I was developing an electron based app, and I want to embed a system extension in it, everything works fine with SIP disabled. But for normal cases, I found out: Notarization require hardened runtime enabled. The container is an electron based app, which has JIT related feature, so it requires hardened runtime relaxation entitlements (some exception) But System extension disallow these entitlements, this error message is captured from the log system: Hardened Runtime relaxation entitlements disallowed on System Extensions So does this mean we can't embed a system extension in an Electron-based app?

OS: MacOS 14.3 (23D56) I have PacketTunnelProvider VPN running with MTU on utun interface as 1300. % ifconfig utun4 utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet 192.166.54.1 --> 192.166.54.1 netmask 0xffffff00 nd6 options=201<PERFORMNUD,DAD> When I am sending Jumbo size packets using ICMP and it is working fine till 4068 bytes packet size, after that ICMP responses are not accepted by the utun interface. Working till 4068 packets: % ping 13.71.68.85 -s 4068 PING 13.71.68.85 (13.71.68.85): 4068 data bytes 4076 bytes from 13.71.68.85: icmp_seq=0 ttl=56 time=46.040 ms 4076 bytes from 13.71.68.85: icmp_seq=1 ttl=56 time=25.353 ms Not Working after sending 4069 packets: % ping 13.71.68.85 -s 4069 PING 13.71.68.85 (13.71.68.85): 4069 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 In System logs I could see below errors: % log stream | grep utun4 2024-06-19 17:22:34.666286+0530 0x7ee9e2 Error 0x0 0 0 kernel: utun_netif_sync_rx utun4: legacy packet length 4097 > 4096 2024-06-19 17:22:35.637723+0530 0x7ee9e2 Error 0x0 0 0 kernel: utun_netif_sync_rx utun4: legacy packet length 4097 > 4096 Note: Same works fine on en0 interface when packet is not routed via utun interface. Working till 8184 packets on en0 interface: % ping 13.71.68.85 -s 8184 PING 13.71.68.85 (13.71.68.85): 8184 data bytes 8192 bytes from 13.71.68.85: icmp_seq=0 ttl=51 time=198.928 ms 8192 bytes from 13.71.68.85: icmp_seq=1 ttl=51 time=46.139 ms % ping 13.71.68.85 -s 8185 PING 13.71.68.85 (13.71.68.85): 8185 data bytes ping: sendto: Message too long ping: sendto: Message too long Does this mean, on utun interface we do not support packet inception of more than 4096 size?

