I'm trying to establish a tcp connection to server using Network Framework (nw_connection_t in obj-c). As a draft I use tcp echo server tcpbin.com with default connection parameters. Everything works fine: connection establishing, sending and receiving data. But when I disable wifi network via Control Center, established connection doesn't drop, connection status doesn't change in nw_connection_set_state_changed_handler until remote side drops connection by timeout. Meantime nw_connection_set_path_changed_handler reports that wifi network path is "unsatisfied" and cellular connection is available. The same thing happens when I switch from cellular to wifi network via Control Center. Questions are: Should nw_connection_t change its state to nw_connection_state_failed and\or nw_connection_state_waiting when the current network path becomes unavailable? What is the recommended way to switch from the inactive interface (or interface without internet) to working one? iOS version is 17.3.

We do have an app where we try to connect via BLE to our own hardware. To trigger the pairing process we attempt a read operation on an encrypted characteristic. If the devices are note paired/bonded yet we do receive the expected CBATTErrorInsufficientEncryption Error and the native alert opens to enter the PIN. If the native pairing alert is now canceled 2-3 times the native alert will not be shown for any attempt afterwards unless I wait around 3 minutes. Is there a certain timeout for BLE devices when the system shows the pairing alert again in case it failed multiple times? I didn't find anything in that regard in the documentation.

Hello: I was reading about Mail Privacy Protection because a customer issue case, and how it don't work with VPNs. The final user sees all the time a message on the email top, and then the final user claims to the vpn owner. Which are the hostnames to set in the VPN as whitelisted to remove the message from there? Thanks in advance

I'm developing an iOS app for video playback using the external library vlc-ios, Prior to iOS17, I was able to achieve streaming playback of mp4 files hosted on a server using the vlc-ios librarys's HTTP POST method. However, after iOS17, this streaming playback no longer functions. Upon inspecting the logs, there were no traces of vlc-ios receiving data from iPhone device. Does anyone know the cause of this issue? Additionally, the occurrence condition is when the environment is iOS17 and the sim's 5G communication is enabled.

Hi, Some of my customer Apple TV device always show connected,disconneted notification message. but the VPN status show connected witch find with network preference. Is there a way to manually disable notification message?

Hi! We are developing VPN software for the iOS platform, and our customers report a rare issue that we cannot reproduce. We seek any advice about the root cause of such a problem. On every update, we notice an increased number of customer reports saying that the tunnel process is in a "connecting" loop, and to break the loop the customer has to remove the VPN profile from the settings. As none of our testers could reproduce the issue, we have minimal knowledge to work on. What we know so far: The OnDemand rules cause the tunnel process to be restarted in the loop The tunnel process does not start at all. We have logs from our customers, and we know that the application tries to start an extension, but the extension does not start at all. Something in the operating system prevents the extension from starting. The issue reappears on every app update. My theory so far is that the profile gets broken during an update process, but we have no means of confirming that. Is this a known issue? Any advice on how could we reproduce the problem? Thank you in advance for any tips!

I working on a QUIC Client/Server and would like to inspect all underlying protocols via NWConnection.ContextContent in the receive method. receiveMessage(completion: {(receivedContent, context, isComplete, receivedError) .receive(minimumIncompleteLength: 1, maximumLength: 65535) { (receivedContent, context, isComplete, receivedError) As far as I understand is that the parameter .protocolMetadata in ContextContent should provide a list of all involved protocols. I expect an array of 3 NWProtocolMetadata like [NWProtocolIP.Metadata, NWProtocolUDP.Metadata, NWProtocolQUIC.Metadata] but I only get [NWProtocolQUIC.Metadata]. I already managed to get [NWProtocolIP.Metadata, NWProtocolUDP.Metadata] for a UDP connection but I can't get it to work for QUIC. Is it possible to get NWProtocolIP.Metadata, NWProtocolUDP.Metadata for a QUIC connection within the receive function? Regards Jan

