Hi, when I perform an overlay installation via a PKG on macOS for an application containing the NEFilterDataProvider functionality, there is a chance that the entire system network becomes unreachable. Disabling the corresponding Content Filter in "System Settings > Network > Filters" immediately restores network connectivity. This issue does not occur every time, with a frequency of approximately 1 in 20 installation attempts.
The following details may help identify the problem:
- The Filter.app containing the NEFilterDataProvider resides within the main app's Resources directory, e.g.,
/Applications/Main.app/Contents/Resources/Filter.app - Main.app is installed via a PKG; the issue typically occurs during an overlay installation of Main.app.
- The NEFilterDataProvider operates as a System Extension.
- The
func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {}returns .allow. - Wireshark packet captures show TCP packets but no UDP packets; TCP handshakes cannot complete.
- Disabling the corresponding content filter in "System Settings > Network > Filters" restores the network; re-enabling it breaks connectivity again.
- After waiting for a period, approximately 30-60 minutes, network connectivity can recover automatically.
What causes this and how can it be fixed? Any workarounds?