DNS Proxy on Mac is enabled but not running.

App & System Services Networking
EoinN OP
Created May ’21
Replies 6
Boosts 0
Views 1.7k
Participants 3

HI

Based on some of the examples here I have created an an app, for the Mac, with an DNS network extension. It looks in the app container code that everything seems to work. I had to play around with entitlements a bit. When I add the provider via the NEDNSProxyManager the first time. and save preferences the User is asked permission to install the Proxy and it duly appears in the network adapter list in system preferences. If I disable it is greyed out and there is no yellow dot.

However in the network panel I see that while the DNS Proxy is enabled it is not running, there is a yellow dot. It is enabled but not running.

I do write a lot of NSLogs in the NEDNSProxyProvider subclass but I don't see them appear in the console. When I try to attach to the process in Xcode using its bundleID it sticks in waiting for attachment. Is there a trick to debugging this?

This is, as I said, a Mac OS X app. Our iOS app seems to work with largely the same code.

I don't think it is an entitlement issue.




Replies  6
Boosts  0
Views  1.7k
Participants  3
Systems Engineer OP
Apple
May ’21

However in the network panel I see that while the DNS Proxy is enabled it is not running, there is a yellow dot. It is enabled but not running.

Yeah, something seems wrong here.

Regarding:

When I try to attach to the process in Xcode using its bundleID it sticks in waiting for attachment. Is there a trick to debugging this?

On macOS when I run tests with NEDNSProxyProvider I build from Xcode, and then install the Development signed build in the /Applications folder. From there I use the $ log stream command to checkout everything being logged from the container app and the provider. For example I will usually have a setup like the following:

// Container App
class ViewController: NSViewController {
    
    let log = OSLog(subsystem: "com.example.apple-samplecode.DNSTestBed", category: "app")
    
    private func configureProxy() {
        
        os_log(.info, log: self.log, "will load configurations")
        manager?.loadFromPreferences { [weak self] error in
        	precondition(Thread.isMainThread)
        	os_log(.info, log: self.log, "logs indication the state of loading preferences")
        }
    }
}

// Provider 
class DNSProxyProvider: NEDNSProxyProvider {
    
    static let log = OSLog(subsystem: "com.example.apple-samplecode.DNSTestBed.DNSExtension", category: "provider")
	  private let log: OSLog
	
    override init() {
        self.log = Self.log
        os_log(.debug, log: self.log, "init")
        super.init()
    }

	override func handleNewUDPFlow(_ flow: NEAppProxyUDPFlow, initialRemoteEndpoint remoteEndpoint: NWEndpoint) -> Bool {
    
        let initialRemote = remoteEndpoint.debugDescription
        let flowEndpoint = flow.localEndpoint.debugDescription
        os_log(.debug, log: self.log, "provider handleNewUDPFlow: initialEndpoint %{public}@ - localEndpoint: %{public}@", initialRemote, flowEndpoint)
        
        return true
    }
}

Then, in the Terminal I can use the following commands to try and log out logs from both the provider and container app.

# Container
$ log stream --level debug --predicate 'subsystem == "com.example.apple-samplecode.DNSTestBed"'

# Provider
log stream --level debug --predicate 'subsystem == "com.example.apple-samplecode.DNSTestBed.DNSExtension"'

Regarding:

This is, as I said, a Mac OS X app. Our iOS app seems to work with largely the same code.

Since it sounds like you are porting an Network App Extension over from iOS and not creating a Network System Extension on macOS, you may want to take a look at the Console.app too for more logs when you run this.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
EoinN OP
May ’21

Do you mean "now" creating a Network System Extension? I did actually look at the console log. As it happens I opened a TSI because money is no object and I have a few lying around for free anyway.

If we solve it for general we could post it here. Thanks for the information on the os_log. Is that also visible in the Console.app in the Devices streaming part?

0
Systems Engineer OP
Apple
May ’21

Do you mean "now" creating a Network System Extension?

No, I did mean "not," for example, it did not look like you were porting your App Extension to a Network System Extension and you were doing a direct port.

Regarding:

I opened a TSI

I did see this and it is in my queue. Thank you.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Reuven8e14 OP
Feb ’22

Have a similar issue on Mac M1 (Monterey - 12.2), on iOS that seams to work fine, but on the macOS M1 that appears as not running with a yellow dot.

Is to support the macOS on M1 I need to use system extension? my tunnel provider implementation is running the same on any iOS device iPhone or the M1.. can any one explain..?

0
Systems Engineer OP
Apple
Feb ’22

Is to support the macOS on M1 I need to use system extension?

You are not required on macOS to run a Network System Extension, I always mention this difference between a Network App Extension (like what is running on iOS) and a Network System Extension because they run at a different system context. For example, the App Extension will only run with a user session logged into the machine, while the System Extension will run regardless.

Also, on an M1 running macOS Monterey, you can run an iOS app as a Network App Extension keep that in mind as well.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Reuven8e14 OP
Feb ’22

Thanks for the quick answer! However what is the reason that the DNSProxyProvider is not running on the Mac M1 (when execute / run using the Xcode)? It is performing ok on any iOS device.

0
DNS Proxy on Mac is enabled but not running.
First post date Last post date
 
 
Q