Two different crash patterns -- one an abort, the other complaining about a lock being corrupt or owning thread having exited. The first one is: Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos.overcommit 0 libsystem_platform.dylib 0x18fc10244 _os_unfair_lock_corruption_abort + 88 1 libsystem_platform.dylib 0x18fc0b788 _os_unfair_lock_lock_slow + 332 2 libobjc.A.dylib 0x18f820c90 objc_sync_enter + 20 3 com.kithrup.TPProvider 0x100d2eee0 closure #3 in TPProvider.startProxy(options:completionHandler:) + 340 4 com.kithrup.TPProvider 0x100d2d980 thunk for @escaping @callee_guaranteed () -> () + 28 5 libdispatch.dylib 0x18fa31910 _dispatch_client_callout + 20 6 libdispatch.dylib 0x18fa34dc8 _dispatch_continuation_pop + 600 7 libdispatch.dylib 0x18fa48be4 _dispatch_source_latch_and_call + 420 8 libdispatch.dylib 0x18fa477b4 _dispatch_source_invoke + 832 9 libdispatch.dylib 0x18fa431f4 _dispatch_root_queue_drain + 392 10 libdispatch.dylib 0x18fa43a04 _dispatch_worker_thread2 + 156 11 libsystem_pthread.dylib 0x18fbdb0d8 _pthread_wqthread + 228 12 libsystem_pthread.dylib 0x18fbd9e30 start_wqthread + 8 while the other one is: Application Specific Information: BUG IN CLIENT OF LIBPLATFORM: os_unfair_lock is corrupt, or owner thread exited without unlocking Abort Cause 198194 Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos.overcommit 0 libsystem_platform.dylib 0x18fc10220 _os_unfair_lock_corruption_abort + 52 1 libsystem_platform.dylib 0x18fc0b788 _os_unfair_lock_lock_slow + 332 2 libobjc.A.dylib 0x18f820c90 objc_sync_enter + 20 3 com.kithrup.TPProvider 0x104e86ee0 closure #3 in TPProvider.startProxy(options:completionHandler:) +340 4 com.kithrup.TPProvider 0x104e85980 thunk for @escaping @callee_guaranteed () -> () + 28 5 libdispatch.dylib 0x18fa31910 _dispatch_client_callout + 20 6 libdispatch.dylib 0x18fa34dc8 _dispatch_continuation_pop + 600 7 libdispatch.dylib 0x18fa48be4 _dispatch_source_latch_and_call + 420 8 libdispatch.dylib 0x18fa477b4 _dispatch_source_invoke + 832 9 libdispatch.dylib 0x18fa431f4 _dispatch_root_queue_drain + 392 10 libdispatch.dylib 0x18fa43a04 _dispatch_worker_thread2 + 156 11 libsystem_pthread.dylib 0x18fbdb0d8 _pthread_wqthread + 228 12 libsystem_pthread.dylib 0x18fbd9e30 start_wqthread + 8 Our TPProvider, whenever it uses a dispatch queue, uses a custom one, so these are presumably system queues and locks. My best guess would be some XPC command took too long? But that's just WAG. Any ideas about what is actually going on?

Hi, We developing a daemon service that has a network extension We are trying to implement an OTA update mechanism for the entire bundle (which holds 7 packages), and encountering issues with the NetworkExtension update scenario, specifically error 13 OSSystemExtensionErrorAuthorizationRequired the error is happening in our Network Extension preinstall script when we try to remove the previous installation What is the recommended way to approach this situation?

I've implemented a custom VPN for iOS using a Packet Tunnel Provider. I have the entitlement for 'com.apple.managed.vpn.shared'. One option to connect is to use a certificate - this can be done by distributing a VPN payload with the required certificate for the connection. My question is if there's any way to distribute multiple certificates and that I'll be able to read them on my iOS app. For example, on the Certificates payload, I can add multiple certificates, but on the VPN payload, I can choose only one of them. So, can my app read more than one certificate?

