Hello, I'm implementing a custom VPN protocol for iOS by extending NEPacketTunnelProvider. But I noticed methods related to creation of sockets are deprecated in iOS 18. NEProvider.createUDPSession(), NEProvider.createTCPConnection(), NWTCPConnection, NWUDPSession, NEPacketTunnelProvider.createUDPSessionThroughTunnel() and NEPacketTunnelProvider.createTCPConnectionThroughTunnel() are all deprecated. What we need to use as an alternative to these methods? If there is an alternative, how can we specify to use tunnel or not when creating connection?

Hi, When I would like to use MatterAddDeviceRequest to commission a thread device, I will get error "Error Domain=HMErrorDomain Code=18 "Pairing Failed" UserInfo={NSLocalizedDescription=Pairing Failed, NSUnderlyingError=0x282786e20 {Error Domain=HAPErrorDomain Code=15 "(null)"}}". As checking logs, I found App will always get fail to store thread credential (-[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=1 "Backing store is nil..." UserInfo={NSLocalizedDescription=}) so that I will also get error "CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null)" in following. Logs: error 17:59:05.713433+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.713597+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.714183+0800 MatterExtension Client: -[THClient getConnectionEntitlementValidity]_block_invoke - Error: (null) error 17:59:05.714695+0800 MatterExtension -[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=1 "Backing store is nil..." UserInfo={NSLocalizedDescription=<private>} error 17:59:05.715346+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated error 17:59:05.747498+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.748245+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.749249+0800 homed Client: -[THClient getConnectionEntitlementValidity:]_block_invoke - Error: (null) error 17:59:05.750575+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> default 17:59:05.750705+0800 CoreThreadCommissionerServiced Request to fetch active dataset record with xpanid <private> default 17:59:05.751315+0800 CoreThreadCommissionerServiced nw_path_evaluator_start [AC0FC426-242F-40D0-945A-27682116B6EE <NULL> generic, attribution: developer]path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns error 17:59:05.752692+0800 homed [1263984240/1] CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null) error 17:59:05.754467+0800 homed Invalidating XPC connection. error 17:59:05.754694+0800 homed Client: -[THClient connectToXPCService]_block_invoke - CTCS XPC Client is invalidated. error 17:59:05.755485+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated May I get an advice?? Thanks

Hi, Currently I would like to commission a thread device via MatterSupport. When I call MatterAddDeviceRequest API, it returns "Failed to perform Matter device setup setup: Error Domain=HMErrorDomain Code=18 "Pairing Failed" UserInfo={NSLocalizedDescription=Pairing Failed, NSUnderlyingError=0x282786e20 {Error Domain=HAPErrorDomain Code=15 "(null)"}}". As Log, I found I always get error while calling [THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]. It will return error "Invalid parameter sent to server..." so that I also get error log "CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null)" in following. Logs: error 17:59:05.714183+0800 MatterExtension Client: -[THClient getConnectionEntitlementValidity]_block_invoke - Error: (null) error 17:59:05.714695+0800 MatterExtension -[THClient storeCredentialsForBorderAgent:activeOperationalDataSet:completion:]_block_invoke:646: - Response: Error Domain=ThreadCredentialsStore Code=4 "Invalid parameter sent to server..." UserInfo={NSLocalizedDescription=<private>} error 17:59:05.715346+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated error 17:59:05.747498+0800 CoreThreadCommissionerServiced ThreadCommissioningService is Enabled error 17:59:05.748245+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> error 17:59:05.749249+0800 homed Client: -[THClient getConnectionEntitlementValidity:]_block_invoke - Error: (null) error 17:59:05.750575+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService checkEntitlements:connection:] - Entitlement Check is successful for the key : <private> default 17:59:05.750705+0800 CoreThreadCommissionerServiced Request to fetch active dataset record with xpanid <private> default 17:59:05.751315+0800 CoreThreadCommissionerServiced nw_path_evaluator_start [AC0FC426-242F-40D0-945A-27682116B6EE <NULL> generic, attribution: developer]path: satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns error 17:59:05.752692+0800 homed [1263984240/1] CHIP Accessory Server failed to obtain Thread credentials for selected extended PAN ID... Error: (null) error 17:59:05.754467+0800 homed Invalidating XPC connection. error 17:59:05.754694+0800 homed Client: -[THClient connectToXPCService]_block_invoke - CTCS XPC Client is invalidated. error 17:59:05.755485+0800 CoreThreadCommissionerServiced Server: -[CTCSXPCService listener:shouldAcceptNewConnection:]_block_invoke - XPC Connection invalidated May I get an advice?? Thanks

