I working on a QUIC Client/Server and would like to inspect all underlying protocols via NWConnection.ContextContent in the receive method. receiveMessage(completion: {(receivedContent, context, isComplete, receivedError) .receive(minimumIncompleteLength: 1, maximumLength: 65535) { (receivedContent, context, isComplete, receivedError) As far as I understand is that the parameter .protocolMetadata in ContextContent should provide a list of all involved protocols. I expect an array of 3 NWProtocolMetadata like [NWProtocolIP.Metadata, NWProtocolUDP.Metadata, NWProtocolQUIC.Metadata] but I only get [NWProtocolQUIC.Metadata]. I already managed to get [NWProtocolIP.Metadata, NWProtocolUDP.Metadata] for a UDP connection but I can't get it to work for QUIC. Is it possible to get NWProtocolIP.Metadata, NWProtocolUDP.Metadata for a QUIC connection within the receive function? Regards Jan

Two different crash patterns -- one an abort, the other complaining about a lock being corrupt or owning thread having exited. The first one is: Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos.overcommit 0 libsystem_platform.dylib 0x18fc10244 _os_unfair_lock_corruption_abort + 88 1 libsystem_platform.dylib 0x18fc0b788 _os_unfair_lock_lock_slow + 332 2 libobjc.A.dylib 0x18f820c90 objc_sync_enter + 20 3 com.kithrup.TPProvider 0x100d2eee0 closure #3 in TPProvider.startProxy(options:completionHandler:) + 340 4 com.kithrup.TPProvider 0x100d2d980 thunk for @escaping @callee_guaranteed () -> () + 28 5 libdispatch.dylib 0x18fa31910 _dispatch_client_callout + 20 6 libdispatch.dylib 0x18fa34dc8 _dispatch_continuation_pop + 600 7 libdispatch.dylib 0x18fa48be4 _dispatch_source_latch_and_call + 420 8 libdispatch.dylib 0x18fa477b4 _dispatch_source_invoke + 832 9 libdispatch.dylib 0x18fa431f4 _dispatch_root_queue_drain + 392 10 libdispatch.dylib 0x18fa43a04 _dispatch_worker_thread2 + 156 11 libsystem_pthread.dylib 0x18fbdb0d8 _pthread_wqthread + 228 12 libsystem_pthread.dylib 0x18fbd9e30 start_wqthread + 8 while the other one is: Application Specific Information: BUG IN CLIENT OF LIBPLATFORM: os_unfair_lock is corrupt, or owner thread exited without unlocking Abort Cause 198194 Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos.overcommit 0 libsystem_platform.dylib 0x18fc10220 _os_unfair_lock_corruption_abort + 52 1 libsystem_platform.dylib 0x18fc0b788 _os_unfair_lock_lock_slow + 332 2 libobjc.A.dylib 0x18f820c90 objc_sync_enter + 20 3 com.kithrup.TPProvider 0x104e86ee0 closure #3 in TPProvider.startProxy(options:completionHandler:) +340 4 com.kithrup.TPProvider 0x104e85980 thunk for @escaping @callee_guaranteed () -> () + 28 5 libdispatch.dylib 0x18fa31910 _dispatch_client_callout + 20 6 libdispatch.dylib 0x18fa34dc8 _dispatch_continuation_pop + 600 7 libdispatch.dylib 0x18fa48be4 _dispatch_source_latch_and_call + 420 8 libdispatch.dylib 0x18fa477b4 _dispatch_source_invoke + 832 9 libdispatch.dylib 0x18fa431f4 _dispatch_root_queue_drain + 392 10 libdispatch.dylib 0x18fa43a04 _dispatch_worker_thread2 + 156 11 libsystem_pthread.dylib 0x18fbdb0d8 _pthread_wqthread + 228 12 libsystem_pthread.dylib 0x18fbd9e30 start_wqthread + 8 Our TPProvider, whenever it uses a dispatch queue, uses a custom one, so these are presumably system queues and locks. My best guess would be some XPC command took too long? But that's just WAG. Any ideas about what is actually going on?

