We have a Network Extension system extension implementing NEFilterPacketProvider to inspect all incoming and outgoing network traffic.
We also want to monitor socket-level events such as connect(), bind(), and similar, by leveraging the Endpoint Security framework.
Does this require developing a separate system extension for Endpoint Security?
Additionally, what is the recommended approach for sharing context and data between the Network Extension and the Endpoint Security extensions?
Does this require developing a separate system extension for Endpoint Security?
AFAIK Endpoint Security doesn’t generate events for TCP/IP sockets. The standard way to achieve this goal is to create a different NE extension, one that sits above the transport protocol. That typically means a content filter or a transparent proxy.
Additionally, what is the recommended approach for sharing context and data between the Network Extension and the Endpoint Security extensions?
It’s typical to package your ES and NE code into a single sysex, so they can share state via an (appropriately locked) global variable. However, it’s possible to package each in owns own sysex, in which case state sharing becomes an IPC problem.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