I have apps that send requests for route between 2 locations and search, filter then display facilities near the route. The apps first send a request for the route on a background thread, then based on route, search for facilities near certain locations on or near the route. There maybe multiple searches on the same route, each on a different location. Suitable results then are displayed on the map. Apps also do live updates. However, since I have switched to using NSURLSession to search for the route on a background thread, not all suitable results/pin are displayed. Certain pins only show up upon the next didUpdateToLocation call. So my question is, what is the best practice to sync the results on the UI? Why do only some of the results show up on the UI, and others don't.

Hello, We are currently using Hub which uses CYPD3125 PD chip, It is used to connect with both Android and iOS devices. While our device works seamlessly with Android devices, we are encountering an issue when connecting to iOS devices, specifically the iPad Pro. Issue Description: The Powerpack/Hub is intended to handle Power Delivery (PD) communications. When connected to an Android device, the PD packets are exchanged correctly, and the device functions as expected. However, when connected to an iPad Pro, we observe abnormal PD packet exchanges which lead to malfunctioning of the Powerpack/Hub. Observations: Attached is a snapshot of the PD packets we captured while troubleshooting the issue in a scenario where the AC power adapter was initially connected. After a few seconds, we removed the plug, waited for a few seconds, and then plugged in the AC power again. This was the scenario when we captured the PD packets, as seen in the snapshot. The packets appear to be different when compared to those captured with an Android device. Below is the screenshot of the PD packet capture with Apple device: Below is the screenshot of the PD packet capture with Android device: Technical Observations: Initial Connection: The connection initiates but does not follow the expected PD communication sequence. Packet Structure: In the capture, the iPad Pro shows a series of PD Msg types including Src Cap, Req, and Accept, but there are also unexpected messages such as Hard Reset and Soft Reset that disrupt the communication. Timing Issues: The timestamps show irregular intervals between packets when connected to the iPad Pro, suggesting possible timing synchronization issues. Unexpected Resets: The capture shows a Hard Reset event at packet 9, which is not observed in the Android device captures. This suggests the iPad Pro might be detecting an error and attempting to reset the connection. Steps Taken: Verified the firmware and hardware implementation of the Powerpack/Hub. Ensured compliance with USB PD standards. Tested with multiple iPad Pro units to rule out device-specific issues. Additional Details: We have also tested with iPad Air and observed the same issue. The tests were conducted on both iOS version 16 and 17. We are attaching a USB PD capture with an Android device where it is working fine as expected. The PD packets were captured in a scenario where the AC power adapter was initially connected. After a few seconds, we removed the plug, waited for a few seconds, and then plugged in the AC power again. This was the scenario when we captured the PD packets, as seen in the snapshot. Despite these steps, the issue persists. We seek guidance on any issues or peculiarities with iOS devices and USB PD communication. Thanks

com.apple.CFNetwork.LoaderQ EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000058 iOS 13.7.0 iPhone 8 Plus Crashed: com.apple.CFNetwork.LoaderQ 0 libdispatch.dylib 0x4414c dispatch_source_set_timer$VARIANT$armv81 + 28 1 CFNetwork 0x172ad0 _CFNetworkSetATSContext + 86396 2 CFNetwork 0x172f58 _CFNetworkSetATSContext + 87556 3 CFNetwork 0x170194 _CFNetworkSetATSContext + 75840 4 CFNetwork 0x21c640 _CFURLStorageSessionCopyCache + 60116 5 libdispatch.dylib 0x5a9a8 _dispatch_call_block_and_release + 24 6 libdispatch.dylib 0x5b524 _dispatch_client_callout + 16 7 libdispatch.dylib 0x38b3c _dispatch_lane_serial_drain$VARIANT$armv81 + 564 8 libdispatch.dylib 0x39580 _dispatch_lane_invoke$VARIANT$armv81 + 448 9 libdispatch.dylib 0x3a5e8 _dispatch_workloop_invoke$VARIANT$armv81 + 1544 10 libdispatch.dylib 0x4284c _dispatch_workloop_worker_thread + 580 11 libsystem_pthread.dylib 0xbb74 _pthread_wqthread + 272 12 libsystem_pthread.dylib 0xe740 start_wqthread + 8

