I've created an NEFilterDataProvider to capture all outbound network flows (see rules below), and it largely works *except* for Safari traffic (I haven't tried other web browsers). Email, curl, background Dropbox connections are captured just fine, but no traffic created by Safari is reported to handleNewFlow()
Does Safari traffic bypass the the NEFilterDataProvider? Is this expected behavior?
Thanks,
Todd
Creating flow filter settings for all outbound traffic:
let anyHostAndPortRule = NENetworkRule(
remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "0"),
remotePrefix: 0,
localNetwork: nil,
localPrefix: 0,
protocol: .TCP,
direction: .any
)
let filterRule = NEFilterRule(networkRule: anyHostAndPortRule, action: .filterData)
let filterSettings = NEFilterSettings(rules: [filterRule], defaultAction: .allow)