Hello, I am writing a NetworkExtension VPN using custom protocol and our client would like to able to use 5G network slice on the VPN, is this possible at all? From Apple's documentation, I found the following statement: If both network slicing and VPN are configured for an app or device, the VPN connection takes precedence over the network slice, rendering the network slice unused. Is it possible to assign a network slice on a NetworkExtension-based VPN and let the VPN traffic uses the assign network slice? Many thanks

I have tried filing a feedback, FB15509991, for help with this and that didn't go anywhere. Figured I would try the developer forums. Overview I am working on a matter device using the Matter SDK and the matter device basically consists of both a matter bridge and matter controller functionality. The bridge part is currently a none-issue, however trying to have our device be an additional controller for the existing matter fabric. The overall idea for our device as a matter controller is that it can be commissioned with Apple Home (via Matter BLE commissioning) and then view and control existing matter devices (over Wi-Fi network) on the Homekit matter fabric (convenient user experience), instead of our device having to form a matter fabric of its own and then having the user re-commission all their devices to add them our controller (difficult and possibly frustrating user experience), in order to have a consistent control experience between our device's display and Apple Home app. The big problem When we onboard our device via Apple Home app it does not have attribute write permission to other devices on the same fabric as we are seeing Unsupported Access (IM:0x0000057E) responses instead of expected attribute changes. Same for attempts to read valid endpoint/cluster/attributes. The possible solution Our operational device needs to be added to the access control list (ACL) with View and Operator permissions and then the ACL update pushed to all the fabric devices in order to give our device controller access to them. The next problem My question is what do we have to do in order for our device will be given control access permissions (View + Operator) in an ACL (access control list) update to other devices after our device has been commissioned? Because the matter specification does not define a "Controller Cluster" that could be used to type a device as a matter controller to make it obvious that the device wishes to have controller permissions post commissioning. So that means its up to each fabric administrator implementer as to how to accomplish what I'm requesting to do. I'm hoping somebody in the Apple team responsible for the Matter + HomeKit integration could give me some insight as to whether this is even possible at this time. Test environment The environment consists of: iPhone running iOS 17.7 iPad running iPadOS 18.0.1 HomePod Mini with software version 18.0 Realtek WiFi module running Matter Fan+Light firmware (Matter SDK 1.3) for target/controlee [our device] LCD display unit + Realtek WiFi module (Matter SDK 1.3) for controller.

I have implemented SSL pinning by following this article https://developer.apple.com/news/?id=g9ejcf8y , however pen testing team was able to bypass SSL pinning using Objection & Frida tools. I am using URLSession for API calls. I used Xcode 16. My app's minimum iOS deployment version is 16 onwards. <key>NSAppTransportSecurity</key> <dict> <key>NSPinnedDomains</key> <dict> <key>*.mydomain.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSPinnedCAIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>my SHA256 key</string> </dict> </array> </dict> </dict> </dict> Could anyone suggest how to mitigate this bypass mechanism?

Hello, As a developer, I'm experiencing a problem with WebSocket connections since upgrading to MacOS 15.0 Sequoia. When using a JSON RPC API from my workstation using tools such as Postman and/or Docker, I encounter the following problem: At the start of communications, messages received on the WS channel are fine. But after a while (indefinite) the messages become corrupted, truncated or jumbled. For debugging purposes, I used the WireShark utility to confirm that the problem was not with the server itself. I was thus able to confirm that incoming WebSockets messages are not corrupted, whereas they are when received by Postman and/or Docker. To confirm my hypothesis that the problem appeared with the latest version of MacOS, we tested on 6 different workstations. 3 MacBook Pro 13” running MacOS 14.6 3 MacBook Pro 13” running MacOS 15.0 The results were clear: the 3 MacOS 14.6 workstations never encountered the problem of corrupted data on the WebSocket channel, whereas the 3 MacOS 15.0 workstations did. Should you require any further information, please do not hesitate to contact me. Yours faithfully Paul BESRET, R&D Engineer.

