Hi @DTS Engineer , Thank you very much for your responses, really helpful. For the past two weeks, I've been experimenting with a macOS System Extension application that manages three different Network Extension providers (NEFilterDataProvider, NETransparentProxyProvider, and NEDNSProxyProvider) housed within a single systemext bundle (Xcode target2), all managed and activated by a single main application(Xcode target1). My goal is to reliably capture comprehensive network activity logs from all three extensions simultaneously, particularly under high-traffic conditions. I've run into a few architectural questions regarding prioritization, concurrency, and logging reliability. Part 1: Extension Activation Order and Execution Predictability When multiple Network Extensions are active, how does the system process traffic, and is there a guaranteed order of execution? Q1: Given that all three extensions are active, is there a predictable order in which the network traffic will hit the providers? For example, should I assume the NEFilterDataProvider processes the socket/flow before the NETransparentProxyProvider or NEDNSProxyProvider handles the connection attempt? Q2: Is there a recommended or "safe" sequence for activating these three specific managers (NEFilterManager, NETransparentProxyManager, NEDNSProxyManager) from the main application to ensure the system applies them correctly and avoids conflicts? Q3: When the network is under high load, is there a risk that one provider (e.g., the DNS Proxy) might experience delays or resource starvation, potentially causing it to miss network events or logs while the others continue to process traffic? Part 2: Bidirectional Inter-Process Communication (IPC/XPC) I am using a single, bidirectional NSXPCConnection channel (IPCConnection) to send logs from all three providers back to the main application for processing. My Current IPC Setup (Simplified): /// App --> Provider IPC (Implemented by Provider) @objc protocol ProviderCommunication { func register(_ completionHandler: @escaping (Bool) -> Void) } /// Provider --> App IPC (Implemented by Main App) @objc protocol AppCommunication { func handleLogs(logData: Data) } And then in IPCConnection, I call the above function after receiving the logs from extension: func sendLogs(logData: Data) { if let logString = String(data: logData, encoding: .utf8) { os_log("IPCConnection: Log entry received: %{public}@", logString) } // Use remoteAppConnection (captured from app via register()) instead of currentConnection guard let appProxy = remoteAppConnection else { os_log("IPCConnection: No remote app proxy") return } appProxy.handleLogs(logData: logData) } Each extension sends the log to IPCConnection class/file by calling sendLogs function like: private let ipcConnection: IPCConnection ....... ipcConnection.sendLogs(logData: logEntry) or IPCConnection.shared.sendLogs(logData: logEntry) Q4: Since all three extensions (which run in the same Xcode target) will be asynchronously calling sendLogs(logData:) simultaneously during high network traffic, is it safe to use a single XPC connection? Any guidance on the interaction between these three types of network extensions and best practices for robust, concurrent XPC communication would be greatly appreciated. Please let me know if more clarifications needed from my end. Thank you

Thanks a lot for your detailed explanation of the relevant concepts @DTS Engineer. It's very helpful and I really appreciate your time and support here. I am using Content Filter Extension to capture/log some basic details. As you've mentioned, it's the simplest one. I wanted to have a working network extension app for MacOS to begin with. However, my intention is to capture real network traffic with HTTP/HTTPS logs, actual urls, and actual endpoints along with DNS Record details by using all the relevant extensions together. Right now, My app is working with Content Filter extension. As you suggested, I am building with two Xcode targets, one with Main app and other with the System Extension(which contains multiple network extensions). To start with, I am only focusing on HTTP logs capture using NETransparentProxyProvider for now(Capturing/logging HTTPS requires more work dealing with TLS and Certificates, will look into this later). I am able to build, and run this binary with these added new files for AppProxy class(inherited from NETransparentProxyProvider), after updating extension's Info.plist and entitlement files with two extension types. However, Only Content Filter extension is active but not the Proxy extension. At General-> Login Items & Extensions tab, Under Extensions section, I can see "Network Extensions" with com.company.MyNetworkExtension.SystemExtensions(this is the name I have given to my system extension). Here are the Disk structure and other relevant details for the app with multiple network extensions under the single system extension target for your understanding: /Library/SystemExtensions/79F14D4A-D6E0-4CFA-972C-9B18E467D9FF/com.company.MyNetworkExtension.SystemExtensions.systemextension/Contents/MacOS Has com.company.MyNetworkExtension.SystemExtensions And file com.company.MyNetworkExtension.SystemExtensions command gives: com.company.MyNetworkExtension.SystemExtensions: Mach-O 64-bit executable x86_64 Also after placing my binary in /Applications directory: cd /Applications/MyNetworkExtension.app/Contents/MacOS has the following: __preview.dylib, MyNetworkExtension, MyNetworkExtension.debug.dylib /Applications/MyNetworkExtension.app/Contents/Library/SystemExtensions/ com.company.MyNetworkExtension.SystemExtensions.systemextension/ Contents/MacOS Has com.company.MyNetworkExtension.SystemExtensions And file com.company.MyNetworkExtension.SystemExtensions command gives: com.company.MyNetworkExtension.SystemExtensions: Mach-O 64-bit executable x86_64 How to Enable multiple extensions(like, Content Filter, Transparent Proxy, etc)? Are there any other missing things leading to inactivation of my Transparent Proxy? It would be very helpful if you can help me on all the relevant details regarding these and keeping multiple network extensions active for MacOS. Thank you once again for your continued support here.

Hi @DTS Engineer, Thank you for clarifying. I confirm that I am referring to Network Extensions within the context of System Extensions. Regarding the first approach I mentioned earlier, I am using separate NEMachServiceNames in the Info.plist files for two different extensions, while using the same App Groups name for all extensions in their respective targets. For the Second approach you suggested, I understand that in the configuration, we can place multiple extensions under the NEProviderClasses dictionary in the extension's entitlement file, and maintain a single NEMachServiceName in the Info.plist file of the Extension's target (Xcode Target2). Given that I am new to this framework, I would greatly appreciate it if you could provide more detailed guidance on how to: Utilize multiple NE Providers with a single system extension. Activate these providers one after another. Handle IPC (Inter-Process Communication) connections between the Main App and the single System Extension(apart from Info.plist config with service name) Any detailed examples or documentation would be extremely helpful. I am thinking of the following kind of project/folder structure(for Second approach), Correct me if I am wrong in understanding: MyNetworkExtensionProject/ ├── MyNetworkExtensionApp/ (Xcode Target1) │ ├── AppDelegate.swift │ ├── ViewController.swift │ ├── Resources/ │ │ ├── Assets.xcassets │ │ ├── Info.plist │ │ └── Main.storyboard │ └── MyNetworkExtensionApp.entitlements │ ├── MyNetworkSystemExtension/ (Xcode Target2) │ ├── Providers/ │ │ ├── AppProxyProvider.swift │ │ ├── DNSProxyProvider.swift │ │ ├── ContentFilterProvider.swift │ │ |── IPCConnection.swift |. |. |--- OtherFiles for parsing etc │ ├── Resources/ │ │ ├── Info.plist │ │ └── main.swift │ └── MyNetworkSystemExtension.entitlements │ └── Frameworks/ ├── NetworkExtension.framework └── libbsm.tbd Also, To capture HTTP(and HTTPS logs) of all kinds of network traffic, I am confused on which among 3 of the APIs/Classes best suites for this purpose for MacOS: NEAppProxyProvider/ NETransparentProxyProvider/ Packet Tunnel Provider And to capture/log DNS Records(all kinds possible), Is the NEDNSProxyProvider right one? Kindly help me choose the best suitable one for my usecase Your responses/clarifications are very helpful as I am starting with this project. Thanks a lot for your time and support