I am trying to host a Flask API on docker/ Podman (tried on both). It works as expected when directly run on macOS using python3 command. But when I try to dockerize it, it throws an error and some logs like 2024-07-30 03:33:20,661 - INFO - Tunnel Output: 2024-07-30T03:32:58Z INF Starting metrics server on 127.0.0.1:46585/metrics 2024-07-30 03:33:21,669 - INFO - Tunnel Output: 2024/07/30 03:32:58 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details. 2024-07-30 03:33:21,671 - INFO - New Cloudflare URL: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes 2024-07-30 03:33:21,672 - INFO - My API URL: http://127.0.0.1:5000 2024-07-30 03:33:21,672 - INFO - My Cloudflare URL: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes I tried following but no success (by changing "/etc/sysctl.conf": kern.ipc.maxsockbuf=16777216 net.inet.tcp.win_scale_factor=8 net.inet.tcp.autorcvbufmax=33554432 net.inet.tcp.autosndbufmax=33554432 net.inet.udp.recvspace=8388608 net.inet.udp.maxdgram=8388608 I tried def set_socket_buffers(sock, recv_buf_size, send_buf_size): # Set the receive buffer size sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, recv_buf_size) # Set the send buffer size sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, send_buf_size) # Verify the buffer sizes actual_recv_buf_size = sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF) actual_send_buf_size = sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF) logging.info(f"Requested receive buffer size: {recv_buf_size} bytes") logging.info(f"Actual receive buffer size: {actual_recv_buf_size} bytes") logging.info(f"Requested send buffer size: {send_buf_size} bytes") logging.info(f"Actual send buffer size: {actual_send_buf_size} bytes") if __name__ == "__main__": print("Starting the main process...") # Define the path to the log file log_file_path = "logs.log" # Clear the log file before starting logging clear_log_file(log_file_path) # Configure logging logging.basicConfig( filename=log_file_path, level=logging.DEBUG, format="%(asctime)s - %(levelname)s - %(message)s", ) logging.info("Starting the main process...") # Define the desired buffer sizes recv_buf_size = 8388608 # 8 MB send_buf_size = 8388608 # 8 MB # Create a UDP socket udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # Set the socket buffers set_socket_buffers(udp_sock, recv_buf_size, send_buf_size) main() On directly running (using python3 command), the values set as expected but when running on Docker logs come out as: 2024-07-30 03:32:50,987 - INFO - Requested receive buffer size: 8388608 bytes 2024-07-30 03:32:50,987 - INFO - Actual receive buffer size: 425984 bytes 2024-07-30 03:32:50,987 - INFO - Requested send buffer size: 8388608 bytes 2024-07-30 03:32:50,987 - INFO - Actual send buffer size: 425984 bytes So, I want to know how to increase UDP Receive buffer size for dockerized applications. Thanks!

我本来想通过命令行工具打开代理，但是开启沙盒之后，功能失效了，我想通过networkextension打开，但是不知道怎么调用

Hello We use REST API communication for client-server communication assuming a local network connection. Verification of international SSL server certificates for https communication is necessary when accessing public external servers If you are using it to connect on a local network, you can skip the SSL server certificate verification process. Is this usage contrary to Apple's policy? If you do make a prediction, is there any other way other than "verifying" it? [reference] 1 Client side terminal (Windows, Mac, iOS, Android) 2 Server-side equipment (image creation equipment such as network-connectable MFPs and printers) 1 and 2 are connected in the same local network and exchange data using REST API communication. [Actual processing] NSURLSessionAuthChallengeDisposition disposition,  NSURLCredential *credential))completionHandler {     if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { // init trush obj SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;            // set trush ssl SecTrustResultType result; SecTrustEvaluate(serverTrust, &result); NSURLCredential *credential = [NSURLCredential credentialForTrust:serverInstruction];          completionHandler(NSURLSessionAuthChallengeUseCredential, credential);     } else { completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);       } }

Hello i have one question about currentSSID meaning in PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES table in powerlog DB in iOS 14. It looks like a 32 character long hex string, what does it mean? e.g. MAC, bssid or ssid encryption?

