dns proxy sys ext process can take > 1 minute to respawn

Hi there,

This is realized during the test on Monterey 12.2. Normally when we kill the dns proxy sys ext process, it will respawn very quickly within a couple of seconds. But after multiple times of trials, it can take more than one minute to respawn. Worst case even encountered was that it never gets respawn anymore.

By comparison, the app proxy doesn't have the same problem: always gets respawn instantly.

Not sure whether it is a bug or not.

Thanks in advance for the suggestions.

Regards Richard

Good question. 1 minute is a long time. Is there anything out of the ordinary going on in your provider that the system may be trying to clean up before respawning the System Extension? For example, if you take a blank NEDNSProxyProvider and start it on a fresh test machine, does it take the same amount of time to respawn as your application? Also, does this same thing reproduce on multiple machines?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Thanks Matt for the reply.

Is there anything out of the ordinary going on in your provider that the system may be trying to clean up before respawning the System Extension? For example, if you take a blank NEDNSProxyProvider and start it on a fresh test machine, does it take the same amount of time to respawn as your application?

Minimised my project with NEDNSProxyProvider only and inside handleUDPFlow, doing nothing but return true directly like blew, same behaviour reproduced.

Interesting thing is that when it happens, the respawn time is constant at around one minute five seconds (after sys ext process got killed). But if you rest it for a while before the next process kill, it might return back to normal again until you keep trying for multiple times (< 10 times normally).

import NetworkExtension

class DNSProxyProvider: NEDNSProxyProvider {
  override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) {
		completionHandler(nil)
  }
   
  override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
    completionHandler()
  }
   
  override func sleep(completionHandler: @escaping () -> Void) {
    completionHandler()
  }

  override func wake() {
  }
	
  // MARK: Flow Handling & filtering
  override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
    if flow is NEAppProxyTCPFlow {
      return false
    } else if let udpFlow = flow as? NEAppProxyUDPFlow {
      return self.handleUDPFlow(udpFlow)
    }
    return false
  }
   
  @available(macOS 10.15, *)
  private func handleUDPFlow(_ flow: NEAppProxyUDPFlow) -> Bool {
    return true
  }
}

Also, does this same thing reproduce on multiple machines?

Tried on a fresh installed Big Sur 11.6.2, same thing reproduced.

Okay, thank you for the report. If this is happening in the minimal case then unfortunately the bottom line is that there is no workaround or help that I can provide here other than:

  1. Making sure your provider does not crash.
  2. Opening a bug report about this if you feel that this is an issue.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

TSI submitted: Follow-up: 794081746

dns proxy sys ext process can take &gt; 1 minute to respawn
 
 
Q