We have a product which uses a Network Extension (a socket filter and a packet content filter). The application contains the network extension, as well as an un-sandboxed LaunchDaemon which connects to the service at the NEMachServiceName. Occasionally, usually after an upgrade where the system extension is swapped for the new version, our un-sandboxed process isn't able to contact the network extension. From the logging, we receive the following XPC error (libxpc.dylib) [com.apple.xpc:connection] [0x7fd6d0307f40] failed to do a bootstrap look-up: xpc_error=[3: No such process] in the unsandboxed process. Eventually, we receive an invalidated callback on the XPC connection with the error Couldn’t communicate with a helper application.. We have confirmed that an appropriate service is running via the launchctl command, and the network extension process appears to have initialised correctly. We don't see any indication of a received connection at the Network Extension process however (probably not surprising given the error). Once a system enters this state, repeated attempts to connect are unsuccessful and continue to produce the same error. We've also confirmed that there are no XPC codec exceptions apparent that might cause the connection to fail. I'm at a bit of a loss to explain why this failure might be occurring, other than a problem in the bootstrap/launchd being able to find the appropriate service. Is there possibly some problem with unsandboxed processes accessing the sandboxed network extension via XPC? They are both provisioned in an app group together. Is there possibly some issue where attempting to connect at a critical point during network extension installation causes it to become inaccessible? We've observed this specifically on macOS 14.5 (23F79), however this is something we've noticed on other versions of macOS and our code. The problem isn't systematic, and systems end up in this state only occasionally. We do seem to find some customers have more instances of this problems than others, but we haven't been successful at teasing out any common thread that might explain why.

How to expose NTLM token using URLSession in swift iOS? If it is not possible using URLSession, do we have any another way to expose it?

I am using NWconnection to force some requests to go through cellular data. Everything works fine, except I keep calling connection.receive and don't know when the transfer is complete. // Setting up the connection: let tcpOptions = NWProtocolTCP.Options() let parameters = NWParameters(tls: .init(), tcp: tcpOptions) parameters.requiredInterfaceType = .cellular port = port ?? NWEndpoint.Port(443) // ... NWConnection(to: .hostPort(host: NWEndpoint.Host(host),port: port), using: parameters) // Receiving data once the connection is ready func receive(withConnection connection: NWConnection, completion: @escaping dataCompletion) { connection.receive(minimumIncompleteLength: 1, maximumLength: Int.max) { [self] data, contentContext, isComplete, error in if let data = data { receivedData.append(data) print(contentContext) if isComplete || error != nil || connection.state != .ready { cancelConnection(connection) } else { processor?.receive(withConnection: connection, completion: completion) } } else { cancelConnection(connection) } } } I am consuming regular HTTP endpoints. The data in receive comes in chunks but isComplete parameter never becomes true, so I don't know when to stop and send the complete receivedData back. I've thought of adding a timeout, but it seems kind of hacky. Is there a better solution?

I'm trying to get the ASK Sample to discover and connect to a device using a 16-bit uuid. In my case, I have a few fitness sensors laying around like heart rate monitors and cycling sensors. Specifically, I've configured the following descriptor to be shown in the picker: private static let heartRateMonitor: ASPickerDisplayItem = { let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "180D") return ASPickerDisplayItem(name: "Heart Rate Monitor", productImage: UIImage(named: "PolarH10")!, descriptor: descriptor) }() 100% another app on the device using an unfiltered scan can find this device, so I know the phone can see it. Also, the settings app Bluetooth screen sees it too. When the picker is active for this descriptor, in console I see the device is being discovered and it is matching the underlying filter. However the picker doesn't show the device. Received 'start active Unspecified scan' request , without duplicates, duration:unlimited, UUIDs [ E56A082E-C49B-47CA-A2AB-389127B8ABE3 E56A082E-C49B-47CA-A2AB-389127B8ABE4 0x180D ] on 1M PHY from session "com.apple.deviceaccessd-central-727-198" Matched UUID 0x180D for device "D3030A85-BBB9-6C0D-53C4-6697898B2E4B" This is an apparent bug: FB14078940 - AccessorySetupKit: ASDiscoveryDescriptor does not appear to identify 16-bit UUIDs like the Heart Rate Service/Profile UUID After more tinkering, I did discover that if I connect the device in the settings app, and keep it connected, the picker will find the device immediately. I assume it is under the hood it is calling this function or the internal implementation: https://developer.apple.com/documentation/corebluetooth/cbcentralmanager/retrieveconnectedperipherals(withservices:) This is still not expected, a developer should be able to discover and connect an accessory directly in their app. Noteworthy, I also found that ALL apps in the Settings app list the accessory once paired, which is totally not expected: FB14170263 - Settings: Viewing accessories in settings app for all apps show the accessory paired with another application P.S. forum moderators, there is no tag for 'AccessorySetupKit' which is the technology I'd like to tag this with. Last tested with iOS 18 developer beta 2.

