External NIC Blocked by Elastic Agent

Brand new Belkin USC-C NIC is now being used. Exact same issue. Once the Elastic Agent is installed and running the NIC can no longer acquire a DHCP IP or if a static one is assigned, the network fails. I have test this NIC with EA 7.15.2 and also upgraded to MacOS 12.1. Same results.

How can I insure I have completely purged the Elastic Agent and any leftover features (like netflow) or rules from my system?

Hello Chris,

I was able to reproduce this issue internally with the Cable Matters NIC and Belkin NIC. This issue seems to be caused by us implementing a packet filter in the network extension. This is also why Little Snitch did not cause issues is due to them not having a packet filter. I suspect this is an issue in Apple's NetworkExtension framework since I was able to reproduce this issue with Apple's FilteringNetworkTraffic sample by adding an empty packet filter implementation, and since this issue does not happen on Intel Macs. I've gone ahead and filed a bug with Apple's Feedback Assistant system. In the meantime we will try to find a way to work around this issue (if possible), but I suspect the real fix will come in a macOS Monterey update.

FB9810340 is the bug filed with Apple.

Thanks for the update Will. Nice to know I was not crazy after all.

One question though, why doesn't the packet filter issue affect the WiFi NIC?

@Will_Yu and @Yamin_Tian, do either of you have any idea why the problem that you managed to reproduce only effected an external NIC on the MacBook not the built in WiFi NIC like Chris asked?

Since macOS 12 source has not been released yet I am not privy to the internal workings of the NetworkExtension framework or the inner workings of the changes made to XNU to support USB-C NICs on M1, so keep in mind this is all conjecture and should be taken with a grain of salt until Apple responds to my bug report with more details.

My theory is that the WiFi chipset that is used with the M1's are known hardware from Apple's perspective and they can support and test that hardware as a first class citizen in macOS 12. With external USB-C NICs I suspect that support for this feature was added as a secondary concern and not tested well in comparison. There is most likely a bug in either the Network Extension framework that did not account for USB-C NICs + Network Extensions that implement both the Filter Data Provider AND a Filter Packet Provider, or a bug in the kernel. A bug in either location will require a bug fix from Apple in the meantime.

Thanks for the response. Please keep us posted.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.