BigSur upgrade is falling in the presence of Network extension

Hi

Does osinstallersetupd (OS update process) not work in the presence of App Proxy? Is it a known issue?

I have NETransparentProxyProvider App Proxy Network extension. It captures all the 80/443 port traffic but bypasses flows "osinstallersetupd" flow. "osinstallersetupd" is responsible to download installer (If my understanding is correct).


Code Block default 23:26:38.755784-0700 osinstallersetupd [C2 Hostname#f47785d7:80 in_progress resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns, flow divert agg: 1)] event: resolver:receive_dns @0.061s
default 23:26:38.755896-0700 osinstallersetupd [C2.1 IPv4#6be093f2:80 initial path ((null))] event: path:start @0.061s
default 23:26:38.756109-0700 osinstallersetupd [C2.1 IPv4#6be093f2:80 waiting path (satisfied (Path is satisfied), interface: en0, ipv4, dns, flow divert agg: 1)] event: path:satisfied @0.061s, uuid: 16290408-B0BD-4E4E-A194-FBD44E525E8C
default 23:26:38.756417-0700 osinstallersetupd [C2.1 IPv4#6be093f2:80 in_progress socket-flow (satisfied (Path is satisfied), interface: en0, ipv4, dns, flow divert agg: 1)] event: flow:start_connect @0.061s
default 23:26:38.756557-0700 com.myapp.AppClientMacAppProxy (0): Flow 3816135374 is connecting
default 23:26:38.756701-0700 com.myapp.AppClientMacAppProxy (3816135374): New flow: NEFlow type = stream, app = com.apple.installer.osinstallersetupd, name = gs.apple.com, 10.10.15.6:0 <-> 17.137.162.1:80, filter_id = , interface = en0
default 23:26:38.756885-0700 com.myapp.AppClientMacAppProxy [Extension com.myapp.AppClientMacAppProxy]: Calling handleNewFlow with TCP com.apple.installer.osinstallersetupd[{length = 20, bytes = 0x7a8ea62f5a0144dd918e822a56207859cd5a0159}] remote: 17.137.162.1:80 interface en0
default 23:26:38.757858-0700 com.myapp.AppClientMacAppProxy [Extension com.myapp.AppClientMacAppProxy]: provider rejected new flow TCP com.apple.installer.osinstallersetupd[{length = 20, bytes = 0x7a8ea62f5a0144dd918e822a56207859cd5a0159}] remote: 17.137.162.1:80 interface en0
default 23:26:38.757962-0700 kernel (3816135374): No more valid control units, disabling flow divert
default 23:26:38.758141-0700 com.myapp.AppClientMacAppProxy (3816135374): Destroying, client tx 0, client rx 0, kernel rx 0, kernel tx 0
default 23:26:38.757963-0700 kernel (3816135374): Skipped all flow divert services, disabling flow divert
default 23:26:38.788429-0700 osinstallersetupd nw_socket_handle_socket_event [C2.1:1] Socket received CONNECTED event
default 23:26:38.788686-0700 osinstallersetupd nw_flow_connected [C2.1 IPv4#6be093f2:80 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns, flow divert agg: 1)] Output protocol connected
default 23:26:38.788922-0700 osinstallersetupd [C2.1 IPv4#6be093f2:80 ready socket-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns, flow divert agg: 1)] event: flow:finish_connect @0.094s
default 23:26:38.788990-0700 osinstallersetupd nw_connection_report_state_with_handler_on_nw_queue [C2] reporting state ready
default 23:26:38.789046-0700 osinstallersetupd [C2 Hostname#f47785d7:80 ready resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns, flow divert agg: 1)] event: flow:finish_connect @0.094s
default 23:26:38.789134-0700 osinstallersetupd [C2.1 IPv4#6be093f2:80 ready socket-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns, flow divert agg: 1)] event: flow:changed_viability @0.094s
default 23:26:38.789186-0700 osinstallersetupd [C2 Hostname#f47785d7:80 ready resolver (satisfied (Path is satisfied), interface: en0, ipv4, dns, flow divert agg: 1)] event: flow:changed_viability @0.094s
default 23:26:38.789300-0700 osinstallersetupd TCP Conn 0x7fad21865890 event 1. err: 0
default 23:26:38.789359-0700 osinstallersetupd TCP Conn 0x7fad21865890 complete. fd: 8, err: 0
error 23:26:38.789855-0700 osinstallersetupd SocketStream write error [0x7fad21865890]: 1 32
default 23:26:38.790040-0700 osinstallersetupd TCP Conn 0x7fad21865890 canceled
error 23:26:38.790164-0700 osinstallersetupd AMAuthInstallHttpMessageSendSync: no response header
error 23:26:38.790230-0700 osinstallersetupd tss_submit_job: SendHttpRequest failed -1



The above log shows:

My app proxy bypasses the flow:

default 23:26:38.757858-0700 com.myapp.AppClientMacAppProxy [Extension com.myapp.AppClientMacAppProxy]: provider rejected new flow TCP com.apple.installer.osinstallersetupd[{length = 20, bytes = 0x7a8ea62f5a0144dd918e822a56207859cd5a0159}] remote: 17.137.162.1:80 interface en0

Eventually, "osinstallersetupd" connection gets closed too.

default 23:26:38.789359-0700 osinstallersetupd TCP Conn 0x7fad21865890 complete. fd: 8, err: 0
error 23:26:38.789855-0700 osinstallersetupd SocketStream write error [0x7fad21865890]: 1 32
default 23:26:38.790040-0700 osinstallersetupd TCP Conn 0x7fad21865890 canceled


Thanks


Regarding:

default 23:26:38.757858-0700 com.myapp.AppClientMacAppProxy [Extension com.myapp.AppClientMacAppProxy]: provider rejected new flow TCP com.apple.installer.osinstallersetupd[{length = 20, bytes = 0x7a8ea62f5a0144dd918e822a56207859cd5a0159}] remote: 17.137.162.1:80 interface en0
default 23:26:38.758141-0700 com.myapp.AppClientMacAppProxy (3816135374): Destroying, client tx 0, client rx 0, kernel rx 0, kernel tx 0

If you are letting the system handle the flow by return false here with the flow for com.apple.installer.osinstallersetupd then I would open a bug report here. Please respond back with the Feedback ID. If that is not what you are doing, please let me know also.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Thanks, DTS!

Yes, handleNewFlow method retutns false for "osinstallersetupd" process.

Feedback Id:
https://feedbackassistant.apple.com/feedback/9084810

Thanks
Thank you, I see you bug internally. Please reproduce your error, trigger a sysdiagnose, and add the sysdiagnose to your bug report.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Thanks Matt!

I uploaded sysdiagnose file to ticket.
Hi Matt!

Please let me know if I need to provide more information.

Regards,
BigSur upgrade is falling in the presence of Network extension
 
 
Q