Hi, We developing a daemon service that has a network extension We are trying to implement an OTA update mechanism for the entire bundle (which holds 7 packages), and encountering issues with the NetworkExtension update scenario, specifically error 13 OSSystemExtensionErrorAuthorizationRequired the error is happening in our Network Extension preinstall script when we try to remove the previous installation What is the recommended way to approach this situation?

I've implemented a custom VPN for iOS using a Packet Tunnel Provider. I have the entitlement for 'com.apple.managed.vpn.shared'. One option to connect is to use a certificate - this can be done by distributing a VPN payload with the required certificate for the connection. My question is if there's any way to distribute multiple certificates and that I'll be able to read them on my iOS app. For example, on the Certificates payload, I can add multiple certificates, but on the VPN payload, I can choose only one of them. So, can my app read more than one certificate?

I would like to get the full DNS responses from the system resolver. I'm using DNSServiceQueryRecord, but I can't get negative responses. How do I get the negative responses? I need the full response because they have clues about network-level censorship. For instance, mismatched case in the name, bad answer RR type, missing SOA record on no answers response. On Android I can use android_res_nquery, but I couldn't find anything similar on iOS and macOS. The closest I found was DNSServiceQueryRecord, which at least gives me resource records, so I can inspect TTL and name case. After some struggle, I was able to make it work. I'm using Go with cgo for that: https://github.com/fortuna/gio-test/blob/fortuna-dns/sysresolver_darwin.go https://github.com/fortuna/gio-test/blob/fortuna-dns/sysresolver_darwin_export.go My sequence of calls is: DNSServiceQueryRecord(sdRef, 0, 0, fullname, rrtype, rrclass, (DNSServiceQueryRecordReply)goCallback, context); fd := C.DNSServiceRefSockFD(sdRef) nReady, err := unix.Poll([]unix.PollFd{{Fd: int32(fd), Events: unix.POLLIN | unix.POLLERR | unix.POLLHUP}}, timeout) serviceErr = C.DNSServiceProcessResult(sdRef) // Here my callback gets called, multiple times for multiple answers. C.DNSServiceRefDeallocate(sdRef) I'm able to get positive answers, even multiple answers. But the Poll doesn't return when there are no answers (like for CNAME www.example.com). I expected the poll to return on negative answers, and my callback to be called with an error when calling DNSServiceProcessResult. Is that not the expected behavior? How do I get notified that a query has no answers?

Hello! I created a simple DNS filter application for iOS but the extension is not launching. I am getting this log message in the console. Failed to start extension edu.stanford.stilakid.testDnsFilter.DNSFiltering: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service" UserInfo={NSDebugDescription=connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service} For another project with the same code for dns filtering but different bundleID, I also got the following log message. Failed to start extension edu.stanford.sml.rdahlke.controlShift.DNSProxy: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} Also, the log messages I have defined inside the constructor of the dns proxy extension is nowhere to be found in the logs, so I am pretty sure the extension is failing to launch. The debugger attached to the main target app shows no errors as well, so it is able to load and update dnsProtocol. Here is the code: // DNSProxyProvider.swift // DNSFiltering // // Created by Juben Rana on 2/20/24. // import NetworkExtension import os.log class DNSProxyProvider: NEDNSProxyProvider { // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.sml.rdahlke.controlShift", category: "dns-filter") override init() { Self.logger.log(level: .debug, "TestDns: dns proxy provider will init") self.logger = Self.logger super.init() } let logger: Logger override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { // Add code here to start the DNS proxy. logger.log(level: .debug, "TestDns: proxy will start") completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { // Add code here to stop the DNS proxy. logger.log(level: .debug, "TestDns: proxy will stop") completionHandler() } override func sleep(completionHandler: @escaping () -> Void) { // Add code here to get ready to sleep. completionHandler() } override func wake() { // Add code here to wake up. } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { // Add code here to handle the incoming flow. logger.log(level: .debug, "TestDns: proxy is handling flow") return false } } // ContentView.swift // testDnsFilter // // Created by Juben Rana on 2/20/24. // import SwiftUI struct ContentView: View { var body: some View { VStack { // LoginScreen() // .onOpenURL { url in // GIDSignIn.sharedInstance.handle(url) // } Spacer() #if os(macOS) Text("I'm running on macOS") #else Text("I'm running on iOS") #endif Spacer() Button("Activate") { #if os(macOS) ContentFilterMac.shared.activate() #elseif os(iOS) ContentFilter.shared.enable() #endif } Spacer() Button("Deactivate") { #if os(macOS) ContentFilterMac.shared.deactivate() #elseif os(iOS) ContentFilter.shared.disable() #endif } Spacer() Spacer() } .padding() } } #Preview { ContentView() } // // ContentFilter.swift // controlShift // // Created by Juben Rana on 9/28/23. // // This is only for macOS import Foundation import NetworkExtension import os.log // MARK: - Content Filter class ContentFilter { // MARK: - Set Up static let shared = ContentFilter() private init() { Self.logger.log(level: .debug, "content filter will init") self.logger = Self.logger } // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.stilakid.testDnsFilter", category: "content-filter") let logger: Logger // MARK: - DNS Filter private let manager = NEDNSProxyManager.shared() func enable() { loadAndUpdatePreferences { self.manager.localizedDescription = "DNSProxySample" let dnsProtocol = NEDNSProxyProviderProtocol() dnsProtocol.providerBundleIdentifier = "edu.stanford.stilakid.testDnsFilter.DNSFiltering" self.manager.providerProtocol = dnsProtocol self.manager.isEnabled = true } } func disable() { loadAndUpdatePreferences { self.manager.isEnabled = false } } private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) { manager.loadFromPreferences { error in guard error == nil else { debugPrint("DNSProxySample.App: load error") return } completion() self.manager.saveToPreferences { (error) in guard error == nil else { debugPrint("DNSProxySample.App: save error") return } debugPrint("DNSProxySample.App: saved") } } } }

