hello, we're currently working on a way to adapt the behavior of our app when the device is running with a low free memory remaining, or a bad network.
For the network, we though about implementing a speedtest, but the issue with this solution is that we want to test regularly the quality of the network, so if the device is running with a poor/bad network, the speedtest with stuck the app.
I was looking for other way to check the displayed informations in the status bar:
private func getWiFiRSSI() -> Int? {
let app = UIApplication.shared
var rssi: Int?
let exception = tryBlock {
guard let statusBar = app.value(forKey: "statusBar") as? UIView else { return }
if let statusBarMorden = NSClassFromString("UIStatusBar_Modern"), statusBar .isKind(of: statusBarMorden) { return }
guard let foregroundView = statusBar.value(forKey: "foregroundView") as? UIView else { return }
for view in foregroundView.subviews {
if let statusBarDataNetworkItemView = NSClassFromString("UIStatusBarDataNetworkItemView"), view .isKind(of: statusBarDataNetworkItemView) {
if let val = view.value(forKey: "wifiStrengthRaw") as? Int {
rssi = val
break
}
}
}
}
if let exception = exception {
print("getWiFiRSSI exception: \(exception)")
}
return rssi
}
I've checked the AppStore Guidelines but I'm not sure that this kind of code will not be subject to rejection by the Review team. Anyone having trying to submit with a similar approach?
Did you already managed to monitor network regularly, without using a speedtest?
Thanks for the help!
Networking
RSS for tagExplore the networking protocols and technologies used by the device to connect to Wi-Fi networks, Bluetooth devices, and cellular data services.
Post
Replies
Boosts
Views
Activity
Hi, all. We have a camera with only one WiFi module. It supports AP and STA modes coexisting, but the WiFi of AP and STA can only be in the same channel at the same time, that is, 2.4G or 5G. In the initial state, the App is connected to the camera through 5G WiFi, and the camera is in AP mode. When entering the network configuration mode, the camera will start the STA mode, and the AP and STA modes coexist. When the user selects 2.4G WiFi, the AP mode will switch from 5G to 2.4G. Android's WiFi and socket are not disconnected, iOS's socket will be disconnected 100%, and WiFi may be disconnected.
What is the reason for this? Is there any way to solve it?
We have Mac OS VM which has two network interfaces and both are active. In our application we need “State:/Network/Global/IPv6” to do some task but on this machine it seems to be missing, however if we disable one of the interface then the same setting seems to be available and our code works fine.
Please find the attached screenshots of working & non-working details:
Hi,
I'm adding a Content Filtering (FilterDataProvider) on macOS to an existing app and using MDM to avoid user interaction.
I start by pushing the following payloads to my machine:
com.apple.system-extension-policy
com.apple.webcontent-filter
And then installing notarized pkg containing my app and the NE.
Inspecting the system logs shows the following error:
neagent Failed to find a com.apple.networkextension.filter-data extension inside of app com.company_name.app_name.daemon
And calling
submit(request: .activationRequest(forExtensionWithIdentifier: bundleId, queue: queue))
results in:
Missing entitlement com.apple.developer.system-extension.install
Installing from Xcode on a SIP disabled machine works fine and both NE and CF are working as expected.
I followed the steps mentioned here https://developer.apple.com/forums/thread/737894 however the embedded entitlements already contained -systemextension suffix so I'm not sure if re signing and the subsequent steps are needed.
I also double checked that com.apple.developer.system-extension.install is present, certificates are not expired and that get-task-allow is not present in the embedded profile.
Here is what my release entitlement file looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>content-filter-provider-systemextension</string>
</array>
<key>com.apple.security.application-groups</key>
<array>
<string>com.company_name.app_name.network-extension.content-filter</string>
</array>
</dict>
and my release app entitlement:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>content-filter-provider-systemextension</string>
</array>
<key>com.apple.developer.system-extension.install</key>
<true/>
</dict>
</plist>
redacted logs
@eskimo may I ask for your help here!
Hi everyone,
Our app helps users block adult websites to promote focus and digital wellness. During the App Store review, it was flagged under Guideline 2.5.1 for using a VPN profile to block content, with Apple advising us to remove this feature.
Since blocking adult content is core to our app, we’re looking for compliant alternatives:
Can Network Extensions Framework (e.g., NEDNSProxyProvider) be used for on-device filtering?