Title: Loss of Internet Connectivity on iOS Device When Packet Tunnel Crashes Feedback ticket: https://feedbackassistant.apple.com/feedback/14162605 Product: iPhone 12 Version: iOS - 17.5.1 Configuration: NETunnelProviderManager Configuration Description: We are developing an iOS VPN client and have configured our packet tunnel provider according to Apple's guidelines. The configuration is as follows: includeAllNetworks = YES excludeLocalNetworks = NO enforceRoutes = NO This setup works as expected when the VPN successfully connects. However, we encounter a blocker issue where the device loses internet connectivity if the packet tunnel crashes. Steps to Reproduce: Configure the NETunnelProviderManager with the above settings. Connect the VPN, which successfully establishes a connection. Verify that resources are accessible and internet connectivity is functional. Packet tunnel to crash unexpectedly.Observe that the NE process (Packet Tunnel) restarts automatically, as expected and attempts to reconnect the VPN; however, the device now lacks internet connectivity, preventing VPN reconnection. Try accessing resources using Safari or any other internet-dependent app, resulting in an error indicating the device is not connected to the internet. Actual Results: The device loses internet connectivity after the packet tunnel crashes and fails to regain it automatically, preventing the VPN from reconnecting. Expected Results: The device should maintain internet connectivity or recover connectivity to allow the VPN to reconnect successfully after the packet tunnel process restarts. Workaround - iPhone device needs a restart to regain internet connectivity .

We have observed for a few months that the Instruments tool in Xcode does not show correct memory allocation for the PacketTunnelProvider process on iOS 17. The memory allocation does not exceed 6-7 MB, which is not the case with iOS 16 or 15. Additionally, Instruments crashes the PacketTunnelProvider process after profiling for a few minutes. Please note that I am not running Xcode in debugger mode for the PacketTunnelProvider process along with instruments, as this is a known issue that causes the PacketTunnelProvider to be killed when both Instruments and the Xcode debugger are running. Is anyone else facing this issue and have a workaround?

Hi All: Our use NSURLSession dataTaskWithRequest to connect our https server, However, in one macOS, sometimes, we encounter these error when TLS handshake. default 2024-06-24 17:52:03.054447 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_server_certificate info 2024-06-24 17:52:03.054462 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054552 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054557 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054590 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] default 2024-06-24 17:52:03.054769 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_certificate_status default 2024-06-24 17:52:03.054773 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client verify_server_certificate default 2024-06-24 17:52:03.055123 +0900 test-app boringssl_context_evaluate_trust_async(1635) [C1209.1.1:2][0x7f9067117b10] Performing external trust evaluation default 2024-06-24 17:52:03.055308 +0900 test-app boringssl_context_evaluate_trust_async_external(1620) [C1209.1.1:2][0x7f9067117b10] Asyncing for external verify block info 2024-06-24 17:52:03.055316 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: certificate evaluation result pending [16] default 2024-06-24 17:52:03.055466 +0900 test-app Connection 1209: asked to evaluate TLS Trust default 2024-06-24 17:52:03.056082 +0900 test-app Task <407E11A6-12E8-4818-82B4-BC5B4909130F>.<1405> auth completion disp=1 cred=0x0 default 2024-06-24 17:52:03.064388 +0900 test-app Trust evaluate failure: [leaf SSLHostname TemporalValidity] default 2024-06-24 17:52:03.064390 +0900 test-app System Trust Evaluation yielded status(-9802) error 2024-06-24 17:52:03.064392 +0900 test-app ATS failed system trust error 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: system TLS Trust evaluation failed(-9802) default 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: TLS Trust result -9802 error 2024-06-24 17:52:03.064395 +0900 test-app Connection 1209: TLS Trust encountered error 3:-9802 error 2024-06-24 17:52:03.064397 +0900 test-app Connection 1209: encountered error(3:-9802) default 2024-06-24 17:52:03.064400 +0900 test-app Connection 1209: cleaning up default 2024-06-24 17:52:03.064404 +0900 test-app Connection 1209: summary for unused connection {protocol="(null)", domain_lookup_duration_ms=0, connect_duration_ms=0, secure_connection_duration_ms=0, private_relay=false, idle_duration_ms=0} default 2024-06-24 17:52:03.064438 +0900 test-app [C1209 63DEF1F8-AC5F-4285-B32B-D3AE707C513A Hostname#229f20b3:443 tcp, url hash: 693c58e9, tls, definite, attribution: developer] cancel I found TLS Trust evaluation failed(-9802) this error. I checked server's certificate, it is ok. On this macOS, this issue happens sometimes, not always. Thanks for your feedback.

