Netflow of web traffic System Extension?

I've created an NEFilterDataProvider to capture all outbound network flows (see rules below), and it largely works *except* for Safari traffic (I haven't tried other web browsers). Email, curl, background Dropbox connections are captured just fine, but no traffic created by Safari is reported to handleNewFlow()


Does Safari traffic bypass the the NEFilterDataProvider? Is this expected behavior?


Thanks,


Todd



Creating flow filter settings for all outbound traffic:


let anyHostAndPortRule = NENetworkRule(

remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "0"),

remotePrefix: 0,

localNetwork: nil,

localPrefix: 0,

protocol: .TCP,

direction: .any

)

let filterRule = NEFilterRule(networkRule: anyHostAndPortRule, action: .filterData)

let filterSettings = NEFilterSettings(rules: [filterRule], defaultAction: .allow)

Up vote post of THeberlein Down vote post of THeberlein
717 views
Posted by
THeberlein
Reply
Add a Comment

Replies

Never mind!


For web traffic the


let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint


returns nil. I had not accounted for that.

Posted by
THeberlein
Up vote reply of THeberlein Down vote reply of THeberlein
Add a Comment

Never mind!

Indeed. I was all set up to post a reference to this thread when I noticed your follow up.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment