Alternative of kext "consume" packets functionality in system extensions

Hi,


My software currently uses network kernel extension functionalities and I am trying to port it to new network system extension.

One of the functionality of my software is to capture the packet and if it is of interest then consume it and send out processed packets.

I am looking into Content Filter right now and couldn't find any option for this. Are there any alternative for this in current system extension framework.

Replies

Content filters are simply filters: You can allow or deny traffic, but you can’t modify it. If you need to modify traffic, you should explore other NE provider types.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for the reply.


Could you point me to some types which I can start exploring for this purpose.


Basic functionality of my software is to avoid duplication by caching the network data and only send what is new and refrences for cached data. For this purpose my extension have to consume the packet which will indicate that now we are responsible for the packet and we will in turn send new data which will be understood by destination. This functionality is present in kext but i am not able to find how to do it in system extensions.


Please point me to some refrences which can be used to achieve mentioned functionality in system extensions.

Hi, Any updates on this?

Really looking for some pointers as need to get it done before 10.16 which is going to deprecate my current kext.

I was just looking into "Packet Tunnel Provider" and "App Proxy provider".

As my current kext works on per packet, I think Packet Tunnel Provider can be an approach forward but not sure exactly how.


So my idea here is,

1. My system extension will get the packets from kernel using

NEPacketTunnelProvider

2. Then instead of sending the packets to some external VPN server, I can send to my local server which will another application responsible for mentioned caching.

3. After the caching and modification is done, I will forward new data to its original destination.


I am developing this for macOS.


Quinn, is it something that seems possible for my case? Any restrictions that I should be aware of?


or there is "Transparent Proxy" also, I still have to go through it. Just wanted to understand which will be better to use.