Firewall system extension - Once again

Folks,

So far, I've been able to get the Firewall system extension including the Simple Firewall workspace (example ) running. It's from Apple.

It's written in Swift ( 'am not fluent but trying to learn ). I've bridged code written in C, but really need to do active debugging. I saw there was passing mention that we should use os_log() and watch thru console. But that would not help me in this case. The reason being that we had a custom message passing code that used control socket in Kext. Moving forward we want this inside the System extension.

As such, as a prelude to this, I plugged in a small server side written in Swift. And was able to connect and communicate from any socket client. This shows that we can have a server, and have a message passing service over localhost.

Primitives are quite different in user space and kernel space ( using control socket - PF_SYSTEM ), so I had to abstract out or translate and now 'am trying to find a way that I can debug.

With xcode I can attach to the Extension by Name, and at the start of the Firewall App, I can see the system extension is being attached. But pausing ( or breaking ) will give only the core system related threads ( bascially work_q, start thd etc. ) that I don't need.

Tried __asm int3; that does not seem to work...

Can someone please suggest a way for active debuggin the System Extension ?

TIA,

prokash

Another question --

How does the /Library/SystemExtensions/db.list gets created ?

I had to delete that file after disabling SIP. Now when I run the SimpleFirewall, the App can not connect to the Extension, Extension does not get loaded.

How to fix this ???

Thanks,

prokash

Finally --

What is .staging file for system extension, and when does it start to exist ?

root@Prokash.Sinha:/Library/SystemExtensions$ ls -ltr

total 8

drwxr-xr-x 2 root wheel 64 Nov 20 13:44 .staging

drwx------ 4 root wheel 128 Nov 20 14:13 CA9BEDD1-2AE6-4512-97B3-673E1E6B4A4C (UUID based folder)

drwx------ 4 root wheel 128 Nov 20 14:13 DD60CA04-C33F-4BAC-B3B0-BB57874432B4

-rwx------@ 1 root wheel 1979 Nov 20 14:13 db.plist

Sometime I see the .staging, sometime I don't. I would assume the first time when we try to run an APP with SystemExtension we wil have it. Then it will not... Not sure.

But what I'm trying to solve is --

How to make the App to launch the latest build of the system extension process, and connect to them. It should have some versioning, timestamp, and what version of Extension it would launch.

In the past I was able to clean all of the above file. Then clean the /Application/SimpleFireWall. Restart, and it was able to restart. Don't remember when perhaps around 10.15.1.

Now I can not connect to this server. Main reason to do all these is to avoid buggy extension launching mechanism, that does not launch the new system extension, and update the db.plist file. No matter what, it tries to launch what exist in the db.plist file even though I copy the application every time to Application folder.

So the real question is -- What is the absolute Grunt way to make sure that the latest build of the system extension ( that is embedded per configuration ) in the app gets launched ???

Thanks,

Prokash