Hi All, We are developing a hybrid MVNO and want to use Wi-Fi Passpoint to enable offload from our users phones when they are in range of our Wi-Fi network. The user experience of installing a .mobileconfig file is too many steps and a bad user experience which causes low adoption among our users. Instead, we want to use the NEHotspotConfigurationManager to configure a HS2.0 network using EAP-TLS. We configure these elements using NEHotspotConfiguration NEHotspotHS20Settings NEHotspotEAPSettings Our code to execute above is shown below: func configureProfile(certificate: String, issuingCa: String, caChain: [String], resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) { #if !targetEnvironment(simulator) let keychainQuery = [kSecClass as String: kSecClassCertificate] as [String: Any] as CFDictionary let status = SecItemDelete(keychainQuery) print("Delete status \(status)") let url = Bundle.main.url(forResource: "serverCA", withExtension: "crt")! let caCert = try! String(contentsOf: url) _ = addCertToChain(caCert, name: "HeliumMobile CaCert") caChain.enumerated().forEach { idx, ca in _ = addCertToChain(ca, name: "HeliumMobile Chain \(idx)") } let cert = addCertToChain(certificate, name: "HeliumMobile Cert") let identity = try! SecIdentity.load(certificate: cert!) let hs20Settings = NEHotspotHS20Settings(domainName: DOMAIN, roamingEnabled: false) let eapSettings = NEHotspotEAPSettings() eapSettings.trustedServerNames = ["radius.dev.wifi.\(DOMAIN)", "radius.wifi.\(DOMAIN)"] eapSettings.isTLSClientCertificateRequired = true eapSettings.supportedEAPTypes = [13] eapSettings.preferredTLSVersion = NEHotspotEAPSettings.TLSVersion._1_2 let identitySuccess = eapSettings.setIdentity(identity) print("Identity set? \(identitySuccess)") let config = NEHotspotConfiguration(hs20Settings: hs20Settings, eapSettings: eapSettings) config.hidden = false NEHotspotConfigurationManager.shared.getConfiguredSSIDs(completionHandler: { ssids in for ssid in ssids { // Remove previous wifi configs NEHotspotConfigurationManager.shared.removeConfiguration(forSSID: ssid) } NEHotspotConfigurationManager.shared.apply(config, completionHandler: { error in if let error = error { reject("Error", "Failed to install profile", error) } else { resolve(true) } }) }) #endif } Using this method we have a partial success, but there is a noticeable difference in the performance of this method relative to using a similarly (but not exactly) configured .mobileconfig file. The main issues we see are: The phone is sluggish / not eager to join the Wi-Fi network when in coverage. Relative to a device using a .mobileconfig profile for the same network, the App configured phone will take 2-3minutes longer to connect to the network. During this time you can view in logs numerous EAP attempts that fail. The Failure mode appears to be the phone starting to connect, then going silent and ignoring the Wi-Fi AP for a while (1-2min) before starting a new attempt. The App configured phone is more prone disconnection from the Wi-Fi network when in stable coverage area. This often coincides with the phone locking the screen and going to sleep. When waking from the sleep, you see the same EAP attempt and failure behavior as stated above. UI differences: Using the API there appears to not be a way to configure the "Provider Display Name" which is shown in the Settings -> Wi-Fi SSID list below the SSID string. UI differences: SSID is marked as "hidden SSID" in the Settings -> Wi-Fi SSID list. Note this is despite A) The SSID is not hidden, it is advertised in beacon frames B) We have tried explicitly configuring "config.hidden = false" Differing dependencies between API and .mobileconfig: using Apple configurator I can create a .mobileconfig that enables Roaming Partner connections with my MCC/MNCs configured, but having no NAI Realm. However when I try to enable isRoamingEnabled = true in the API I get an error saying I must have an NAI Realm. If/when I add an NAI realm, I get further oddity in connection/EAP behavior when using the API. Thus far, our examination of the API documentation has not revealed any resolution to the items above. It really feels like the API and .mobileconfig are doing 2 very different things inside the phone. Does anyone have guidance or suggestions on how to resolve these issues? Or perhaps example code showing the proper usage of the APIs to configure a passpoint network? Any help SUPER appreciated.

