Hi everyone, I followed https://developer.apple.com/forums/thread/700295 to try to make sure one iPhone could perform UWB ranging with more than iPhone by creating a separate NISession for each phone and storing it in a dictionary, but I have not been able to get distance measurements from more than one phone at the same time. It seems that MPCSession allows all phones to see each other, but when it comes to UWB measurements, only 2 phones are able to exchange distance and angle measurements at the same time. It seems once an NISession starts working, it does not give other NISessions a turn to work. I set the MPC delegate to the same ViewController class, maybe that is the issue, but I have seen that Qorvo also set their Bluetooth connection delegate to the same class, and it works with their DWM3001CDK. Can you please help me make sure that each phone can receive distance and angle updates from multiple phones simultaneously?

I have a system extension which contains 3 capabilities: App Proxy, Content Filter, Packet Tunnel. System extension process doesn't auto stops on disabling all of its Capabilities: App Proxy, Content Filter, Packet Tunnel How to make system extension process auto stop if all of its capabilities disabled? Disable can happens via system extension hosting app or system preference network settings I have following in mind: Whenever we disables any capabilities via system extension hosting app, it can check if all others are disabled then Use KILL bash command to terminate system extension process System extension hosting app can send message via XPC to extension to terminate it self via NSApp.terminate On disabling from system preference, ssystem extensions can check if all other disables in delegate method and terminate itself I wanted to know what is better way to handle system extension process stop

I expect there is a shockingly obvious answer to this, but I've been stuck a couple of days on Problem Obvious and could use a tip / cake-with-file to escape from development jail. I have used DNSServiceRef / Bonjour to advertise my service, and have used the same to get a list of what is advertised (using the hit on lo0 for the moment since still testing). So, now I have a machine name "mymachine.local." and the right port number to connect to. Yay! What I can not figure out is how to get that information into a (IPV6) sockaddr so I can use it with connect. The point of confusion for me is that DNSServiceGetAddrInfo() does not take a port argument, and I see no other place to squeeze this information into the sockaddr returned by the DNSServiceGetAddrInfoReply. If I just use a IPV6 socket with that sockaddr, I get back EADDRNOTAVAIL. Haven't tried IPv4. No error is returned from DNSServiceGetAddrInfo. I'm reading around that this may be because the port is 0, and indeed I can't find any spot in this pathway to squeeze that information in. I'll attach an obligatory bit of code so that the reader may feel more grounded: // My DNSServiceGetAddrInfoReply void ServiceList::Node::AddressInfoCallback( DNSServiceRef __nonnull _sdRef, DNSServiceFlags _flags, uint32_t _interfaceIndex, DNSServiceErrorType _errorCode, const char * __nullable _hostname, const struct sockaddr * __nullable _address, uint32_t UNUSED _ttl, void * __nonnull context) { printf( "AddressInfo: \"%s\"\n", _hostname); AddrInfo * info = (AddrInfo*) context; if( kDNSServiceErr_NoError != _errorCode || NULL == _hostname || NULL == _address) { LOG_ERROR("Failed to get address info on \"%s\"\n", (const char*) info->hostTarget); delete info; return; } int err = connect(info->socket, _address, _address->sa_len); // returns EADDRNOTAVAIL on IPv6 socket. What am I really trying to do? I'd like to connect to the address and port that I from my DNSServiceResolveReply.

It worked fine before iOS 17.1. Just checked with iOS 16 on real device. And my teammate from QA department confirmed it works for iOS 17.0.1. The problem occurs only with device in local network connected via ethernet. The device itself has two options for connection - via Wi-Fi and Ethernet. It works for all iOS versions via Wi-Fi. But it can't resolve host for Ethernet connection. Error appears in func netService(_ sender: NetService, didNotResolve errorDict: [String : NSNumber]) looks like that: (NSNetServicesErrorDomain: 10, NSNetServicesErrorCode: -72007) Could you please explain this error code?