System extensions on iOS have very low limits on allowed memory. For instance the DNS proxy extensions seem to be limited to 15MB. When I try to monitor the extension with instruments it quickly runs out of memory, most likely due to the way instruments tracks memory usage. I did find that there are two entitlements related to memory usage but it is unclear if these would work for extensions or only for applications. What are the best techniques for debugging extensions that run out of memory? Is there a way to temporarily increase the limit while debugging?

NEAppProxyProvider MacOS Sequoia 15 never called “handleNewFlow” although it works well in the macOS Ventura/ Sonoma

While I was starting App Proxy without errors from my application, the AppProxyProvider could not receive new flows in the function handleNewFlow. I just encounter this issue on macOS 15 beta (24A5309e). Everything is fine on the earlier macOS versions.

In the development environment, if I disable and then enable the Network Connection permission to my app in the Setting on my device, my app is denied the network connection permission permanently. The error message is The Internet connection appears to be offline. Please advise me what to do.

Hello, I'm wondering if a NEDNSProxyProvider should supports TCP DNS query or not ? DNS UDP datagrams are limited to 512 bytes and sometimes, a DNS resolver should fallback to TCP to handle large queries. But I don't see anything about supporting TCP flow in the DNS Proxy provider reference. Is there a guarantee that it will only receive UDP flow ? How is the system handling large DNS queries in that case ?

I am developing an iOS application based on Objective-C, and I have encountered a requirement where I need to determine if the password for the currently connected Wi-Fi is empty. If it is empty, the user is allowed to proceed to the next step. If it is not empty, they must enter a password. This will be used in the next process, which is the network configuration of a physical device. After researching documentation, I found two possible approaches to determine if the Wi-Fi password is empty. The first approach is to directly check the encryption type of the current Wi-Fi. If there is no encryption type, the Wi-Fi password is empty. The second approach is to use Apple's NEHotspotConfiguration class to attempt connecting to the Wi-Fi and determine if the password is empty. However, both approaches have encountered issues. For the first approach, there seems to be no public API available to directly retrieve the Wi-Fi encryption type. For the second approach, when using NEHotspotConfiguration to connect, I first get the Wi-Fi's SSID and then attempt to connect with an empty password. I am using [NEHotspotConfiguration alloc] initWithSSID:ssid] to create a configuration, and then I call [NEHotspotConfigurationManager sharedManager] applyConfiguration: to connect. However, regardless of whether the Wi-Fi is actually encrypted or unencrypted, no error is returned. The code is as follows: NSString *ssid = [NetInterface getCurrent_SSID]; // The Wi-Fi SSID that needs to be checked NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc] initWithSSID:ssid]; configuration.joinOnce = YES; // Remove previous configuration (optional) [[NEHotspotConfigurationManager sharedManager] removeConfigurationForSSID:ssid]; self.isWiFiEmptyOperateState = 1; // Attempt to apply the new configuration [[NEHotspotConfigurationManager sharedManager] applyConfiguration:configuration completionHandler:^(NSError * _Nullable error) { self.isWiFiEmptyOperateState = 2; if (error) { if (error.code == NEHotspotConfigurationErrorInvalid) { NSLog(@"Wi-Fi %@ is encrypted, a password is required", ssid); } else if (error.code == NEHotspotConfigurationErrorUserDenied) { NSLog(@"User denied the Wi-Fi configuration"); } else { NSLog(@"Other error: %@", error.localizedDescription); } } else { NSLog(@"Successfully connected to Wi-Fi %@, this network might be open", ssid); } }]; In the code above, it always ends up logging "Successfully connected to Wi-Fi." Is there any other approach that can fulfill my functional requirement? I noticed that some apps on the App Store have implemented this functionality, but all my attempts so far have failed.