When I initiate the following request in the app delegate, it is good in iOS 17, but it will crash in iOS 18. The code is as below: NSString *url = @"https://www.baidu.com"; NSString * restr = [NSString stringWithContentsOfURL:[NSURL URLWithString:url] encoding:NSUTF8StringEncoding error:nil]; The stack is as below: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSFileManager createDirectoryAtURL:withIntermediateDirectories:attributes:error:]: URL is nil' *** First throw call stack: ( 0 CoreFoundation 0x00007ff8004c14d5 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff800084116 objc_exception_throw + 62 2 Foundation 0x00007ff800f00861 -[NSFileManager contentsOfDirectoryAtPath:error:] + 0 3 CFNetwork 0x00007ff804c66bfd -[_NSHTTPAlternativeServicesStorage _onqueue_initializeDatabaseIfNotEmpty:] + 488 4 CFNetwork 0x00007ff804c69350 __66-[_NSHTTPAlternativeServicesStorage HTTPServiceEntriesWithFilter:]_block_invoke + 48 5 libdispatch.dylib 0x0000000115349f32 _dispatch_client_callout + 8 6 libdispatch.dylib 0x000000011535ad86 _dispatch_lane_barrier_sync_invoke_and_complete + 133 7 CFNetwork 0x00007ff804c65bf7 -[_NSHTTPAlternativeServicesStorage HTTPServiceEntriesWithFilter:] + 211 8 CFNetwork 0x00007ff804cd5ccc _ZN11TubeManager34_onqueue_enqueueRequestForProtocolEP25MetaConnectionCacheClientPK18HTTPRequestMessage21MetaConnectionOptionsP16BaseAwaitingTube + 264 9 CFNetwork 0x00007ff804bf8b0c ___ZN12XTubeManager25enqueueRequestForProtocolEP25MetaConnectionCacheClientPK18HTTPRequestMessage21MetaConnectionOptionsPK17CoreSchedulingSet_block_invoke + 328 10 CFNetwork 0x00007ff804bf8832 _ZN12XTubeManager15withTubeManagerEPK17CoreSchedulingSetU13block_pointerFvP15GlueTubeManagerE + 516 11 CFNetwork 0x00007ff804d27823 _ZN12HTTPProtocol81asynchronouslyCreateAndOpenStream_WithMessage_AfterCookiesAndAuthenticatorHeadersEP15__CFHTTPMessage + 6077 12 CFNetwork 0x00007ff804d25ea3 _ZN12HTTPProtocol48asynchronouslyAddAuthenticatorHeadersAndContinueEP15__CFHTTPMessage + 103 13 CFNetwork 0x00007ff804d295b3 ___ZN12HTTPProtocol35asynchronouslyAddCookiesAndContinueEP15__CFHTTPMessage_block_invoke_3 + 26 14 CFNetwork 0x00007ff804e0fdb7 ___ZNK18QCoreSchedulingSet12performAsyncEU13block_pointerFvvE_block_invoke + 41 15 libclang_rt.asan_iossim_dynamic.dyl 0x0000000115d0fa4c __wrap_dispatch_async_block_invoke + 204 16 libdispatch.dylib 0x0000000115348ba9 _dispatch_call_block_and_release + 12 17 libdispatch.dylib 0x0000000115349f32 _dispatch_client_callout + 8 18 libdispatch.dylib 0x0000000115351e3b _dispatch_lane_serial_drain + 1078 19 libdispatch.dylib 0x0000000115352bbc _dispatch_lane_invoke + 448 20 libdispatch.dylib 0x0000000115353be7 _dispatch_workloop_invoke + 876 21 libdispatch.dylib 0x000000011535fcc6 _dispatch_root_queue_drain_deferred_wlh + 318 22 libdispatch.dylib 0x000000011535f205 _dispatch_workloop_worker_thread + 853 23 libsystem_pthread.dylib 0x000000011521db84 _pthread_wqthread + 327 24 libsystem_pthread.dylib 0x000000011521cacf start_wqthread + 15 ) libc++abi: terminating due to uncaught exception of type NSException

Hi, When running my iOS app in Xcode, I got the following message in the console multiple times: [connection] nw_read_request_report [C1] Receive failed with error "Operation timed out" It seems not critical as my app still works, but how can I find out more details of the connection that printed this message? For example, the network request the caused this, or the URL? Xcode: 15.3 iOS 17 SwiftUI app

Hi all, I had previously posted this on the Media Technologies section but didn't receive any replies so thought I would try my luck here. Apologies if re-posting questions on the forum in a short-ish time span is against the rules, but would greatly appreciate some assistance with the following situation regarding GroupSessionJournal and loading attachments. I'm currently working on a shareplay feature that allows users to pull 3d models from icloud and view it via volumes/immersive space on the vision pro. Was able to get the sharing working with multiple windows recently so now all that's left is to be able to sync/share the model in the SharePlay session. As I understand it, we should generally use GroupSessionMessenger for commands and light data like model positioning/syncing properties. Whereas for bigger pieces of data (images/videos/models), we should send these through GroupSessionJournal which the group session manages and syncs it for all users in the call. I have a button to get the current user's model data and add it to the journal via /// modelData is type `Data` try await journal.add(modelData) I have also set up a task to observe/receive updates to the journal's attachments in when receiving a group session. for await groupSession in MyModelActivity.sessions() { ... tasks.insert { Task { for await attachments in journal.attachments { for attachment in attachments { do { let modelData = try await attachment.load(Data.self) // throws error here - `notSupported` let modelUrl = writeModelDataToTempDirectory(modelData: modelData) self.modelUrlToLoadForGroupSession = modelUrl } catch let error { print("Error: \(error)") } } } } } } Not quite sure why I'm running into an error being thrown when attempting to load the attachment data on the other devices, any thoughts? The documentation for add(_:) and load(_:) say that the attachment should conform to Transferable but Data.Type should already conform to Transferable

