Question Regarding peekOutboundBytes Limit in NEFilterDataProvider When Using SMB

Dear Apple Developer Technical Support,

I am currently developing a macOS network filtering solution using NetworkExtension with NEFilterDataProvider.

During implementation of the handleOutboundData logic, we are using the following verdict:

NEFilterNewFlowVerdict.filterDataVerdict(
    withFilterInbound: true,
    peekInboundBytes: InboundPeekBytes,
    filterOutbound: true,
    peekOutboundBytes: OutboundPeekBytes
)

However, we have encountered an issue when SMB traffic is involved. When SMB protocol communication occurs, the network connection occasionally becomes unresponsive or appears to stall when peekOutboundBytes is set to a large value.

Through testing, we observed the following behavior:

• On some systems, reducing the peekOutboundBytes value allows SMB communication to proceed normally.
• On other systems, even relatively small values can still cause the SMB connection to stall.
• This behavior appears inconsistent across different macOS environments.

Because of this, we would like to clarify the following:

1. Is there a documented or recommended maximum value for peekOutboundBytes when using NEFilterNewFlowVerdict.filterDataVerdict?
2. Are there any internal limits or constraints within NetworkExtension that could cause SMB traffic to stall when the peek buffer size is too large?
3. Are there best practices for selecting appropriate peekInboundBytes / peekOutboundBytes values when filtering high-throughput protocols such as SMB?

If necessary, we can provide additional information such as macOS version, test environment details, and logs.

Thank you for your assistance.

Best regards, sangho