I need to connect to a JMS that publishes data that I need to collect. I am trying one solution: RabbitMQ with the JMS plugin. I succeeded to install RabbitMQ and send messages from one process to another. However, I need to consume a JMS that an external party publishes. Can anybody tell me how I should configure the Host, Port, Username, Password and Queue name for RabbitMQ/JMS so that I can consume (or subscribe to) that JMS? Or does anybody know another way to consume (or subscribe to) a JMS from Swift? I have no idea which of the provided Tags I should select. Thanks! Wouter

When creating multiple QUIC streams (NWConnections) sharing one QUIC tunnel (using NWMultiplexGroup), is it possible to assign different priorities to the streams? And if yes, how? The only prioritization option I found so far is NWConnection.ContentContext.relativePriority, but I assume that is for prioritizing messages within a single NWConnection?

Hi Team, The Messages app is not working in the latest macOS Sequoia 15.0.1. We are unable to send messages or sync them when the VPN/TransparentAppProxy is connected. It was working fine in macOS 15.0 and earlier. A few users have reported the issue here: https://discussions.apple.com/thread/255802764?sortBy=rank

the app in ipad can not connect to tcp server in the same local network. libinfo check path: unsatisfied (Local network prohibited) reproduce steps: I update my ipad to iapd iOS/18.0 install the app make the app connect to tcp server in the windows which is in the same local network. the ipad trigger Local Network privacy alert I tap the allow button, I check the toggle of Local Network privacy is on as well I try to make the app connect to tcp server in the windows again, but can not connect to tcp server, the ipad system log: nw_path_libinfo_path_check [8F864AB4-C5E1-488D-B396-ECEC2F3FB77E IPv4#0423cc45:9520 tcp, legacy-socket, attribution: developer] libinfo check path: unsatisfied (Local network prohibited), interface: en0[802.11], ipv4, uses wifi 7. I try to make the app connect to tcp server in other windows. It connects successful. the ipad system log: nw_path_libinfo_path_check [C84DC25A-5A14-4080-ABAA-10ED24AE2D6D IPv4#7df62769:9520 tcp, legacy-socket, attribution: developer] libinfo check path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi So please apple developer help investigate why the app can not connect to the tcp sever in the same local network, even though the toggle of local network permission is on in ipad os 18

A few months ago, I remember reading some official documentation that was describing how to switch to a background upload when the app is about to be suspended. Unfortunately, I can't find that resource back, so it would be fantastic if someone would point it out to me. If I remember correctly, the procedure described was to start a regular upload task within some UIApplication.backgroundTask, and in any case the upload wasn't finished at the moment the system would call the suspension handler, the upload was "transitioned" into a a background one while preserving the current progress (I think because it was using the same URLSession or something, hence why I want to find back the documentation!) Note that I don't want to start a background upload from the beginning (this is what we do already!). I'm mostly looking for that piece of documentation to experiment if that scheme would improve our upload performance. Thanks!

Hello, I am planning to create an app that can transfer files to hardware devices via WiFi. With devices like GoPro, I believe the typical setup involves the GoPro creating a WiFi hotspot to which the iOS app connects, allowing file transfers. But this setup establishes a 1:1 connection between the app and the hardware. To support multiple hardware devices simultaneously, I am considering reversing this setup: the iOS device would create a personal hotspot, and the hardware devices would connect to it. However, I have concerns about this approach: Reliability: I have read that the personal hotspot feature on iOS devices can be unreliable, especially with non-Apple devices, which tend to disconnect frequently. Manual Setup: There is no API to programmatically create the personal hotspot, so users would have to enable it manually in the Settings. I can use isIdleTimerDisabled to prevent the iOS screen from going to sleep, which might help with disconnection issues. Aside from this, are there other things I can do to ensure a stable connection? Given my limited experience with hardware connections, I am uncertain if having the iOS device act as the WiFi access point is a good design. Any advice or alternative solutions would be greatly appreciated. Thank you in advance!

