1

I have a product for macOS which uses Network Kernel Extensions to get the network data and modify the data based on some pre-defined rules.

As kexts will no longer be supported starting macOS 10.16, I have to port my solution to use Network System Extensions.

I am not able to find out what APIs to use for this purpose.

I looked into NEFilterPacketProvider under Content Filters which can provide me the packet and based on rules I can allow/deny/delay. But is it possible to perform some computation and forward the manipulated data before allowing it??

The NEFilterPacketHandler provides the packetBytes in the form of const void so even though it would be possible to cast const away? Plus there are other expectations here such as packetLength that rely on these bytes staying intact.

typedef NEFilterPacketProviderVerdict (^NEFilterPacketHandler)  
(NEFilterPacketContext *context,   
 nw_interface_t interface,  
 NETrafficDirection direction,   
 const void *packetBytes,   
 const size_t packetLength);
toti
  • 325
  • 4
  • 12
  • You may be a little late to the party as NKEs are already long deprecated, but Apple recommends you file ERs (enhancement request feedback) if you are missing any features from NKEs in the new NE API. – pmdj Mar 14 '20 at 10:58
  • Alternative idea: structure your product as a "VPN" or other virtual network interface, make it the default route, and forward the packets down the next-lower-priority route once you're done manipulating them. (Note: I haven't done this myself using the NE APIs, so I don't know if it'll work.) – pmdj Mar 14 '20 at 10:59

0 Answers0