0 Replies
      Latest reply on Jun 7, 2019 10:21 AM by rtrouton
      rtrouton Level 1 Level 1 (0 points)

        New APIs available for Network Extension apps

        - Content Filter

        - Transparent Proxy

        - DNS Proxy

        - VPN

        - Virtual Machine

        - Custom Protocols

         

         

        Content Filter app

        Example: Personal firewall app

        Example: Parental control app

         

         

        System Extensions

         

         

        Packaged inside your app

        Managed by the OS

        Easy to develop and debug

        Run independently of any user

         

         

        System Extensions require user approval to load, like user-approved kernel extension loading (UAKEL).

         

         

        Content Filter

        NetworkExtension Framework

         

         

         

         

        Transparent Proxy

        NetworkExtension Framework

         

         

         

         

        DNS Proxy

        NetworkExtension Framework

         

         

         

         

        VPN

        NetworkExtension Framework

         

         

        includeAllNetworks - All traffic gets routed via the VPN. If VPN is unreachable, traffic is dropped.

        excludeLocalNetworks - Allows traffic sent to local network to be excluded from VPN traffic.

         

         

        Per-App VPN

         

         

        MailDomains

        CalendarDomains

        ContactsDomains

         

         

        Virtual Machine

        NetworkExtension Framework

         

         

        VMs aren't very useful if they can't connect to the network. Apple has the vmnet.framework to handle this

         

         

        Shared Mode enhancements

        - iPv6 in shared mode

        - Specify IP range of inside network

        - Port Forwarding

        Bridged Mode - VM has separate IP, does not use NAT. This has previously not been available for VM hypervisor software which uses Apple's Hypervisor framework: https://developer.apple.com/documentation/hypervisor

         

         

        Custom IP protocol

        NetworkExtension Framework

         

         

         

         

        Network Kernel Extensions are deprecated in macOS Catalina

        Move to using System Extensions

         

         

         

         

        Summary:

         

         

        New APIs available for Network Extension apps

        - Content Filter

        - Transparent Proxy

        - DNS Proxy

        - VPN

        - Virtual Machine

        - Custom Protocols

         

         

        Network kernel extensions are deprecated and will stop working in the future.