I am trying to do a connection, with NWConneciton, and wanted to know if the connect fails? I can't seem to determine what status I should look for

Hello Experts, After updating to Mac OS sonoma, I am not able to get SSID info and going through already issue, I can see that on update location access is mandatory to get SSID info from API - scanForNetworksWithName:includeHidden:error: Now my application is already able to get latitude and longitude info, but when I call API mentioned above, it gives nil in ssid name field. Questions - Is there any known issue? Is there any other better way to get CWNetwork object so that I can use it directly instead of scanning and then connecting? Note - I have created app package, but application has no GUI. Application is also combination of Golang and Objective-C

Hi all, As far as my research, I found there are two ways to ping an IP Address (ipv4 and ipv6) in MacOS in Swift. SimplePing Run command line in code like below func doPing() { let task = Process() task.executableURL = URL(fileURLWithPath: "/sbin/ping") task.arguments = [ "-c", "4", "10.1.141.100" ] let outputPipe = Pipe() task.standardOutput = outputPipe let outputHandle = outputPipe.fileHandleForReading outputHandle.readabilityHandler = { pipe in if let ouput = String(data: pipe.availableData, encoding: .utf8) { if !ouput.isEmpty { log += ouput print("----> ouput: \(ouput)") } } else { print("Error decoding data: \(pipe.availableData)") } } task.launch() } So which way is better and which way should I implement for the project?

I am using RawDatagramSocket.bind(InternetAddress('255.255.255.255'), 1050) in Flutter also added local network access permission with a description but still getting this error Unhandled Exception: SocketException: Failed to create datagram socket (OS Error: Can't assign requested address, errno = 49), address = 255.255.255.255, port = 1050

Reproduction steps Xcode15.1 iPhone14Pro/iOS16.3 commission with MatterSupport implementation @objc class func commission(with setupPayload: MTRSetupPayload?) throws { MTRLog("MatterSupport start request") let topology: MatterAddDeviceRequest.Topology = .init( ecosystemName: "SmartHome", homes: [ // .init(displayName: "smart office"), // .init(displayName: "smart living"), ] ) let request = MatterAddDeviceRequest( topology: topology, setupPayload: setupPayload ) Task { do { try await request.perform() } catch { throw error } } } Always failed with Error on commissioning step 'FindOperational': '../../../../../../../../Sources/CHIPFramework/connectedhomeip/src/credentials/CHIPCert.cpp:488: CHIP Error 0x0000004A: CA certificate not found' relate issue: https://github.com/project-chip/connectedhomeip/issues/31309

