How to pass a parameter to an async call in swift. In a function when i try to pass a stack local auto variable to an async block, in some scenario I could see the passed parameter has changed in below code. The possible reason I could think of is that as soon as the function (handleNewFlow) is returned, the stack memory location (for supportedFlow) is freed to be taken by other functions: // The TCP flows are actually run through the flow copying process   override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {     // See the doc comment for `canHandleNewFlow(_:)` for an explanation of     // why the code below is structured this way.     let (supportedFlow, proxyServer, proxyPort, shouldBlock) = self.core.supportedFlowForFlow(flow, remote_endpoint: nil )     // os_log(.debug, log: self.log, "Provider did handle flow with server :: %{public}@ and port :: %{public}@", proxyServer!, proxyPort!)     if (supportedFlow != nil) {       self.queue.async {         if (shouldBlock == true) {           // TODO with proper handling of flow           os_log(.debug, log: self.log, "TransparentProxy Provider want to block this TCP flow, flow: 0x%zx", flow.osLogID)           let error = NSError(domain: "", code: 0, userInfo: [NSLocalizedDescriptionKey : "Connection Refused"])           flow.closeReadWithError(error)           flow.closeWriteWithError(error)                     } else {           self.core.handleNewSupportedFlow(supportedFlow!, proxyServer!, proxyPort!)         }       }       os_log(.debug, log: self.log, "Provider did handle new flow, flow: 0x%zx", flow.osLogID)       return true     } else {       os_log(.debug, log: self.log, "Provider did not handle new flow, flow: 0x%zx", flow.osLogID)       return false     }   } In above code I could see the value 'supportedFlow' is not correct always when 'self.core.handleNewSupportedFlow()' is called:           self.core.handleNewSupportedFlow(supportedFlow!, proxyServer!, proxyPort!) Can someone help me in passing 'supportedFlow' as thread function parameter in async block?

I am trying to find the available methods to capture selective IP traffic to tunnel it using an UDP tunneling. I went through the online resources and found that we can achieve this using PacketTunnelProvider where we will configure the tunnel then define inbound and outbound reader and writer functions. One another method I found where we open a utun socket, assign source and destination tunnel address of the tunnel endpoints and then start doing read write operations on the utun interface, where our application will be able to read any traffic coming to that interface. (also we need to configure appropriate routes for the utun interface to redirect traffic). I wanted to understand the difference between the two methods, and in which scenario both should be used?

AppProxy VPN can be disconnected by using "Disconnect" option in Network settings. How can I disable the 'Disconnect' button for the VPN in network settings? Current this can be disabled even without opening the lock (bottom). Or Can we somehow disable the effect of the disconnect action, ie user cannot stop VPN from this place?

While uninstalling system extension, user gets a pop for user consent and ask to enter administrator credential to allow the uninstallation. We couldnt find a method to avoid this user consent and allow system extension removal silently. This is becoming an issue for one of our customer. On the other had System Extension installation can be handled silently using MDM profiles. Can you please suggest a method to allow silent uninstallation of system extension?

I have a TransparentProxyProvider VPN implemented in a xcode-project, and it contains the systemextension (TransparentProxyProvider) and an App which configures and enables the VPN. Both of these are inside same AppSanbox. Now I have another service (a C++ Project) which needs to takes some action when the above VPN status is changing (from Disconnected -> Connecting -> Connected). I have this limitation that I cannot put this service in the same project where SystemExtension is build. Is there a method available using which I can add observer on the VPN status outside process?

Setup Details: ProductName: macOS ProductVersion: 11.5.1 BuildVersion: 20G80 Platform: arm64 Rosetta2 emulator is installed. My Network extension app having below entitlement is not working on many M1 Macbooks. Behavior is very random, on some M1 systems it does work without any issue and on few system it never works: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/private/var/db/mds/</string> <string>/usr/local/myorg/Mcp/bin/</string> <string>/usr/local/myorg/StatefulFirewall/bin/</string> </array> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.com.myorg.endpoint</string> </array> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> </dict> </plist> Error in system extension: 2021-09-30 12:41:53.049345-0400 0x361f5b Error 0x0 60247 0 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] com.myorg.CMF.networkextension: Unsatisfied entitlements: com.apple.security.application-groups More logs are attached: More detail logs At one instance, the package which is working on many M1 machines, crashed with 'EXC_CRASH (Code Signature Invalid)' exception: Process: com.myorg.CMF.networkextension [503] Path: /Library/SystemExtensions/*/com.myorg.CMF.networkextension Identifier: com.myorg.CMF.networkextension Version: ??? Code Type: X86-64 (Translated) Parent Process: launchd [1] Responsible: com.myorg.CMF.networkextension [503] User ID: 0 Date/Time: 2021-09-30 12:55:27.365 -0400 OS Version: macOS 11.5.1 (20G80) Report Version: 12 Anonymous UUID: BBAF0CEC-BDE6-1239-9E5D-9099403D7616 Time Awake Since Boot: 63 seconds System Integrity Protection: enabled Crashed Thread: Unknown Exception Type: EXC_CRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 kernel messages: VM Regions Near 0 (cr2): --> mapped file 102b7f000-102baf000 [ 192K] r-x/r-x SM=COW Object_id=2f6c9e1b Backtrace not available Unknown thread crashed with ARM Thread State (64-bit): .................. Could you please help me understand why the same package which is working fine on Intel Mac machines and also working fine on some of M1 Mac machine will fail on other M1 mac machines? What could we be doing wrong here?