Network Extension receives stop command right after start

Question

Created Mar ’23

Replies 2

Boosts 0

Participants 2

Right after starting my Network Extension I see logs about it being stopped. This is unexpected, since I don't request a stop myself. See:

Logs

com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.swiftlee.SimpleFirewallExtension	extension	Filter Data Provider INIT2!	16:15:10.933356+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception.	16:15:10.933521+0200	error
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception.	16:15:10.933676+0200	error
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		nw_path_copy_interface_with_generation Cache miss for interface for index 13 (generation 27)	16:15:10.933804+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		nw_path_copy_dictionary_for_agent_with_generation Agent for 193175C0-2680-429E-936F-193A9E388C45 cache miss	16:15:10.933816+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		nw_path_copy_dictionary_for_agent_with_generation Agent for D3C308CF-2251-1A46-FBD7-253DB2B2D892 cache miss	16:15:10.933829+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network		nw_path_evaluator_start Registering client as default path evaluator	16:15:10.933864+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.network	path	nw_path_evaluator_start [3C53553E-FC50-470C-AAF8-353796600231  generic, attribution: developer]
	path: satisfied (Path is satisfied), interface: en4, ipv4, dns	16:15:10.934029+0200	default
nesessionmanager	com.apple.securityd	dirval	entering /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension	16:15:10.961210+0200	debug
nesessionmanager	com.apple.securityd	dirval	entering /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents	16:15:10.961453+0200	debug
nesessionmanager	com.apple.securityd	dirval	leaving /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents	16:15:10.961524+0200	debug
nesessionmanager	com.apple.securityd	dirval	leaving /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension	16:15:10.961551+0200	debug
nesessionmanager	com.apple.securityd	unixio	open(/Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension,0x0,0x1b6) = 12	16:15:10.961918+0200	debug
nesessionmanager	com.apple.securityd	unixio	open(/Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension,0x0,0x1b6) = 13	16:15:10.962024+0200	debug
nesessionmanager	com.apple.securityd	machorep	8661 signing bytes in 5 blob(s) from /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/MacOS/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension(arm64)	16:15:10.962325+0200	debug
nesessionmanager	com.apple.securityd	cfloadfile	failed to fetch /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/_CodeSignature/CodeRequirements-1 error=-10	16:15:10.962392+0200	debug
nesessionmanager	com.apple.securityd	cfloadfile	failed to fetch /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/_CodeSignature/CodeRepSpecific error=-10	16:15:10.969820+0200	debug
nesessionmanager	com.apple.securityd	cfloadfile	failed to fetch /Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/_CodeSignature/CodeTopDirectory error=-10	16:15:10.969922+0200	debug
nesessionmanager	com.apple.securityd	unixio	open(/Library/SystemExtensions/06258761-5A17-4662-AE39-F7C405B91134/com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension.systemextension/Contents/Info.plist,0x0,0x1b6) = 12	16:15:10.970051+0200	debug
nesessionmanager	com.apple.securityd	staticCode	0x14e632d48 done serializing com.apple.application-identifier4QMDKC8VLJ.com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtensioncom.apple.developer.networking.networkextensioncontent-filter-providercom.apple.developer.team-identifier4QMDKC8VLJcom.apple.security.app-sandboxcom.apple.security.application-groups4QMDKC8VLJ.com.example.apple-samplecode.SimpleFirewallcom.apple.security.get-task-allow	16:15:10.970710+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Calling startFilterWithCompletionHandler	16:15:10.971216+0200	default
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.swiftlee.SimpleFirewallExtension	extension	startFilter NEW3	16:15:10.971273+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Started with error (null)	16:15:10.971355+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Calling stopFilterWithReason because: Stop command received	16:15:10.988255+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.swiftlee.SimpleFirewallExtension	extension	Stop filter	16:15:10.988292+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Calling stop completion handler with error (null)	16:15:10.988312+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: disposing	16:15:10.988339+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		socket source cancel handler called	16:15:10.988393+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Session manager connection was invalidated	16:15:10.988388+0200	default
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.networkextension		: Deallocating	16:15:10.988421+0200	default
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.extensionkit	NSExtension	invalidated extension context: 	16:15:10.988440+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0; 0x6000009b43c0> canceled after timeout; cnt = 3	16:15:13.036834+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0> released (shared; canceler); cnt = 2	16:15:13.037058+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0> released; cnt = 1	16:15:13.037122+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0; 0x0> invalidated	16:15:13.037255+0200	info
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0> released; cnt = 0	16:15:13.037297+0200	debug
com.example.apple-samplecode.SimpleFirewall4QMDKC8VLJ.SimpleFirewallExtension	com.apple.containermanager	xpc	connection <0x6000009b43c0/0/0> freed; cnt = 0	16:15:13.037327+0200	debug

Secondly: I'm trying to build a Network Provider to stop any requests coming from a specific app. Am I correct I can do that using the NEFilterDataProvider without any filters configured?

 override func startFilter(completionHandler: @escaping (Error?) -> Void) {
        log.log(level: .debug, "startFilter NEW3")
        completionHandler(nil)
}

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’23

Right after starting my Network Extension I see logs about it being stopped.

Is your start method called? What about your stop method? If so, what’s do you see passed to the reason parameter?

I'm trying to build a Network Provider to stop any requests coming from a specific app. Am I correct I can do that using the NEFilterDataProvider without any filters configured?

I’m not sure I undertand this question. However, the code snippet you posted in reasonable enough. There’s no requirement that your stopFilter(with:completionHandler:) method do anything other than call the completion handler. You can use it to configure your filter’s internal state but, if you have no internal state, calling the completion handler immediately is just fine.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

AvdLee OP

Mar ’23

Is your start method called? What about your stop method? If so, what’s do you see passed to the reason parameter?

I managed to find the cause, I was using true for both:

 let providerConfiguration = NEFilterProviderConfiguration()
providerConfiguration.filterSockets = true
providerConfiguration.filterPackets = true

After changing filterPackets to false my extension didn't stop anymore!

I’m not sure I undertand this question. However, the code snippet you posted in reasonable enough.

Perfect, that's all I need to know right now! After my extension started working, I was able to disallow all incoming requests and verified my concept.

Btw, I found a small improvement in your guideline: https://developer.apple.com/forums/thread/725805

The next issue you’ll find is that choosing Product > Run runs the app from the build products directory rather than the Applications directory. To fix that:

Edit your app’s scheme again.

On the left, select Debug.

Debug was a bit unclear to me at first. I would better understand this if it was named Run. Btw, your instructions helped big time!

0

	override func startFilter(completionHandler: @escaping (Error?) -> Void) {
	log.log(level: .debug, "startFilter NEW3")
	completionHandler(nil)
	}

	let providerConfiguration = NEFilterProviderConfiguration()
	providerConfiguration.filterSockets = true
	providerConfiguration.filterPackets = true