Hello everyone, I’m currently working on a Swift project using the Network framework to create a multicast-based communication system. Specifically, I’m implementing both a multicast receiver and a sender that join the same multicast group for communication. However, I’ve run into some challenges with the connection management, replying to multicast messages, and handling state updates for both connections and connection groups. Below is a breakdown of my setup and the specific issues I’ve encountered. I have two main parts in the implementation: the multicast receiver and the multicast sender. The goal is for the receiver to join the multicast group, receive messages from the sender, and send a reply back to the sender using a direct connection. Multicast Receiver Code: import Network import Foundation func setupMulticastGroup() -> NWConnectionGroup? { let multicastEndpoint1 = NWEndpoint.hostPort(host: NWEndpoint.Host("224.0.0.1"), port: NWEndpoint.Port(rawValue: 45000)!) let multicastParameters = NWParameters.udp multicastParameters.multipathServiceType = .aggregate do { let multicastGroup = try NWMulticastGroup(for: [multicastEndpoint1], from: nil, disableUnicast: false) let multicastConnections = NWConnectionGroup(with: multicastGroup, using: multicastParameters) multicastConnections.stateUpdateHandler = InternalConnectionStateUpdateHandler multicastConnections.setReceiveHandler(maximumMessageSize: 16384, rejectOversizedMessages: false, handler: receiveHandler) multicastConnections.newConnectionHandler = newConnectionHandler multicastConnections.start(queue: .global()) return multicastConnections } catch { return nil } } func receiveHandler(message: NWConnectionGroup.Message, content: Data?, isComplete: Bool) { print("Received message from \(String(describing: message.remoteEndpoint))") if let content = content, let messageString = String(data: content, encoding: .utf8) { print("Received Message: \(messageString)") } let remoteEndpoint = message.remoteEndpoint message.reply(content: "Multicast group on 144 machine ACK from recv handler".data(using: .utf8)) if let connection = multicastConnections?.extract(connectionTo: remoteEndpoint) { connection.stateUpdateHandler = InternalConnectionRecvStateUpdateHandler connection.start(queue: .global()) connection.send(content: "Multicast group on 144 machine ACK from recv handler".data(using: .utf8), completion: NWConnection.SendCompletion.contentProcessed({ error in print("Error code: \(error?.errorCode ?? 0)") print("Ack sent to \(connection.endpoint)") })) } } func newConnectionHandler(connection: NWConnection) { connection.start(queue: .global()) connection.send(content: "Multicast group on 144 machine ACK".data(using: .utf8), completion: NWConnection.SendCompletion.contentProcessed({ error in print("Error code: \(error?.errorCode ?? 0)") print("Ack sent to \(connection.endpoint)") })) } func InternalConnectionRecvStateUpdateHandler(_ pState: NWConnection.State) { switch pState { case .setup: NSLog("The connection has been initialized but not started") case .preparing: NSLog("The connection is preparing") case .waiting(let error): NSLog("The connection is waiting for a network path change. Error: \(error)") case .ready: NSLog("The connection is established and ready to send and receive data.") case .failed(let error): NSLog("The connection has disconnected or encountered an error. Error: \(error)") case .cancelled: NSLog("The connection has been canceled.") default: NSLog("Unknown NWConnection.State.") } } func InternalConnectionStateUpdateHandler(_ pState: NWConnectionGroup.State) { switch pState { case .setup: NSLog("The connection has been initialized but not started") case .waiting(let error): NSLog("The connection is waiting for a network path change. Error: \(error)") case .ready: NSLog("The connection is established and ready to send and receive data.") case .failed(let error): NSLog("The connection has disconnected or encountered an error. Error: \(error)") case .cancelled: NSLog("The connection has been canceled.") default: NSLog("Unknown NWConnection.State.") } } let multicastConnections = setupMulticastGroup() RunLoop.main.run() Multicast Sender Code: import Foundation import Network func setupConnection() -> NWConnection { let params = NWParameters.udp params.allowLocalEndpointReuse = true return NWConnection(to: NWEndpoint.hostPort(host: NWEndpoint.Host("224.0.0.1"), port: NWEndpoint.Port(rawValue: 45000)!), using: params) } func sendData(using connection: NWConnection, data: Data) { connection.send(content: data, completion: .contentProcessed { nwError in if let error = nwError { print("Failed to send message with error: \(error)") } else { print("Message sent successfully") } }) } func setupReceiveHandler(for connection: NWConnection) { connection.receive(minimumIncompleteLength: 1, maximumLength: 65000) { content, contentContext, isComplete, error in print("Received data:") print(content as Any) print(contentContext as Any) print(error as Any) setupReceiveHandler(for: connection) } } let connectionSender = setupConnection() connectionSender.stateUpdateHandler = internalConnectionStateUpdateHandler connectionSender.start(queue: .global()) let sendingData = "Hello, this is a multicast message from the process on mac machine 144".data(using: .utf8)! sendData(using: connectionSender, data: sendingData) setupReceiveHandler(for: connectionSender) RunLoop.main.run() Issues Encountered: Error Code 0 Even When Connection Refused: On the receiver side, I encountered this log: nw_socket_get_input_frames [C1.1.1:1] recvmsg(fd 8, 9216 bytes) [61: Connection refused] Error code: 0 Ack sent to 10.20.16.144:62707 Questions: how do I reply to the message if above usage pattern is wrong? how do I get a NWConnection from the received message to create a separate connection for communication with the sender. Any insights or suggestions on resolving these issues or improving my multicast communication setup would be greatly appreciated. Thanks :)

