XPC working fine for system extension but not for app extension

Hello,

I'm working on an app that offers a VPN tunnel (NEPacketTunnelProvider) meant to be released both in Developer ID builds and App Store builds.

I've implemented an IPC mechanism using IPCConnection from the filtering network traffic example code.

For the system extension it works fine.

For the app extension, I just can't connect to the mach service.

In both cases the app is not sandboxed, but the extension is.

I'm trying to figure out how to troubleshoot the issue. The plist file for the system extension has this key:

<key>NetworkExtension</key>

<dict>

	<key>NEMachServiceName</key>

	<string>$(TeamIdentifierPrefix)com.company.system.extension.bundle.id</string>

	<key>NEProviderClasses</key>

	<dict>

		<key>com.apple.networkextension.packet-tunnel</key>

		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>

	</dict>

</dict>

Would the app network extension use the same NetworkExtension dictionary with a NEMachServiceName key for the mach service name?

Any hints to help me debug this issue? I've tried using launchctl list to see if the mach service is up, but I'm not exactly sure what's a good way to use it.

I've considered using sendProviderMessage to communicate with the tunnel from the main App, but the problem is that sometimes NEVPNManager.shared.connection as? NETunnelProviderSession is just nil (due to the cast), and I'm not sure why that's the case.

Up vote post of ddgdrm Down vote post of ddgdrm
1.4k views
Posted by
ddgdrm
Reply

  • As a side note, I will also want to connect through IPC from a login item moving forward.

    ddgdrm
Add a Comment

Replies

For the app extension, I just can't connect to the mach service.

That’s expected. NEMachServiceName is a feature of the sysex packaging. It’s not support for an NE appex.

Having said that, supporting this would be cool IMO and, if you agree, I encourage you to file an enhancement request along those lines. To provide some context here, back when we introduced NE appex providers iOS did not support XPC. Since then, however, we’ve added XPC support to iOS in support of file provider extensions, and so it might make sense to revisit this decision for NE appex providers.

Please post your bug number, just for the record.

I've considered using sendProviderMessage(…) to communicate with the tunnel from the main app

That’s the traditional way to do this. You can also have your app and appex share an app group and do IPC that way (not XPC, alas).

I'm not sure why that's the case.

I’ve not seen this before. If you decide to continue down the provider message path, I’d be interested in hearing more details about it.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Thanks for the swift reply. I posted my initial question from another dev forums account but will switch to using this one instead.

    I'll be submitting an enhancement request and will post back the bug number.

    diegoreymendez
Add a Comment

Took a while, but I've submitted the feedback: FB12146277

Posted by
ddgdrm
Up vote reply of ddgdrm Down vote reply of ddgdrm
Add a Comment