How to filter system-wide traffic with Network Extensions?

NEFilterDataProvider seemed to perfectly meet our needs to monitor and control a Mac's network traffic, in total and by process.

But: we found out that traffic from about 50 Apple processes is excluded from being seen and controlled by NEFilterDataProvider, due to an undocumented Apple exclusion list. This is a regression from what was possible with NKEs.

We believe it has a high number of drawbacks, and we already know this is negatively affecting our end users.

I've covered all of the above in detail in FB8808172, also why other ways to monitor and control traffic are not alternatives we could consider for this scenario. I'd appreciate if someone at Apple could have a look as soon as possible.

This sounds like a severe impediment. Is there still no official response from Apple?

Oh gosh, this kerfuffle. If I’m reading my records right, changes were made in this space in the macOS 11.2 release.

There was a similar kerfuffle with packet tunnel providers, resulting in the introduction of the excludeCellularServices and excludeAPNs properties.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

How to filter system-wide traffic with Network Extensions?
 
 
Q