Hi, to previse all of this, I am new to Swift and iOS app development. I have an Idea for an app, however, this includes Multiplayer connectivity for up to 10 people. I have been trying to look into what would be required to run this. I am confused if I need to invest in an external server or if I can run this through GameKit or CloudKit. Any help is appreciated. Thank you.

Is het mogelijk om wifi en bluetooth in Swift in en uit te schakelen, hoe kan ik dat doen, er zijn altijd dingen over verbinding maken met het wifi-netwerk

Hi Experts, When experimenting with NEFilterDataProvider, I observed that whole ICMP data flows are visible on the local machine when pinging a remote machine from it. However, no ICMP data flows are observed on the local machine when the remote machine pings it. Below is the rule for filtering any protocol with any direction. NEFilterRule(networkRule: .init( remoteNetwork: nil, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .any), action: .filterData) There is no issue for TCP/UDP. May I know it's a bug or by design?

尊敬的开发者社区成员， 我最近在开发iOS平台上的VPN应用程序时遇到了一个问题，希望能在这里寻求一些帮助和建议。在我的应用程序中，我注意到在iOS 17及以上版本中，连接到VPN后，特定流量似乎不再通过本地网络发送，而是直接通过VPN连接发送。 为了解决这个问题，我已经尝试了以下几种方法： 确保VPN配置正确，并与VPN服务提供商确认配置是否符合预期。 在iOS设备上检查系统设置，确保VPN配置被正确应用。 使用网络抓包工具分析网络流量，观察流量的源和目的地址，以确定是否通过VPN连接发送数据。 然而，尽管我已经采取了这些步骤，问题仍然存在。我怀疑这可能是iOS 17及以上版本中网络堆栈实现的变化所导致的。因此，我正在寻找更多的调查和解决方案，以确定问题的根本原因，并找到一个可行的解决方案。 如果您在iOS 17及以上版本中遇到了类似的问题，或者您对iOS网络连接行为有深入的了解，请不要犹豫，与我分享您的经验和建议。我非常感谢您的帮助和支持。 谢谢！

在我的应用程序中，我注意到在iOS 17及以上版本中，连接到VPN后，特定流量似乎不再通过本地网络发送，而是直接通过VPN连接发送。

I am trying to crop a pdf to remove 100 points from the top and bottom of the page. The mediaBounds of my pdf is size 612x792 and the origin is 0,0. My code the set the bounds of the cropBox is: page.setBounds(CGRect(origin: CGPointMake(0,100), size: CGSize(width: 612, height: 592)), for: .cropBox) This sets the origin at 0,100 and the cropBox size to be 200 less than the mediaBox size. This works on iPhone, but on iPad I need to set the height to be 692, otherwise too much is cropped. Is this a bug or is there an explanation?

