Are there any IOS apps that allow you to connect to multiple proxies at once like Nekobox for Android that allow you to create a proxy chain? Thanks

Is it possible to programmatically force iphone to use cellular internet during WIFI connection? I am connected via WIFI to a device with no internet connection. But I need to use MapKit

Hi, I have been working on some kind of network filtering app for iOS using Content Filter Provider. And I have stored rules for each domain. As of right now, I use UserDefaults with my app's bundle suite to store and observe rules. I have also read this documentation page for UserDefaults link. Is it okay to use UserDefaults in my case, if I have rules added/modified dynamically as the flow is intercepted, or should I pick some other approach like Core Data, SwiftData, etc.? Thank you!

This one is sorta behaving similar to the FaceTime / AirDrop issue, but it does depend on order, which makes me wonder if it's a programming choice. Specifically, using FortiNet's VPN client, using IPSec, if I have a TPP installed and then try to connect it, it fails. If, however, I connect and then start the TPP, it succeeds, which at least makes it better than FaceTime and AirDrop. So my question here is... hm, not as well-articulated as I would like. I'm curious if a VPN can check to see if other VPNs are installed and configured, and if so say "nope." Hm, saying that more clearly: I think it's possible for a network extension to check the interface that a packet/flow is going to, and cause a failure of some sort if it's a VPN, correct? Does anyone do that? Or am I seeing lions in the waterhole weeds? I'm also curious if Apple's networking code has issues with multiple VPNs. (Although, I will note, our TPP works just fine with Tailscale, so it's not an inherent conflict. Also Cisco AnyConnect. So maybe it's just IPSec?) ETA: to make it clear, my test case involves using a ****** TPP, where handleNewUDPFlow and handleNewFlow both immediately return false, meaning that the system should behave as if it's not there, and yet... doesn't. I appreciate any comments/assistance/guffaws.

The man page for getifaddrs states: The ifa_data field references address family specific data. For AF_LINK addresses it contains a pointer to the struct if_data (as defined in include file <net/if.h>) which contains various interface attributes and statistics. For all other address families, it contains a pointer to the struct ifa_data (as defined in include file <net/if.h>) which contains per-address interface statistics. I assume that "AF_LINK address" is the one that has AF_LINK in the p.ifa_addr.sa_family field. However I do not see "struct ifa_data" anywehere. Is this a documentation bug and if so how do I read this documentation right?

I develop a iOS app and run on my iPhone 15 pro max , not simulator , I initialized 'CBCentralManager' class ,then i got state "CBManagerStateUnsupported" ,why? But this happends is very rare .

For important background information, read Extra-ordinary Networking before reading this. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Network Interface Statistics One FAQ when it comes to network interfaces is “How do I get network interface statistics?” There are numerous variants of this: Some folks ask about specific network interfaces: “How do I get cellular data usage?” Some folks are interested in per-app statistics: “How do I get cellular data usage statistics for each app?” or “How do I get cellular data usage statistics for my app?” Some folks only care about recent statistics: “How can I tell how much network data this operation generated?” Some folks care about usage across restarts: “How do I get the cellular data usage shown in the Settings app on iOS?” Most of these questions have no supported answers. However, there are a some supported techniques available. This post explains those techniques, and their limitations. MetricKit To get network usage for your app, use MetricKit. Specifically, look at the MXNetworkTransferMetric payload. MetricKit has a number of design points: You only get metrics for your app. You get metrics periodically; you can’t monitor these statistics in real time. Legacy Techniques The getifaddrs routine returns rudimentary network interface statistics. See the getifaddrs man page and the struct if_data definition in <net/if_var.h>. Here’s an example of how you might use this: func legacyNetworkInterfaceStatisticsForInterfaceNamed(_ name: String) -> LegacyNetworkInterfaceStatistics? { var addrList: UnsafeMutablePointer<ifaddrs>? = nil let err = getifaddrs(&addrList) // In theory we could check `errno` here but, honestly, what are gonna // do with that info? guard err >= 0, let first = addrList else { return nil } defer { freeifaddrs(addrList) } return sequence(first: first, next: { $0.pointee.ifa_next }) .compactMap { addr in guard let nameC = addr.pointee.ifa_name, name == String(cString: nameC), let sa = addr.pointee.ifa_addr, sa.pointee.sa_family == AF_LINK, let data = addr.pointee.ifa_data else { return nil } return LegacyNetworkInterfaceStatistics(if_data: data.assumingMemoryBound(to: if_data.self).pointee) } .first } struct LegacyNetworkInterfaceStatistics { var packetsIn: UInt32 // ifi_ipackets var packetsOut: UInt32 // ifi_opackets var bytesIn: UInt32 // ifi_ibytes var bytesOut: UInt32 // ifi_obytes } extension LegacyNetworkInterfaceStatistics { init(if_data ifData: if_data) { self.packetsIn = ifData.ifi_ipackets self.packetsOut = ifData.ifi_opackets self.bytesIn = ifData.ifi_ibytes self.bytesOut = ifData.ifi_obytes } } This is a legacy interface. macOS inherited this API from its ancestor platforms, and iOS inherited it from macOS. That history means that the API has significant limitations: The counters reset each time the device restarts. The counters are represented as a UInt32, and so wrap at 4 GiB [1]. Due to its legacy nature, there’s little point filing an enhancement request against this API. [1] The <net/if_var.h> header defines an if_data64 structure, but there’s no supported way to get that value on Apple platforms. Limitations When it comes to network interface statistics, certain tasks have no supported solutions: Getting per-app statistics Getting whole device statistics that persist across a restart Getting real-time statistics for your app that persist across a restart If you need one of these features, feel free to file an enhancement request for it. In your ER: Be specific about the platforms you need this on [1]. Make sure that your request is aligned with that platforms privacy constraints. For example, iOS isolates your app from other apps, so you’re unlikely to get an API that returns per-app statistics for all apps on the system. Supply a clear justification for why this is important to your product. [1] If it’s macOS, be clear about: Whether your app is sandboxed or not. Whether it’s a Mac Catalyst. Or running via iOS Apps on Mac.