Hi, I have a package which is signed and notarized. Still I get the warning message to "Allow/Deny" the "Accept incoming network connections" when I launch the application. I could see that the application is present in the firewall exceptions list. Please find the attached screen shots. regards Prema Kumar

Hi, I am developing an IPTV app, an IPTV app cannot know what is the domain for the stream urls during the development. So I tried all the solution found on the net "NSAllowsArbitraryLoads -> TRUE" And tried the diagnostic command nscurl --ats-diagnostics --verbose with a working stream url on VLC. I got only fails for all the cases, the result is below, but if there's no way to load an arbitrary insecured stream url, how the exiting iptv app are zorking on IOS and IosTV ?! : ` mac@MK-MacBook-Pro ntv % nscurl 'http://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie' --verbose --ats-diagnostics Starting ATS Diagnostics ================================================================================ Default ATS Secure Connection ATS Default Connection ATS Dictionary: { } Result : FAIL Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <6850A6F0-62AA-4581-B736-61E130C9F01F>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <6850A6F0-62AA-4581-B736-61E130C9F01F>.<1>" ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSUnderlyingError=0x600000611e60 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0[802.11], ipv4, ipv6, dns, uses wifi}}, _kCFStreamErrorCodeKey=-9836} ================================================================================ Allowing Arbitrary Loads Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : FAIL Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask .<1>" ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSUnderlyingError=0x600000612940 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0[802.11], ipv4, ipv6, dns, uses wifi}}, _kCFStreamErrorCodeKey=-9836} ================================================================================ All fails ================================================================================`

Hi, My company has an app that is communicating with local servers with self signed certificates, meaning in order to allow the app to have connection in the testing environment I had to add a few domains in NSExceptionDomains in App Transport Security Settings section of the Info.plist. The problem is, our Cyber department is not allowing us to upload the app with these domain in the app fearing a data leak. I had a Build Phase script using PlistBuddy that deleted those settings when archiving in Release but that no longer works as Apple recommended to set ”Generate Info.plist file” to true as a best practice. I tried to read about it and found out that info.plist is now generated after the build phases step so modifying it is impossible because it doesn’t exist yet in the $TARGET_BUILD_DIR when the script is running. Other than deleting it manually before each upload which is highly prone to mistakes, I need something like a script or some other automatic solution. Does Anyone have any suggestions to help me with this? Thanks

When using the app, the phone can search for devices on the same network, and the app supports socket connections between the phone and other devices. However, iPhone12 pro max with ios17.5.1 cannot connect, and other phones can connect successfully.I want to know why and how to fix this problem, thanks.

I have apps that send requests for route between 2 locations and search, filter then display facilities near the route. The apps first send a request for the route on a background thread, then based on route, search for facilities near certain locations on or near the route. There maybe multiple searches on the same route, each on a different location. Suitable results then are displayed on the map. Apps also do live updates. However, since I have switched to using NSURLSession to search for the route on a background thread, not all suitable results/pin are displayed. Certain pins only show up upon the next didUpdateToLocation call. So my question is, what is the best practice to sync the results on the UI? Why do only some of the results show up on the UI, and others don't.

I need to intercept traffic (by port range) and need to have ability to modify it. If I understand correctly, the best way is to use NETransparentProxyProvider for this purpose. Is my understanding correct? I am trying to figure out how to make system extension (NETransparentProxyProvider) intercept the traffic. Unfortunately I have not found any description or example (similar to Network Filter). I am novice in Network Extension. Are there any guide, example or quick start how to implement app proxy? Thank you!

Hi I want to add certificate and its privatekey in https request, like this mentioned in this cURL `curl -L -i -X PUT –cert ./[device_cert].pem –key ./[device_cert_private_key].pem -H 'Content-Type: application/json' -H 'Content-Encoding: utf-8' -d '{"registrationId": "[registration_id]"}' https://global.azure-devices-provisioning.net/[ID_Scope]/registrations/[registration_id]/register?api-version=2021-06-01

Hi, Currently I would like to commission a thread device via MatterSupport. When I call MatterAddDeviceRequest API, it returns "Failed to perform Matter device setup setup: Error Domain=HMErrorDomain Code=18 "Pairing Failed" UserInfo={NSLocalizedDescription=Pairing Failed, NSUnderlyingError=0x282786e20 {Error Domain=HAPErrorDomain Code=15 "(null)"}}". As Log, I found I always get error while calling [THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]. It will return error "Invalid parameter sent to server..." so that I also get error log "CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null)" in following. Logs: error 17:59:05.714183+0800 MatterExtension Client: -[THClient getConnectionEntitlementValidity]_block_invoke - Error: (null) error 17:59:05.714695+0800 MatterExtension -[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=4 "Invalid parameter sent to server..." UserInfo={NSLocalizedDescription=<private>} error 17:59:05.715346+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated error 17:59:05.747498+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.748245+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.749249+0800 homed Client: -[THClient getConnectionEntitlementValidity:]_block_invoke - Error: (null) error 17:59:05.750575+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> default 17:59:05.750705+0800 CoreThreadCommissionerServiced Request to fetch active dataset record with xpanid <private> default 17:59:05.751315+0800 CoreThreadCommissionerServiced nw_path_evaluator_start [AC0FC426-242F-40D0-945A-27682116B6EE <NULL> generic, attribution: developer]path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns error 17:59:05.752692+0800 homed [1263984240/1] CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null) error 17:59:05.754467+0800 homed Invalidating XPC connection. error 17:59:05.754694+0800 homed Client: -[THClient connectToXPCService]_block_invoke - CTCS XPC Client is invalidated. error 17:59:05.755485+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated May I get an advice?? Thanks

