Hi there,
Something interesting and not understand when trying to fetch my appproxy (and dnsproxy) system extension process with commands like below.
With Intel macbook pro, all good to fetch back that pid. But with M1 macbook pro, it returns nothing although installed with the same Big Sur 11.6.1.
ps -A | grep $MY_SYS_EXTENSION_PROCESS_NAME
pgrep $MY_SYS_EXTENSION_PROCESS_NAME
Do you have any suggestion to make it the same on M1?
Thanks in advance for any suggestion.
Regards Richard
So, just to clarify, you’re running these commands from Terminal, right?
Are you sure your process is actually started?
Does sudo change things?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Yes, it is under terminal command with sudo. The process definitely is running as the filtering is functional and the logs are there.
Installed with the sameUnder my Intel and M1 macbookpro:
sudo ps -A|grep macappproxy
23656 ?? 0:00.17 /Applications/macappproxy.app/Contents/MacOS/macappproxy
23708 ?? 0:01.55 /Library/SystemExtensions/6E63B2AD-405A-424B-BF1C-792A81F25B98/com.familyzone.macappproxy.fzmacappproxy.systemextension/Contents/MacOS/com.familyzone.macappproxy.fzmacappproxy
23795 ttys002 0:00.01 grep macappproxy
sudo ps -A|grep macappproxy
91611 ?? 0:00.17 /Applications/macappproxy.app/Contents/MacOS/macappproxy
97980 ttys002 0:00.01 grep macappproxy
We can see that under M1, the system extension process is not listed.
Weird. I don’t have any explanation for this. Unfortunately I don’t have time to test it today. Let’s ask Matt…
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
On an M1 running macOS Monterery (12.0.1 (21A558)) I was able to start a NETransparentProxyProvider and see process status find the Network System Extension:
# General proxy logs:
2021-12-13 05:41:54.286417-0800 0x27b8 provider core will start new TCP flow, flow: 0x600001bfc240
2021-12-13 05:41:54.286946-0800 0x27b8 provider core will start new TCP flow endpoint 23.196.44.47:443, flow: 0x600001bfc240
2021-12-13 05:41:54.288324-0800 0x27b8 provider core did start TCP flow, copier: 0, flow: 0x600001bfc240
And then a search using process status returned:
% sudo ps -A | grep TransparentProxy
962 ?? 0:00.72 /Applications/TransparentProxyTestBed.app/Contents/MacOS/TransparentProxyTestBed
998 ?? 0:00.05 /Library/SystemExtensions/61CC2D08-FD88-4C04-B6F1-4B19DD1C43FF/com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy.systemextension/Contents/MacOS/com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy
1003 ttys000 0:00.00 grep TransparentProxy
966 ttys001 0:00.02 log stream --level debug --predicate subsystem == "com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy"
So it does look like the Network System Extension is being found on an M1 running macOS Monterey at least.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
So it does look like the Network System Extension is being found on an M1 running macOS Monterey at least.
Thanks Matt!
richard_wang, AFAIK nothing has changed in this between macOS 11 and 12, but it’s always possible I missed a memo. Can you try it on macOS 12 at your end?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Same issue here, using sudo htop I can see /Library/SystemExtensions/45487C49-9FC8-4076-9FBD-57DDAC67D26B/com.cisco.anyconnect.macos.acsockext.systemextension/Contents/MacOS/com.cisco.anyconnect.mac (truncated due to insufficient screen size) owned by root, while using sudo ps -A | grep anyconnect it just is not there.
I can also see com.cisco.anyconnect.macos.acsockext in Activity Monitor, whose parent process is launchd (1). And sudo pkill -9 com.cisco.anyconnect.macos.acsockext also works. Seems like the only thing that is broken is ps.