We have a tool that provides internet access via WLAN or LAN. For the captive portal we do send the DHCP option 114 with the captive portal URL. DHCP Option: 114 (Captive-Portal) Length: 38 Value: https://example.org/captive-portal/api This all works fine on WLAN for iOS and MacOS. But on MacOS on LAN it does not. When doing a packet capture on MacOS with Wireshark we see that the Option 114 DHCP Captive-Portal is recieved by the Mac but it does not open the captive portal window. When Safari is forced to a HTTP site then the Portal page is shown. How can this be solved?

Hello Apple Support team, Steps tried out till now to resolve the scan issue for POS machines(Android Devices) in iOS 15.x: Changed UDP Listener’s Port Numbers according to the mentioned port numbers on Apple’s website. Checked the Network Framework provided by Apple for any related methods/properties that can resolve the issue. Updated the Deployment target from iOS 13.x to iOS 15.x for POSLib SDK in order to set the Network’s parameter attribution to the user so that networking performed using these parameters is directed to content specified by the user, not the developer. As per the R&D done till now, it appears the UDP connection is established properly and data is sent to the server but when we receive the data it is nil and also connection is cancelled. Thanks & Regards

Can we return NEPacketTunnelProvider's NEPacket to macOS kernel? Snippet- packetFlow.readPacketObjects {[weak self] packets in As per network rules, packets read from packetFlow. After parsing packets, in some conditional use cases(such as ip), if we decide not to handle the packets, could we return it to kernel? We can easily achieve it in NETransparentProxyProvider by returning false from below method. We are looking for similar mechanisms to do return the traffic to Kernel. override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool May we achieve the same with any other Network.framework or low level API? If any advance Code-level support could solve this issue, we could raise a TSI as well.

I'm trying to use L4S queue management feature in MacOS Sonoma. I've followed the online guides: "Reduce network delays with L4S" and "Testing and Debugging L4S in Your App". Basically I setup "Internet sharing" to allow traffic to pass through a Mac Mini using Linux devices as the endpoints. (This requires two ethernet ports so I use an USB Ethernet adapter as the second port). The Linux client sends the TCP SYN with the correct flags enabled ECE, CWR and AE. However, at the receive side, the SYN is received with only the flags ECE, CWR. This causes a fallback to classic ECN which means there's no L4S (TCP Prague) enabled. Anyone know why this happens. Do I need to enable something? I have used the following: defaults write -g network_enable_l4s -bool true And also tried an undocumented (?) sysctl option: sysctl -w net.inet.tcp.accurate_ecn=1 However, that doesn't seem to make a difference. Does anyone know how to get the AccurateECN negotation to work?

How to fix it? Errors: "Cannot find type 'UIViewRepresentable' in scope" "Cannot find type 'Context' in scope" "Cannot find type 'Context' in scope" I tried: Re-installed the Xcode Re-started computer Great thanks. import SwiftUI import PDFKit struct PDFViewerView: UIViewRepresentable { var url: URL func makeUIView(context: Context) -> PDFView { let pdfView = PDFView() pdfView.document = PDFDocument(url: self.url) return pdfView } func updateUIView(_ uiView: PDFView, context: Context) { // Update the view. } } Xcode Version 15.0.1 (15A507)

I'm running a webserver for a specific service on port 8900 I'm using telegraph to run the webserver, so that opens and claims the port. I also want to advertise the service on bonjour - ideally with the correct port. This is trivial with NetService - but that's deprecated, so I should probably move to the Network framework. I can advertise without specifying a port listener = try NWListener(service: service, using: .tcp) but, then my service broadcasts addresses with port:61443 I can advertise using listener = try NWListener(using: .tcp, on: <myport>) however, that fails in my use case because (unsurprisingly) the Listener isn't able to get the port (my server already has it) Is this just a gap in the new API, or am I missing something?

Hi everyone, I am trying on iOS 17.1.1 the Nearby Interaction framework and SceneKit. I am testing it on iPhone 15 Pro Max and iPhone 12 Pro Max. if NISession.deviceCapabilities.supportsDirectionMeasurement { print("Interact using device distance and direction.") } else if NISession.deviceCapabilities.supportsPreciseDistanceMeasurement { print("Interact using distance only.") } iPhone 12 Pro Max is working normally, but supportsDirectionMeasurement property in iPhone 15 Pro Max returns false and i cant use the SceneKit. Is anyone experiencing the same issue? Regards, Shin

How to set matter device endpoints default name? eg. I have Light Panel with 2 endpoints. endpoint 1 name: Open; endpoint 2 name: Close; I've tried FixedLabel, but it not work.