Hi there, we're looking to build a Bonjour service for our users so that they can share data between devices. Things are mostly going ok, but we would like to make sure the connection is secure. Being good developers we took a look at the TicTacToe example from WWDC. This looks great! We'd love to secure our comms with the latest TLS via a Pre Shared Key (PSK) e.g. a Passcode in our case. In the normal happy path, things work well, we can send and receive messages and all is well. However, when we enter the wrong passcode we don't receive any notification back on the client side. The server can detect the incorrect passcode, but the client is left hanging around. The issue only appears to affect a Bonjour service or mode (not quite sure of the terminology here). If we explicitly specify a host (e.g. "localhost" and port (e.g. 12345) for connection/listening then we get the expected callbacks on both client/server that the PIN was incorrect. However if we just setup a service and try to connect to it (in our case we use NWBrowser in our App, but below we create an endpoint manually), everything works fine for a good passcode, but for a bad passcode we don't receive any callback and have no way to know the passcode was no good and inform the user. So, we'd love to be able to detect that incorrect passcode on the client side. What are we doing wrong. Sample code below (mostly shamelessly ripped from some of @eskimos sample code in another issue) demonstrates the issue, change the ServiceMode / Passcodes inside main() to see the issue. Hoping we can page Dr. @eskimo and Dr. @meaton - Could really do with your expertise here. Ta! import CryptoKit import Foundation import Network let ServerName = "My-Bonjour-Server" let ServiceName = "_my_bonjour_service._tcp" var listenerRef: NWListener? var receiveConnectionRef: NWConnection? var sendConnectionRef: NWConnection? enum ServiceMode { case explicitHostAndPort // This works all the time case bonjourService // This doesn't work for an incorrect passcode } extension NWParameters { // Just ripped from the TicTacToe example convenience init(passcode: String) { self.init(tls: NWParameters.tlsOptions(passcode: passcode)) } private static func tlsOptions(passcode: String) -> NWProtocolTLS.Options { let tlsOptions = NWProtocolTLS.Options() let authenticationKey = SymmetricKey(data: passcode.data(using: .utf8)!) let authenticationCode = HMAC<SHA256>.authenticationCode(for: ServiceName.data(using: .utf8)!, using: authenticationKey) let authenticationDispatchData = authenticationCode.withUnsafeBytes { DispatchData(bytes: $0) } sec_protocol_options_add_pre_shared_key(tlsOptions.securityProtocolOptions, authenticationDispatchData as __DispatchData, stringToDispatchData(ServiceName)! as __DispatchData) sec_protocol_options_append_tls_ciphersuite(tlsOptions.securityProtocolOptions, tls_ciphersuite_t(rawValue: TLS_PSK_WITH_AES_128_GCM_SHA256)!) return tlsOptions } private static func stringToDispatchData(_ string: String) -> DispatchData? { guard let stringData = string.data(using: .utf8) else { return nil } let dispatchData = stringData.withUnsafeBytes { DispatchData(bytes: $0) } return dispatchData } } func startListener(passcode: String, serviceMode: ServiceMode) { let listener: NWListener switch serviceMode { case .explicitHostAndPort: listener = try! NWListener(using: NWParameters(passcode: passcode), on: 12345) case .bonjourService: listener = try! NWListener(using: NWParameters(passcode: passcode)) listener.service = NWListener.Service(name: ServerName, type: ServiceName) } listenerRef = listener listener.stateUpdateHandler = { state in print("listener: state did change, new: \(state)") } listener.newConnectionHandler = { conn in if let old = receiveConnectionRef { print("listener: will cancel old connection") old.cancel() receiveConnectionRef = nil } receiveConnectionRef = conn startReceive(on: conn) conn.start(queue: .main) } listener.start(queue: .main) } func startReceive(on connection: NWConnection) { connection.receive(minimumIncompleteLength: 1, maximumLength: 2048) { dataQ, _, _, errorQ in if let data = dataQ, let str = String(data: data, encoding: .utf8) { print("receiver: did receive: \"\(str)\"") } if let error = errorQ { if case let .tls(oSStatus) = error, oSStatus == errSSLBadRecordMac { print("receiver has detected an Incorrect PIN") } else { print("receiver: did fail, error: \(error)") } return } } } func startSender(passcode: String, serviceMode: ServiceMode) { let connection: NWConnection switch serviceMode { case .explicitHostAndPort: connection = NWConnection(host: "localhost", port: 12345, using: NWParameters(passcode: passcode)) case .bonjourService: let endpoint = NWEndpoint.service(name: ServerName, type: ServiceName, domain: "local.", interface: nil) connection = NWConnection(to: endpoint, using: NWParameters(passcode: passcode)) } sendConnectionRef = connection connection.stateUpdateHandler = { state in if case let .waiting(error) = state { if case let .tls(os) = error, os == errSSLPeerBadRecordMac { // Incorrect PIN print("Sender has detected an Incorrect PIN") } } else { print("sender: state did change, new: \(state)") } } connection.send(content: "It goes to 11".data(using: .utf8), completion: .idempotent) connection.start(queue: .main) } func main() { let serviceMode: ServiceMode = .explicitHostAndPort // Set this to Bonjour to see the issue // Change one of the Passcodes below to see the incorrect pin message(s) or lack thereof startListener(passcode: "1234", serviceMode: serviceMode) // Wait for server to spin up... DispatchQueue.main.asyncAfter(deadline: .now() + 1) { startSender(passcode: "1234", serviceMode: serviceMode) } dispatchMain() } main() exit(EXIT_SUCCESS)