I would like to get the full DNS responses from the system resolver. I'm using DNSServiceQueryRecord, but I can't get negative responses. How do I get the negative responses? I need the full response because they have clues about network-level censorship. For instance, mismatched case in the name, bad answer RR type, missing SOA record on no answers response. On Android I can use android_res_nquery, but I couldn't find anything similar on iOS and macOS. The closest I found was DNSServiceQueryRecord, which at least gives me resource records, so I can inspect TTL and name case. After some struggle, I was able to make it work. I'm using Go with cgo for that: https://github.com/fortuna/gio-test/blob/fortuna-dns/sysresolver_darwin.go https://github.com/fortuna/gio-test/blob/fortuna-dns/sysresolver_darwin_export.go My sequence of calls is: DNSServiceQueryRecord(sdRef, 0, 0, fullname, rrtype, rrclass, (DNSServiceQueryRecordReply)goCallback, context); fd := C.DNSServiceRefSockFD(sdRef) nReady, err := unix.Poll([]unix.PollFd{{Fd: int32(fd), Events: unix.POLLIN | unix.POLLERR | unix.POLLHUP}}, timeout) serviceErr = C.DNSServiceProcessResult(sdRef) // Here my callback gets called, multiple times for multiple answers. C.DNSServiceRefDeallocate(sdRef) I'm able to get positive answers, even multiple answers. But the Poll doesn't return when there are no answers (like for CNAME www.example.com). I expected the poll to return on negative answers, and my callback to be called with an error when calling DNSServiceProcessResult. Is that not the expected behavior? How do I get notified that a query has no answers?

Hello! I created a simple DNS filter application for iOS but the extension is not launching. I am getting this log message in the console. Failed to start extension edu.stanford.stilakid.testDnsFilter.DNSFiltering: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service" UserInfo={NSDebugDescription=connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service} For another project with the same code for dns filtering but different bundleID, I also got the following log message. Failed to start extension edu.stanford.sml.rdahlke.controlShift.DNSProxy: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} Also, the log messages I have defined inside the constructor of the dns proxy extension is nowhere to be found in the logs, so I am pretty sure the extension is failing to launch. The debugger attached to the main target app shows no errors as well, so it is able to load and update dnsProtocol. Here is the code: // DNSProxyProvider.swift // DNSFiltering // // Created by Juben Rana on 2/20/24. // import NetworkExtension import os.log class DNSProxyProvider: NEDNSProxyProvider { // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.sml.rdahlke.controlShift", category: "dns-filter") override init() { Self.logger.log(level: .debug, "TestDns: dns proxy provider will init") self.logger = Self.logger super.init() } let logger: Logger override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { // Add code here to start the DNS proxy. logger.log(level: .debug, "TestDns: proxy will start") completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { // Add code here to stop the DNS proxy. logger.log(level: .debug, "TestDns: proxy will stop") completionHandler() } override func sleep(completionHandler: @escaping () -> Void) { // Add code here to get ready to sleep. completionHandler() } override func wake() { // Add code here to wake up. } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { // Add code here to handle the incoming flow. logger.log(level: .debug, "TestDns: proxy is handling flow") return false } } // ContentView.swift // testDnsFilter // // Created by Juben Rana on 2/20/24. // import SwiftUI struct ContentView: View { var body: some View { VStack { // LoginScreen() // .onOpenURL { url in // GIDSignIn.sharedInstance.handle(url) // } Spacer() #if os(macOS) Text("I'm running on macOS") #else Text("I'm running on iOS") #endif Spacer() Button("Activate") { #if os(macOS) ContentFilterMac.shared.activate() #elseif os(iOS) ContentFilter.shared.enable() #endif } Spacer() Button("Deactivate") { #if os(macOS) ContentFilterMac.shared.deactivate() #elseif os(iOS) ContentFilter.shared.disable() #endif } Spacer() Spacer() } .padding() } } #Preview { ContentView() } // // ContentFilter.swift // controlShift // // Created by Juben Rana on 9/28/23. // // This is only for macOS import Foundation import NetworkExtension import os.log // MARK: - Content Filter class ContentFilter { // MARK: - Set Up static let shared = ContentFilter() private init() { Self.logger.log(level: .debug, "content filter will init") self.logger = Self.logger } // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.stilakid.testDnsFilter", category: "content-filter") let logger: Logger // MARK: - DNS Filter private let manager = NEDNSProxyManager.shared() func enable() { loadAndUpdatePreferences { self.manager.localizedDescription = "DNSProxySample" let dnsProtocol = NEDNSProxyProviderProtocol() dnsProtocol.providerBundleIdentifier = "edu.stanford.stilakid.testDnsFilter.DNSFiltering" self.manager.providerProtocol = dnsProtocol self.manager.isEnabled = true } } func disable() { loadAndUpdatePreferences { self.manager.isEnabled = false } } private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) { manager.loadFromPreferences { error in guard error == nil else { debugPrint("DNSProxySample.App: load error") return } completion() self.manager.saveToPreferences { (error) in guard error == nil else { debugPrint("DNSProxySample.App: save error") return } debugPrint("DNSProxySample.App: saved") } } } }

