User Profile

Hi, I'm using tcpdump and Wireshark to inspect the network packets that are received and sent from my mac. I'm inspecting the traffic from WiFi interface, but the problem is that the tools display also the traffic that don't exit the system, e.g. the ones that are blocked by the firewall. Is it possible to somehow see the traffic that for sure left the mac? e.g. make a UDP or TCP connection to a remote address, ADDR_1. start sending/receiving packets block all the traffic, received & sent, to the ADDR_1 using e.g. pf rules Wireshark & tcpdump will still show for some time(probably until TCP timeout) the outgoing traffic to ADDR_1, even if the packets are not leaving the mac because are blocked by the firewall. In this case, is it possible to filter out this packets so they are not displayed by the tools? Thanks

Hi, On my macos 13.4.1 if we use kSecUseDataProtectionKeychain to save passwords into the keychain, then the keys are create sometimes into login keychain, but sometimes into iCloud(or Local items when iCloud is disabled). If kSecUseDataProtectionKeychain is removed, then they are always into login. I've even tried to set kSecAttrSynchronizable to kCFBooleanFalse, but the behaviour is the same. Where should the keys be created when kSecUseDataProtectionKeychain is used? And does it mean that if the key is into the iClound keychain it will be sync on other devices, even if it doesn't have kSecAttrSynchronizable? Thanks

Hi, I saw that almost each OS version, on ios and macos, handles differently changing includeAllNetworks while the tunnel is running. On some the entire OS reports no-net, while others, specially latest versions, handle this fine. Can includeAllNetworks be changed while the tunnel is running, or the tunnel must be stopped and restarted with the new value? e.g. the tunnel is started with it set to false, but later is changed to true into VPN profile. And on the same note, regarding setTunnelNetworkSettings, can this be called multiple times while the tunnel is running? For example if the VPN server IP changes. Because what I've saw each call to setTunnelNetworkSettings after VPN connected results in at least DNS leaks, because the routing table is recreated. Let me know if it is easier to track to create separate questions. Thanks