My company uses a VPN to provide access to cloud services for development purposes. I am unable to reach these services from VMs or devices using Internet Sharing. In both cases, those instances can reach the Internet just fine. Here is what the routing table looks like for the VPN: 100.20.x.x 100.65.0.1 UGHS utun1 100.21.x.x 100.65.0.1 UGHS utun1 100.64/10 utun0 Uc utun0 100.65/16 100.65.0.1 UGSc utun1 If I add a custom pf rule, I can get the VM packets routed to the VPN: nat from 192.168.66.0/24 to 100.65.0.0/16 -&amp;gt; (utun1) But, inexplicably, a similar rule for 192.168.2.0/24 does nothing. Using Wireshark, I still see packets sent out the default interface, instead of being sent through utun1. Two questions: Why doesn't the routing "just work" in this case? I expected that, after the NAT rules installed by the system are applied, the packets destined for 100.64.0.0/15 would be properly routed without the need for any custom rules. What else should I try, either to gather more data or attempt to fix the routing?

I have a project with some legacy networking code that uses the Stream (formerly NSStream) family of classes, including Stream, InputStream, OutputStream, and StreamDelegate. None of these are sendable, so I get a lot of warnings when implementing delegate methods in a @MainActor class. These classes seem like they could be sendable. Is this something that will happen soon? Is it a bug I should report? The networking code that uses these classes runs great, and hasn't needed changes for years, so my current solution is to just mark these unchecked: extension Stream: @unchecked Sendable { } extension InputStream: @unchecked Sendable { } extension OutputStream: @unchecked Sendable { } This makes the compiler happy, but makes me feel kind of bad. Is there something else I could do?

Hi, I am trying to download multiple files in background (using multiple background urlsession). I initiate the download on click of a button and push the app to background where the download should happen. I am getting the following error: Error Domain=NSCocoaErrorDomain Code=4 "“CFNetworkDownload_EYp3BT.tmp” couldn’t be moved to “Documents” because either the former doesn’t exist, or the folder containing the latter doesn’t exist." UserInfo={NSSourceFilePathErrorKey=/private/var/mobile/Containers/Data/Application/85AEEB4F-1512-4C0C-8B04-C9C73634CC49/Library/Caches/com.apple.nsurlsessiond/Downloads/com.mycompany.DownloadMultipleFilesTestApp/CFNetworkDownload_EYp3BT.tmp, NSUserStringVariant=(\n Move\n), NSDestinationFilePath=/var/mobile/Containers/Data/Application/85AEEB4F-1512-4C0C-8B04-C9C73634CC49/Documents/file-441966.pdf, NSFilePath=/private/var/mobile/Containers/Data/Application/85AEEB4F-1512-4C0C-8B04-C9C73634CC49/Library/Caches/com.apple.nsurlsessiond/Downloads/com.mycompany.DownloadMultipleFilesTestApp/CFNetworkDownload_EYp3BT.tmp, NSUnderlyingError=0x28155f900 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}} In my sample code attached here i am trying with 500 background urlsession (one download task per each url session) I have implemented the required methods: application(_:handleEventsForBackgroundURLSession:completionHandler) and urlSessionDidFinishEvents forBackgroundURLSession:) I have found that the error happens because of two callbacks to urlSession(_:downloadTask:didFinishDownloadingTo:) where i move the file from temporary location to a location in my app's documents directory. The first time the file is present at the location, but for the second callback (with same urlsession id, task id and location values) to urlSession(_:downloadTask:didFinishDownloadingTo:) the file isnt present there and so the move fails. Can someone please explain this erratic behaviour ? Is this a known issue with URLSession ? For a repro, you can use the code attached above, test on a physical device without running app from xcode ie launch the app from phone's home screen, click on the download button and send the app to background. Check logs in the console app on mac Test environment: iPhone 8plus with iOS 16.7.8