Would pre-configured safe DNS (e.g., CleanBrowsing) be acceptable?
Are there compliant examples of similar apps?
Any advice on achieving this functionality within Apple’s guidelines would be greatly appreciated.
Thanks!
MINI M2 Apache httpd stopped serving with this in log: "bug_type":"312","os_version":"macOS 15.2 (24C5079e)"} {"issueCategory":"hitch","logType":"Tailspin","uploadAttemptCount":0,
Sequoia 15.2 Beta Server runs about 2 hours and then need to reboot computer to restart to server remote viewers. Brew Service ReStart and sudo apachectl graceful restart server for localhost but they will not restart server for remote viewers.
The update to IOS 18.1 broke my VPN app. It was still working with 18.0.1.
First analysis indicates that packets are not received through packetflow. Postings like this also indicates that there has something changed about the routing: https://developer.apple.com/forums/thread/767315
So what is going on here?
I am using the following NEPacketTunnelNetworkSettings:
static private func buildSettings() -> NEPacketTunnelNetworkSettings {
let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1")
let ipv4Settings = NEIPv4Settings(addresses: ["10.42.0.1"], subnetMasks: ["255.255.0.0"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
ipv4Settings.excludedRoutes = []
settings.ipv4Settings = ipv4Settings
settings.mtu = 1500
let dnsSettings = NEDNSSettings(servers: ["10.42.0.1"])
settings.dnsSettings = dnsSettings
let ipv6Settings = NEIPv6Settings.init(addresses: ["fdb2:d970:8536:8dc6:0000:0000:0000:0001"], networkPrefixLengths: [64])
ipv6Settings.includedRoutes = [NEIPv6Route.default()]
settings.ipv6Settings = ipv6Settings
return settings
}
Any help would be greatly appreciated.
We want to ressolve dns for predefined sets of private app domains.
We've added this rule:
NENetworkRule(destinationHost: NWHostEndpoint(hostname: Private Domain1(example.com), port: 53), protocol: .UDP)
As per apple documentation: A rule that matches all DNS queries/responses for hosts in the example.com domain.
do you think it will work i.e it will forward DNS requests UDP flow to transparent provider in all the cases?
or do you think the text is a bit misleading. it should instead say: "A rule that matches all DNS queries/responses for nameservers in the example.com domain"?
This rule that look for port 53 of that domain only works if the system really asks a nameserver of that specific domain, right?
So, what if a local DNS server or a different nameserver are taking care of the resolution?
I'm seeing behaviour that I'm struggling to work out when making GraphQL related network requests (these are POST requests).
I note that QA1941 covers the "lost connection" errors that I see in my responses, but I'd like to understand more, because just retrying the connection without understanding why I need to seems problematic.
Here's the (partially redacted) logs I see when the error occurs:
quic_conn_keepalive_handler [C69.1.1.1:2] [-0178f8467262b9e978791446c6629ddb66b2efc1] keep-alive timer fired, exceeding 2 outstanding keep-alives
nw_read_request_report [C69] Receive failed with error "Operation timed out"
nw_read_request_report [C69] Receive failed with error "Operation timed out"
nw_read_request_report [C69] Receive failed with error "Operation timed out"
nw_read_request_report [C69] Receive failed with error "Operation timed out"
nw_read_request_report [C69] Receive failed with error "Operation timed out"
0x16264d818 69 stalled, attempting fallback
Task <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11> HTTP load failed, 1822/0 bytes (error code: -1005 [4:-4])
Task <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12> HTTP load failed, 1823/0 bytes (error code: -1005 [4:-4])
nw_endpoint_flow_fillout_data_transfer_snapshot copy_info() returned NULL
Task <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11> finished with error [-1005] Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x60000139bd50 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x60000a217340 [0x1e006f658]>{length = 16, capacity = 16, bytes = 0x100201bb646394820000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11>"
), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://myserver.com/graphql, NSErrorFailingURLKey=https://myserver.com/graphql, _kCFStreamErrorDomainKey=4}
Task <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12> finished with error [-1005] Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x60000139afd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x60000a217340 [0x1e006f658]>{length = 16, capacity = 16, bytes = 0x100201bb646394820000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12>"
), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://myserver.com/graphql, NSErrorFailingURLKey=https://myserver.com/graphql, _kCFStreamErrorDomainKey=4}