I'm getting infrequent crashes when I try to show a newly created PDF. The PDF is file based, and shortly after UIGraphicsEndPDFContext its shown. The crash reports make it appear that the file itself is being mutated after its displayed. So my question: is the file (self.filePath) absolutely flushed and closed when UIGraphicsEndPDFContext returns? If not, is there some way to detect when it has finished? Thanks! David `func addPageNumbers() { let url = URL(fileURLWithPath: filePath) guard let document = CGPDFDocument(url as CFURL) else { return } // You have to change the file path otherwise it can cause blank white pages to be drawn. self.filePath = "\(filePath)-final.pdf" UIGraphicsBeginPDFContextToFile(filePath, .zero, nil) let pageCount = document.numberOfPages for i in 1...pageCount { ... } } UIGraphicsEndPDFContext() }

I scan my ble device with the code below. centralManager.scanForPeripherals(withServices: [connectionServiceUUID], options: nil) and the call back method is called when the device is scaned. func centralManager(_ central: CBCentralManager, didDiscover peripheral: CBPeripheral, advertisementData: [String : Any], rssi RSSI: NSNumber) { ... } I have 2 questions with the value of advertisementData[CBAdvertisementDataLocalNameKey] from the callback method. Suppose there is connections, and the localNameKey of the device is A. When it is scanned and connected at first, the advertisementData[CBAdvertisementDataLocalNameKey] I get is not A but something else. Here, if I do the same then I get A. Now, I change the localNameKey of the device to B. And when it is scanned, the advertisementData[CBAdvertisementDataLocalNameKey] is still A, and I do the same, now it is B. Why? When the screen is off, advertisementData[CBAdvertisementDataLocalNameKey] never changes, why?

I'm building an older app that's on the app store in XCode 15.2. It runs fine on iOS 15, 16, 17. It is supported on iOS 12 and when I try to run on iOS 12 it crashes. I'm not sure why this is happening. Anyone know? Crash report: Photobooth-2024-01-11-181720.ips Snippet: Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Description: DYLD, Symbol not found: _$s7Network12NWConnectionC5StateOMa | Referenced from: /private/var/containers/Bundle/Application/C5B7AB67-6F8C-4EE3-977C-2076C4F06729/Photobooth.app/Frameworks/VideoNetworkFramework.framework/VideoNetworkFramework | Expected in: /System/Library/Frameworks/Network.framework/Network Triggered by Thread: 0

Hi, Some questions about how to use NEFilterDataProvider. Context: My extension has network rules (NENetworkRule) to filter most of HTTP/HTTPS trafic (port 80 et 443). Allowing a flow is a decision made by consulting custom rules (no NENetworkRule here) that the user can change at any moment. Questions: 1/ By modifying a custom rule, the decision for a flow can change. It is possible to retrieve currently allowed flows (for an application) and change the decision about it ? Can NSFilterFlow be cache to later change a decision ? Is there a way to know when a flow is no longer used ? 2/ An accepted flow seems never filtered again (except by quitting the application). The only way I found to apply new custom rules on currently allowed flow is by restarting the filter (load, NSFilterManager.isEnable=false, save, NSFilterManager.isEnable=true, save). Is it the correct method ? Thanks for you attention.

Hi, I'm looking into the per-app VPN on iOS and I see its for managed apps installed from a MDM. Can it be used for Apple apps, i.e. Safari, so the traffic can be inspected to decide if it should go via the VPN backend or direct to the internet? Thanks, Dave

Hey, I have a free radius server that support eap tls 1.3. I send an eap tls authentication using Windows 11 and see by wireshark that packet are really eap tls 1.3. but then when i do it using MacOS / iphone that support eap tls 1.3 by default (as wrote in forums - macOS 14.2.1 and IOS 17.2.1) i see an Client hello of 1.2 without the extension of support version and the authentication is by eap tls 1.2. Anyone saw this issue/ know if they are really support authentication of eap tls 1.3 ? I use same certificates for all of the clients and install them. Thanks, Nir.