Is it possible to have both 'includeAllNetworks' and split-tunnel simultaneously? I want to enable a split tunnel so only some of the traffic will reach the tunnel, but at the same time, to make sure that the above traffic will always reach the tunnel - even if it's coming from some low-level networking API or even if the traffic started before creating the tunnel. Setting the 'includeAllNetworks' flag will help with the above cases, but then I'll get all the traffic via the tunnel without consideration in the split tunnel configuration. (Details: System-extension, PacketTunnelProvider)

We have a VPN app with Packet Tunnel Provider for iOS. The option disconnectOnSleep from <NetworkExtension/NEVPNProtocol.h> is false. Sometimes our users experiences an issue when the process stops itself after some period of time without crashes. In the logs, everything looks Ok. The iOS versions with the reproduced issue are 16.7.2, 17.1. Memory usage of our VPN app is ~9Mb. I've implemented NEProvider's interfaces in our subclass of NEPacketTunnelProvider: override func sleep(completionHandler: @escaping () -> Void) { NSLog("Sleep") completionHandler() } override func wake() { NSLog("Wake") super.wake() } After retesting by users, I've noticed that there are multiple subsequent calls of sleep-wake, sleep-wake, sleep-wake API, but in the problem scenario, our logs and the process stops after "Sleep". I've read the post https://developer.apple.com/forums/thread/95988, and didn't get an idea: what if sleep(_:) nor wake() are not implemented - how does it affect the VPN app behaviour? Is it a correct hypothesis that sometimes the iOS kills the process silently without crash? What are the triggers that force the system to kill a VPN app?

I am working on a Swift app which does a TLS connection to a server. I want to set an identity, which the server will validate. I'm given a pkcs12 file. The cert is not trusted locally on my system, but the server can validate it. First, I didn't need to import the cert - I just want to create an identity that I can use with my connection. I don't think that's possible, so I do this: var importStatus = SecPKCS12Import(pkcs12Data as CFData, importOptions as CFDictionary, &importArray) The first time I call this, it's successful. I have come to extract the identity (and certificate) from the importArray returned, but in my case, even though I get an errSecSuccess return status, the importArray is empty. So first question: why would it be empty? ( if the code is run again, I get an errSecDuplicateItem - I don't need to store it in the keychain but I guess I'm being forced to) When I imported, I used a UUID as my identifier - I set it in the options: let importOptions: [String: Any] = [ kSecImportExportPassphrase as String: password, kSecImportItemLabel as String: identifier ] So I try to retrieve the identity from the keychain: let identityQuery = [ kSecClass: kSecClassIdentity, kSecReturnRef: true, kSecAttrLabel: identifier ] as NSDictionary var identityItem: CFTypeRef? let status = SecItemCopyMatching(identityQuery as CFDictionary, &identityItem) where I pass the UUID as identifier, but I actually get back my apple identity, not the certificate. However, if I pass in the certificate's CN, (hard-coded for my testing) I get the right identity back. So my second question: am I doing something wrong? If i pass an ItemLabel on import, can I retrieve the certificate using that same label? So for me to get this working, I need to know the CN of my cert, or I need the ItemLabel to work so that I can just retrieve using a UUID. To determine the CN of my cert, the only apple API I found is this: SecCertificateCopyCommonName which requires the cert to be in .der format, rather than .pkcs12. So I have a bit of a chicken and egg problem. So my last question - is there a way to extract the CN from the pkcs12 file, or to convert the Data from .pkcs12 to .der? Thanks!

I have to create project for client that show wifi list to talk with iot device. Should i need MFI program to get all wifi network list? How I can integrate with .net maui, React native cross platform, objective c language?