GraphQL request query failed for query with hash: 6677767707705440859 with error: Networking.NetworkGraphQLService.Error.underlying(Apollo.URLSessionClient.URLSessionClientError.networkError(data: 0 bytes, response: nil, underlying: Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x60000139afd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x60000a217340 [0x1e006f658]>{length = 16, capacity = 16, bytes = 0x100201bb646394820000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <3B0AAA67-3162-4F80-A930-D93F8A7EF1A4>.<12>"
), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://myserver.com/graphql, NSErrorFailingURLKey=https://myserver.com/graphql, _kCFStreamErrorDomainKey=4}))
GraphQL request query failed for query with hash: 148576198322832328 with error: Networking.NetworkGraphQLService.Error.underlying(Apollo.URLSessionClient.URLSessionClientError.networkError(data: 0 bytes, response: nil, underlying: Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x60000139bd50 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x60000a217340 [0x1e006f658]>{length = 16, capacity = 16, bytes = 0x100201bb646394820000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <A6CC8D4D-83E1-4C61-96C7-BDDF2F04A35F>.<11>"
), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://myserver.com/graphql, NSErrorFailingURLKey=https://myserver.com/graphql, _kCFStreamErrorDomainKey=4}))
GraphQL request query starting for query with hash: -5824714640174886330
nw_connection_copy_connected_local_endpoint_block_invoke [C90] Connection has no local endpoint
nw_connection_copy_connected_local_endpoint_block_invoke [C90] Connection has no local endpoint
GraphQL request query succeeded for query with hash: -5824714640174886330
nw_read_request_report [C43] Receive failed with error "Operation timed out"
nw_read_request_report [C43] Receive failed with error "Operation timed out"
nw_read_request_report [C43] Receive failed with error "Operation timed out"
nw_connection_add_timestamp_locked_on_nw_queue [C43] Hit maximum timestamp count, will start dropping events
nw_endpoint_flow_fillout_data_transfer_snapshot copy_info() returned NULL
I'd really appreciate any advice or insight that people might have — I can't reproduce this problem consistently, so I want to know more.
Thanks!
Our product (rockhawk.ca) uses the Multipeer Connectivity framework for peer-to-peer communication between multiple iOS/iPadOS devices. My understanding is that MC framework communicates via three methods: 1) infrastructure wifi (i.e. multiple iOS/iPadOS devices are connected to the same wifi network), 2) peer-to-peer wifi, or 3) Bluetooth. In my experience, I don't believe I've seen MC use Bluetooth. With wifi turned off on the devices, and Bluetooth turned on, no connection is established. With wifi on and Bluetooth off, MC works and I presume either infrastructure wifi (if available) or peer-to-peer wifi are used.
I'm trying to overcome two issues:
Over time (since iOS 9.x), the radio transmit strength for MC over peer-to-peer wifi has decreased to the point that range is unacceptable for our use case. We need at least 150 feet range.
We would like to extend this support to watchOS and the MC framework is not available.
Regarding #1, I'd like to confirm that if infrastructure wifi is available, MC uses it. If infrastructure wifi is not available, MC uses peer-to-peer wifi. If this is true, then we can assure our customers that if infrastructure wifi is available at the venue, then with all devices connected to it, range will be adequate.
If infrastructure wifi is not available at the venue, perhaps a mobile wifi router (battery operated) could be set up, devices connected to it, then range would be adequate. We are about to test this. Reasonable?
Can we be assured that if infrastructure wifi is available, MC uses it?
Regarding #2, given we are targeting minimum watchOS 7.0, would the available networking APIs and frameworks be adequate to implement our own equivalent of the MC framework so our app on iOS/iPadOS and watchOS devices could communicate? How much work? Where would I start? I'm new to implementing networking but experienced in using the MC framework. I'm assuming that I would write the networking code to use infrastructure wifi to achieve acceptable range.
Many thanks!
Tim
My application needs local network access. When it is started for the first time, the user gets a prompt to enable local network access (as expected). The application is then shown as enabled in Privacy & Security / Local Network and local network access is working.
If macOS is then shutdown and restarted, local network access is blocked for the application even though it is still shown as enabled in Privacy & Security / Local Network. Local network access can be restored either by toggling permission off and on in Privacy & Security / Local Network or by disabling and enabling Wi-Fi.
This behaviour is consistent on Sequoia 15.1. It happens sometimes on 15.0 and 15.0.1 but not every time. Is my application doing something wrong or is this a Sequoia issue? If it is a Sequoia issue, is there some change I can make to my application to work around it?
