It appears in my testing that NEFilterDataProvider consistently gets its handleNewFlow() called prior to NEFilterPacketProvider's packetHandler callback closure.
Is this by design? Is it something we can assume to stay consistent from macOS version to version?
Is there a way to request a different ordering? Is it related to the NetworkExtension.NEProviderClasses key in Info.plist for the SystemExtension/NetworkExtension?
<key>NetworkExtension</key>
<dict>
<key>NEMachServiceName</key>
<string>$(TeamIdentifierPrefix)com.X.Y.app-group.MySystemExtension</string>
<key>NEProviderClasses</key>
<dict>
<key>com.apple.networkextension.filter-data</key>
<string>$(PRODUCT_MODULE_NAME).FilterDataProvider</string>
<key>com.apple.networkextension.filter-packet</key>
<string>$(PRODUCT_MODULE_NAME).FilterPacketProvider</string>
</dict>
</dict>
Is it based on the order of the modules listed in the info.plist?
I actually want the order macOS is giving me now, and I want to make sure I can rely on this ordering.
I want to make sure I can rely on this ordering.
There is no way to guarantee that these mechanisms will stay the same.
Regarding:
I am seeing the data provider called first and packet provider second in an outbound TCP connection.
For an outbound connection, this makes sense to me because the provider is allowing you to make a decision before the connection even goes up. Then after a decision is made on the flow, the packets contained within that flow can be diagnosed.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com