Hi, to previse all of this, I am new to Swift and iOS app development. I have an Idea for an app, however, this includes Multiplayer connectivity for up to 10 people. I have been trying to look into what would be required to run this. I am confused if I need to invest in an external server or if I can run this through GameKit or CloudKit. Any help is appreciated. Thank you.

Is het mogelijk om wifi en bluetooth in Swift in en uit te schakelen, hoe kan ik dat doen, er zijn altijd dingen over verbinding maken met het wifi-netwerk

Hi Experts, When experimenting with NEFilterDataProvider, I observed that whole ICMP data flows are visible on the local machine when pinging a remote machine from it. However, no ICMP data flows are observed on the local machine when the remote machine pings it. Below is the rule for filtering any protocol with any direction. NEFilterRule(networkRule: .init( remoteNetwork: nil, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .any), action: .filterData) There is no issue for TCP/UDP. May I know it's a bug or by design?

尊敬的开发者社区成员， 我最近在开发iOS平台上的VPN应用程序时遇到了一个问题，希望能在这里寻求一些帮助和建议。在我的应用程序中，我注意到在iOS 17及以上版本中，连接到VPN后，特定流量似乎不再通过本地网络发送，而是直接通过VPN连接发送。 为了解决这个问题，我已经尝试了以下几种方法： 确保VPN配置正确，并与VPN服务提供商确认配置是否符合预期。 在iOS设备上检查系统设置，确保VPN配置被正确应用。 使用网络抓包工具分析网络流量，观察流量的源和目的地址，以确定是否通过VPN连接发送数据。 然而，尽管我已经采取了这些步骤，问题仍然存在。我怀疑这可能是iOS 17及以上版本中网络堆栈实现的变化所导致的。因此，我正在寻找更多的调查和解决方案，以确定问题的根本原因，并找到一个可行的解决方案。 如果您在iOS 17及以上版本中遇到了类似的问题，或者您对iOS网络连接行为有深入的了解，请不要犹豫，与我分享您的经验和建议。我非常感谢您的帮助和支持。 谢谢！

在我的应用程序中，我注意到在iOS 17及以上版本中，连接到VPN后，特定流量似乎不再通过本地网络发送，而是直接通过VPN连接发送。

I am trying to crop a pdf to remove 100 points from the top and bottom of the page. The mediaBounds of my pdf is size 612x792 and the origin is 0,0. My code the set the bounds of the cropBox is: page.setBounds(CGRect(origin: CGPointMake(0,100), size: CGSize(width: 612, height: 592)), for: .cropBox) This sets the origin at 0,100 and the cropBox size to be 200 less than the mediaBox size. This works on iPhone, but on iPad I need to set the height to be 692, otherwise too much is cropped. Is this a bug or is there an explanation?

在开发vpn中遇到一个问题 iOS17以下 在连接vpn时 通过 connect 可以连接到服务器 在xcode 的 debug session 中看到 本地发出的 ip 地址为 本地 ip 没有通过 VPN 代理 但是在 iOS17以上的设备中 在xcode 的 debug session 中看到 本地发出的 ip 为 VPN 的ip地址 iOS17 之后对VPN 做了调整吗? 有哪位大佬遇到过这种问题

Hi, I'm developing an app that requires to connect to Wi-Fi hotspot to pair an Iot device. Often, while IPhone is connected to the device's Wi-Fi hotspot, I get the annoying popup saying that the Wi-Fi network has not access to the internet , suggesting the user to switch back to another network/mobile data. This behavior may create problems with end users, that often taps on the button to switch the net, disconnecting from my device and failing pairing process/data exchange. Is there an option/permission to disable such behavior on my specific app or this is a system function? thanks a lot!