore] checkPolicyForRedirection: Bypassing. Not redictecing traffic to dest: tools.google.com:443 2020-11-09 22:30:42.395776-0800 0x6b92d Default 0x0 353 0 com.mcafee.CMF.networkextension: (NetworkExtension) [com.apple.networkextension:] [Extension com.mcafee.containerapp]: provider accepted new flow TCP ksfetch[{length = 20, bytes = 0x1af5d141044be4f949ec1beea77f1127d4a6ce56}] remote: tools.google.com:443 2020-11-09 22:30:42.395919-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2727 38F5ABC4-077F-47F5-B939-8A9E95340EE0 Hostname#acf7adf9:443 tcp, indefinite, context: Default Network Context, proc: 53E40884-A25D-3FDD-A2D4-542F4586BD18] start 2020-11-09 22:30:42.395925-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2727 Hostname#acf7adf9:443 initial path ((null))] event: path:start @0.000s 2020-11-09 22:30:42.396006-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2727 Hostname#acf7adf9:443 waiting path (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: path:satisfied @0.000s, uuid: 2B125408-A5D4-4067-92F4-7B8D65C657B4 2020-11-09 22:30:42.396024-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2727 Hostname#acf7adf9:443 in_progress resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: resolver:start_dns @0.000s 2020-11-09 22:30:42.396026-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] nw_connection_report_state_with_handler_on_nw_queue [C2727] reporting state preparing 2020-11-09 22:30:42.396112-0800 0x6b8ee Default 0x0 353 0 com.mcafee.CMF.networkextension: (libnetwork.dylib) [com.apple.network:connection] [C2727 Hostname#acf7adf9:443 in_progress resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns)] event: resolver:receive_dns @0.000s