I'm attempting to get the receiveTime on each received UDP packet from a NWConnection provided by a NWListener. I've found that @eskimo talks about using this property in this post - "Use receive timestamps to probe point E. In BSD Sockets, set the SO_TIMESTAMP option and access the timestamps by looking at the SCM_TIMESTAMP value returned from recvmsg. In Network framework, set the shouldCalculateReceiveTime property and access the timestamps using the receiveTime property." I have the listeners parameters set up like so: let parameters = NWParameters.udp if let options = parameters.defaultProtocolStack.internetProtocol as? NWProtocolIP.Options { options.shouldCalculateReceiveTime = true } I do have a custom protocol framer involved and working in the network stack. I have been trying the following but the only metadata available is the custom protocol framers: connection.receiveMessage { data, context, isComplete, error in if let metadata = context?.protocolMetadata(definition: NWProtocolIP.definition) { print(metadata) } } Where in a framer implementation can I grab the IP metadata and how, if i do indeed need to, pass it up to the application?

I'd like to have the visionOS be a peripheral, in BLE terminology. This is required, as the hardware that will act as the central cannot act as peripheral (don't ask). The problem is some initializers I seem to need to advertise a mutable service are not available: 1. 'init(type:primary:)' has been explicitly marked unavailable here (CoreBluetooth.CBMutableService) It would seem that this isn't supported yet. Is this currently possible some other way, or will it be possible in the future?

I've been getting into Matter framework and succeeded to add a matter device into Apple Home app. Then, I use a HomeKit base app to get that device and would like to control that device directly through Matter framework. This is how I create a MTR Device Controller static func create(withHmAccessory hmAccessory: HMAccessory, ofHome hmHome: HMHome) -> HomekitLockAccessory { if #available(iOS 16.4, *) { let matterNodeId = hmHome.matterControllerID as NSCopying let controller = MTRDeviceController.sharedController( withID: matterNodeId, xpcConnect: hmHome.matterControllerXPCConnectBlock ) return MatterHomekitLockAccessory(hmAccessory: hmAccessory, controller: controller) } return HomekitLockAccessory(hmAccessory: hmAccessory) } the controller never gets running and I'm not able to get that controllerNodeId from it. Here is error log

Hi, I am wondering if there is a way to get the redirection URL caused by a "Location" header? A typical example would be when opening an image link from Google Images for Instagram. I cannot post the Google url here as it is not permitted, however if you search "Mr ***** Instagram" on Google Images then open an Instagram link from there it will occur. I have implemented both the NEFilterDataProvider and NEFilterControlProvider handleNewFlow methods which trigger on the initial request where I get the Google url (full url in the DataProvider and Host and Path in the ControlProvider) so this is working as expected for both Providers. However, this does not trigger when the redirect happens. Which I have seemed to trace back to the location header being returned from Google which then redirects to Instagram.

I work on an app that operates a HW device that acts as a BLE peripheral. Our BLE code stack has not changed much since 2017 and has been working very well over the years. We recently started seeing a lot of customer complaints and bad App Store reviews that the device was not working. I have been investigating this for several weeks now and I'm struggling to narrow down the cause, but it seems to be a change in iOS. With the same app and device FW the issue is almost exclusively seen on iOS 17.x even though ~40% of our user base is still on iOS 16.x. From my investigation what I see is the CBPeripheral getting stuck in connecting state. When it is in this state advertisements are seen in our app, and other apps are able to connect to the device (nRF Connect for example). If I cancel the connection the CBPeripheral then gets stuck in the disconnecting state. I can only toggle between these two states and it will remain like this for days. I have found that initializing a new CBCentralManger will sometimes "fix" the issue. However, about 50% of the time the new CBCentralManager comes up in the unknown state so CoreBluetooth as a whole seems to be in a weird state. More effective is killing the app and relaunching. But even then sometimes the CBPeripheral immediately gets stuck again and it takes multiple killing/launching the app to get back in a working state. Few points that seem relevant: App has central and peripheral background modes enabled. App uses state restoration, though most of the times I see this issue there was not a state restore that happened. To reproduce the issue the app needs to be in the background for some amount of time, and it happens on foregrounding. We will in some cases scan/connect in the background, but I have reproduced this issue without that. Is anyone else seeing this issue or have ideas what might be causing it?