Hi Team, We are using the transparent app proxy in macOS and resolving DNS queries using DNSServiceQueryRecord in the TAP process. According to the documentation, when passing the interfaceIndex as 0, it should be queried on all interfaces, and based on IP rules, it assigns the query to that particular interface. However, when we pass 0, it does not query any of the interfaces. We need to provide the specific interface index.

I created a content filter app in iOS (swift). The app lets me toggle the content filter ON or OFF. When the content filter is on, it restricts access to one particular url. This works as intended; however, I would like to generate a log that shows the url from each inspected flow (I'm using NEFilterFlow to inspect the url from each webkit flow). Ideally, I'd like the url, the verdict, and the verdict timestamp appended to the log each time a flow passes through the content filter for a decision. I cannot figure out how to capture any data from the flow. I'm even trying to use the NEFilterReport class, but I can't seem to capture any of the data in the report. Can the url even be extracted from a NEFilterReport? I assume it can, since it's part of the flow. I understand that FilterDataProvider can only communicate with FilterControlProvider (on a very limited basis). However, it is my understanding that FilterControlProvider can communicate with the main target. So how can I send the url from FilterDataProvider over to FilterControlProvider, and then onward to the main target to print to the console? I'm starting to read about IPCConnection. Hopefully that is the answer to my question and I will get there in the coming days. If not, please help. There is very limited information out there on the network extension framework and content filtering.

Hi, mac 14.4 M1 Chip. I can successfully create the utun interface by call out the exec via sudo. the c code for this looks like this. #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/kern_control.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/types.h> #include <unistd.h> #include <errno.h> #include <fcntl.h> #include <netinet/in.h> #include <net/if.h> #include <net/if_utun.h> #include <sys/sys_domain.h> #define UTUN_CONTROL_NAME "com.apple.net.utun_control" #define UTUN_OPT_IFNAME 2 int create_utun_interface(char *ifname) { int fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL); if (fd < 0) { perror("socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL)"); return -1; } struct ctl_info ctlInfo; memset(&ctlInfo, 0, sizeof(ctlInfo)); strncpy(ctlInfo.ctl_name, UTUN_CONTROL_NAME, sizeof(ctlInfo.ctl_name)); if (ioctl(fd, CTLIOCGINFO, &ctlInfo) == -1) { perror("ioctl(CTLIOCGINFO)"); close(fd); return -1; } struct sockaddr_ctl sc; memset(&sc, 0, sizeof(sc)); sc.sc_id = ctlInfo.ctl_id; sc.sc_len = sizeof(sc); sc.sc_family = AF_SYSTEM; sc.ss_sysaddr = AF_SYS_CONTROL; sc.sc_unit = 455; // Let the kernel choose a unit for us. if (connect(fd, (struct sockaddr*)&sc, sizeof(sc)) == -1) { perror("connect(AF_SYSTEM)"); close(fd); return -1; } socklen_t ifname_len = IFNAMSIZ; if (getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len) == -1) { perror("getsockopt(UTUN_OPT_IFNAME)"); close(fd); return -1; } return fd; } void remove_utun_interface(const char *ifname) { char command[256]; snprintf(command, sizeof(command), "ifconfig %s down", ifname); int result = system(command); if (result == -1) { perror("system(ifconfig down)"); } else { printf("Removed utun interface: %s\n", ifname); } } int main(int argc, char *argv[]) { if (argc > 1 && strcmp(argv[1], "remove") == 0) { if (argc != 3) { fprintf(stderr, "Usage: %s remove <interface_name>\n", argv[0]); return 1; } remove_utun_interface(argv[2]); return 0; } char ifname[IFNAMSIZ]; int fd = create_utun_interface(ifname); if (fd < 0) { printf("Failed to create utun interface\n"); return 1; } printf("Created utun interface: %s\n", ifname); // Keep the interface up and running while (1) { sleep(1); } return 0; } But when run the exec and then add ip routes etc...sudo ifconfig utun454 10.0.0.2 10.0.0.100 netmask 255.255.255.0 up sudo ifconfig utun454 mtu 1500 sudo sysctl -w net.inet.ip.forwarding=1 sudo route add -net 10.0.0.0/24 -iface utun454 sudo route add 90.130.70.73 -iface utun454 sudo route add 10.0.0.100 -iface utun454 .. all looks good but when i do a tcpdump -i utun454 i see no traffic. Should be see traffic when i ping or wget to those ip in the route table. Tried the default route see no traffic. If i just add those route to utun0.... and tcpdump it i see a ton of traffic what i'm i missing....

