HI, I am new to network extensions and content filters. In my MacBook Pro, I have one "c\+\+ application in user space, one kernel module and IOKit interface between them to exchange messages. I have some hook functions for network operations APIs like socket(), connect(). If any network operation performs, I catch them in hook functions and I will perform policy evaluations on them in kernel and will perform my own actions. Now I want to remove hook functions in kernel and I want to catch network operations using content filters in my c++ application at userspace. Once I catch network operations using content filter, I want to evaluate my own polices on them and will perform my own actions based on the result. I have done some R&D about this but not found samples on content filters in objective-c or c++ except simplefirewall example in swift language. Anyone pls provide some samples in objective c or c\+\+ to register network extensions, to catch all non-browser network operations, to extract local & remote address (port & ip) details. So that I can refer the samples to get network operation details at user space in my c++ application, I will send those details to kernel using IOKit to evaluate my own rules and perform my own actions. Thanks.

Hi, I modified content filter SimpleFirewall example as below to run build/Release//com.digitalguardian.dgsysext.systemextension/Contents/MacOS/com.digitalguardian.dgsysext on my terminal without using UI and tried to filter the data. But It is not working as expected & none of function have not invoked from FilterDataProvider I have removed SimpleFirewall target & kept SimpleFirewall Extension target only. I have removed 'IPCConnection.shared.startListener()' in main.swift Even I have tried by adding enableFilterConfiguration() functionality which is available in ViewController.swift to the main.swift. But no use. Any one pls help me on this.

Hi, I am new to objective-c. I tried to run an app as part of my launchd application using openApplicationAtURL() API but I failed. I did R &D also but I haven't found any example I have an app NetopsFilter.app and If I run this app with '--uninstallFilter' argument then it will deactivate the network extension. I tried from terminal and it is successfully deactivating the extension after entering the credentials in the popup. App path: /Applications/NetopsFilter.app argument: --uninstallFilter I tried as below but failed. Please help me to fix this. How can I pass arguments, necessary configuration settings to the API.   NSWorkspace *workspace = [NSWorkspace sharedWorkspace];   NSURL *url = [NSURL fileURLWithPath:[workspace fullPathForApplication:@"/Applications/NetopsFilter.app/Contents/MacOS/NetopsFilter"]];  NSArray *arguments = [NSArray arrayWithObjects:@"--uninstallFilter", nil];    [workspace openApplicationAtURL:url configuration:(NSWorkspaceOpenConfiguration *)arguments nil]; Thanks

Hi, I am using content filter network extension to allow/drop the network operations. Here I want to get URL of the network flow. How can I achieve this? Please help me. Below is sample content filter NE handleNewFlow().  override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {     		guard let socketFlow = flow as? NEFilterSocketFlow,       		let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,       		let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {        			  return .allow()     		}        }

Hi, I have Content Filter Simple Firewall extension app. I want to get read bytes for inbound data, write bytes for outbound data. Following is sample handleNewFlow() API. Please help me to get read(inBytes) and write(outBytes) bytes from following example.  override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {     guard let socketFlow = flow as? NEFilterSocketFlow,       let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,       let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {         return .allow()     }       var bytes :Int32 = 0           if socketFlow.direction.rawValue == 1 {         // bytes = inBytes       }else {         //bytes = outBytes       }   }

I have an API with variable arguments in C++ library. I am trying to call this API from swift language. But I am facing with compilation errors as below. If I tried by removing variable arguments from the API then it is compiling. Please help to fix the error with variable arguments. API is void netops_log(enum log_level loglevel, const char *format, ...); Compilation errors: FilterDataProvider.swift:73:9: error: 'netops_log' is unavailable: Variadic function is unavailable     netops_log(LOGLEVEL_DEBUG, "Starting the filter... from NE")     ^~~~~~~~~~~~ __ObjC.netops_log:2:13: note: 'netops_log' has been explicitly marked unavailable here public func netops_log(_ loglevel: log_level, _ format: UnsafePointer<Int8>!, _ varargs: Any...)       ^

Hi, I have Content Filter simple firewall app. I am dropping SSH connection as part my app as per my policy evaluation result and I am expecting my custom error type EACCES(permission denied) whenever user tries SSH But drop() is returning with EBADF (Bad file descriptor). Is it possible to return my custom error type as part of drop()? Below is sample code I have. override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { &#9;&#9; DispatchQueue.global(qos: .default).async { &#9;&#9;&#9;&#9; // errortype is EACCES for drop case and errorType is 0 for allow case  &#9;&#9;&#9;&#9;userVerdict = errortype == 0 ? .allow() : .drop()  &#9;&#9;&#9;&#9;self.resumeFlow(flow, with: userVerdict) &#9;&#9; } &#9;&#9; return .pause() }

Hi, I have Simple Firewall example which is using FilterDataProvider. I have enabled socket level filtering. I want get the process name of event in handleNewFlow(). Following is the sample example handleNewFlow() API: override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { &#9;&#9;guard let socketFlow = flow as? NEFilterSocketFlow,      &#9;&#9; &#9;&#9;&#9;&#9;let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint,      &#9;&#9; &#9;&#9;&#9;&#9;let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else {       &#9;&#9;&#9;   &#9;&#9;&#9;&#9;&#9;&#9;return .allow()    &#9; &#9;&#9;}        } Please help me to get process name.