Hello,
I was able to use the TicTackToe code base and modify it such that I have a toggle at the top of the screen that allows me to start / stop the NWBrowser and NWListener. I have it setup so when the browser finds another device it attempts to connect to it. I support N devices / connections. I am able to use the NWParameters extension that is in the TickTackToe game that uses a passcode and TLS. I am able to send messages between devices just fine. Here is what I used
extension NWParameters {
// Create parameters for use in PeerConnection and PeerListener.
convenience init(passcode: String) {
// Customize TCP options to enable keepalives.
let tcpOptions = NWProtocolTCP.Options()
tcpOptions.enableKeepalive = true
tcpOptions.keepaliveIdle = 2
// Create parameters with custom TLS and TCP options.
self.init(tls: NWParameters.tlsOptions(passcode: passcode), tcp: tcpOptions)
// Enable using a peer-to-peer link.
self.includePeerToPeer = true
}
// Create TLS options using a passcode to derive a preshared key.
private static func tlsOptions(passcode: String) -> NWProtocolTLS.Options {
let tlsOptions = NWProtocolTLS.Options()
let authenticationKey = SymmetricKey(data: passcode.data(using: .utf8)!)
let authenticationCode = HMAC<SHA256>.authenticationCode(for: "HI".data(using: .utf8)!, using: authenticationKey)
let authenticationDispatchData = authenticationCode.withUnsafeBytes {
DispatchData(bytes: $0)
}
sec_protocol_options_add_pre_shared_key(tlsOptions.securityProtocolOptions,
authenticationDispatchData as __DispatchData,
stringToDispatchData("HI")! as __DispatchData)
sec_protocol_options_append_tls_ciphersuite(tlsOptions.securityProtocolOptions,
tls_ciphersuite_t(rawValue: TLS_PSK_WITH_AES_128_GCM_SHA256)!)
return tlsOptions
}
// Create a utility function to encode strings as preshared key data.
private static func stringToDispatchData(_ string: String) -> DispatchData? {
guard let stringData = string.data(using: .utf8) else {
return nil
}
let dispatchData = stringData.withUnsafeBytes {
DispatchData(bytes: $0)
}
return dispatchData
}
}
When I try to modify it to use QUIC and TLS 1.3 like so
extension NWParameters {
// Create parameters for use in PeerConnection and PeerListener.
convenience init(psk: String) {
self.init(quic: NWParameters.quicOptions(psk: psk))
self.includePeerToPeer = true
}
private static func quicOptions(psk: String) -> NWProtocolQUIC.Options {
let quicOptions = NWProtocolQUIC.Options(alpn: ["h3"])
let authenticationKey = SymmetricKey(data: psk.data(using: .utf8)!)
let authenticationCode = HMAC<SHA256>.authenticationCode(for: "hello".data(using: .utf8)!, using: authenticationKey)
let authenticationDispatchData = authenticationCode.withUnsafeBytes {
DispatchData(bytes: $0)
}
sec_protocol_options_set_min_tls_protocol_version(quicOptions.securityProtocolOptions, .TLSv13)
sec_protocol_options_set_max_tls_protocol_version(quicOptions.securityProtocolOptions, .TLSv13)
sec_protocol_options_add_pre_shared_key(quicOptions.securityProtocolOptions,
authenticationDispatchData as __DispatchData,
stringToDispatchData("hello")! as __DispatchData)
sec_protocol_options_append_tls_ciphersuite(quicOptions.securityProtocolOptions,
tls_ciphersuite_t(rawValue: TLS_AES_128_GCM_SHA256)!)
sec_protocol_options_set_verify_block(quicOptions.securityProtocolOptions, { _, _, sec_protocol_verify_complete in
sec_protocol_verify_complete(true)
}, .main)
return quicOptions
}
// Create a utility function to encode strings as preshared key data.
