SimpleFirewall not working after stop and restart

When I start it for the first time (start button), every target traffic will be captured normally, but when I pause (stop button) and start again (start button), the same target traffic will not be captured.

I can provide the explanation on what is happening here at least; this is a caching mechanism for performance. For example, if a hostname comes through and during the process lifetime if it is approved then there doesn't seem to be a reason to keep checking the status of this hostname so this verdict is cached.

Actually what I'm trying to say is that when I stopped it and start again

Stop and start it how?

ps Please reply as a reply. If you reply in the comments, I’m not notified )-: See tip 5 in Quinn’s Top Ten DevForums Tips.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

what I'm trying to say is that when I stopped it and start again, no new traffic is captured

But I don't know how to troubleshoot

Ah, okay. So Quinn has an excellent post called Debugging a Network Extension Provider which is the first resource I would take a look at. I would encourage you to take a look at streaming logs for your provider OR the container app that is installing the provider. For example:

log stream --info --debug --process myContainerAppName

Stop and start it how?

I realized the capture of traffic information after rewriting with https://github.com/cntrump/SimpleFirewall. My question is as follows:

Step1: Start the program (start the active scheme) from xcode, and the program interface will appear. The ui interface of the sample program provided by simplefirewall contains a button start/stop.

step2: Click the button start (the button display switches to stop after clicking) to start monitoring. So I get the flow information.

Step3: Click the button stop (the button display switches to start after clicking) to stop monitoring.

step4: Click the button start again, and no new traffic information will be captured after that. (It is worth noting that this startup only starts from the interface button, not start the active scheme.)

Step1: Start the program (start the active scheme) from xcode

On a separate machine than the machine that you are you doing your development on, do you see the same result if you build your container app and system extension and run this from the /Applications directory?

On a separate machine than the machine that you are you doing your development on, do you see the same result if you build your container app and system extension and run this from the /Applications directory?

Yes. Even I build it and run it from the /Applications directory.

And when I tried to refactor the whole project from scratch, I found that I could activate the extension：(myteam is my project, and lulu is the objective-see inc. project.)

$ systemextensionsctl list 
2 extension(s)
--- com.apple.system_extension.network_extension
enabled	         active          teamID	             bundleID (version)	                                    name	[state]
*                 *              myteamID         com.myteam.Extension (1.0/1)	                        NExtension  [activated enabled]
*	                *  	          VBG97UB4TA	  com.objective-see.lulu.extension (2.5.0/2.5.0)	    Extension	[activated enabled]

but it didn't start the corresponding process

$ ps -eaf | grep "com.objective-see"
     /Library/SystemExtensions/4B156F9A-3ECF-49B9-8A68-02D328502CFB/com.objective-see.lulu.extension.systemextension/Contents/MacOS/com.objective-see.lulu.extension
     grep com.objective-see`

ps -eaf | grep "com.myteam"          
  grep com.myteam