I want to add encryption algorithms from liboqs in a VPN app I am building but I don't see any fields for adding custom encryption algorithms in NEVPNIKEv2SecurityAssociationParameters. Is it possible to do this?

I am creating a VoIP application. The VoIP application needs to send and receive RTP packets at 20 ms intervals. The application calls sendto() of the Socket API at 20 ms intervals, but the iPhone buffers the send data inside iOS and then sends RTP packets in batches at 1 second intervals. (I captured the sned packets of iPhone with rvctl and confirmed this. please reffer "Sending at 1 second intervals.png" for detail) Similarly, other devices send RTP packets to the iPhone at 20 millisecond intervals, but the iPhone only receives them at 1 second intervals. (please reffer "Receiving at 1 second intervals.png" for detail) Why is this? If the cause of the delay is in the Wi-Fi protocol and the cause can be found from sysdiagnose, please tell me the search key for sysdiagnose that shows the cause of the delay and the meaning of the corresponding log. I uploaded sysdiagnose and result of lan capture to below. [sysdiagnose and lan capture] https://drive.google.com/file/d/149OPmePAF4hnZj6NeSnKc5NizfitPQDS/view?usp=sharing And, the start and end times, packet number in the lan capture of the call shown in the png example are below Start time; 13:57:22.349608/packet number; 948 End time; 13:57:37.482874/packet number; 2583

I have a network call that can sometimes take longer than 30 seconds and user might sometimes background the app after waiting a bit (think like a image generation done on a server which takes a while). I want to make sure that I have exhausted all the options available to provide the best possible solution for the user (1) Use beginBackgroundTask. The downside to this is that I'm only given about 30 seconds or so, and if it takes longer, the call just get killed. (2) Use URLSessionConfiguration.background. The upside is that this can take as long as it needs but it seems to be delegated to the system, and you never know when it will run? What if the user stays in the foreground and now the user will not know when the call will even begin (determined by the OS) (3) Use BGProcessingTask. Again problem is that we cant control when the task is run (which in this case we want it to be immediately). So really none of the options really is ideal. Are there other options? What I would like ideally is The call should start immediately upon user request The call should go on indefinitely when the app stays in foreground The call should go on for an extended period (like 2 minutes) if the user puts the app in background If the call is completed in the background, have a way for the app to retrieve the result when the user brings the app back in the foreground