Thanks Matt for your reply. I got the looping issue resolved. I have a generic question on macOS network extension - transparent proxy provider. Is it a must to implement transparent proxy provider as a system extension inside an app? With this approach, we are observing 2 popups , one popup for system extension, one popup while adding VPN configuration (for monitoring network). The other issue is user can see the transparent proxy in the Network Preferences, which is weird. This is something different when compared to NKE behavior. We are looking for ways to avoid these 3 things. Can we avoid above popups and proxy inside network preferences? Before trying anything, I would like a guidance whether trying that approach worth or not. We are thinking to try implementing transparent proxy provider inside a launchdaemon? Can we implement transparent proxy provider inside a launchdaemon? or if system extension is the only option, then how can. we avoid above 2 popups and proxy visible in network preference?

I am also facing the same issue of getting into loop. I am not clear about the method of using audit token from flow's metadata. If you have a working example, can you please share. Is there any simple way of avoiding the capture of tcp flow coming from specific process(in our case it is launch agent).

Thanks a lot Matt!! I modified the SimpleFirewall program into simple transparent proxy using NETransparentproxyManager and NEAppProxyProvider. Transparent proxy. It catches the outbound network traffic as per defined NENetworkRule. handleNewFlow is also called. In handleNewFlow, I opened connection to remote server using NWTCPconnection and once the connection status is connected => I called openWithLocalEndpoint. For data transfer, I am using tcpflow.read() and conn.write() methods for reading from caught TCP flow and writing on connection to remote server. It is reading the data properly (I am printing the whole message in logs), but I am getting the following error in console logs while writing on remote connection and nothing is received on remote server. "Error Domain=kNWErrorDomainPOSIX Code=89 "Operation canceled" UserInfo={NSDescription=Operation canceled}" Can you please help me resolving this issue.

I have the similar scenario. Can you point me to the APIs for NEAppProxyprovider and NEPacketTunnelProvider which can be used to divert the ip/port of outgoing packets

Hi, I want to write an application and a system extension to redirect the outgoing network traffic through the application. My design is as follows: Create a thread as proxy server listener on a port (e.g., 1234). So App waits for connections on 127.0.0.1:1234 2. Whenever outgoing traffic is encountered on a specific port, say 567, this traffic should be diverted to proxy listener in the application. Application takes care of sending it out after the processing. Can somebody help me in pointing the relevant APIs in Transparent Proxy and Packet Filter. If any sample code is available, please share with me.