Hi, I've got into a very strange no internet situation on macos 13.3(others reproduced on others too, e.g. 10.15). After I've disconnected from VPN, connected with includeAllNetworks=true, CFNetwork returned no internet connection (error code: -1009). Some apps, e.g. Chrome, Firefox, ping are running, but other of apps e.g. Safari, AppStore, returns no internet. In logs I can see for cloudd is also not working: default 2023-04-12 06:57:50.383656 +0200 cloudd _CFNetworkIsConnectedToInternet returning 0, flagsValid: 1, flags: 0x0 error 2023-04-12 06:57:50.383688 +0200 cloudd Task <925C1A17-8E2C-44C3-A730-38C9BB556990>.<23> HTTP load failed, 0/0 bytes (error code: -1009 [1:50]) default 2023-04-12 06:57:50.383820 +0200 cloudd Task <925C1A17-8E2C-44C3-A730-38C9BB556990>.<23> summary for task failure {transaction_duration_ms=4, response_status=-1, connection=483, reused=1, request_start_ms=0, request_duration_ms=0, response_start_ms=0, response_duration_ms=0, request_bytes=0, response_bytes=0, cache_hit=false} error 2023-04-12 06:57:50.384151 +0200 cloudd Task <925C1A17-8E2C-44C3-A730-38C9BB556990>.<23> finished with error [-1009] Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x1256a2bd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (No network route), scoped, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1} default 2023-04-12 06:57:50.384856 +0200 cloudd NetworkingError, NSURLErrorDomain/-1009/NSUnderlyingError kCFErrorDomainCFNetwork/-1009 info 2023-04-12 06:57:50.384892 +0200 cloudd NetworkingError, NSURLErrorDomain/-1009/NSUnderlyingError, kCFErrorDomainCFNetwork/-1009/_NSURLErrorNWPathKey unsatisfied (No network route), scoped info 2023-04-12 06:57:50.384895 +0200 cloudd NetworkingError, NSURLErrorDomain/-1009/NSUnderlyingError, kCFErrorDomainCFNetwork/-1009/_kCFStreamErrorCodeKey 50 info 2023-04-12 06:57:50.384896 +0200 cloudd NetworkingError, NSURLErrorDomain/-1009/NSUnderlyingError, kCFErrorDomainCFNetwork/-1009/_kCFStreamErrorDomainKey 1 default 2023-04-12 06:57:50.385169 +0200 cloudd req: 31FF22D0-CBCF-42DB-A56A-DA5DDAA56477, "URLSession:task:didCompleteWithError: Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x1256a2bd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (No network route), scoped, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1}" default 2023-04-12 06:57:50.385276 +0200 cloudd req: 31FF22D0-CBCF-42DB-A56A-DA5DDAA56477, "_finishOnLifecycleQueueWithError:, asked to finish with error Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x1256a2bd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (No network route), scoped, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1}" info 2023-04-12 06:57:50.385375 +0200 cloudd req: 31FF22D0-CBCF-42DB-A56A-DA5DDAA56477, "_finishOnLifecycleQueueWithError:, did finish request <private> with error Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x1256a2bd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (No network route), scoped, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1}" default 2023-04-12 06:57:50.385704 +0200 cloudd Finished operation <CKDFetchRecordZoneChangesOperation: 0x126d11e80; qos=Utility, operationID=0A1CCE2A049C7D04, finishedChildOpIDs=[4C26CE3A2036F0C4], requestIDs=[31FF22D0-CBCF-42DB-A56A-DA5DDAA56477], operationGroupID=67FB07CBADD854C9, operationGroupName=CKSyncEngine-FetchChangesForZonesIfNecessary-Manual, stateFlags=executing, flags=allows-cellular|allows-expensive, runningFor=0.01, <private>> metrics=<private> with error: Error Domain=NSURLErrorDomain Code=-1009 UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x1256a2bd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo={_NSURLErrorNWPathKey=unsatisfied (No network route), scoped, _kCFStreamErrorCodeKey=50, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1} For some scutil returns that is is not reachable: # # scutil -d -v -r www.apple.com # create w/name <SCNetworkReachability 0x12ee04290 [0x1f80aa820]> {name = www.apple.com} __SCNetworkReachabilityGetFlagsFromPath(GetFlags), flags = 0x00000000, nw_path_status_unsatisfied flags = 0x00000000 (Not Reachable) release # # scutil -d -v -r 0.0.0.0 # create w/address <SCNetworkReachability 0x12e604290 [0x1f80aa820]> {default path} __SCNetworkReachabilityGetFlagsFromPath(GetFlags), flags = 0x00000000, nw_path_status_unsatisfied flags = 0x00000000 (Not Reachable) release # # scutil -d -v -r 169.254.0.0 # create w/address <SCNetworkReachability 0x131e04290 [0x1f80aa820]> {address = 169.254.0.0} __SCNetworkReachabilityGetFlagsFromPath(GetFlags), flags = 0x00020002, nw_path_status_satisfied, by address, direct flags = 0x00020002 (Reachable,Directly Reachable Address) release To fix this I've reconnected to VPN, and it worked. After disconnecting from it everything worked fine. Probably because VPN caused the DynamicStore changes and then the system reconfigured itself. Any suggestions on how to fix this? Thanks

Hi, I need to run a daemon helper(launchd) with a custom group id. For this I specify into the plist the group ID and everything works fine. The problems appear if I delete the group ID. Then the executable will not start anymore and if I want to send an XPC message remoteObjectProxyWithErrorHandler it will not return any error and the completion blocks are never executed. What would be the correct way to check handle the above situations? recreate group if it was deleted detect that the XPC connection cannot be established because the helper doesn't start Thanks

I'm running an VPN app using NetworkExtension on macos 13.2.1. I'm able to connect to VPN server and run the tunnel. But if I change the VPN profile which triggers VPN reconnection (reasserting=true), while the System Settings app is open, the tunnel is stopped by the VPN.appex/Contents/MacOS/VPN app. The only "fix" for this is to close System Settings and then everything works fine. The logs contain lots of messages generated by VPN.appex e.g.: VPN current generation (7734) does not equal posted generation (7735), fetching a new index .... VPN Skipping configuration App1 because it is of the wrong type VPN Skipping configuration App2 because it is of the wrong type VPN Skipping configuration App2 because it is of the wrong type VPN loadAll complete but they are printed also when the tunnel is not stopped. Sometimes the tunnel is stopped and the logs contain Received a stop command from VPN[26144] with reason 1 ... Calling stopTunnelWithReason because: Stop command received The only fix found so far is to close System settings so VPN.appex is closed. Do you have any suggestions how to fix this? Thanks

Hi, I've seen that as soon as a Bundle is created, e.g. Bundle(path: path), it is immediately added into the Bundle.allBundles, even if it is not loaded. Is there a way to create a bundle object, but without adding the bundle to allBundles? Or is it possible to remove it from the list? Thanks, Marius