Hi, in my Extension FilterDataProvider class that is inherited from NEFilterDataProvider i am trying to insert logs into my CoreData entity, but when i insert it gives me error "NSCocoaErrorDomain: -513 "reason": Unable to write to file opened Readonly Any suggestions please to update the read write permission i already have tried this way but no luck let description = NSPersistentStoreDescription(url: storeURL) description.shouldInferMappingModelAutomatically = true description.shouldMigrateStoreAutomatically = true description.setOption(false as NSNumber, forKey: NSReadOnlyPersistentStoreOption) ?

Hi, I observed some unexpected behavior and hope that someone can enlighten me as to what this is about: mDNSResponder prepends IP / network based default search domains that are checked before any other search domain. E.g. 0.1.168.192.in-addr.arpa. would be used for an interface with an address in the the 192.168.1.0/24 subnet. This is done for any configured non-link-local IP address. I tried to find any mention of an approach like this in RFCs but couldn't spot anything. Please note that this is indeed a search domain and different from reverse-DNS lookups. Example output of tcpdump for ping devtest: 10:02:13.850802 IP (tos 0x0, ttl 64, id 43461, offset 0, flags [none], proto UDP (17), length 92) 192.168.1.2.52319 &gt; 192.168.1.1.53: 54890+ [1au] A? devtest.0.1.168.192.in-addr.arpa. (64) I was able to identify the code that adds those default IP subnet based search domains but failed to spot any indication as to what this is about: https://github.com/apple-oss-distributions/mDNSResponder/blob/d5029b5/mDNSMacOSX/mDNSMacOSX.c#L4171-L4211 Does anyone here have an ideas as to what this might be about?

Hello! I'm trying to capture socket state changes for an endpoint security product and have tried the Endpoint Security APIs as well as a Network Extension but there doesn't seem to be a way to detect listening sockets in real time. I've so far been able to capture all process, file and network flow/packet information in real-time but I'm also interested in getting an event when a server socket is opened for listening for incoming connections. Is there a way to do this? If yes, can someone please point me to the documentation or any other information on how to go about it? Thanks!

We've released our app on the App Store and are facing the following issue: Some users are unable to connect to the server with the app, and the "Cellular Data" settings for our app are missing in the system settings. The app is developer on Qt framework (qt.io) This is how it should be This is what some users reporting - app unable to make requests to the server by https (request timeout) Why it happening? Any tips how to fix?

Hey everyone, I'm tackling a scenario where I need to fetch a comprehensive list of both IPv4 and IPv6 addresses linked to a particular DNS. I know about the POSIX function getaddrinfo(), but I'm on the lookout for an asynchronous solution. Previously, I could've used CFHost, but unfortunately, it's been deprecated. Any suggestions or insights on how to achieve this asynchronously would be greatly appreciated! Thanks, Harshal

After I upgraded xcode to 15.3 , Then VPN NetworkExtension NEPacketTunnelProvider cannot send TCP packets in release mode, but can send TCP packets in debug mode, please help me!!!

We're looking at mitigation options for the TunnelVisioning attack that exploits DHCP option 121 to set routes. It looks like Per-App VPN doesn't have the problem, but in standard mode we aren't able to touch potentially malicious host routes, so while we can mitigate it we can't eliminate the security problem completely. Is there any way to tell iOS and macOS to ignore DHCP option 121? Or even better, does Apple have a fix in the works?