Hi Team, We are registering Network Extension on application launch. The application shows this dialog [Dialog attached]. The failing case User press OK and hence, dismissing the user approval User click on Apps UI -&gt; Register Register call the same API again i.e. let activationRequest = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: identifier, queue: .main) 4. This time, the dialog is not launched for the user. Whereas, we have observed, it does launch the dialog again on some of the machines. 5. User reboot the machine 6. Click App -&gt; Register. Stil the same case, the dialog is not launched for user. When I check the status using systemextensionsctl list  *  [TeamId]  com.company.extensionname (1.0.100/1.0.100)  ExtensioName  [activated waiting for user] How can I force the launch of this dialog in API, so that, user can be guided to act upon it.

Hi Team, I have one requirement. As sim swap fraud increasing day by day so for preventing this SIM Swap on App side, I need to get some unique data of SIM in swift So that I use to check the sim info In current device and prevent this fraud. If user register any app with one sim and later he/her change the SIM so how I can identify that user using the same sim or different one so that I can reauthenticate the mobile number. In backing industry it's very important to check this..other wise we can't stop fraud. If any method to check the SIM swiping then please let me know..Thanks

Hello, I'm using an NEFilterDataProvider to filter the HTTP/S flow of applications (based on bundleId). With the help of this forum, I can now retrieve the bundleId of the application's flow from the audit_token (sourceAppAuditToken). Unfortunately, for some applications (e.g., Safari), I get the bundleId of the isolated process that uses WebKit, but I would like to retrieve the bundleId of the responsible process (Safari). My current solution is to obtain the responsible PID of the WebKit process and then retrieve the bundleId from this PID (SecCodeCopyGuestWithAttributes). What is the correct way to get the bundleId of the responsible process?

I created a Matter device with a fan endpoint with fan_control attribute. When I setup this device via Google Home, I see the percent control for the fan. However, when I setup via the iOS Home app, I only see an on/off switch. Is the fan_control.percent_current Matter attribute supported? Or any of the fan_control attributes?

Hello, in avbutil --controller, when viewing stream settings on ATDECC in interface statistics under AVB interface: Thunderbolt Ethernet there are stream parameters as read-only values. How to change Priority 1 ant Priority 2 values? I assume there is some config file/terminal command that would modify these parameters. Using 13.6.2 (22G320)

Hi, I encounter various problems with inserting PKDrawing into a PDFAnnotation : First : After "page.addAnnotation(myCustomAnnotation)", saved document seems corrupted (affected pages are displayed with a "X" watermark covering the whole page), Second : The only way to extract PKDrawing from the annotation is unarchiveTopLevelObjectWithData: which is deprecated, Final : I'm not able to re-read PKDrawings to restore PKCanvasView undoManager. Does anyone have an idea on a correct way to do this? Thank you in advance and happy new year everyone!