private static func stringToDispatchData(_ string: String) -> DispatchData? {
guard let stringData = string.data(using: .utf8) else {
return nil
}
let dispatchData = stringData.withUnsafeBytes {
DispatchData(bytes: $0)
}
return dispatchData
}
}
I get the following errors in the console
boringssl_session_handshake_incomplete(241) [C3:1][0x109d0c600] SSL library error
boringssl_session_handshake_error_print(44) [C3:1][0x109d0c600] Error: 4459057536:error:100000ae:SSL routines:OPENSSL_internal:NO_CERTIFICATE_SET:/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/tls13_server.cc:882:
boringssl_session_handshake_incomplete(241) [C4:1][0x109d0d200] SSL library error
boringssl_session_handshake_error_print(44) [C4:1][0x109d0d200] Error: 4459057536:error:100000ae:SSL routines:OPENSSL_internal:NO_CERTIFICATE_SET:/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/tls13_server.cc:882:
nw_endpoint_flow_failed_with_error [C3 fe80::1884:2662:90ca:b011%en0.65328 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: en0[802.11], scoped, ipv4, dns, uses wifi)] already failing, returning
nw_endpoint_flow_failed_with_error [C4 192.168.0.98:65396 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: en0[802.11], scoped, ipv4, dns, uses wifi)] already failing, returning
quic_crypto_connection_state_handler [C1:1] [2ae0263d7dc186c7-] TLS error -9858 (state failed)
nw_connection_copy_connected_local_endpoint_block_invoke [C3] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection
nw_connection_copy_connected_remote_endpoint_block_invoke [C3] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection
nw_connection_copy_protocol_metadata_internal_block_invoke [C3] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection
quic_crypto_connection_state_handler [C2:1] [84fdc1e910f59f0a-] TLS error -9858 (state failed)
nw_connection_copy_connected_local_endpoint_block_invoke [C4] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection
nw_connection_copy_connected_remote_endpoint_block_invoke [C4] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection
nw_connection_copy_protocol_metadata_internal_block_invoke [C4] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection
Am I missing some configuration? I noticed with the working code that uses TCP and TLS that there is an NWParameters initializer that accepts tls options and tcp option but there isnt one that accepts tls and quic.
Thank you for any help :)
On iOS beta, monitoring network usage using the getifaddrs API sporadically causes system volume spikes. This happens even though the application does not interact with any audio-related code. The issue persists across different polling intervals (e.g., 0.05s to 1s) and only occurs when invoking getifaddrs. Replacing the API calls with mock data eliminates the problem, suggesting a potential issue with getifaddrs in the beta environment.
The application updates UI elements based on network activity, but the volume spikes occur independently of UI or other observable app behavior.
Steps to Reproduce:
Create an app that monitors network usage using the getifaddrs API.
Fetch network statistics on a timer (e.g., every 0.05 seconds).
Observe system behavior while running the app on iOS beta.
Note sporadic volume spikes during app runtime.
Expected Result:
Polling network usage with getifaddrs should not affect system volume or other unrelated resources.
Actual Result:
System volume spikes occasionally when network statistics are retrieved using getifaddrs.
iOS 18.2 Beta, Tested on physical device ( iPhone 15 Pro )
There is no Network Extension icon missing in System Settings.
Sequoia 15.1 (24B83)
Screenshot attached
Hi,
TLDR: On iOS, when my PacketTunnel is running, can I exclude DNS requests from going into the tunnel?
I have a test app, using Apple's AsyncDNSResolver, that makes a DNS call and it works when the tunnel is not running.
If the tunnel is running it times out after 30 seconds and I get the error -65568.
Here's how I'm setting up the tunnel
func setup(tunnelRemoteAddress: String) {
let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress)
settings.ipv4Settings = NEIPv4Settings(addresses: [tunnelRemoteAddress], subnetMasks: ["255.255.255.255"])
settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
let proxySettings = NEProxySettings()
proxySettings.httpEnabled = true
proxySettings.httpServer = NEProxyServer(address: ProxyServerConfiguration.host, port: ProxyServerConfiguration.port)
proxySettings.httpsEnabled = true
proxySettings.httpsServer = NEProxyServer(address: LocalProxyServerConfiguration.host, port: LocalProxyServerConfiguration.port)
proxySettings.excludeSimpleHostnames = true
proxySettings.exceptionList = nil
let dnsSettings = NEDNSSettings(servers: ["8.8.8.8"])
settings.dnsSettings = dnsSettings
settings.proxySettings = proxySettings
setTunnelNetworkSettings(settings) { error in
// ...
}
}
I've tried all combinations of setting/excluding the NEDNSSettings but the DNS call always fails when the tunnel is running.
Thanks for any help.