I am building a feature in my iOS app, I need to get list of nearby networks and the strength, frequency of each one. how can I achieve this? is there any public api I can use to achieve this?

My App needs to send and receive messages to the server, but my server does not have SSL, so I can only disable ATS in the development stage. But if I want to put the app on the shelf, then I still disable ATS when I put it on the shelf, and the server still does not have SSL. Will it be packaged? Is pp warned and terminated by Xcode? Will it be rejected by the Apple audit department? Can it be put on the App Store normally and provided to all users? Note: My server is completely safe without any security risks. I didn't apply for SSL just because I didn't have enough funds.

Hello, I am curious about possibilities and implementing WiFi scanning functionality in iOS apps, in relation to the concept of Remote ID for unmanned aircraft systems (UAS). Remote ID refers to the ability to identify and locate UAS while they are flying, for example using a smartphone. UAS broadcast e.g. location, speed, the id of the operator, height, and other information. Information is encoded into Bluetooth or Wi-Fi advertisements. I am developing an iOS application for the purpose of collecting data called DroneScanner. It scans for nearby RemoteID packets transfered using Bluetooth and Wi-Fi. I was able to implement Bluetooth scans using CoreBluetooth API but I did not find a way to implement Wi-Fi scanning. It is crucial for our users to be able to use Wi-Fi scans because it is one of the methods in the Remote ID standard and we also get negative reviews for missing it. I would need to access a list of Wi-Fi points that are visible from the device and also the raw content of the advertisements so I can parse them into Remote ID packets. I am also interested in understanding any limitations or restrictions regarding access to WiFi network information, as well as any recommended approaches for adhering to Apple's guidelines and policies. Do I need to enroll in any developer program? Would the NEHotspotHelper be useful in my use case? Thanks

Looking into making requests using URLSession via a proxy, on watchOS, and found that in URLSessionConfiguration, there's a proxyConfigurations property. However, since ProxyConfiguration is part of the Network framework, does it means that TN3135 low level networking rules also applies in this case?

Is there an easy way to programmatically use SFTP in my SwiftUI macOS app? In my macOS app I need to do things like: upload local files to a remote server create a directory on a remote server download files from a remote server delete files on a remote server I have been researching this subject for awhile and people are recommending things like SwiftNIO and libssh. But those seem pretty low level and kind of a headache to use. Another option is to use the sftp CLI command via the foundation Process object. I like this option and am considering experimenting with this, but it seems like a hack. Will this work on all macOS computers? Is there an easy way to import and use a C/C++ SFTP library in my SwiftUI macOS app? At this point in my research of this subject I feel like I have to go deep down some rabbit hole in order to pull of some SFTP functionality. But I'm wondering, is there some easy way to do this that I'm missing?

Hello, I would like to ask how to connect using OpenVPN in such a way that the connection appears in System Settings > VPN, similar to how it does with NordVPN. Thank you

In some cases the user connects to a WiFi network that doesn't have internet access. The OS itself is able to display a warning in System Settings: However, in my app NWPathMonitor reports that the WiFi path is satisfied. How could I detect that the internet access is not working while WiFi is connected? I could try to connect to my own servers and report failures to the user, but that takes a long time to receive the timeout error. I cannot reduce the timeout, because maybe the user is on a very slow network and long loading time might be expected. But iOS can detect that there is not internet within a few seconds and display a warning, so I wonder how does Apple implement it in System Settings and if there is something I can implement in my app.

anybody test to http request for local printers or resources and with ios18 and macos15 give error on iOS projects?

Hi, We are using HTTP3 only and hence using assumesHTTP3Capable for every request. It worked so far but now encountered one iPhone that never honor this flag and always tries to create a connection using TCP: [tcp] tcp_input [C1:3] flags=[R.] seq=0, ack=2023568485, win=0 state=SYN_SENT rcv_nxt=0, snd_una=2023568484 The request is created like this: let url = URL(string: urlString)! var request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalCacheData, timeoutInterval: 60.0) request.assumesHTTP3Capable = true return try await urlSession.data(for: request) iOS: 16 XCode: 15.3 In what cases iOS CFNetwork would not honor "assumesHTTP3Capable" ? (or how can I find out why?)

After a week of testing iOS 18. iPhone XS keeps randomly up and down cellular network which shows low signal /no service/ hig signal after I use it for a few minutes. second bugs is keyboard switching , sometimes don’t work auto predictive and auto capitalisation in keyboard. Reported this issue through feedback assistant. Please fix this bug in next iOS 18 beta.