During my exploration of NWConnection and NWListener I created sample code to implement communication between client and listener over UDP. To achieve that client and listener were created on the same machine using localhost. Same client and listener codes were also deployed on different macOS machines. Following are the observations: Observation1: Within the same macOS machine, Listener was created on a port X and from client side I used "localhost" and Port X to connect to the listener. To capture the behavior of the how the connections/FDs are getting created I used lsof & netstat commands and following were the output: LSOF: tw-macoffice-02-studio:~ nikhil.singh$ lsof -Pi :9001 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME NWListner 16775 nikhil.singh 4u IPv6 0x402b8381d3a12129 0t0 UDP *:9001 NWListner 16775 nikhil.singh 5u IPv6 0x402b8381d3a11129 0t0 UDP localhost:9001->localhost:64723 NWConnect 16785 nikhil.singh 4u IPv4 0x402b8381d3a10529 0t0 UDP localhost:64723->localhost:9001 Here, we can see that separate FDs are getting created for: NWListner - Listener FD - 4u and NWConnection (connection request) from listener to client FD - 5u on localhost with Process ID 16775 NWConnect - NWConnection from client to listener on localhost FD - 4u Process ID 16785 NETSTAT: tw-macoffice-02-studio:~ nikhil.singh$ netstat -an |grep 9001 udp4 0 0 127.0.0.1.9001 127.0.0.1.64723 udp4 0 0 127.0.0.1.64723 127.0.0.1.9001 udp46 0 0 *.9001 . Connection wise also we can see the two connections are listed. Observation 2: I used different macOS machines within the same network to implement listener and client side of the code. Here, the behavior in terms of socket FD creation on the listener side with incoming connection request was different. Listener Side: LSOF: nikhil.singh@Mac-Pro ~ % lsof -Pi :9001 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME UDP_Serve 31480 nikhil.singh 5u IPv6 0xb3b7cb5ed6d2edd7 0t0 UDP *:9001 NETSTAT: nikhil.singh@Mac-Pro ~ % netstat -an |grep 9001 udp46 0 0 *.9001 . udp4 0 0 10.20.16.144.9001 10.20.16.250.62758 Inconsistency: **For listener side, a new socket FD was not created when listener accepted the incoming connection. ** Client Side: LSOF tw-macoffice-02-studio:~ nikhil.singh$ lsof -Pi :9001 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME NWConnect 29015 nikhil.singh 4u IPv4 0x402b8381d3c74129 0t0 UDP 10.20.16.250:62758->tw-macoffice-01.tallysolutions.com:9001 NETSTAT tw-macoffice-02-studio:~ nikhil.singh$ netstat -an |grep 9001 udp4 0 0 10.20.16.250.62758 10.20.16.144.9001 For Client Side, a new FD was created from client to listener. Question: Why a new socket FD was not created on the Listener side when incoming connection was from a different machine over IP. Also, one Digression question: As a cross platform application, we plan to use Network Framework for Apple Kernel and BSD sockets for others. Similar to BSD, is there a way we can block a thread on connection.receiveMessage?

Hello, I noticed that Facetime attempts to use the QUIC protocol during a Facetime session with the following ports 3478 through 3497 (UDP). Can Facetime use the QUIC protocol for the following ports 3478 through 3497 (UDP) because on the internet I have not found anywhere the possibility that QUIC can be used other than ports 80 and 443?

I want to allow network access in my app but I have an error nw_proxy_resolver_create_parsed_array [C1.1.1 proxy pac] Evaluation error: NSURLErrorDomain: -1003 which crashes my app although the seek command works and I get a correct value back from the internet server. I understood I could fix this as foilows? There is a section Info. Within Xcode 15 where you can find Custom macOS Application Target Properties. I selected App Transport Security Settings and the after pressing the drop down menu selected Allow Arbitrary Loads. Then to the left of that I press the menu and it shows YES and NO but if I try to select either of them neither appears in the key value box? Also I thought this would create a new Info.plist which I could then add my key values- but nothing happens.. I am very new to the so any help is much apprecated

iPhone X running iOS 15.6 failed to connect to WPA3 Wifi using NEHotspotConfigurationManager API, however device running 16.3.1 can connect to WPA3 Wifi using the same NEHotspotConfigurationManager API. Can someone help me out?

I have a query regarding the CFHostGetAddressing function that I'm using to retrieve addresses from a host. Specifically, I am curious about the predefined order of IPs in the array returned by this function when multiple IPs are present for a host. Here are my questions: In the case where both IPV6 and IPV4 addresses are present for a host, does the CFHostGetAddressing function return the addresses array with IPV6 at the 0th index and IPV4 following it? If a mapped IPv6 address is present along with an IPV4 address, does the function prioritize placing the mapped IPv6 address first in the addresses array, followed by the IPV4 address? I would appreciate it if someone could provide insights into any defined order for these scenarios. Additionally, if there is documentation or a reference page specifying this order, kindly point me in the right direction. Thank you in advance for your assistance.

there is few document on explain how IP_BOUND_IF works. I use the following code to specific interface to sending my data , where on a device has both wifi and vpn. const char* device_name = "pdp_ip0"; int interfaceIndex = if_nametoindex(device_name); int res = setsockopt(socketfd, IPPROTO_IP, IP_BOUND_IF, &interfaceIndex, sizeof(interfaceIndex)); the res results 0 , but socket still send data via utun, witch is a vpn interface