OS Version: macOS 13.6.3 (22G436) Code Type: ARM64 We recently observed that the system extension process CPU based on networkextension (data-filter firewall) has been 99% busy for a period of time. We try to deauthorize data-filter so that the firewall stops working and the NEFilterDataProvider object is released. However, the system extension process CPU usage is always 99% busy. Then I used Instruments-CPU Counters to observe that a thread (thread id: 0x2abf9b) has been busy, but no useful backtrace information was captured. Through the sample command, I caught the backtrace and found that the busy process (thread id: 2801563 == 0x2abf9b) is in this state. 35 Thread_1336407 DispatchQueue_442: NEFilterExtensionProviderContext queue (serial) + 35 start_wqthread (in libsystem_pthread.dylib) + 8 [0x1a1afad94] + 35 _pthread_wqthread (in libsystem_pthread.dylib) + 288 [0x1a1afc074] + 35 _dispatch_workloop_worker_thread (in libdispatch.dylib) + 648 [0x1a1963244] + 35 _dispatch_lane_invoke (in libdispatch.dylib) + 384 [0x1a19585f8] + 35 _dispatch_lane_serial_drain (in libdispatch.dylib) + 372 [0x1a1957960] + 35 _dispatch_source_invoke (in libdispatch.dylib) + 1176 [0x1a1966ce0] + 35 _dispatch_source_cancel_callout (in libdispatch.dylib) + 204 [0x1a1967890] + 35 _dispatch_continuation_pop (in libdispatch.dylib) + 504 [0x1a1953884] + 35 _dispatch_client_callout (in libdispatch.dylib) + 20 [0x1a1950400] + 35 _dispatch_call_block_and_release (in libdispatch.dylib) + 32 [0x1a194e874] + 35 __75-[NEFilterDataExtensionProviderContext setupSocketSourceWithControlSocket:]_block_invoke (in NetworkExtension) + 112 [0x1b1e0dd74] + 35 close (in libsystem_kernel.dylib) + 8 [0x1a1ac0ac0] note: the picture screenshot and the text description backtrace are from different machines, but the problem is the same. This seems to be a newly introduced bug in the network extension? This problem did not occur for a long time between 10.15 and 10.12.

I would like to determine why communication with the server is failing. The following situation. ・An SSL error occurs when communicating with the server. ATS failed system trust Connection 13: system TLS Trust evaluation failed(-9802) Connection 13: TLS Trust encountered error 3:-9802 Connection 13: encountered error(3:-9802) nw_connection_copy_connected_local_endpoint_block_invoke [C14] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection nw_connection_copy_connected_remote_endpoint_block_invoke [C14] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection nw_connection_copy_protocol_metadata_internal_block_invoke [C14] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection Task <07B896CB-44B4-44BC-87B4-EB786D5B25DA>.<10> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802]) Task <07B896CB-44B4-44BC-87B4-EB786D5B25DA>.<10> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "SSLエラーが起きたため、サーバへのセキュリティ保護された接続を確立できません。" UserInfo={NSLocalizedRecoverySuggestion=それでもサーバに接続しますか?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x1091bca00) s: Default Company Ltd i: Default Company Ltd>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxx, NSErrorFailingURLStringKey=https://xxxx, NSUnderlyingError=0x2838e96e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x28073aa80>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=( "<cert(0x1091bca00) s: Default Company Ltd i: Default Company Ltd>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <07B896CB-44B4-44BC-87B4-EB786D5B25DA>.<10>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <07B896CB-44B4-44BC-87B4-EB786D5B25DA>.<10>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x28073aa80>, NSLocalizedDescription=SSLエラーが起きたため、サーバへのセキュリティ保護された接続を確立できません。} ・I checked that server for ATS (App Transport Security) support with the nscurl command and found that it supported it without any problems. ・The error content changes when an ATS exception is handled by the iOS client. Connection 35: default TLS Trust evaluation failed(-9807) Connection 35: TLS Trust encountered error 3:-9807 Connection 35: encountered error(3:-9807) nw_connection_copy_connected_local_endpoint_block_invoke [C36] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection nw_connection_copy_connected_remote_endpoint_block_invoke [C36] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection nw_connection_copy_protocol_metadata_internal_block_invoke [C36] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection Task <882E38EE-4E0D-4428-A4BE-709BB8448530>.<34> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9807]) Task <882E38EE-4E0D-4428-A4BE-709BB8448530>.<34> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "このサーバの証明書は無効です。"xxxx"に偽装したサーバに接続している可能性があり、機密情報が漏えいするおそれがあります。" UserInfo={NSLocalizedRecoverySuggestion=それでもサーバに接続しますか?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x14c2e9000) s: Default Company Ltd i: Default Company Ltd>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxx, NSErrorFailingURLStringKey=https://xxxx, NSUnderlyingError=0x281d86310 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x2823f7200>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=( "<cert(0x14c2e9000) s: Default Company Ltd i: Default Company Ltd>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <882E38EE-4E0D-4428-A4BE-709BB8448530>.<34>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <882E38EE-4E0D-4428-A4BE-709BB8448530>.<34>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x2823f7200>, NSLocalizedDescription=このサーバの証明書は無効です。"xxxx"に偽装したサーバに接続している可能性があり、機密情報が漏えいするおそれがあります。} ・Client can communicate normally when client is not iOS (also Safari) ・Even on iOS, after many failed attempts, the communication suddenly succeeds (after success, the session cache is consulted). The server appears to be fine, but that said, iOS is failing to communicate. What are possible cases like this?

