I've been trying very unsuccessfully to get the Filtering Network Traffic example code to work. I've read many forum posts but I still wasn't able to figure it out.
I download the example project and set my development team for both targets. From then on the project is configured to create unique bundle identifiers and app group. Signing and provisioning profile is created and managed by Xcode with all the necessary entitlements. I am able to build the app (debug with provisioning profile) and then copy it to /Applications.
I open the app, click start, enable and allow the network extension. Activity Monitor shows that the extension is running.
But when I test local connections to port 8888 nothing happens in the app, the connection are just allowed. I tested with the following setup:
- create a local webserver with
python3 -m http.server 8888and make a request via curl and the webbrowser - normal tcp connection with
nc(nc -l 8888andnc localhost 8888)
I added lots of logging and I can see that the startFilter method is called, but never the handleNewFlow method.
The only error I see in Console is
networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception.
but don't know what to do about that. I also read the debugging guide (very helpful). I'm used to jump through a lot of hoops with this stuff, but I can't figure out what the problem is.
I think you're testing connections to localhost (127.0.0.1 or ::1), which requires explicit network rules.
Refer: NetworkExtensions/NENetworkRule.h
If the address is a wildcard address (0.0.0.0 or ::) then the rule will match all destinations except for loopback (127.0.0.1 or ::1). To match loopback traffic set the address to the loopback address.