Today, I applied the latest security patch to my Mac Studio, and on reboot, I had no networking. It appears to have been a system extension issue. At one point, I needed to "Allow" Apple system software in System Settings. I found that strange. I thought I'd document the issue and my resolution in case someone else runs into this. (1) I did the usual - reboot, shutdown & restart, reboot my Eero mesh; changed from Wi-Fi to wired Ethernet. Nothing worked. (2) I do have my own application that uses a network system extension, so I went through the system extension uninstall process (using the API). Still no joy. I then tried to reinstall the network extensions, but that didn't seem to work. I was never prompted to open the System Settings app. I think the network system extension had not actually been removed. I deleted the app (which should remove the network system extension). Still no joy. Interestingly, launchctl still showed a crashed network system extension (no PID, status -9) (3) I then disabled SIP, rebooted, and used systemextensionsctl to remove the network system extension. While doing this, I discovered an old network system extension from several years ago tied to one of my old organizations and may have been built for Intel CPU. I deleted that too. (If I had to guess, it might have been that old network system extension that caused the problem.) Reenabled SIP Rebooted. (4) At some point I got an interesting alert from Apple about System Extension errors. And when I opened System Settings, I had to allow an extension from Apple?! (5) Networking is now working. I reinstalled my application from TestFlight, installed the network system extension, and everything is still working. (6) Summary I lost networking after applying the security update. Worried that it might be my program, I tried uninstalling the network system extension, but I could not cleanly uninstall and reinstall my network system extension as I've done many times before. I found an old network system extension; deleted both network system extensions with SIP disabled. I had to Allow Apple software. Everything works (including my app with its network system extension installed). I am not sure what the root cause was. My old network system extension? The fact I needed to Allow Apple software? My current app and its network system extension?

Hello there, We have an iPad application which uses mDNS to find specific devices on the network then it resolves an IP address so then the application can connect to it through websocket. It has been working for years now. Recently our clients started to update their iPads to iOS 17 and suddenly this functionality stopped working. When I wanted to test out what's going on I found out that when I run the application on an iPad simulator on my macbook it can resolve the IP address immediately but when I run it on an iPad it cannot. That seemed weird so I decided to look into the code and I saw that the NetServiceBrowser api had been deprecated and I thought that maybe that's the problem so I refactored the code to use NWBrowser which was rather easy it found the service, but then when I wanted to meg an NWConnection to it the same error happened. From macOS it works fine but on the iPad the connection's state never gets ready, it hangs on the preparing state. I created a new test application just with this functionality to test it on an iPhone too. Well it seems that the issue is appearing on the iOS too. One other thing to mention, I created a simple node.js application which uses mDNS broadcast to simulate this device which we're trying to connect. The weird part that both the iPad and the iPhone can resolve it's address. I'm curious if something has changed since iOS 16, I couldn't find anything and I don't know where to go next, or how can somebody reproduce this error without the device. Any help is appreciated. Here is my discovery code: import UIKit import Network class ViewController: UIViewController { var browser: NWBrowser! override func viewDidLoad() { super.viewDidLoad() browser = NWBrowser(for: .bonjour(type: "_http._tcp", domain: ""), using: .tcp) browser.stateUpdateHandler = { newState in switch newState { case .failed(let error): print("NW Browser: now in Error state: \(error)") self.browser.cancel() case .ready: print("NW Browser: new bonjour discovery - ready") case .setup: print("NW Browser: ooh, apparently in SETUP state") default: break } } browser.browseResultsChangedHandler = { ( results, changes ) in print("NW Browser: Scan results found:") for result in results { switch result.endpoint { case let .service(name: name, type: _, domain: _, interface: _): // All of our device has 'justfit' in their name if name.uppercased().contains("JUSTFIT"){ print(name) let proto: NWParameters = .tcp if let opt = proto.defaultProtocolStack.internetProtocol as? NWProtocolIP.Options { opt.version = .v4 } let connection = NWConnection(to: result.endpoint, using: proto) connection.stateUpdateHandler = { state in if state == .ready { if let path = connection.currentPath, let endpoint = path.remoteEndpoint { switch(endpoint) { case let .hostPort(host: host, port: port): print("IP: \(host), port: \(port)") break default: break } connection.cancel() } } else { print(state) } } connection.start(queue: .main) } default: break } } } browser.start(queue: .main) } }

Hi there! I’m developing an iOS app which requires the user to connect to a Wi-Fi network broadcasted from a device. The problem arises when multiple devices are in the phone’s vicinity, as they all have the same SSID, and the phone randomly switches from one device to another; I need the phone to “fixate” on a single device. Of course, the devices’ MAC addresses/BSSIDs are unique, so I thought I could use that information to differentiate between them and programmatically choose to connect to a single network. Is there any way I can obtain the BSSIDs of the available networks, and, within the app’s context, connect to a single one of them? Is there another way for the phone to “fixate” on a single BSSID that I might have missed? It would be ideal for the solution not to require changing the device's firmware. Moreover, the device has to be able to connect to other non-Apple devices. Thanks in advance!

