In some countries, the government deploys DPI (deep packet inspection) systems for censorship. These systems usually don't implement TCP completely and thus can be tricked pretty easily into allowing a connection to a blocked resource to go through, e.g. by fragmenting a ClientHello and optionally shuffling the fragments around. There exists this app for Windows: https://github.com/ValdikSS/GoodbyeDPI It uses WinDivert to intercept the network traffic and modify it as needed. I'd like to build a similar tool for macOS but I struggle to understand which of the many APIs I should use. I need two main features from the API in question: The ability to drop a packet sent by an application and send something else, e.g. several TCP fragments with the same data, instead. The ability to drop incoming packets because some DPI equipment works by sending RST before the origin server has time to respond. Ideally, I'd filter the connections by destination IP address and only work on those that deal with blocked resources, leaving the other ones to be dealt with completely by to system so that there's no needless performance regression caused by all traffic passing through my code. So which API do I use for this? NetworkExtension — which kind? BPF? Some other unix API? Or I'll have to resort to making it a kernel extension?

I'm using a VoiceProcessingIO audio unit in my VoIP application on Mac. The problem is, at least since Mojave, AudioComponentInstanceNew blocks for at least 2 seconds. Profiling shows that internally it's waiting on some mutex and then on some message queue. My code to initialize the audio unit is as follows: OSStatus status; AudioComponentDescription desc; AudioComponent inputComponent; desc.componentType = kAudioUnitType_Output; desc.componentSubType = kAudioUnitSubType_VoiceProcessingIO; desc.componentFlags = 0; desc.componentFlagsMask = 0; desc.componentManufacturer = kAudioUnitManufacturer_Apple; inputComponent = AudioComponentFindNext(NULL, &desc); status = AudioComponentInstanceNew(inputComponent, &unit);Here's a profiler screenshot showing the two system calls in question.So, is this a bug or an intended behavior?