Code snippet below: NSString *host = @"time.google.com"; CFHostRef cfHostRef = CFHostCreateWithName(nil, (__bridge CFStringRef) host); Boolean didLookup = CFHostStartInfoResolution(cfHostRef, kCFHostAddresses, nil); NSLog(@"didLookup=%d", didLookup); CFArrayRef addresses = CFHostGetAddressing(cfHostRef, &didLookup); struct sockaddr *remoteAddr; long count = CFArrayGetCount(addresses); NSLog(@"count=%ld (this should include both ip4 and ip6)", count); for(int i = 0; i < count; i++) { CFDataRef saData = (CFDataRef)CFArrayGetValueAtIndex(addresses, i); remoteAddr = (struct sockaddr*)CFDataGetBytePtr(saData); NSLog(@"family=%d (AF_INET=%d, AF_INET6=%d)",remoteAddr->sa_family, AF_INET, AF_INET6); NSString* addrPretty = nil; switch (remoteAddr->sa_family) { case AF_INET: { char dest[INET_ADDRSTRLEN]; struct sockaddr_in *ip4 = (struct sockaddr_in *) remoteAddr; addrPretty = [NSString stringWithFormat: @"%s", inet_ntop(AF_INET, &ip4->sin_addr, dest, INET_ADDRSTRLEN)]; break; } case AF_INET6: { char dest[INET6_ADDRSTRLEN]; struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *) remoteAddr; addrPretty = [NSString stringWithFormat: @"%s", inet_ntop(AF_INET6, &ip6->sin6_addr, dest, INET6_ADDRSTRLEN)]; break; } default: break; } NSLog(@"addrPretty=%@", addrPretty); } As far as I understand this should print out both IPv4 and IPv6 addresses, but it only does the former. This is as tested on both a simulator and a real device, on different networks. Note that I can traceroute6 -I time.google.com and see IPv6 addresses just fine, and I can also do set q=AAAA in the nslookup prompt and get the expected addresses when performing the query for time.google.com in the same prompt.

