User Profile

Hi,I have application on latest MacOS Catalina 10.15.5 beta where I have written simple application to catch the flow in NEFilterDataProvider.After upgrading to latest beta version, i am not able to load Content Filter provider.When I see the log i see following errorFailed to save configuration Filter Tunnel: Error Domain=NEConfigurationErrorDomain Code=11 "IPC failed" UserInfo={NSLocalizedDescription=IPC failed}Can you please let me know in what scenario we get "IPC failed" error ?same code was working with previous version, so please let me know if something new got added related to content filter extension. ?Thanks for your helpKumar

Hi,I have application on MacOS Catalina where I have written simple application to catch the flow in NEFilterDataProvider.In handlenewFlow function I am able to capture all flows, and I believe in MacOS all flows would be NEFilterSocketFlow.I am able to get valid remoteEndpoint, but localEndpoint is coming as 0.0.0.0 for all flows with valid port number.First Question is 0.0.0.0 coming as localEndpoint is valid ?When I am executing curl , I am able to capture that flow also but localEndpoint is coming as 0.0.0.0:0 i.e.PORT is also coming as 0.Please let me know if it is correct, do I need to configure anything ?Thanks for your helpKumar

Hi,I have application on MacOS Catalina where we load 2 Network extension provider, FilterDataProvider and PacketTunnelProvider.I believe they run on separate thread, so for a connection either flow can come first in FilterDataProvider or packet can come first in PacketTunnelProvider.Is there way to synchronize these 2 providers for a connection like FilterDataProvider is called and once its done then packet of that connection should come to PacketTunnelProvider.Thanks for your helpKumar

Hi,In macOS Catalina we have the new NetworkExtension framework for NEPacketTunnelProviderIn my usecase I need the PID of the process that is the originator of the network flow. I'm aware that PID are not a reliable way to identify a process (since PIDs can be reused), but in my usecase only PID can identify what I need.In NEPacketTunnelProvider, I am able to get NEPacket from readPacketObjects, from NEPacket I am able to get NEFlowMetaData and from that sourceAppAuditToken and I am aware of audit_token_to_pid, from <bsm/libbsm.h> which I can use to get pid, but my sourceAppAuditToken is coming nil for all packets so i am not able to get the pid.let token = packet.metadata?.sourceAppAuditToken if (token != nil) { let u8: [UInt8] = Array(token!) let array: [UInt32] = u8.map { UInt32($0) } let audit_token = audit_token_t(val: (array[0], array[1], array[2], array[3], array[4], array[5], array[6], array[7])) let pid = audit_token_to_pid(audit_token) }Can you please let me know is it correct way to get pid or is there other way to get it, like any underline api of. "lsof"I'm also aware of getting the signature of the process with SecCodeCopySigningInformation but it will not help in my usecase.Regards,Kumar