I download https://developer.apple.com/documentation/networkextension/filtering_network_traffic example Build OK and I saw extension loaded. NEProvider.startSystemExtensionMode() was called. But FilterDataProvider init did not called. I tried to disable SIP also. it does not work I saw some warning like /Applications/SimpleFirewall.app/Contents/Library/SystemExtensions/com.example.apple-samplecode.SimpleFirewallML4HRHFY98.SimpleFirewallExtension.systemextension: entitlement com.apple.developer.endpoint-security.client not present or not true

I am trying to generate a PDF file with certain components draw with Spot Colours. Spot colours are used for printing and I am not clear on how one would do that but I think that if I can create a custom ColorSpace with a specific name or a color that has a specific name - our printer looks for the name Spot1 and they use the colour green. Can anyone shed any light on how I might be able to do this. For reference I have attached two pdf files with two different spot colours in them. I need to be able to create similar using CGContext and CGPDFDocument. I can already generate the PDF documents using CMYK colors but don't know how I can create the equivalent "spot" colors. At the moment I am loading the page from these attached pdf files and scaling them to fill the page to get a background with the spot color. This works fine but I also need to generate text and lines using this same spot color and I am not clear how I could do that using the Core Graphics APIs. My guess is I need to create a custom ColorSpace with a single color and then use that color for drawing with. The only 'custom' option for creating a ColorSpace seems to be the CGColorSpace(propertyListPList:) constructor, however there does not appear to be any documentation on what needs to be in the property list to do so. Nor can I find any examples of that. Any pointers would be appreciated. Regards

Hi, I'm looking for feedback regarding SCNetworkReachability under macOS Sonoma. It seems that since beta 3 the notifications behaviour changed. In a LaunchAgent I'm using SCNetworkReachabilityCreateWithName + SCNetworkReachabilitySetCallback + SCNetworkReachabilityScheduleWithRunLoop and wait for callbacks looking at the kSCNetworkReachabilityFlagsReachable flag. This is running fine under macOS 12.x, 13.x and 14.0 for more than a year. If I log all callback entries I observe unexpected notifications as if the looked host became unreachable for very small amount of time (ms). The host is flagged as unreachable then few ms later reachable again then unreachable again. Fast switching is fine, I can accept that the service is unreachable even for 1s but the probleme is the latest status do not reflect actual reachability of the service. This is in a corporate network with the complexity of using a proxy.pac. Does anybody noticed something similar ? I filled a Feedback FB13442134 in case it could be a regression of 14.2

Hi Team, I'm currently using a system extension with NETransparentProxyProvider (with root privileges). I want to support custom DNS (specific to domains) with a search domain to accommodate a single-level domain support. For this, I'm creating a new entry inside /etc/resolver/, using below command. sudo sh -c 'echo "domain corp.test.com\nsearch corp.test.com\nnameserver 9.9.9.9\nnameserver 9.9.2.2" > /etc/resolver/corp.test.com' The above command works fine for me when I execute it via the terminal, creating a new file inside the resolver as described below. So, when I access a single-label domain like https://test, it appends 'corp.test.com,' resulting in hitting the domain as https://test.corp.test.com. Furthermore, it selects either the DNS server 9.9.9.9 or 9.9.2.2. File: /private/etc/resolver/corp.test.com domain corp.test.com search corp.test.com nameserver 9.9.9.9 nameserver 9.9.2.2 File permission total 8 -rw-r--r-- 1 root wheel 80 Dec 5 18:20 corp.test.com scutil --dns resolver #8 domain : corp.test.com search domain[0] : corp.test.com nameserver[0] : 9.9.9.9 nameserver[1] : 9.9.2.2 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable) However, when I execute the same command within the extension using NSTask, it generates the new file but fails to work as per above. it creates below file File: /private/etc/resolver/corp.test.com domain corp.test.com search corp.test.com nameserver 9.9.9.9 nameserver 9.9.2.2 File permission total 8 -rw-r--r-- 1 root wheel 80 Dec 5 18:25 corp.test.com scutil --dns resolver #8 domain : corp.test.com search domain[0] : corp.test.com nameserver[0] : 9.9.9.9 nameserver[1] : 9.9.2.2 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable) I don't notice any difference in file permissions and in scutil --dns entry. even we tried running sudo killall -HUP mDNSResponder to refresh its records. Could you please suggest what might be the reason?