We have an iOS and MacOS VPN app that both use a PacketTunnelProvider app extension. Right now we are trying to replace our MacOS app with a Mac Catalyst version of our iOS app using the same bundle identifiers as the old MacOS app so it can read existing configurations. One issue we run into while testing the Mac Catalyst application through TestFlight is that if a user has an existing VPN profile that was created using the old MacOS app and is now running the new version, the app extension that is bundled with the Mac Catalyst app does not load. default 2024-01-16 23:35:57.642543 -0500 neagent Looking for an extension with identifier org.outline.macos.client.VpnExtension and extension point com.apple.networkextension.packet-tunnel info 2024-01-16 23:35:57.642774 -0500 neagent [d <private>] <PKHost:0x7f79e9a06080> Query: { "LS:ExtensionPlatforms" = ( 1, 6 ); NSExtensionIdentifier = "org.outline.macos.client.VpnExtension"; NSExtensionPointName = "com.apple.networkextension.packet-tunnel"; } default 2024-01-16 23:35:57.644424 -0500 neagent Found 1 extension(s) with identifier org.outline.macos.client.VpnExtension and extension point com.apple.networkextension.packet-tunnel default 2024-01-16 23:35:57.645454 -0500 neagent Beginning extension request with extension org.outline.macos.client.VpnExtension error 2024-01-16 23:35:57.645714 -0500 neagent Plugin <id<PKPlugIn>: 0x7f79e9915c50; core = <[u 7C82B460-9B3B-460E-939D-45837EC68385] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 07098DE9-4C17-4D0D-A4D4-8B399A374D8C] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 0, useCount = 0> must have pid! Extension request will fail error 2024-01-16 23:35:57.645771 -0500 neagent Failed to acquire assertion for plugin: <id<PKPlugIn>: 0x7f79e9915c50; core = <[u 7C82B460-9B3B-460E-939D-45837EC68385] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 07098DE9-4C17-4D0D-A4D4-8B399A374D8C] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 0, useCount = 0> pid: 0 error 2024-01-16 23:35:57.645812 -0500 neagent Unable to acquire process assertion in beginUsing: with plugin identifier: org.outline.macos.client.VpnExtension, killing plugin error 2024-01-16 23:35:57.645840 -0500 neagent PlugInKit error in beginUsing: with plugin identifier: org.outline.macos.client.VpnExtension, killing plugin error 2024-01-16 23:35:57.645879 -0500 neagent begin extension request <EXExtensionRequest: 0x7f79e9c13130> Request PK UUID: 35311654-AC47-428C-90BD-E90625A2215D with item count 0 complete with error: Error Domain=PlugInKit Code=16 "other version in use: <id<PKPlugIn>: 0x7f79eb50d9a0; core = <[u B6730DEE-7340-40B1-AEE5-42BE0AA48831] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 27607659-3EB5-425C-A1EB-B450209E124A] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 1, useCount = 1>" UserInfo={NSLocalizedDescription=other version in use: <id<PKPlugIn>: 0x7f79eb50d9a0; core = <[u B6730DEE-7340-40B1-AEE5-42BE0AA48831] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 27607659-3EB5-425C-A1EB-B450209E124A] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 1, useCount = 1>} default 2024-01-16 23:35:57.645944 -0500 neagent Extension request with extension org.outline.macos.client.VpnExtension started with identifier (null) error 2024-01-16 23:35:57.646121 -0500 neagent Failed to start extension org.outline.macos.client.VpnExtension: Error Domain=PlugInKit Code=16 "other version in use: <id<PKPlugIn>: 0x7f79eb50d9a0; core = <[u B6730DEE-7340-40B1-AEE5-42BE0AA48831] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 27607659-3EB5-425C-A1EB-B450209E124A] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 1, useCount = 1>" UserInfo={NSLocalizedDescription=other version in use: <id<PKPlugIn>: 0x7f79eb50d9a0; core = <[u B6730DEE-7340-40B1-AEE5-42BE0AA48831] [org.outline.macos.client.VpnExtension(0.0.0-debug)],[d 27607659-3EB5-425C-A1EB-B450209E124A] [/Users/sbruens/Library/Developer/Xcode/DerivedData/ios-hevczjegdwwzgfauwbictbyosask/Build/Products/Debug-maccatalyst/Outline.app/Contents/PlugIns/VpnExtension.appex]>, instance = [(null)], state = 1, useCount = 1>} The only way around that seems to be to manually remove the app's VPN configuration under Network > VPN & Filter and restart the machine. Then the Mac Catalyst app can start a tunnel with a new profile (after asking the user for permissions) without issue. However, this is not a great user experience and I've been trying to fix this properly. I read Debugging a Network Extension Provider and all related forum posts and developer docs, and could use some help at this point.

I have a simple CLI app bundle that activates my system extension. When I sign it for development it works fine. However, once I sign it with my developer ID certificate for distribution, the network extension will not activate, getting stuck the activation request and completely killing any internet connectivity until I restart. The only thing that I see is different is when I call systemextensionsctl list I get something like: 1 extension(s) --- com.apple.system_extension.network_extension enabled active teamID bundleID (version) name [state] <TEAM_ID> com.company.networkExt (1.0/240116145656) - [validating by category] * * <TEAM_ID> com.company.networkExt (1.0/240115061310) ProxyExtension [activated enabled] Where the one specifying [validating by category] is the one that I'm trying to activate signed with the developer ID cert. The one that is [activated enabled] got there from a dev build. The app was built and notarized and shows to be valid by any codesign -dv --verify --strict and spctl commands that I've found. The system extension is also valid according to codesign. The entitlements are adjusted to use the -systemextension suffix to work with Developer ID certificates. Is there another step required to make it work with a developer ID certificate?

The code I have is if (filterManager.providerConfiguration == nil) { NEFilterProviderConfiguration *providerConfiguration = [[NEFilterProviderConfiguration alloc] init]; providerConfiguration.filterPackets = YES; providerConfiguration.filterPacketProviderBundleIdentifier = filterBundle.bundleIdentifier; filterManager.providerConfiguration = providerConfiguration; NSString *appName = [NSBundle mainBundle].infoDictionary[@"CFBundleName"]; if (appName != nil) { filterManager.localizedDescription = [NSString stringWithFormat:@"%@ (packet filter)", appName]; } } if (filterManager.enabled) { NSLog(@"Packet filter already enabled, not doing so again"); return; } filterManager.enabled = YES; It's claiming the filter is already enabled. But System Settings > Network shows it there, with a yellow dot. My best guess is that it's showing up as already enabled in the preferences, even though it... isn't? I also log a message in the filter's init, and I don't see that showing up. I've got sysdiagnose from it and a working system, and I'm going over soooooooo many log lines. I don't know what might be causing this, however.

