Ordering of callback between NEFilterDataProvider and NEFilterPacketProvider?

It appears in my testing that NEFilterDataProvider consistently gets its handleNewFlow() called prior to NEFilterPacketProvider's packetHandler callback closure.

Is this by design? Is it something we can assume to stay consistent from macOS version to version?

Is there a way to request a different ordering? Is it related to the NetworkExtension.NEProviderClasses key in Info.plist for the SystemExtension/NetworkExtension?

<key>NetworkExtension</key>
<dict>
	<key>NEMachServiceName</key>
	<string>$(TeamIdentifierPrefix)com.X.Y.app-group.MySystemExtension</string>
	<key>NEProviderClasses</key>
	<dict>
		<key>com.apple.networkextension.filter-data</key>
		<string>$(PRODUCT_MODULE_NAME).FilterDataProvider</string>
		<key>com.apple.networkextension.filter-packet</key>
		<string>$(PRODUCT_MODULE_NAME).FilterPacketProvider</string>
	</dict>
</dict>

Is it based on the order of the modules listed in the info.plist?

I actually want the order macOS is giving me now, and I want to make sure I can rely on this ordering.

Up vote post of kn-cs Down vote post of kn-cs
530 views
Posted by
kn-cs
Reply

  • One correction:

    I am seeing the data provider called first and packet provider second in an outbound TCP connection. For inbound, I am actually seeing the packet handler first.

    kn-cs
Add a Comment

Accepted Reply

I want to make sure I can rely on this ordering.

There is no way to guarantee that these mechanisms will stay the same.

Regarding:

I am seeing the data provider called first and packet provider second in an outbound TCP connection.

For an outbound connection, this makes sense to me because the provider is allowing you to make a decision before the connection even goes up. Then after a decision is made on the flow, the packets contained within that flow can be diagnosed.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved

  • Thank you Matt.

    kn-cs
Add a Comment

Replies

I want to make sure I can rely on this ordering.

There is no way to guarantee that these mechanisms will stay the same.

Regarding:

I am seeing the data provider called first and packet provider second in an outbound TCP connection.

For an outbound connection, this makes sense to me because the provider is allowing you to make a decision before the connection even goes up. Then after a decision is made on the flow, the packets contained within that flow can be diagnosed.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved

  • Thank you Matt.

    kn-cs
Add a Comment