We're encountering an issue with our Network Extension (utilizing NEPacketTunnelProvider and NETransparentProxy) on macOS 14.5 (23F79). On some systems, the VPN fails to automatically start after a reboot despite calling startVPNTunnel(). There are no error messages. Our code attempts to start the tunnel: ....... do { try manager.connection.startVPNTunnel() Logger.default("Started tunnel successfully") } catch { Logger.error("Failed to launch tunnel") } ...... System log analysis reveals the tunnel stopping due to userLogout (NEProviderStopReason(rawValue: 12)) during reboot. However, the Transparent Proxy stops due to userInitiated (NEProviderStopReason(rawValue: 1)) for the same reboot. We need to understand: Why the VPNTunnel isn't starting automatically. Why the userLogout reason is triggered during reboot. Additional Context: We have manually started the VPN from System Settings before reboot.

This doesn't particularly surprise me, but I am curious about it, and whether we can change it: our TPP won't start if the only IP address available is in 169.254.0.0/16. I can see (from our logs) that the preferences are loaded & saved, and the extension is loaded, but until it gets a real address, the startProxy method is not invoked.

Hi, I'm having headaches with the debugging of my Unwanted Communication Reporting extension. iPhone log says: com.apple.IdentityLookup.MessageFilter[1774] <Error>: Extension's containing app (appID <private>) unauthorized to defer requests to host <private> So I guess I have something wrong with my apple-app-site-association. The AASA file I get with swcutil dl -d services.mydomain.com { classificationreport = { apps = ( "<MYTEAMID>.com.mydomain.myapp", "<MYTEAMID>.com.mydomain.myapp.unwanted" ); }; } where .com.mydomain.myapp is my containing app (bundle id). and .com.mydomain.myapp.unwanted is my extension The AASA file on the server is obviously in JSON format and correctly served from the server : services.mydomain.com In the extension Info.plist I've set the following : <key>NSExtension</key> <dict> <key>NSExtensionAttributes</key> <dict> <key>ILClassificationExtensionNetworkReportDestination</key> <string>https://services.mydomain.com/path/unwanted/report</string> </dict> <key>NSExtensionMainStoryboard</key> <string>MainInterface</string> <key>NSExtensionPointIdentifier</key> <string>com.apple.identitylookup.classification-ui</string> </dict> I suppose the reply from classificationResponse method is correct since MessageFilter "tries" to send the request. Where am I mistakening ? Difficult to debug... MessageFilter's log keeps interesting data as private (so there is no way to check what it's actually doing). And I've found no way to go deeper in the debug process. Many thanks Emmanuel

Recently, my application was having trouble sending udp messages after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so udp worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and udp does not work properly (no messages can be sent, the system version and code have not changed). Fortunately, udp worked after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for udp to take effect. I'm not sure if it's the system, or if it's a similar situation as described here, hopefully that will help me find out

Hi team, I'm working on an MQTT client for Apple platforms (macOS, iOS, and possibly tvOS and watchOS). I would like the client to listen to messages even when the application is in the background. I would appreciate any suggestions on the best approach to achieve this. Based on iOS Background Execution Limits, it seems that my best bet is to use a long-running background process with BGProcessingTaskRequest while setting up the connection. Does that sound like the right approach? Is there any limits for the bg tasks? I currently have a working BSD socket. I'm not sure if it is necessary to switch to the Network Framework to have the background task working, but I'm open to switching if it's necessary. If the approach works, does that mean I could built a http client to process large upload/download tasks without using NSURLSession? As I'm working on a cross platform project, it would be benefit if I dont need a separate http client implementation for Apple. Any insights on this topic would be greatly appreciated. Additionally, it's off topic, but the link to "WWDC 2020 Session 10063 Background Execution Demystified" (https://developer.apple.com/videos/play/wwdc2020/10063/) is broken. Is there a way to access the content there? Thanks in advance for your help and insights!