I'm trying a Data value (1438 bytes) to write to a characteristic which exceeds the MTU size. When I issue the write request I receive .prepareQueueFull According to the documentation: "The prepare queue is full, as a result of there being too many write requests in the queue." The unfortunate thing is that on the I only call the write request once. peripheral.writeValue(data, for: characteristic, type: .withResponse) Any input and possible solution is welcome. Thank you in advance.

Hey all here is an example you can try out: https://github.com/paxsonsa/quic-swift-demo I am prototype a QUIC base application system with a client and server. My server is a simple test to experiment with QUIC and Network Framework but I am see some odd behaviour. Selecting Stream Direction for new streams In the example below, we are creating a new multiplexed QUIC connection and establish a new stream once the group connection is ready. In some cases, I want to be able to use a different stream kind (uni/bi). By specifying the options, I get an error in Xcode console like so: running.... group state: waiting(POSIXErrorCode(rawValue: 50): Network is down) group state: ready Connected using QUIC! nw_endpoint_flow_setup_cloned_protocols [C3 127.0.0.1:4567 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] could not find protocol to join in existing protocol stack nw_endpoint_flow_failed_with_error [C3 127.0.0.1:4567 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] failed to clone from flow, moving directly to failed state Main Connection State: failed(POSIXErrorCode(rawValue: 50): Network is down) quic_recovery_pto PTO fired after validation Here is my swift code: // // main.swift // QuicTool // // Created by Andrew Paxson on 2024-01-14. // import Foundation import Network /// Helper function to create a message frame. func createMessage(version: UInt8, messageType: UInt8, message: String) -> Data { let messageData = message.data(using: .utf8) ?? Data() let length = UInt32(messageData.count) var data = Data() data.append(version) data.append(messageType) // Convert length to 4 bytes and append (big-endian format) let bigEndianLength = length.bigEndian data.append(contentsOf: withUnsafeBytes(of: bigEndianLength) { Array($0) }) // Append 2 bytes of padding for 8-byte alignment data.append(Data(repeating: 0, count: 2)) // Add Message Data. data.append(messageData) return data } // Queue for QUIC things. let queue = DispatchQueue(label: "quic", qos: .userInteractive) // Create Inital Options for the tunnel. // This is using an insecure connection as this operation is meant to be local network. let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: .init(integerLiteral: 4567)) let options = NWProtocolQUIC.Options(alpn: ["demo"]) // Set the initial stream to bidirectional. options.direction = .bidirectional sec_protocol_options_set_verify_block(options.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in sec_protocol_verify_complete(true) }, queue) let parameters = NWParameters(quic: options) // 1) Create a new multiplexed connection let descriptor = NWMultiplexGroup(to: endpoint) let group = NWConnectionGroup(with: descriptor, using: parameters) var mainConn: NWConnection? = nil // Here we are establishing a state handler for when the connection to the // the server is neogiated and "ready". Once its ready we want to establish a // stream using the group with the options set. // // This is the main location of the issue we are seeing where the stream is // established and the data is sent but never updated. group.stateUpdateHandler = { newState in print("group state: \(newState)") switch newState { // Once the tunnel is established, create a new stream with bidirectional parameters. case .ready: print("Connected using QUIC!") // 2) In normal application I may want to open different kinds of streams in providing // new options. Is there a better way to select the stream kind for subsequent streams? let options = NWProtocolQUIC.Options(alpn: ["demo"]) options.direction = .bidirectional // When providing unique options the stream will fail. Removeing the using argument works. mainConn = group.extract()! // force unwrap mainConn?.stateUpdateHandler = { state in print("Main Connection State: \(state)") switch state { case .ready: // Once the connection is ready, lets send some sweet data sauce. // // By establishing this new stream and sending data, on the server this causes the inital // stream with no handle to be open. let version: UInt8 = 1 let messageType: UInt8 = 1 let message = "hello, I am from the multiplex group ready." let messageData = createMessage(version: version, messageType: messageType, message: message) mainConn?.send(content: messageData, isComplete: true, completion: .contentProcessed({ sendError in if let error = sendError { print("There was an error sending data: \(error)") } else { print("Data was sent successfully from Main Connection.") } })) default: break } } // Don't forget to start the connection. mainConn?.start(queue: queue) default: break } } // Receive new incoming streams initiated by the remote endpoint // this is not used for this example. group.newConnectionHandler = { conn in print("New Connection: \(conn)") // Set state update handler on incoming stream conn.stateUpdateHandler = { newState in print("newState: \(newState) for \(conn)") switch newState { case .ready: print("got a new stream!") default: break } } // Start the incoming stream conn.start(queue: queue) } // Start the group with callback queue group.start(queue: queue) print("running....") // We iterate trying to send data on the new stream we created after the // connection is established. while true { switch mainConn?.state { case .ready: // Once the connection is ready, lets send some sweet data sauce. let version: UInt8 = 1 let messageType: UInt8 = 1 let message = "hello, im from the main loop" let messageData = createMessage(version: version, messageType: messageType, message: message) print("Local Stream Send: \(messageData)") mainConn?.send(content: messageData, completion: .contentProcessed({ sendError in if let error = sendError { print("There was an error sending data: \(error)") } })) sleep(1) default: continue } }

