If I cruelly do a kill -9 on the process, it doesn't seem to automatically reconnect. This surprised me. Is there something I am supposed to do to tell it to do so?
NETransparentProxyManager doesn't automatically restart?
If I cruelly do a kill -9 on the process, it doesn't seem to automatically reconnect. This surprised me. Is there something I am supposed to do to tell it to do so?
NETransparentProxyManager will not restart in this case, but NETransparentProxyProvider should. This should be the case for all of the macOS Network System Extensions.
Typically a Network System Extension will respawn within a few seconds. I have tested this at least with NETransparentProxyProvider and NEDNSProxyProvider. Your provider will respawn within a few seconds unless it has been respawned several times, then you may start to see some delay.
To debug this, put os_log statements in main.swift and in your primary NETransparentProxyProvider class:
final class TransparentProxyProvider: NETransparentProxyProvider {
static let log = OSLog(subsystem: "com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy", category: "provider")
override init() {
self.log = Self.log
os_log(.debug, log: self.log, "init")
super.init()
}
private let log: OSLog
private let logForCore = OSLog(subsystem: "com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy", category: "providerCore")
override func startProxy(options: [String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) {
os_log(.debug, log: self.log, "provider will start")
}
}
...
import NetworkExtension
import os.log
/// The main entry point for the transparent proxy provider system extension.
func main() -> Never {
let log = TransparentProxyProvider.log
os_log(.debug, log: log, "will start system extension")
autoreleasepool {
NEProvider.startSystemExtensionMode()
}
os_log(.debug, log: log, "will start main")
dispatchMain()
}
main()
From there if you log out the subsystem in the Terminal you should be able to see your provider restarting.
$ log stream --level debug --predicate 'subsystem == "com.example.apple-samplecode.TransparentProxyTestBed.TransparentProxy"'
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Ok, so I am not doing anything wrong. 😄 (And yes, it's a subclass of NETransparentProxyProvider.)
I already have logs when the subclass init's; I'll try adding one to main as well. And I'll also try waiting a moderate amount of time.
Thank you! I feel much better because I wasn't missing something obvious!
Ok, I just verified: I did a kill -9 $pid, and waited 30 seconds. Nothing in /var/log/system.log, and it didn't come back until I went into SysPrefs > Network, selected my now-disconnected VPN, and clicked on "Connect". I tested this on 21E230.
Before clicking on "Connect," I did a ps to see if it had been started; it didn't show up.
Ok, I just verified: I did a kill -9 $pid, and waited 30 seconds.
Did you do this one time or did you test this multiple times? If only one time and the provider has not respawn after a minute, please open a bug report.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
The kill -9 just once. I just now did kill -9 $pid ; sleep 120 and I'll see what's going on. What information would be most useful in a bug report?
Oh! It did come back this time. But with absolutely no log messages. And it took more than 2 minutes.
... no log messages, and my CLI program to try to connect to it via XPC hangs.
(Sorry for the frequent comments.)
If I sudo launchctl kickstart it, same behaviour. If I go into SysPrefs>Network and click on the Connect button, it works. Which is very similar to what I asked to begin with.
If I go into SysPrefs>Network and click on the Connect button, it works. Which is very similar to what I asked to begin with.
Do you have any onDemandRules setup here? If so, does the same behavior apply if you remove these rules? If so, then I would open up a bug report to get more information here on what is wrong.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
No onDemandRules are set up.
I just filed FB9970916.
I have an update here; if a NETransparentProxyProvider or NEPacketTunnelProvider is killed and is not connected then it is expected to not respawn. Add On Demand Rules to reconnect, and thus start the provider again.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Ok! I will try that later today. Fortunately it seems pretty easy (famous last words 😄).
Ok. Just did a kill -9 of it, after adding
proxyManager.onDemandEnabled = YES;
NEOnDemandRuleConnect *connectOnDemand = [[NEOnDemandRuleConnect alloc] init];
connectOnDemand.interfaceTypeMatch = NEOnDemandRuleInterfaceTypeAny;
proxyManager.onDemandRules = @[
connectOnDemand,
];
and it came back alive the next time I access the network.