ICMP packets not seen in NEFilterPacketProvider starting macOS 12.1

Possibly this happens on machines where the Packet Filter is pre-authorized by a MDM profile. Furthermore, since NEFilterDataProvider sees only outgoing ICMP flows, this means we are blind for any incoming ICMP traffic. Is this a known issue? Is there any workaround for that?

I do not think this is a MDM issue. My understanding is that NEFilterPacketProvider and NEFilterDataProvider are guaranteed to support TCP and UDP traffic. ICMP traffic happened to work, but was never documented. My advice here would be to open up a bug report, since you seen a change in behavior, so that this matter can be further weighed in on by our internal teams. Please post a the Feedback ID here also if you go this route. Optionally, you can also open a TSI with a sample project and I can do some further digging on this as well.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

I do not think this is a MDM issue. My understanding is that NEFilterPacketProvider and NEFilterDataProvider are guaranteed > to support TCP and UDP traffic. ICMP traffic happened to work, but was never documented. My advice here would be to open > up a bug report, since you seen a change in behavior, so that this matter can be further weighed in on by our internal teams. > Please post a the Feedback ID here also if you go this route. Optionally, you can also open a TSI with a sample project and I can do some further digging on this as well.

@meaton this is strange, as for packet filter there is no documentation whatsoever that it supports only TCP/UDP: https://developer.apple.com/documentation/networkextension/nefilterpacketprovider?language=objc

Moreover, on several lab sessions on WWDC we were answered that Packet Filter is the right solution for filtering non-TCP/UDP flows.

In any case, we have opened a support ticket: FB9847349