I need to programatically connect to a Enterprise Network with security type EAP-PEAP. NEHotspotEAPSettings *eapSettings = [[NEHotspotEAPSettings alloc] init]; eapSettings.username = username; eapSettings.password = password; eapSettings.supportedEAPTypes = [NSArray arrayWithObjects:[NSNumber numberWithInteger:NEHotspotConfigurationEAPTypeEAPPEAP], nil]; //Inner authentication eapSettings.ttlsInnerAuthenticationType = NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAPv2; eapSettings.outerIdentity = @""; //Server name of the network eapSettings.trustedServerNames = @[@"servername"]; if (@available(iOS 11.0, *)) { // Create Hotspot Configuration NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc] initWithSSID:ssid eapSettings:eapSettings]; NSLog(@"WIFIManager, NEHotspotConfiguration initialized"); [[NEHotspotConfigurationManager sharedManager] applyConfiguration:configuration completionHandler:^(NSError * _Nullable error) { NSLog(@"WIFIManager, NEHotspotConfiguration Configured"); if (error != nil) { NSLog(@"WIFIManager, NEHotspotConfiguration Error: %@", error); if (error.code == NEHotspotConfigurationErrorAlreadyAssociated) { resolve(@(YES)); } else { reject(@"connection_error", @"Failed to connect to Wi-Fi", error); } } else { resolve(@(YES)); NSLog(@"WIFIManager, NEHotspotConfiguration Success"); } }]; }else { reject(@"ios_error", @"Not supported in iOS<11.0", nil); } } This is the code I have tried to connect to the network. It is always giving a true-negative result. As the documentation states, does NEHotspotConfigurationManager supports EAP-PEAP with MSCHAPv2 inner authentication? If it does, is it the correct way of implementing it? Is there any other way to connect to EAP-PEAP networks using Swift or Objective C?

Network is not working when over 50MB size file upload smb using NEFilterDataProvider in macOS The event received through NEFilterDataProvider is returned immediately without doing any other work. override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .filterDataVerdict(withFilterInbound: true, peekInboundBytes: Int.max, filterOutbound: true, peekOutboundBytes: Int.max) } override func handleInboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return NEFilterDataVerdict(passBytes: readBytes.count, peekBytes: Int.max) } override func handleOutboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return NEFilterDataVerdict(passBytes: readBytes.count, peekBytes: Int.max) } override func handleInboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .allow() } override func handleOutboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .allow() } how can i fix it?

Hi, Consider a content filter app that allows most requests. While running, it handles requests and determine what to do. It does not affect any request while it is not running. However, during startup, it seems to block all requests, on iOS 16 or 17. On iOS 15, the behavior is bit different. Show the picture below: Questions Is this the expected behavior? Is this documented? Steps to reproduce Create content filter app with filter data provider with lengthy startup, something like the following: import NetworkExtension class FilterDataProvider: NEFilterDataProvider { override func startFilter(completionHandler: @escaping ((any Error)?) -> Void) { Task { try await Task.sleep(nanoseconds: 10 * 1_000_000_000) completionHandler(nil) } } override func stopFilter(with reason: NEProviderStopReason) async {} override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { guard let url: String = flow.url?.absoluteString else { return .allow() } if url.contains("example.net/") { return .drop() } if url.contains("example.org/") { exit(42) } return .allow() } } Install the app on a supervised iPhone or iPad. Install a WebContentFilter profile. Wait for the content filter to start. You can check the status in Settings > General > VPN & Device Management > Content Filter. Open Safari app. Request http://example.net/ and confirm that it is blocked. Request the other URLs and confirm that it is allowed. Request http://example.org. It kills the filter data provider. Request some URLs quickly. Background to the questions We offer a content filter app that might be stopped during the device sleeps. When a non-our-app’s push notification is received, the device wakes up, and the content filter starts up. Then the push notification seems to be lost. It is observed on iOS 16 and 17, not on iOS 15.

Hello, I need to implement filtering network data which is based on Network Extension (network content filter) Let's say I have rule which leads to monitoring several data flows in parallel. Are there any way to handle each data flow in separate thread? (number of threads is equal to number of analyzed flow) If one flow is paused by pauseVerdict, will the filter data provider recieve new data chunks in handleInboundDataFromFlow for other flows? Are there any possibility to change data flow on a fly? Thank you in advance.

