It appears that either the network_monitor does not build into the bundled extension, because it uses addOsqueryExtension in its CMake rather than addOsqueryExtensionEx.

https://github.com/trailofbits/osquery-extensions/blob/master/network_monitor/CMakeLists.txt#L36

Should we fix this, or document it as intentional and add a note to the READMEs?

A user has reported that they are able to load the extension this way:

osqueryi --allow_unsafe --extension osquery/build/external/extension_trailofbits/extensions/network_monitor/network_monitor.ext

This was intentional because the network_monitor extension drops its privileges at runtime to do handling of untrusted network traffic, and that is incompatible with what the other extensions need, so it is built as a separate executable.

Documented in dbee8f5