Our app has a network system extension that it uses and during the install process we prompt the user to go to "Security &amp; Privacy" in Settings to Allow it to run. A lot of the time users just kit "Ok" without actually going to the Settings and when they go to use the App we have no way, that we know of, to tell if the startup has failed because they just haven't Allow the extension to run. Is there an API call that we can use to determine if our extension has been Allowed so that if it hasn't we can prompt them to go to Settings again?

Hi everyone, I’m working on an app where I need to separate IPv4 and IPv6 traffic on a specific port, let's say "X", using the Network Framework. However, I’ve run into a problem: it appears that I'm only able to open a single NWListener for a given port number. I was under the impression that I should be able to create distinct IPv4 and IPv6 listeners for the same port "X". Here’s the sample code I’ve written: var params: NWParameters var l1: NWListener var l2: NWListener params = NWParameters.udp let protocolOptions = params.defaultProtocolStack.internetProtocol! as NWProtocolOptions let ipOptions = protocolOptions as! NWProtocolIP.Options ipOptions.version = .v6 l1 = try NWListener(using: params, on: NWEndpoint.Port(rawValue: 54192)!) l1.stateUpdateHandler = InternalListenerStateHandler l1.newConnectionHandler = InternalNewConnectionHandler l1.start(queue: .global()) ipOptions.version = .v4 l2 = try NWListener(using: params, on: NWEndpoint.Port(rawValue: 54192)!) l2.stateUpdateHandler = InternalListenerStateHandler l2.newConnectionHandler = InternalNewConnectionHandler l2.start(queue: .global()) I’m trying to figure out why this approach isn’t working. Is there a way to manage both IPv4 and IPv6 traffic on the same port using the Network Framework, or is there something I’m overlooking in my setup? Additionally, when I switch to the BSD framework, I can successfully open two sockets on the same port by setting the "IPV6_ONLY" property on the IPv6 socket. Any insights or advice would be greatly appreciated! Thanks, Harshal

Hello, I'm implementing a custom VPN protocol for iOS by extending NEPacketTunnelProvider. But I noticed methods related to creation of sockets are deprecated in iOS 18. NEProvider.createUDPSession(), NEProvider.createTCPConnection(), NWTCPConnection, NWUDPSession, NEPacketTunnelProvider.createUDPSessionThroughTunnel() and NEPacketTunnelProvider.createTCPConnectionThroughTunnel() are all deprecated. What we need to use as an alternative to these methods? If there is an alternative, how can we specify to use tunnel or not when creating connection?

Hi, When I would like to use MatterAddDeviceRequest to commission a thread device, I will get error "Error Domain=HMErrorDomain Code=18 "Pairing Failed" UserInfo={NSLocalizedDescription=Pairing Failed, NSUnderlyingError=0x282786e20 {Error Domain=HAPErrorDomain Code=15 "(null)"}}". As checking logs, I found App will always get fail to store thread credential (-[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=1 "Backing store is nil..." UserInfo={NSLocalizedDescription=}) so that I will also get error "CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null)" in following. Logs: error 17:59:05.713433+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.713597+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.714183+0800 MatterExtension Client: -[THClient getConnectionEntitlementValidity]_block_invoke - Error: (null) error 17:59:05.714695+0800 MatterExtension -[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=1 "Backing store is nil..." UserInfo={NSLocalizedDescription=<private>} error 17:59:05.715346+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated error 17:59:05.747498+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.748245+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.749249+0800 homed Client: -[THClient getConnectionEntitlementValidity:]_block_invoke - Error: (null) error 17:59:05.750575+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> default 17:59:05.750705+0800 CoreThreadCommissionerServiced Request to fetch active dataset record with xpanid <private> default 17:59:05.751315+0800 CoreThreadCommissionerServiced nw_path_evaluator_start [AC0FC426-242F-40D0-945A-27682116B6EE <NULL> generic, attribution: developer]path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns error 17:59:05.752692+0800 homed [1263984240/1] CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null) error 17:59:05.754467+0800 homed Invalidating XPC connection. error 17:59:05.754694+0800 homed Client: -[THClient connectToXPCService]_block_invoke - CTCS XPC Client is invalidated. error 17:59:05.755485+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated May I get an advice?? Thanks