I am attempting to enter proxy settings under the settings for a WiFi network. I have triple checked the credentials and for whatever reason the settings wont save. I have attempted forgetting the wifi network and reconnecting, resetting all network settings, and even wiping the phone and starting over from scratch. The phone simply will not accept the setting. I have tried it on my MacStudio and an iPad and the settings saved the first time. What am I missing here? I am union iOS 18 beta 4

We are currently developing an application that runs in the background and continuously scans for other nearby devices via peer-to-peer networking. Generally, the high-level goals are: Scan for nearby devices while the app is in the background state. We only need to discover devices that are also running our app. Read a small token of data from each peer device found (no need for full-duplex connection) Submit this token to our server via a background network request On Android we have demonstrated this functionality using both Bluetooth LE and WifiDirect service discovery, and background operation is easily achieved with Android services. We are currently trying to expand our application to support cross-platform compatibility between IOS and Android, including IOS<-->IOS and IOS<-->Android discovery (in the background). Is there a way to achieve this desired functionality on IOS?

Hello, I am not exactly sure this is the right place to ask this since it involves Microsoft's Visual Studio, but because the problem I am having involves iOS I figured I would anyway. Info: I am trying to develop a cross-platform application using .NET Maui in Visual Studio. I am on a Windows machine pairing to a mac with Xcode installed, so I can build for iOS. My local device is an iPhone 13 running on iOS Version 17.5.1. The simulators I am using in Visual Studio are all iOS Version 17+. I am using the .NET NuGet package Zeroconf which should work for both iOS and Android (Repo:https://github.com/novotnyllc/Zeroconf). I also believe I have given the correct permissions for iOS in my Info.plist. Problem: The problem I am coming across is that when I build and run my application in one of the installed iOS Simulators and I go to scan for local devices it is able to come back with 80-100 devices that we want to find, but when I build and run it on my local device it comes back with nothing found. I had searched for similar problems that other people were having and found that iOS 17+ has some potential problems when it comes to searching for devices. Is this true? If someone can help me solve this issue between the simulator and local device I would greatly appreciate it. If there is any other information that I can give to help with solving this problem please let me know. Thanks! Discovery Code: TimeSpan scanTime = TimeSpan.FromMilliseconds(2000); int retries = 4; int retryDelayMilliseconds = 2000; Action<IZeroconfHost> callback = null; CancellationToken cancellationToken = default; System.Net.NetworkInformation.NetworkInterface[] arrayofnics = NetworkInterface.GetAllNetworkInterfaces(); int index = 0; for (int i = 0; i < arrayofnics.Length; i++) { // en0 is for iOS 0 is for android. if (arrayofnics[i].Description.Equals("en0") || arrayofnics[i].Description.Equals("0")) { index = i; break; } } System.Net.NetworkInformation.NetworkInterface wifi = arrayofnics[index]; System.Net.NetworkInformation.NetworkInterface[] netInterfacesToSendRequestOn = { wifi }; IReadOnlyList<IZeroconfHost> results = null; IReadOnlyList<string> domains; var browseDomains = await ZeroconfResolver.BrowseDomainsAsync(); domains = browseDomains.Select(g => g.Key).ToList(); results = await ZeroconfResolver.ResolveAsync("_http._tcp.local.", scanTime, retries, retryDelayMilliseconds, callback, cancellationToken, netInterfacesToSendRequestOn); Info.plist: <key>NSLocalNetworkUsageDescription</key> <string>This app requires local network access to discover devices.</string> <key>NSBonjourServices</key> <array> <string>_ipspeaker._tcp.local</string> <string>_ipspeaker._tcp.local.</string> <string>_ipspeaker._tcp.</string> <string>_http._tcp.local.</string> <string>_http._tcp.</string> </array>

The sample project Filtering Network Traffic uses IPC (NSXPCConnection etc.) to send data from the network extension to the app, but the documentation for NEFilterProvider says The sandbox prevents the Filter Data Provider extension from moving network content outside of its address space by blocking all network access, IPC, and disk write operations. Since my network extension forwards all network traffic to the app so that the user can see it, I was wondering when the app isn’t running and the user shuts down the machine, if the network extension could write the flows it wasn’t able to forward to the app to disk, so that it could read them on the next successful connection to the app. Then almost by accident I read again the documentation and according to the quoted passage a network extension cannot write to disk, but it also cannot use IPC. Is NSXPCConnection not considered IPC, or could the statement that it cannot write to disk be false as well?

