My application contains a Content Filter Network System extension. My VPN creates a null/loopback encapsulated tunnel in order to route the traffic to the vpn. I've noticed that I get FilterSocketFlows through the FilterDataProvider but I never see any tunnel traffic appearing in the FilterPacketProvider. How can the Packet provider be configured to filter tunnel traffic ? Note : I have tried only registering a PacketProvider and still dont see any traffic. Is there any documentation of proper configuration ?

After installing a product that contains a system extension on a 10.14 device, a dialog shows at the bottom of "Security & Privacy" that says "Software was blocked from loading". Here you have to option to allow the extension. However I would like to delete the application and leave the extension blocked. After deleting the application I see that the dialog still remains. How do I remove this ?

If I install an app that includes a system extension I've noticed that when I remove this app the system extension remains.I'm removing the app with `pkgutil --forget [PKG_NAME]` and deleting dependencies.NOTE : I cannot disable SIP and have you to this remotely or via a script.BR

The function CFNetworkCopyProxiesForAutoConfigurationScript causes a consistent memory leak. Simplifying the code provides: var err: UnmanagedCFError? = Unmanaged.passRetained(CFErrorCreate(nil, "" as CFErrorDomain, 0, nil))     let proxiesCFArrayRef = CFNetworkCopyProxiesForAutoConfigurationScript(       script as CFString,       self.wsAsHTTPURL as CFURL,       &err     )     err?.release()     proxiesCFArrayRef?.release() Which leaks. Is this a bug in CFNetwork or is there another way of clearing the memory allocated ?

I'm developing a product with a Content Filter System Extension with both NEFilterPacketProvider and NEFilterSocketProvider. What's the behavior where mutiple system extension verdicts disagree ? Specifically what happens if our extension .allows a connection and another applications system extension .denys the same connection, or visa versa.

I have a network system extension that is a `FilterDataProvider`. It works well for successful connections to and from the host machine.Example from printing the local and remote NWHostEndpoint objects from the `handleNewFlow` function:```New flow observed : 192.168.56.1:64911->192.168.56.105:9000 (Outbound)[TCP]```However when I make a failed TCP connection from my host, a new flow is not created because the connection failed. In this case I see that the functions `handleInboundDataComplete` get called. The local address is always `0.0.0.0:0` for an outbound connection example:```0.0.0.0:0 -> 192.168.56.105:9000``Now a `tcpdump` on the remote machine shows that the connection was attempted:```12:09:16.929211 IP 192.168.56.105.9000 > 192.168.56.1.64910: Flags [R.], seq 0, ack 885948719, win 0, length 012:09:17.931356 IP 192.168.56.1.64910 > 192.168.56.105.9000: Flags [S], seq 885948718, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 783305121 ecr 0,sackOK,eol], length 012:09:17.931682 IP 192.168.56.105.9000 > 192.168.56.1.64910: Flags [R.], seq 0, ack 1, win 0, length 012:09:21.937581 ARP, Request who-has 192.168.56.1 tell 192.168.56.105, length 2812:09:21.937760 ARP, Reply 192.168.56.1 is-at 0a:00:27:00:00:00 (oui Unknown), length 46```Question 1 ) Is there any way of getting local address and port information from an Outbound failed connection?I also can't find how to get any notification in this framework in the case of a failed INBOUND connection.Question 2) Is there any way of getting information for failed Inbound connections?NOTE : I understand that I could use the PacketFilterProvider, but this would require complex matching between the two providers and is potentially needless processing, plus I need the pid of the process responsible for the flow (or failed flow).Thank you.