As mentioned in https://developer.apple.com/forums//thread/759955 I was having trouble on macOS 15 with a launch agent accessing local network resources, even if the local network permission dialog pops up, and Settings app visually claims the app has permission granted. The following was logged: nehelper +[NEProcessInfo copyUUIDsForExecutable:]_block_invoke: failed to get UUIDs for /Users/foo/my-binary It turned out that the problem was caused by the default golang toolchain not producing a LC_UUID load command, which seems to be critical for the network privacy subsystem to determine whether the binary is allowed access or not. The issue has been reported upstream here: https://github.com/golang/go/issues/68678 To work around this I added -ldflags="-linkmode=external" when building the go binary, so that the system linker (which does add LC_UUID) is invoked.

com.apple.CFNetwork.LoaderQ EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000058 iOS 13.7.0 iPhone 8 Plus Crashed: com.apple.CFNetwork.LoaderQ 0 libdispatch.dylib 0x4414c dispatch_source_set_timer$VARIANT$armv81 + 28 1 CFNetwork 0x172ad0 _CFNetworkSetATSContext + 86396 2 CFNetwork 0x172f58 _CFNetworkSetATSContext + 87556 3 CFNetwork 0x170194 _CFNetworkSetATSContext + 75840 4 CFNetwork 0x21c640 _CFURLStorageSessionCopyCache + 60116 5 libdispatch.dylib 0x5a9a8 _dispatch_call_block_and_release + 24 6 libdispatch.dylib 0x5b524 _dispatch_client_callout + 16 7 libdispatch.dylib 0x38b3c _dispatch_lane_serial_drain$VARIANT$armv81 + 564 8 libdispatch.dylib 0x39580 _dispatch_lane_invoke$VARIANT$armv81 + 448 9 libdispatch.dylib 0x3a5e8 _dispatch_workloop_invoke$VARIANT$armv81 + 1544 10 libdispatch.dylib 0x4284c _dispatch_workloop_worker_thread + 580 11 libsystem_pthread.dylib 0xbb74 _pthread_wqthread + 272 12 libsystem_pthread.dylib 0xe740 start_wqthread + 8

Hello, We are currently using Hub which uses CYPD3125 PD chip, It is used to connect with both Android and iOS devices. While our device works seamlessly with Android devices, we are encountering an issue when connecting to iOS devices, specifically the iPad Pro. Issue Description: The Powerpack/Hub is intended to handle Power Delivery (PD) communications. When connected to an Android device, the PD packets are exchanged correctly, and the device functions as expected. However, when connected to an iPad Pro, we observe abnormal PD packet exchanges which lead to malfunctioning of the Powerpack/Hub. Observations: Attached is a snapshot of the PD packets we captured while troubleshooting the issue in a scenario where the AC power adapter was initially connected. After a few seconds, we removed the plug, waited for a few seconds, and then plugged in the AC power again. This was the scenario when we captured the PD packets, as seen in the snapshot. The packets appear to be different when compared to those captured with an Android device. Below is the screenshot of the PD packet capture with Apple device: Below is the screenshot of the PD packet capture with Android device: Technical Observations: Initial Connection: The connection initiates but does not follow the expected PD communication sequence. Packet Structure: In the capture, the iPad Pro shows a series of PD Msg types including Src Cap, Req, and Accept, but there are also unexpected messages such as Hard Reset and Soft Reset that disrupt the communication. Timing Issues: The timestamps show irregular intervals between packets when connected to the iPad Pro, suggesting possible timing synchronization issues. Unexpected Resets: The capture shows a Hard Reset event at packet 9, which is not observed in the Android device captures. This suggests the iPad Pro might be detecting an error and attempting to reset the connection. Steps Taken: Verified the firmware and hardware implementation of the Powerpack/Hub. Ensured compliance with USB PD standards. Tested with multiple iPad Pro units to rule out device-specific issues. Additional Details: We have also tested with iPad Air and observed the same issue. The tests were conducted on both iOS version 16 and 17. We are attaching a USB PD capture with an Android device where it is working fine as expected. The PD packets were captured in a scenario where the AC power adapter was initially connected. After a few seconds, we removed the plug, waited for a few seconds, and then plugged in the AC power again. This was the scenario when we captured the PD packets, as seen in the snapshot. Despite these steps, the issue persists. We seek guidance on any issues or peculiarities with iOS devices and USB PD communication. Thanks

