[NEFilterDataProvider, NEFilterFlow]

Hi, Some questions about how to use NEFilterDataProvider.

Context: My extension has network rules (NENetworkRule) to filter most of HTTP/HTTPS trafic (port 80 et 443). Allowing a flow is a decision made by consulting custom rules (no NENetworkRule here) that the user can change at any moment.

Questions:

1/ By modifying a custom rule, the decision for a flow can change. It is possible to retrieve currently allowed flows (for an application) and change the decision about it ? Can NSFilterFlow be cache to later change a decision ? Is there a way to know when a flow is no longer used ?

2/ An accepted flow seems never filtered again (except by quitting the application). The only way I found to apply new custom rules on currently allowed flow is by restarting the filter (load, NSFilterManager.isEnable=false, save, NSFilterManager.isEnable=true, save). Is it the correct method ?

Thanks for you attention.

Up vote post of Mox Down vote post of Mox
256 views
Posted by
Mox
Reply
Add a Comment

Accepted Reply

It is possible to retrieve currently allowed flows … and change the decision about it?

No.

Is there a way to know when a flow is no longer used?

No, well at least not in the way that you’re looking for. Once you’ve resolved a flow, by either allowing or denying it, you lose the ability to track its state. You could track its state by continuing to peek at the flow, but that’s not a great option performance-wise.

An accepted flow seems never filtered again

Right.

(except by quitting the application)

That’s not really an exception. The new app gets a new flow which is run through your filter.

The only way I found to apply new custom rules on currently allowed flow is by restarting the filter … Is it the correct method ?

Well, that kinda depends on your definition of “correct”. However, it is expected behaviour that starting a new filter will break all network connections, allowing the filter to examine the flows created when the various apps and system components attempt to re-establish those connections.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

It is possible to retrieve currently allowed flows … and change the decision about it?

No.

Is there a way to know when a flow is no longer used?

No, well at least not in the way that you’re looking for. Once you’ve resolved a flow, by either allowing or denying it, you lose the ability to track its state. You could track its state by continuing to peek at the flow, but that’s not a great option performance-wise.

An accepted flow seems never filtered again

Right.

(except by quitting the application)

That’s not really an exception. The new app gets a new flow which is run through your filter.

The only way I found to apply new custom rules on currently allowed flow is by restarting the filter … Is it the correct method ?

Well, that kinda depends on your definition of “correct”. However, it is expected behaviour that starting a new filter will break all network connections, allowing the filter to examine the flows created when the various apps and system components attempt to re-establish those connections.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment