startProxy delegate for NETransparentProxyProvider class is being called twice for the same pid extension sometimes

App & System Services Networking
KrishnaveniNalka OP
Created 3d
Replies 4
Boosts 0
Views 101
Participants 2

We have an application which is written in Swift, which activates Transparent Proxy network extension. Our Transparent Proxy module is a system extension, which is exposing an app proxy provider interface (We are using NETransparentProxyProvider class and in extension’s Info.plist we use com.apple.networkextension.app-proxy key.)

Sometimes we have observed that on starting the transparent proxy extension, the startProxy overridden delegate method(override func startProxy(options: [String : Any]?, completionHandler: @escaping (Error?) -> Void) {) in our AppProxyProvider class which is derived from NETransparentProxyProvider being called more than once for the same extension(pid). This leads to Over-resume of an object crash as we invoke setTunnelNetworkSettings inside the startProxy delegate.

As this is controlled by the system, we are not sure why this delegate being called more than once sometimes even if we call the start TransparentProxy only once.

Note that, this issue is seen only in Mac OS Tahoe.

Apple Feedback ticket: FB21464147 (startProxy delegate for NETransparentProxyProvider class is being called twice for the same pid extension sometimes)

Answered by DTS Engineer in 871163022
Apple Feedback ticket: FB21464147

I think that’s the right path forward here, especially given this:

this issue is seen only in Mac OS Tahoe.

So:

  • Your product was widely deployed on macOS 15 and earlier.
  • You’re now seeing reports of weird problems that look like the system breaking its API contract.
  • But only on macOS 26 and later.

If so, that’s eminently bugworthy.

Oh, and looking at your bug I don’t see any sysdiagnose logs attached. It’s gonna be hard for your bug to get traction without that. Are you able to reproduce this in house? If so, I recommend that you enable extra NE logging [1], reproduce the problem, grab a sysdiagnose log, and attach it to your bug.

OTOH, if you’re trying to debug this solely based on reports coming in from the field, lemme know and we can discuss your options.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See Bug Reporting > Profiles and Logs > VPN (Network Extension) for macOS.

Replies  4
Boosts  0
Views  101
Participants  2
DTS Engineer OP
Apple
2d
Recommended
Apple Feedback ticket: FB21464147

I think that’s the right path forward here, especially given this:

this issue is seen only in Mac OS Tahoe.

So:

  • Your product was widely deployed on macOS 15 and earlier.
  • You’re now seeing reports of weird problems that look like the system breaking its API contract.
  • But only on macOS 26 and later.

If so, that’s eminently bugworthy.

Oh, and looking at your bug I don’t see any sysdiagnose logs attached. It’s gonna be hard for your bug to get traction without that. Are you able to reproduce this in house? If so, I recommend that you enable extra NE logging [1], reproduce the problem, grab a sysdiagnose log, and attach it to your bug.

OTOH, if you’re trying to debug this solely based on reports coming in from the field, lemme know and we can discuss your options.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See Bug Reporting > Profiles and Logs > VPN (Network Extension) for macOS.

0
KrishnaveniNalka OP
1d

Yes, the issue is reproducible only in Mac OS Tahoe.

We noticed that this leads to a crash issue when we stop and start the transparent proxy extension.

The RC for the crash is, startProxy completionHandler being called multiple times for the same PID.

We tried adding the flag check and NSLock/Dispatch Queue to not to call the startProxy completionHandler for second time, but this leads to some unpredictable behaviour like entire network functionality is broken until restarting of the machine. If we call the completionHandler for startProxy all the time, it leads to an over-resume of an object crash when startProxy is being called more than once.

Collected the crash report, sysdiagnose for further investigation. (Unable to attach the files, attachments is not enabled for these files) How can I send the crash report and sysdiagnose zip files?

0
KrishnaveniNalka OP
9h

Attached the files to https://feedbackassistant.apple.com/feedback/21464147 ticket.

0
DTS Engineer OP
Apple
8h
Attached the files to [FB21464147] ticket.

Thanks. That’s the right place for them.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
startProxy delegate for NETransparentProxyProvider class is being called twice for the same pid extension sometimes
First post date Last post date
 
 
Q