Basically before OS 13.0 this was not an issue. So I don't this so its third party vendor issue. My question is that why our app option is complete disable that action in that entire row is not clickable.

This has been observed specifically after Mac OS 13.0 update before it was allowed to enable/disable preinstalled system extensions.

Ok Thanks @eskimo, I will create new TSI for this.

Hi, The reason of using API call inside datagrams is, our backend server needs track of all https requests and the data that server send in response of API call, it will decide whether this particular url should be processed/accessible or not.

Hi @eskimo, @meaton Can you help me out in this?

Hi @eskimo, Thanks for reply, This is what I have done so far: override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { NSLog("DNSProxyProvider: handleFlow") if #available(iOSApplicationExtension 14.2, *) { hostName = flow.remoteHostname! } else {} if let udpFlow = flow as? NEAppProxyUDPFlow { let localHost = (udpFlow.localEndpoint as! NWHostEndpoint).hostname let localPort = (udpFlow.localEndpoint as! NWHostEndpoint).port proxyUDPFlow = udpFlow open() } return false } func open() { guard let flow = proxyUDPFlow else { return } guard let endPoint = flow.localEndpoint as? NWHostEndpoint else { return } flow.open(withLocalEndpoint: endPoint) { (error) in if (error != nil) { NSLog("DNSProxyProvider UDP Open flow Error : \(error.debugDescription)") } else { NSLog("DNSProxyProvider UDP Open flow Success") self.handleData(for: flow) } } } func handleData(for flow: NEAppProxyUDPFlow) { flow.readDatagrams(completionHandler: { (data, endpoint, error) in if let error = error { NSLog("DNSProxyProvider UDP read data Error : \(error.localizedDescription)") return } else { if let datagrams = data, let _ = endpoint, !datagrams.isEmpty { self.outBoundCopier(flow: flow, datagrams: datagrams,endPointValue: (flow.localEndpoint as? NWHostEndpoint)!) } } }) } func outBoundCopier(flow: NEAppProxyUDPFlow, datagrams: [Data], endPointValue:NWHostEndpoint) { Read DNS query messages off the flow. Parse them into the format needed by your resolver. Send it to your resolve. Get the response. Format it into a DNS reply message. Send it to inBoundCopier to Write that to the flow on which you received the query. } private func inBoundCopier(flow: NEAppProxyUDPFlow, data: Data?, isComplete: Bool?, error: NWError?, endPoint: NWHostEndpoint) { switch(data, isComplete, error) { case (let data?, _ , _): flow.writeDatagrams([data], sentBy: [endPoint], completionHandler: { (error) in if let error = error { NSLog("DNSProxyProvider UDP write Error : \(error.localizedDescription)") } else{ NSLog("DNSProxyProvider UDP write completed") } }) case(_, true, _): flow.closeReadWithError(error) flow.closeWriteWithError(error) NSLog("DNSProxyProvider inbound copier completed") case (_, _, let error?): NSLog("DNSProxyProvider inbound copier Error : \(error.localizedDescription)") default: NSLog("DNSProxyProvider inbound copier error") } } Read DNS query messages off the flow. This Im assuming extract/read each data object from datagrams array. Parse them into the format needed by your resolver. Basically we have an API that takes hostname as a query parameter, that sends us Json response. There is not any specific format we use for our resolver.

Hi @eskimo, I followed above link line by line to debug system extension. I added script as suggested in above article it copy my app to application folder when debug and compile successfully. I did this but my app is getting crashed, Please see the attached screenshot. So I thought let's give a try with terminal as per some suggestion on developer forums. But that's not again working. Why and what is this crash? Im able to add system extension to network preferences I have attached screenshot but why its not showing running means active with green dot.

Hi @eskimo, I followed above link line by line to debug system extension. I added script as suggested in above article it copy my app to application folder when debug and compile successfully. then I run my app through terminal by selecting app through application folder. it doesn't call DNSProxyProvider Constructor. But before that what I noticed Im able to add system extension with enabled state but that enabled state or mode is not showing in green colour I guess in running state it shows in orange colour.

Hey @eskimo, Thanks for your input also. Yes as suggested by @meaton I tried few things, and as per my last reply above Im able to load system extension and do the save preferences. But DNSProxyProvider is not loading now. Now as meaton says I will recheck loading Network system extension and also will go through above link Debugging Network Extension Provider.

Hi @meaton, Thanks for quick reply, this helps me lot. So I did this first: If you see your system extension code being invoked, how are you running and testing your extension? Do you build it locally and then drag the executable into the /Applications directory? If not, you should be doing this and then streaming the logs with log stream on your Mac. As per this instructions, request is getting completed in OSSystemExtensionRequestDelegate. When you call .saveToPreferences are you getting an error? No. Im not getting error. SaveToPreferences works perfectly. Try putting a constructor in DNSProxyProvider to see if this is being hit. This should tell you at least if you system extension code is being invoked. I put constructor in DNSProxyProvider, but Im getting following different errors in console application logs. ASI found [dyld] (sensitive) 'Library not loaded: @rpath/Sparkle.framework/Versions/B/Sparkle   Referenced from: <7CE344FF-E938-3E0F-B840-B03EAC2B3D5B> /Library/SystemExtensions/6229CF3D-05D5-458C-9AED-92A91E504A52/com.xxx.MacOS-DNSProxyNetworkExtension.systemextension/Contents/MacOS/com.xxx.MacOS-DNSProxyNetworkExtension   Reason: tried: '/Library/SystemExtensions/6229CF3D-05D5-458C-9AED-92A91E504A52/com.xxx.MacOS-DNSProxyNetworkExtension.systemextension/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle' (no such file), '/Library/SystemExtensions/Frameworks/Sparkle.framework/Versions/B/Sparkle' (no such file), '/Library/SystemExtensions/6229CF3D-05D5-458C-9AED-92A91E504A52/com.xxx.MacOS-DNSProxyNetworkExtension.systemextension/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle' (no such file), '/Library/SystemExtensions/Frameworks/Sparkle.framework/Versions/B/Sparkle' (no such file), '/System/Volumes/Preboot/Cryptexes/OS@rpath/Spa<…>' Formulating fatal 309 report for corpse[36488] com.xxx.MacOS-DNSProxyNetworkExtension Unable to find store record for 'file:///Library/SystemExtensions/6229CF3D-05D5-458C-9AED-92A91E504A52/com.xxx.MacOS-DNSProxyNetworkExtension.systemextension/': Error Domain=NSOSStatusErrorDomain Code=-10811 "kLSNotAnApplicationErr: Item needs to be an application, but is not" UserInfo={_LSLine=175, _LSFunction=_LSFindBundleWithInfo_NoIOFiltered} com.xxx.MacOS-DNSProxyNetworkExtension is not a MetricKit client Sending event: com.apple.stability.crash {"appVersion":"1.0","bundleID":"com.xxx.MacOS-DNSProxyNetworkExtension","bundleVersion":"1","coalitionName":"NetworkExtension.com.xxx.MacOS-DNSProxyNetworkExtension.1.0.1","exceptionCodes":"0x0000000000000000, 0x0000000000000000(\n    0,\n    0\n)EXC_CRASHSIGABRT","incidentID":"56FAD6E5-6092-4BB2-9F9B-CD958AE636BE","logwritten":0,"process":"com.hyas.protect.agent.MacOS-DNSProxyNetworkExtension","terminationReasonExceptionCode":"0x1","terminationReasonNamespace":"DYLD"}

@davidleepablo What is this?

Thanks for valuable response, let me try out above thing then will get back to you. Thanks for clearing confusion that not to use application > network extension.