Hello We use REST API communication for client-server communication assuming a local network connection. Verification of international SSL server certificates for https communication is necessary when accessing public external servers If you are using it to connect on a local network, you can skip the SSL server certificate verification process. Is this usage contrary to Apple's policy? If you do make a prediction, is there any other way other than "verifying" it? [reference] 1 Client side terminal (Windows, Mac, iOS, Android) 2 Server-side equipment (image creation equipment such as network-connectable MFPs and printers) 1 and 2 are connected in the same local network and exchange data using REST API communication. [Actual processing] NSURLSessionAuthChallengeDisposition disposition,  NSURLCredential *credential))completionHandler {     if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { // init trush obj SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;            // set trush ssl SecTrustResultType result; SecTrustEvaluate(serverTrust, &result); NSURLCredential *credential = [NSURLCredential credentialForTrust:serverInstruction];          completionHandler(NSURLSessionAuthChallengeUseCredential, credential);     } else { completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);       } }

Hello i have one question about currentSSID meaning in PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES table in powerlog DB in iOS 14. It looks like a 32 character long hex string, what does it mean? e.g. MAC, bssid or ssid encryption?

I am trying to host a Flask API on docker/ Podman (tried on both). It works as expected when directly run on macOS using python3 command. But when I try to dockerize it, it throws an error and some logs like 2024-07-30 03:33:20,661 - INFO - Tunnel Output: 2024-07-30T03:32:58Z INF Starting metrics server on 127.0.0.1:46585/metrics 2024-07-30 03:33:21,669 - INFO - Tunnel Output: 2024/07/30 03:32:58 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details. 2024-07-30 03:33:21,671 - INFO - New Cloudflare URL: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes 2024-07-30 03:33:21,672 - INFO - My API URL: http://127.0.0.1:5000 2024-07-30 03:33:21,672 - INFO - My Cloudflare URL: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes I tried following but no success (by changing "/etc/sysctl.conf": kern.ipc.maxsockbuf=16777216 net.inet.tcp.win_scale_factor=8 net.inet.tcp.autorcvbufmax=33554432 net.inet.tcp.autosndbufmax=33554432 net.inet.udp.recvspace=8388608 net.inet.udp.maxdgram=8388608 I tried def set_socket_buffers(sock, recv_buf_size, send_buf_size): # Set the receive buffer size sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, recv_buf_size) # Set the send buffer size sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, send_buf_size) # Verify the buffer sizes actual_recv_buf_size = sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF) actual_send_buf_size = sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF) logging.info(f"Requested receive buffer size: {recv_buf_size} bytes") logging.info(f"Actual receive buffer size: {actual_recv_buf_size} bytes") logging.info(f"Requested send buffer size: {send_buf_size} bytes") logging.info(f"Actual send buffer size: {actual_send_buf_size} bytes") if __name__ == "__main__": print("Starting the main process...") # Define the path to the log file log_file_path = "logs.log" # Clear the log file before starting logging clear_log_file(log_file_path) # Configure logging logging.basicConfig( filename=log_file_path, level=logging.DEBUG, format="%(asctime)s - %(levelname)s - %(message)s", ) logging.info("Starting the main process...") # Define the desired buffer sizes recv_buf_size = 8388608 # 8 MB send_buf_size = 8388608 # 8 MB # Create a UDP socket udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # Set the socket buffers set_socket_buffers(udp_sock, recv_buf_size, send_buf_size) main() On directly running (using python3 command), the values set as expected but when running on Docker logs come out as: 2024-07-30 03:32:50,987 - INFO - Requested receive buffer size: 8388608 bytes 2024-07-30 03:32:50,987 - INFO - Actual receive buffer size: 425984 bytes 2024-07-30 03:32:50,987 - INFO - Requested send buffer size: 8388608 bytes 2024-07-30 03:32:50,987 - INFO - Actual send buffer size: 425984 bytes So, I want to know how to increase UDP Receive buffer size for dockerized applications. Thanks!

我本来想通过命令行工具打开代理，但是开启沙盒之后，功能失效了，我想通过networkextension打开，但是不知道怎么调用