Posts

Post marked as solved
8 Replies
1.9k Views
From Documentation page of App Proxy Provider, it says that the flow control is only supported for the Apps which are from Mac App store only. What does it means?Does it means the dmg file like Firefox, Chrome which we install on Mac outside from App Stores, App Proxy Provider will not intercept these flows?Doc Link: https://developer.apple.com/documentation/networkextension/app_proxy_providerCopying statement:"......App proxy providers are supported in iOS on managed devices only, and in macOS for Mac App Store apps only......."With kext we were able to intercept any flow regardless the source of the installer file for managing traffic, how will it work with new Network extension framework now?
Posted Last updated
.
Post not yet marked as solved
0 Replies
334 Views
Hi,I am doing a POC with AppProxyProvider in MacOS catallina where I have intercepted superset of ipv4 traffic for port 80 in my handleNewFlow() using below include rule:let endpoint = NWHostEndpoint(hostname: "0.0.0.0", port: "80")includedNetworks = NENetworkRule(destinationNetwork: endpoint, prefix: 0, protocol: .TCP)Now at run time in handleNewFlow() I have a requirement bypass many flows based on different business logic. Note these rules are discovered at run time which i cannot configure in exculde rules of NENetworkRule; like I have a DNS cache (already) and I need to do a reverse lookup on my traffic and based on domain name I need to bypass the traffic. So basically a very small subset of traffic i will need to proxy in my handleNewFlow(), but most of them I need to return to kernel to bypass the traffic without dropping them.To do this I dont see that option in AppProxyProvider::handleNewFlow() to notify kernel that I am not interested in this flow and bypass it:from 'https://developer.apple.com/documentation/networkextension/neappproxyprovider/1405085-handlenewflow'Return Value of handleNewFlow()Return true to indicate that the App Proxy Provider will handle the flow. Return false to indicate that the flow should be closed.So question is why do I need to unnecessarily handle (implement a copier to copy flows transparently) when in most of the cases I might be interested in a very small set traffic at runtime. How can I return from handleNewFlow() indicating kernel to bypass this traffic?
Posted Last updated
.
Post marked as solved
1 Replies
680 Views
Hi,In WWDC 2019 confrence for 'System Extensions and DriverKit' speaker said at 5:50 record time tyhat the system extensions can be written in any programming language, including C, C++ or Swift. Can you please confirm if the Network extensions for NEAppProxyProvider and NEFilterDataProvider be written in C++ programming language? If not what did the speaker meant, please clarify.WWDC reference:https://developer.apple.com/videos/play/wwdc2019/702Thanks
Posted Last updated
.
Post marked as solved
1 Replies
526 Views
Hi,I am able to run a sample AppProxyProvder::Transparent Proxy sample project on my MacOS (10.15.4). Below are the logs from instance when I open a connection with remote server 192.168.1.10 at port 8080:2020-04-10 22:15:40.798787+0530 0x56105 Default 0x0 1939 0 com.mcafee.endpointsystemextension: (NetworkExtension) [com.apple.networkextension:] (0): Flow 3001203496 is connecting2020-04-10 22:15:40.799064+0530 0x56105 Default 0x0 1939 0 com.mcafee.endpointsystemextension: (NetworkExtension) [com.apple.networkextension:] (3001203496): New flow: NEFlow type = stream, app = com.apple.nc, name = , address = 192.168.1.10, port = 8080, filter_id = , interface = en02020-04-10 22:15:40.799619+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (NetworkExtension) [com.apple.networkextension:] [Extension com.mcafee.endpointsystemextension]: Calling handleNewFlow with TCP com.apple.nc[{length = 20, bytes = 0xc8801506101bbbdcdbe2ad03caad7c0692daf201}] remote: 192.168.1.10:80802020-04-10 22:15:40.800194+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (libnetwork.dylib) [com.apple.network:] [C9 569452C0-0AC1-43F1-AFCE-D965FD6F66D3 IPv4#bb0bd150:8080 tcp, indefinite] start2020-04-10 22:15:40.800659+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (libnetwork.dylib) [com.apple.network:] nw_connection_report_state_with_handler_on_nw_queue [C9] reporting state preparing2020-04-10 22:15:40.802872+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (libnetwork.dylib) [com.apple.network:] nw_socket_handle_socket_event [C9:1] Socket received CONNECTED event2020-04-10 22:15:40.802969+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (libnetwork.dylib) [com.apple.network:] nw_flow_connected [C9 IPv4#bb0bd150:8080 in_progress socket-flow (satisfied (Path is satisfied), interface: en0, ipv4, dns)] Output protocol connected2020-04-10 22:15:40.803162+0530 0x65b9a Default 0x0 1939 0 com.mcafee.endpointsystemextension: (libnetwork.dylib) [com.apple.network:] nw_connection_report_state_with_handler_on_nw_queue [C9] reporting state ready=====================================================================================================Though there was one issue which I couldn’t debug, where I need to install the system extension twice to successfully connect the VPN. Otherwise VPN connect is failing with error [Domain=NEAgentErrorDomain Code=2 "(null)"]Below are the related logs: NSWorkspaceApplicationKey = "<NSRunningApplication: 0x600000f03b80 (com.mcafee.mcpdev - 10607) LSASN:{hi=0x0;lo=0x34f34f}>";2020-04-09 14:59:47.498327+0530 0x115148 Default 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] Found 1 (1 active) registrations for com.mcafee.mcpdev.systemextension (com.apple.networkextension.app-proxy)2020-04-09 14:59:47.498676+0530 0x115148 Default 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] NEFlowDivertPlugin(com.mcafee.mcpdev[inactive]): Sending start command2020-04-09 14:59:47.504034+0530 0x115148 Error 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] Failed to launch com.mcafee.mcpdev2020-04-09 14:59:47.504388+0530 0x115148 Default 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] NESMTransparentProxySession[Primary Tunnel:PassThroughProxy:14F3737C-C06B-4DCE-B180-A91BD43723FF:(null)] in state NESMVPNSessionStateStarting: plugin NEFlowDivertPlugin(com.mcafee.mcpdev[inactive]) started with PID 0 error Error Domain=NEAgentErrorDomain Code=2 "(null)"2020-04-09 14:59:47.507447+0530 0x115148 Default 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] com.mcafee.mcpdev[inactive]: disposing2020-04-09 14:59:47.507889+0530 0x115148 Default 0xb0623 692 0 nesessionmanager: [com.apple.networkextension:] NESMTransparentProxySession[Primary Tunnel:PassThroughProxy:14F3737C-C06B-4DCE-B180-A91BD43723FF:(null)] in state NESMVPNSessionStateDisposing: plugin NEFlowDivertPlugin(com.mcafee.mcpdev[inactive]) dispose completeWhat could be thet issue that VPN connect is failing after 1st system extension install?
Posted Last updated
.