Multiple macOS NEDNSProxyProvider extensions

App & System Services Core OS
hardloafz OP
Created Feb ’21
Replies 3
Boosts 0
Views 619
Participants 2
We are working on NEDNSProxyProvider based feature and trying to understand how to handle cases when there are multiple NEDNSProxyProvider extensions installed on macOS (from different vendors).
It seems like first extension loaded should prevent others from loading. Is that so? Controlling priority is not obvious to me in such cases from both user and developers sides.

Same question for other system extension APIs - are they supposed to co-exist with others?

Thanks!
Replies  3
Boosts  0
Views  619
Participants  2
Systems Engineer OP
Apple
Feb ’21

We are working on NEDNSProxyProvider based feature and trying to understand how to handle cases when there are multiple NEDNSProxyProvider extensions installed on macOS (from different vendors).

Are you seeing specific issues or just wondering if there are concerns with doing so?

It seems like first extension loaded should prevent others from loading. Is that so?

I ran a test this morning to see if there were any updates since the last time I tested this type of scenario in Catalina, and I did not see any issues on Big Sur. My test case was using NEDNSProxyProvider and NETransparentProxyProvider running as two separate Network System Extensions. I start NEDNSProxyProvider first and then NETransparentProxyProvider and was able to see UDP flows hit both providers. Now, this could be a lot different than the case you are running, so are you seeing specific issues here?



Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
1
hardloafz OP
Feb ’21
Matt,

We are concerned with potential interoperability issues when there are multiple NEDNSProxyProvider from different vendors running on the same macOS system. From the way it's described I'd conclude that potentially they cannot co-exist. Is that so?

Regarding NETransparentProxyProvider - thank you for clarifying, this is good to know!
Regards,
Andrey
0
Systems Engineer OP
Apple
Feb ’21

Regarding NETransparentProxyProvider - thank you for clarifying, this is good to know!

No problem.

From the way it's described I'd conclude that potentially they cannot co-exist. Is that so?

The test I did was between two separate Network System Extensions (NEDNSProxyProvider and NETransparentProxyProvider). I suspect that the same could be done with two NEDNSProxyProvider's also. So if you have one of these providers setup, I would duplicate the project on your system and run through a test to see how the DNS flows travel through each of the running providers. I suspect that a DNS flow will hit both providers, but running a test in your environment would be the best way to prove this out.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Multiple macOS NEDNSProxyProvider extensions
First post date Last post date
 
 
Q