I've developed a network content filter extension for macOS. When overriding the handleNewFlow method, I want to examine the hostname for the given flow. I can do this for browsers like Safari, Firefox, and DuckDuckGo using flow.url?.host (WebKit flows) or (flow as? NEFilterSocketFlow)?.remoteHostname (Firefox flows). However, for Google Chrome, these properties return nil, and I only get an outgoing IP address using socketFlow.remoteEndpoint as? NWHostEndpoint. How can I retrieve the outgoing domain for flows from Google Chrome? I've tried resolving the IP to a domain name, but in most cases, I'm unable to retrieve the domain name using the following functions I found on forum posts: func reverseDNS(ip: String) -> String { var results: UnsafeMutablePointer<addrinfo>? = nil defer { if let results = results { freeaddrinfo(results) } } let error = getaddrinfo(ip, nil, nil, &results) if (error != 0) { NSLog("Unable to reverse ip: \(ip)") return ip } for addrinfo in sequence(first: results, next: { $0?.pointee.ai_next }) { guard let pointee = addrinfo?.pointee else { NSLog("Unable to reverse ip: \(ip)") return ip } let hname = UnsafeMutablePointer<Int8>.allocate(capacity: Int(NI_MAXHOST)) defer { hname.deallocate() } let error = getnameinfo(pointee.ai_addr, pointee.ai_addrlen, hname, socklen_t(NI_MAXHOST), nil, 0, 0) if (error != 0) { continue } return String(cString: hname) } return ip } func resolveIP(_ ipAddress: String) -> String? { var hints = addrinfo( ai_flags: AI_NUMERICHOST, ai_family: AF_UNSPEC, ai_socktype: SOCK_STREAM, ai_protocol: 0, ai_addrlen: 0, ai_canonname: nil, ai_addr: nil, ai_next: nil ) var res: UnsafeMutablePointer<addrinfo>? = nil let status = getaddrinfo(ipAddress, nil, &hints, &res) guard status == 0, let result = res else { print("Error: \(String(cString: gai_strerror(status)))") return nil } var hostBuffer = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if let addr = result.pointee.ai_addr { let addrLen = socklen_t(result.pointee.ai_addrlen) if getnameinfo(addr, addrLen, &hostBuffer, socklen_t(hostBuffer.count), nil, 0, 0) == 0 { freeaddrinfo(res) return String(cString: hostBuffer) } } freeaddrinfo(res) return nil } I know that Little Snitch can block and display domain name requests using a content filter, even in Google Chrome, so I'm certain it's possible. However, I'm unsure how to accomplish this. Can anyone assist me in resolving IP addresses to hostnames for most IP addresses, or in obtaining the hostnames directly from the flow on macOS?

I have this in my start code: for p in [4500] + Array(3478...3497) + Array(16384...16387) + Array(16393...16402) { // According to the documentation, I *should* be able to // use "" for the hostname, and prefix:0, but it complained // about the prefix length, so we use the top bit for ipv4 // and ipv6. let port = "\(p)" os_log(.debug, log: Self.log, "Setting up to exclude port %{public}s", port) let host_1 = NWHostEndpoint(hostname:"0.0.0.0", port: port) let host_2 = NWHostEndpoint(hostname:"255.0.0.0", port: port) let host_3 = NWHostEndpoint(hostname:"0::0", port: port) let host_4 = NWHostEndpoint(hostname:"ffff::0", port: port) for host in [host_1, host_3] { let udpPortRule = NENetworkRule(destinationNetwork: host, prefix:1, protocol: .UDP) excludeRules.append(udpPortRule) } } settings.excludedNetworkRules = excludeRules This produces the log message 2024-07-23 11:16:38.335649+0100 0x901984 Debug 0x0 20686 0 com.kithrup.SimpleTPP.Provider: [com.kithrup:Provider] Setting up to exclude port 3483 Later on, when running, I log the new flows in handleNewUDPFlow(:,initialRemoteEndpoint:), and it produces 2024-07-23 11:17:05.712055+0100 0x901984 Debug 0x0 20686 0 com.kithrup.SimpleTPP.Provider: [com.kithrup:Provider] handleNewUDPFlow(_:initialRemoteEndpoint:): new UDP flow for host 17.252.13.7:3483 app com.apple.identityservicesd So port 3483 is definitely in the excludedRules array, but it's not being excluded. (All of this is because I still can't figure out why FaceTime isn't working with us.)