I'm developing a 'game' using the Godot game framework. The 'game' will run on an IOS device and connect to an app that is running on my computer. The app I am connecting to communicates via UDP. When I run the app in Godot's simulator using either the loopback address 127.0.0.1 or the WiFi address of the computer it works fine. I am attempting to send a Unicast UDPpacket from the IOS device to the computer. The UDPpacket is never sent from the IOS device as verified by Wireshark and also the network tab on xcode as the 'game' is debugged via Xcode. The first time the app is sent to the iphone during the debug session from Xcode, a message on the iPhone pops up "MyAppName" would like to find and connect to devices on your local network. (I clicked on "Allow") When the app is debugged on the iphone via Xcode, debug message from near the point where UDPPackets are sent are displayed in the debugger. After about 5 seconds an error is thrown from the UDPClient "No route from host..." There is a loop to send UDPpackets is again if the expected response is not received from the app, the "No route from host" again is shown in 5 seconds. Settings: Ip address on computer and iphone are within the same network (do not need to be routed) Firewall is off on the computer during testing iPhone Settings (MyAppName is not shown anywhere in settings) Godot 4.2.1, .Net 8.0.101, XCode 15.2, VSCode 1.85.2 **Godot editor -> Project -> Exports -> Presets -> IOS (Runnable) ** [Options Tab] Access WiFi [x] is checked Provisioning Profile UUID for both Debug and Release is BLANK [Resources Tab] {All fields are blank} [Features Tab] Feature list = arm64, astc, etc2, ios, mobile [Encryption Tab] {everything is off or blank} I suspect that I'm not using entitlements properly. I have been granted the multicast entitlement, but I'm not certain how to implement it in my Godot -> VSCode ->Xcode workflow.

Platform: MacOS 12.0 I have an app bundle which contains an packet tunnel extension. I am not running my packettunnel extension in a Sandbox as I dont plan to post my app in Apple's App Store. I have an requirement to run privilege operations which I have run any place from the app. As we know the user app cannot run these privilege operations we can use the 'Service Management' api: SMJobBless to start a helper tool which can run these privileged tasks. But as I stated earlier I can run these privileged tasks from any place in the bundle, we have packettunnel extension which is running with root privileges. So looking at my above environment what would be recommended? do I really need to start a privileged helper tool or I can directly run these privileged operations from packettunnel extension? One advantage of running these privilege tasks in packettunnel extension I see is that it will not require additional an user authentication which is needed in case of using SMJobBless(), this will also avoid upgrade management of the helper tool.