Is it possible to build an iOS app with the purpose of content filtering? I'll give an example. This app would block access to example.com, therefore if I were on the Safari or any iOS compatible browser, if I were to try to navigate to example.com access would be blocked. The same would happen if I were on let's say Instagram and it attempted to make an outbound api call to example.com, that too would fail. Is this device wide content filtering possible on the iOS platform?
Furthermore would you be able to implement redirect logic. As in the user tries to visit example.com but it is redirected to google.com?
Whenever I'm working on my content filter for macOS, I usually keep SIP disabled and with developer mode on (systemextensionsctl) as a convenience.
The issue: content filter stopped receiving any kind of traffic when SIP is disabled. I don't see any log lines in Console for new flows, and the filter can't block anything, since it doesn't get any flows. Issue started yesterday.
I tried several things and did some investigation, here are some findings:
Reboot: rebooting did not fix the issue (while keeping SIP disabled).
Reenabling SIP fixes the issue for both App Store and Xcode builds.
Code: latest published version also stopped working with SIP disabled. This version is stable and confirmed to work as reported by users.
Clean Xcode + rebuild did not fix the issue.
Lastly, I inspected the logs and did not see any errors standing out. I noticed the filter does get started (startFilter is called) and registered, but after that there are no errors/new flows or anything, just silence (logs below).
com.apple.networkextension default 15:22:22.270746-0300 : Calling startFilterWithCompletionHandler
com.extension.MyExtension info 15:22:22.270998-0300 Success applying filter settings
com.apple.networkextension debug 15:22:22.272705-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: Checking providerBundleIdentifier com.extension.MyExtension for pluginClass 4
com.apple.networkextension debug 15:22:22.272717-0300 Checking for com.extension.MyExtension - com.apple.networkextension.filter-data
com.apple.networkextension default 15:22:22.272728-0300 Found 1 registrations for com.extension.MyExtension (com.apple.networkextension.filter-data)
com.apple.networkextension debug 15:22:22.272778-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: com.extension.MyExtension is registered for pluginClass 4
Here are some additional info about my system:
macOS 15.1
Between yesterday and today, the only new Installation is XProtectPlistConfigData at 12:10AM
Thanks!
I am planning to implement Peer to Peer data exchange between 2 iOS devices. I have the following queries.
My devices are connected through Ethernet. I would prefer to use this route if possible before switching over to Wifi. I can see there is an option to use prohibitedInterfaceTypes but that doesn't guarantee the route to use Ethernet when there are multiple available.
Does the connection automatically switch between ethernet and Wifi or does that have to be handled via isViable and betterPathAvailable?
I'm unsure when I should be using a custom framing protocol. I just need to exchange codable objects between the devices. Is the custom protocol required only if I use TCP as the underlying protocol?
Can NSURLSessionStreamTask be used for this use case?
I have a pretty straightforward code to connect to a given ip address and port using NWConnection. On the first attempt to connect to the Local Network I see the "Local Network Privacy" dialog and sometimes if I press "Don't Allow" on that dialog everything starts to fail. No matter I do I keep receiving the following error:
POSIXErrorCode(rawValue: 50): Network is down
Obviously going to settings and allowing local network access to the app doesn't fix the issue. Neither deleting the app and installing it again. The only workaround I found is to restart my device which is unacceptable for a user.
My code is really simple, I tried a lot of different approaches to connect but neither approach worked.
I am on iOS 18. Is it a known bug? could be possible a bug on my code?
Any idea would be really appreciated,
thanks!
We use as content filter in our app to monitor flows, we gather data about the flow and block flows deemed suspicious.
Our content filter is activated/deactivated by a UI app but the flows are reported via XPC to a separate daemon process for analysis.
As of macOS 15, we are seeing cases where flows are missing or flows are not received at all by the content filter. The behaviour is not consistent, some devices seem to receive flows normally but others don't. It appears Intel devices are much less prone to showing the problem, whereas Arm devices routinely exhibit missing flows.
On macOS 14 or earlier, there is no sign of missing flows.
Testing on earlier beta versions of macOS 15 did not appear to show the problem, however I can't rule out if issue was present but it wasn't spotted.
Experimenting with simple examples of using a content filter (e.g. QNE2FilterMac) does not appear to reproduce the issue.
Questions,
What has changed between macOS 14 and 15 that could be the cause of the lack of flows?
Is our approach to using an app activated content filter reporting to a daemon connected via XPC unsupported?