The crash logs for my app show an occasional crash that happens during the launch of the app. The highlighed line is "CoreBluetooth -[CBUUID initiWithData:]. The stack trace ends with "static AppDelegate.$main()". My app does use Core Bluetooth, but there are no Bluetooth related functions in the App Delegate. Also, my app does not use [CBUUID initWithData:] explicitly anywhere. With a stack trace that contains no reference to any of my code, it is extremely difficult to figure out what is going on. I cannot reproduce the crash on any of my own devices. One of my affected users says the app crashes on startup on his phone consistently, even if he deletes and reinstalls it.

Because it may be quicker to ask: with a TPP, readData() gets a data size of 0 if the process has finished writing to the network. However, there seems to be no way to find out if it has finished reading from the network, other than to do a .write() and see if you get an error. (I filed a FB about this, for whatever that's worth.) Since the API is flow-based, not socket, it's not possible to tell if the app has set its own timeout. Or exited. So one question I have is: if I do flow.write(Data(count:0)) -- is that a possible way to determine if it's still around? Or will it be interpreted as read(2) returning 0? (Putting this in for testing is difficult, but not impossible -- as I said, this might be the quickest way to find out.)

Hi I'm getting this issue: Crashed: com.apple.network.connections 0 libsystem_kernel.dylib 0xa974 __pthread_kill + 8 1 libsystem_pthread.dylib 0x60ec pthread_kill + 268 2 libsystem_c.dylib 0x75b80 abort + 180 3 libsystem_malloc.dylib 0x2bc68 malloc_vreport + 896 4 libsystem_malloc.dylib 0x2bf10 malloc_zone_error + 104 5 libsystem_malloc.dylib 0x21a44 nanov2_guard_corruption_detected + 44 6 libsystem_malloc.dylib 0x7f84 nanov2_find_block_and_allocate + 402 7 libc++abi.dylib 0x16b84 operator new(unsigned long) + 52 8 Network 0x7e8c void std::__1::vector<nw_object_wrapper_t, std::__1::allocator<nw_object_wrapper_t> >::__emplace_back_slow_path<nw_object*&>(nw_object*&) + 124 9 Network 0x7dd8 nw_array_append + 280 10 Network 0xc3d0 __nw_resolver_insert_endpoint_locked_block_invoke + 1036 11 Network 0xbd80 nw_array_apply + 124 12 Network 0x77250 nw_resolver_insert_endpoint_locked + 256 13 Network 0x770b8 nw_resolver_insert_address + 1356 14 Network 0x29a850 __nw_resolver_create_dns_getaddrinfo_locked_block_invoke.187 + 7836 15 libdns_services.dylib 0x1000 ___dnssd_getaddrinfo_activate_block_invoke + 216 16 libdispatch.dylib 0x3dd4 _dispatch_client_callout + 20 17 libdispatch.dylib 0x72d8 _dispatch_continuation_pop + 600 18 libdispatch.dylib 0x1b1c8 _dispatch_source_latch_and_call + 420 19 libdispatch.dylib 0x19d8c _dispatch_source_invoke + 832 20 libdispatch.dylib 0xd284 _dispatch_workloop_invoke + 1756 21 libdispatch.dylib 0x16cb4 _dispatch_root_queue_drain_deferred_wlh + 288 22 libdispatch.dylib 0x16528 _dispatch_workloop_worker_thread + 404 23 libsystem_pthread.dylib 0x1f20 _pthread_wqthread + 288 24 libsystem_pthread.dylib 0x1fc0 start_wqthread + 8

Initially, my task was to determine which type of connection is being used at the moment: 5G or 4G. And I found "CTTelephonyNetworkInfo().serviceCurrentRadioAccessTechnology" but there is a problem when the device has more than one sim. My iPhone has two sims, one physical and one electronic. I need to determine which one is used to access the network. I tried to use "CTTelephonyNetworkInfo().serviceCurrentRadioAccessTechnology" but it is a dictionary [String: String] that only indicates the connection of each of the cards, and it is not possible to find out which one is active from this dictionary. So how can I determine which of the two cards are currently being used to access the Internet?