I am using NWBrowser to detect SignalK servers on a network using the following Swift code: let browser = NWBrowser(for: .bonjourWithTXTRecord(type: "_http._tcp", domain: nil), using: NWParameters()) browser.browseResultsChangedHandler = { results, changes in print("Found \(results.count) results and \(changes.count) changes") } When this is run on a network with 5 devices then the output is often Found 5 results and 5 changes But, sometime it is: Found 2 results and 2 changes Found 5 results and 3 changes indicating that the browseResultsChangedHandler is being called more than once. So my question is how do I determine when the browsing process has finished (obviously without the knowledge that there are 5 devices)? The depreciated NetServiceBrowser had a delegate method (netServiceBrowser(_:didFind:moreComing:) but I can't see an equivalent for NWBrowser. The only method I can think of is to apply a short time out.

Hi, we actually have an application where we use iPad to run a WEB Application to display multiple Entertainment/Information content and control Infrastructure. The device is usually connected to a base station (own design) using BLE und USB only for power, is locked in single App Mode using MDM. As long as the App is open it is working fine. But now we like to go to the next step and like to have the device movable and use power save. How can we achieve the iPad wakes up immediately from sleep mode (directly to the app) if somebody is pressing a button on the base station (we support Comm Port, and HID Keyboard service, we can change code on base station if needed). And how can we achieve the same over Network (Wi-Fi or Ethernet with Adapter, Internet access is not always available). May set a state on the MQTT broker and tablet should wake up from sleep. Thanks for feedback Patrik

Hi All, can anyone help me to the below issue? i used the WatchConnectivity to send data from iphone to watch app. Now i tried to run them on emulator (watch series 5, and iphone 15 pro) I have an error when i tried to send message data from iphone app (react-native) to watch app: { "code": "EWCERRORDOMAIN7014", "domain": "WCErrorDomain", "message": "Payload could not be delivered.", "nativeStackIOS": [ "0 releasev2 0x0000000101979c90 RCTJSErrorFromCodeMessageAndNSError + 112", "1 releasev2 0x0000000101979bd0 RCTJSErrorFromNSError + 256", "2 releasev2 0x000000010190c2b4 __41-[RCTModuleMethod processMethodSignature]_block_invoke_4.110 + 148", "3 releasev2 0x000000010185003d __35-[RNWatch sendMessage:reply:error:]_block_invoke.116 + 77", "4 WatchConnectivity 0x000000011428b176 __70-[WCSession _onqueue_notifyOfMessageError:messageID:withErrorHandler:]_block_invoke + 206", "5 Foundation 0x0000000119095004 NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK + 7", "6 Foundation 0x0000000119094f02 -[NSBlockOperation main] + 94", "7 Foundation 0x0000000119097ef2 NSOPERATION_IS_INVOKING_MAIN + 17", "8 Foundation 0x00000001190940aa -[NSOperation start] + 730", "9 Foundation 0x0000000119098744 NSOPERATIONQUEUE_IS_STARTING_AN_OPERATION + 17", "10 Foundation 0x0000000119098385 __NSOQSchedule_f + 182", "11 libdispatch.dylib 0x000000011434ca90 _dispatch_call_block_and_release + 12", "12 libdispatch.dylib 0x000000011434dd3a _dispatch_client_callout + 8", "13 libdispatch.dylib 0x000000011435126a _dispatch_continuation_pop + 874", "14 libdispatch.dylib 0x00000001143502b0 _dispatch_async_redirect_invoke + 994", "15 libdispatch.dylib 0x000000011436041e _dispatch_root_queue_drain + 372", "16 libdispatch.dylib 0x0000000114360e88 _dispatch_worker_thread2 + 244", "17 libsystem_pthread.dylib 0x0000000116800c0f _pthread_wqthread + 257", "18 libsystem_pthread.dylib 0x00000001167ffbbf start_wqthread + 15" ], "userInfo": { "NSLocalizedDescription": "Payload could not be delivered." } } Here is the class connector shared data on watch target: class SharedDataConnecter: NSObject, ObservableObject { var session: WCSession init(session: WCSession = .default){ self.session = session super.init() if WCSession.isSupported(){ session.delegate = self session.activate() } } } extension SharedDataConnecter: WCSessionDelegate{ func session(_ session: WCSession, activationDidCompleteWith activationState: WCSessionActivationState, error: Error?) { print("Active State: ", activationState.rawValue) print("Error: ", error) } func session(_ session: WCSession, didReceiveMessage message: [String : Any], replyHandler: @escaping ([String : Any]) -> Void) { print("AAAA message from app: ", message) } }

