Hello, I'm having some problems starting my DNS proxy network extension.
Even after I call NEDNSProxyManager.saveToPreference() successfully I don't see any logs from my dns proxy.
This is the code from the user space app:
import SwiftUI
import NetworkExtension
func configureDNSProxy() {
let dnsProxyManager = NEDNSProxyManager.shared()
dnsProxyManager.loadFromPreferences { error in
if let error = error {
print("Error loading DNS proxy preferences: \(error)")
return
}
dnsProxyManager.localizedDescription = "my DNS proxy"
let proto = NEDNSProxyProviderProtocol()
proto.providerBundleIdentifier = "com.myteam.dns-proxy-tests.ne"
dnsProxyManager.providerProtocol = proto
// Enable the DNS proxy.
dnsProxyManager.isEnabled = true
dnsProxyManager.saveToPreferences { error in
if let error = error {
print("Error saving DNS proxy preferences: \(error)")
} else {
NSLog("DNS Proxy enabled successfully")
}
}
}
}
@main
struct dns_proxy_testsApp: App {
var body: some Scene {
WindowGroup {
ContentView()
}
}
init() {
configureDNSProxy()
}
}
This is the code for my network extension(DNSProxyProvider.swift):
import NetworkExtension
class DNSProxyProvider: NEDNSProxyProvider {
override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) {
NSLog("dns proxy ne started")
completionHandler(nil)
}
override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
NSLog("dns proxy ne stopped")
completionHandler()
}
override func sleep(completionHandler: @escaping () -> Void) {
NSLog("dns proxy ne sleep")
completionHandler()
}
override func wake() {
NSLog("dns proxy ne wake")
}
override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool {
NSLog("dns proxy ne flow")
return true
}
}
The bundle identifier for my network extension is: com.myteam.dns-proxy-tests.ne and both the user space app and the network extension have the DNS Proxy capability. Both have the same app group capability with the same group name group.com.myteam.dns-proxy-test.
The info.plist from the network extension look like this(I didn't really modify it from the default template created by xcode)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NetworkExtension</key>
<dict>
<key>NEMachServiceName</key>
<string>$(TeamIdentifierPrefix)com.example.app-group.MySystemExtension</string>
<key>NEProviderClasses</key>
<dict>
<key>com.apple.networkextension.dns-proxy</key>
<string>$(PRODUCT_MODULE_NAME).DNSProxyProvider</string>
</dict>
</dict>
</dict>
</plist>
In the logs I do see DNS Proxy enabled successfully and also I see:
NESMDNSProxySession[Primary Tunnel:my DNS proxy:<...>:(null)] starting with configuration: {
name = my DNS proxy
identifier = <..>
applicationName = dns-proxy-tests
application = com.myteam.dns-proxy-tests
grade = 1
dnsProxy = {
enabled = YES
protocol = {
type = dnsProxy
identifier = <...>
identityDataImported = NO
disconnectOnSleep = NO
disconnectOnIdle = NO
disconnectOnIdleTimeout = 0
disconnectOnWake = NO
disconnectOnWakeTimeout = 0
disconnectOnUserSwitch = NO
disconnectOnLogout = NO
includeAllNetworks = NO
excludeLocalNetworks = NO
excludeCellularServices = YES
excludeAPNs = YES
excludeDeviceCommunication = YES
enforceRoutes = NO
pluginType = com.myteam.dns-proxy-tests
providerBundleIdentifier = com.myteam.dns-proxy-tests.ne
designatedRequirement = identifier "com.myteam.dns-proxy-tests.ne" <...> /* exists */
}
}
}
But then I see:
Checking for com.myteam.dns-proxy-tests.ne - com.apple.networkextension.dns-proxy
But then finally
Found 0 registrations for com.myteam.dns-proxy-tests.ne (com.apple.networkextension.dns-proxy)
So I think that last log probably indicates the problem.
I'm a bit lost at what I'm doing wrong so I'd be super thankful for any pointer!
I suspect that the sysextd crash is a known issue that seems to be caused by a race condition in the code (r. 99777199).
The nesessionmanager crash is more likely to be caused by the properties in your sysex. The crashing thread looks like this:
5 Foundation 0x191f5c120 -[NSString initWithFormat:] + 52
6 nesessionmanager 0x100138ac0 -[NESMProviderManager createSystemExtensionErrorWithCode:extensionInfo:] + 440
7 nesessionmanager 0x100139558 -[NESMProviderManager createLaunchdPlistEntriesFromExtensionBundle:extensionInfo:error:] + 2464
8 nesessionmanager 0x1001399d8 __84-[NESMProviderManager listener:validateExtension:atTemporaryBundleURL:replyHandler:]_block_invoke + 212
NE is trying to validate your sysex, that’s failed, and it’s crashed trying to generate the error O-:
Both of these are obviously bugs in our OS — these subsystems should fail rather than crash — and I encourage you to file bug reports about them. Include a sysdiagnose log and a copy of your built app (the broken one, not the fixed one). Please post your bug numbers, just for the record.
However, frame 7 in the NE crash suggests that you have an app group mismatch. NE wants your Mach service name to be ‘inside’ an app group. For example, in my test project I have this:
% codesign -d --entitlements - QNE2DNSProxyMac.app/Contents/Library/SystemExtensions/com.example.apple-samplecode.QNE2DNSProxyMac.SysEx.systemextension
…
[Dict]
…
[Value]
[Array]
[String] SKMME9E2Y8.com.example.apple-samplecode.QNE2DNSProxyMac
…
% plutil -p QNE2DNSProxyMac.app/Contents/Library/SystemExtensions/com.example.apple-samplecode.QNE2DNSProxyMac.SysEx.systemextension/Contents/Info.plist
{
…
"NetworkExtension" => {
"NEMachServiceName" => "SKMME9E2Y8.com.example.apple-samplecode.QNE2DNSProxyMac.service"
"NEProviderClasses" => {
"com.apple.networkextension.dns-proxy" => "com_example_apple_samplecode_QNE2DNSProxyMac_SysEx.DNSProxyProvider"
}
}
…
}
My app group, SKMME9E2Y8.com.example.apple-samplecode.QNE2DNSProxyMac, is a prefix of the Mach service name, SKMME9E2Y8.com.example.apple-samplecode.QNE2DNSProxyMac.service, and that’s what NE is checking for.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"