BigSur 11.5 Beta breaks NWConnection

Question

Created May ’21

Replies 7

Boosts 0

Participants 2

Hi there,

I have a set of filter code based on AppProxyProvider that works pretty well: it just work capture in tcp and udp traffic using NWConnection.

Unfortunately recently I upgraded to 11.5 Beta then everything goes wrong: the bandwidth as tested via some website, say, fast.com will drop after running for several minutes to < 2Mbps for both upload/download (although my broadband's normal speed is 50Mbps ). I capture in only tcp traffic to port 80 and 443.

I wonder is it some bug in network extension or some API level change I need to adapt to. Checked the release note, but nothing mentioned about any change around network extension.

That blocks our beta plan!

Thanks in advance for any suggestion.

Boost

Answer 1

richard_wang OP

May ’21

The version tag of current system is: 11.5 Beta (20G5023d)
After some time testing, not able to browse anymore although appproxy device is still connected and can still ping through.

0

Answer 2

Systems Engineer OP

Apple

May ’21

If I am reading this correctly, NWConnection is not broken in macOS 11.5 Beta but you are instead seeing variable network speeds through your provider where NWConnection is used. Is that correct?

not able to browse anymore although appproxy device

Are you using NEAppProxyProvider or are you using NETransparentProxyProvider?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 3

richard_wang OP

May ’21

If I am reading this correctly, NWConnection is not broken in macOS 11.5 Beta but you are instead seeing variable network speeds through your provider where NWConnection is used. Is that correct?

It is not only network speed drop, but after some time, no network access anymore (I am capturing tcp 80/443 outbound traffic only). That was not the case with bigSur 11.4.

Are you using NEAppProxyProvider or are you using NETransparentProxyProvider?

I am using NEAppProxyProvider.

0

Answer 4

Systems Engineer OP

Apple

May ’21

It is not only network speed drop, but after some time, no network access anymore (I am capturing tcp 80/443 outbound traffic only). That was not the case with bigSur 11.4.

Okay thank you for confirming. What I am trying to do here is suss out whether NWConnection is actually broken, but since it is running network traffic at all, then I suspect the issue you are seeing is somewhere else.

I ran a few tests today with NEAppProxyProvider with macOS 11.5 beta to proxy TCP traffic with NWConnection. I ran a proxy test for 15 minutes, proxying TCP traffic from video streaming sites and just general Safari traffic. Here are a few observations; Youtube traffic does not work the way you would expect with NEAppProxyProvider, it's very intermittent. This was a known bug and fixed with NETransparentProxyProvider. However, traffic from platforms like Twitch, Vimeo, and WWDC videos all still work fine with NEAppProxyProvider in macOS 11.5. So, if you are running into issues on macOS 11.5 with specific traffic like YouTube videos, try it with NETransparentProxyProvider. I did not experience any traffic slown-downs or delays other than Youtube traffic with NWConnection. Hope this helps in your investigation.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 5

richard_wang OP

Jun ’21

Hi Matt,

Confirmed that beginning from BigSur 11.4 the network loss issue happens: I tried on two macbook pro. They have no problem when at BigSur 11.3.1. But as soon as I upgrade them to 11.4, issue happens. Already use NETransparentProxy.

Can you help double confirm? You can use fast.com and speedtest.net which can show the symptom rather quick.

Thanks in advance.

0

Answer 6

richard_wang OP

Jun ’21

And filter out only tcp 80 and 443 as I do.

0

Answer 7

Systems Engineer OP

Apple

Jun ’21

Can you help double confirm?

No, I test on run different NETransparentProxyProvider tests on my 11.5 machine on a regular basis for post 443 traffic. If you feel that you have found a bug, you should open a bug report with a sysdiagnose.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0