在开发vpn中遇到一个问题 iOS17以下 在连接vpn时 通过 connect 可以连接到服务器 在xcode 的 debug session 中看到 本地发出的 ip 地址为 本地 ip 没有通过 VPN 代理 但是在 iOS17以上的设备中 在xcode 的 debug session 中看到 本地发出的 ip 为 VPN 的ip地址 iOS17 之后对VPN 做了调整吗? 有哪位大佬遇到过这种问题

Hi, I'm developing an app that requires to connect to Wi-Fi hotspot to pair an Iot device. Often, while IPhone is connected to the device's Wi-Fi hotspot, I get the annoying popup saying that the Wi-Fi network has not access to the internet , suggesting the user to switch back to another network/mobile data. This behavior may create problems with end users, that often taps on the button to switch the net, disconnecting from my device and failing pairing process/data exchange. Is there an option/permission to disable such behavior on my specific app or this is a system function? thanks a lot!

Using CoreBluetooth I am getting these values from CBCentralManagerDelegate's didDiscover peripheral delegate method: kCBAdvDataTxPowerLevel: 12 (could be other number like 7, 0 or a small negative number) This one is taken from advertisementData parameter. This key might be absent. rssi: -68 (or -60, -100, etc) this is taken from the "rssi" parameter (always present). I am looking for a formula to calculate approximate distance based on these two numbers. Is that possible? I know that ideally I need to know rssi0 (rssi at 1 meter), but I don't see how I can get that via CoreBluetooth API or other means (without actually measuring rssi at one meter distance which is not good for me). How could I approximate rssi0 value with "kCBAdvDataTxPowerLevel"?

Where's CBAdvDataManufacturerData format documented? It looks like there's the company code stored in little endian order in the first two bytes (referencing the companies found in company_identifiers.yaml on bluetooth site). And the rest is arbitrary? I'd like to see the official documentation about this. Thank you.

When the Homekit device is added to the home app and the device settings interface is opened, the supplier app will be displayed. We are currently developing a Matter product and would like to implement this feature. We consulted with the Matter testing agency and they said they need to communicate with Apple. However, they did not find a solution after consulting with Apple customer service. No one knows how to do it?

We plan to use “AVFoundation” framework, and fetch current route of .bluetoothA2DP by using AVAudioSession.sharedInstance().currentRoute.outputs to get uid of our audio headset. Then, compare audio port, uid with the one advertised in BLE manufacturer data by using CoreBluetooth framework to ensure connected audio device. Does anyone have experience of using this method in your app that works with Bluetooth audio devices?

p.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret; p.sharedSecretReference = [self searchKeychainCopyMatching:@"PSK"]; Failed to create IKEV2 using PSK, and the following error message is displayed: Start VPN failed: [The operation couldn’t be completed. (NEVPNErrorDomain error 1.)] May I ask what the reason is?

Hello! I'm working on VLC, that is a multimedia playback app available for any platform. Among many things, we support discovery of servers on the local network using Bonjour, UPnP and NETBIOS with consecutive connections to those servers for media playback purposes. Additionally, we allow connections to unicast and multicast streams based on any domain name or IP (i.e. "rtsp://207.254.***.***"). Discovery of the mentioned services works very well with the Multicast entitlement along with NSLocalNetworkUsageDescription also on iOS 17. According to documentation, iOS 17 prohibits any IP based connections by default, which breaks the entire functionality mentioned above that was previously enabled by including the NSAllowsArbitraryLoads key with the value TRUE in Info.plist. We amended the Info.plist with the following configuration and still fail to connect to hosts in that IP range. <key>NSAllowsLocalNetworking</key> <true/> <key>NSExceptionDomains</key> <dict> <key>192.168.0.0/24</key> <dict> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSExceptionAllowsLocalNetworking</key> <true/> </dict> </dict> Additionally, there does not seem to be a viable, publicly documented solution to connect to any server on the internet based on an IP address. Further, the process for IPv6 seems unclear. Any help how to solve this so we can transition to the iOS/tvOS 17 SDK in time would be very much appreciated.