Little Snitch and Possible Deprecation of NKEs

In a WWDC session, David Schinazi has mentioned that Network Kernel Extensions (NKEs) ”will be deprecated”. He asked developers to transition to the Network Extension (NE) framework and approach Apple to report any problems with this.

This statement, mentioned in passing, has caused a lot of discussion and rumors since it was made. It has also caused concerns among Little Snitch users, because it is based on an NKE.

Will Little Snitch be affected?

In a nutshell, no. Apple is signaling their willingness to listen to users of the NKE API – and we are happy to talk. Little Snitch has been around before there was an NKE API and will be after its deprecation.

What does this announcement technically mean for Little Snitch?

Like all other developers currently shipping NKEs, we will have to make the transition at some point in the future. We are currently evaluating the NE framework and are in contact with Apple to talk about our requirements. Since Apple has announced the deprecation early and since they are open to talk to developers, we are optimistic that the new NE framework will cover all our needs.

But what happens if Apple will not or cannot provide the required features? NKEs will be deprecated, but not Kernel Extensions in general. We can still implement a Kernel Extension to augment the functionality of the NE framework. The basic filtering can be done via the NE framework and additional functions would be provided by our own Kernel Extension.

Remember that Little Snitch is available for more than 15 years now, longer than the NKE API in the kernel. We had ways to implement our filter before the advent of NKEs and we will find ways after their deprecation.

What does Objective Development think about the transition?

Using the Network Extension framework instead of an NKE very likely allows us to build a version of Little Snitch which requires no Kernel Extension at all. That is a good thing.