When I turn on the PAC proxy configuration on my computer, the URL request part in the developed app will overflow the memory, but it will not happen if I turn off PAC

I'm working with content filters on OS X and encountered an issue where the handleNewFlow function is not called unless I explicitly invoke completionHandler(nil) in the startFilter method. This is perplexing because I expected handleNewFlow to be called automatically when new traffic flows are detected. Here's an example of my startFilter function without the completionHandler: override func startFilter(completionHandler: @escaping (Error?) -&gt; Void) { os_log("Start filter called") // Create a network rule that matches all traffic let allTrafficNetworkRule = NENetworkRule(remoteNetwork: nil, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .outbound) // Create a filter rule that allows all traffic let allowAllFilterRule = NEFilterRule(networkRule: allTrafficNetworkRule, action: .allow) // Set filter settings with the default action to allow all traffic let filterSettings = NEFilterSettings(rules: [allowAllFilterRule], defaultAction: .allow) // If I include this it will work fine, but TCP sessions will be reset: //completionHandler(nil) } Question: Why, when I include completionHandler(nil) in the startFilter method, do all TCP sessions on my computer get reset? Is there a way to around this? My ideal state would be to get handleNewFlow to execute, but not without resetting sessions on my machine.

iOS 17.4 added a new flag for VPNs: excludeDeviceCommunication. The documentation does not include any description of what it does (though an Apple engineer explained it during a WWDC labs session). Can the documentation be updated to add some explanation for this? Thank you!

We have an implementation in which we use QUIC via a connection group, server are client are on Swift using the Network framework. Our use case is, the server should send data buffers to the client as fast and as much as possible, now the pace to call the send method from the server should be carefully done, because if we send too much data of course the client is not gonna be able to receive it. The question would be, is there a way to query the congestion window so we know on the server side, how much data we should be able to send at some point? Asking because we are not getting all the data we are sending from the server on our client side... We are using these settings: let options = NWProtocolQUIC.Options(alpn: ["h3"]) options.direction = .bidirectional // options.idleTimeout = 86_400_000 options.maxUDPPayloadSize = Int.max options.initialMaxData = Int.max options.initialMaxStreamDataBidirectionalLocal = Int.max options.initialMaxStreamDataBidirectionalRemote = Int.max options.initialMaxStreamDataUnidirectional = Int.max options.initialMaxStreamsBidirectional = 400 options.initialMaxStreamsUnidirectional = 400 Questions: 1.- Can we get a little more detail in above options, specifically on their impact to the actual connection? 2.- IsinitialMaxData the actual congestion window value 3.- Are we missing something or making incorrect assumptions? Thanks in advance.