“eskimo”

[quote='815439021, faisalIkwal, /thread/815439, /profile/faisalIkwal'] Is there any officially supported way to specify a port range in NENetworkRule? [/quote] I think you’ve answered this yourself (-: If you’d like to see this change in the future, I encourage you to file an enhancement request describing your requirements. And please post your bug number, just for the record. Oh, one more thing. The port range in your example coveres ephemeral ports, which I presume is not a coincidence. If so, consider focusing on that in your ER. The ephemeral port range has changed in the past and it wouldn’t surprise me if it changed again in the future. OTOH, a general port range feature would be more flexible. (One of the nice things about your filing your own ERs is that you get to explain your own requirements in your own words.) [quote='815439021, faisalIkwal, /thread/815439, /profile/faisalIkwal'] Is creating thousands of rules (one per port) considered acceptable or supported? [/quote] Again, I think you’ve answe

DevForums is primarily focus on technical issues. For legal advice, I recommend that you consult an actual lawyer. If you have questions about App Review policy, my advice is: Read App Review Guidelines. If you have further questions, feel free to put them in a new thread in the App Store Distribution & Marketing > App Review topic. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Let’s focus this discussion on your other thread. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits. In my experience problems like this, where an app talking to a Wi-Fi accessory works generally but fails on a small fraction of iOS devices, are most commonly caused by the app assuming that the Wi-Fi interface is en0. We talk about this in TN3179 Understanding local network privacy, but I have a bunch of additional information related to this in the various posts linked to by Extra-ordinary Networking, including: Don’t Try to Get the Device’s IP Address Broadcasts and Multicasts, Hints and Tips Working with a Wi-Fi Accessory So, I recommend that you start out by searching your codebase for en0. If you have that hard-coded somewhere in your network code, you need to fix that. If that’s not the problem, reply back here and we can dig deeper. In that case, I’d appreciate you sharing details about the UDP protocol used by your app. Does it involve broadcasts? Or multicasts? And what does t

[quote='875731022, guava21, /thread/812163?answerId=875731022#875731022, /profile/guava21'] we've run into the exact same issue. [/quote] I took a look at this again and AFAICT this was resolved between when you posted the above and now. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='875623022, disinghal, /thread/811887?answerId=875623022#875623022, /profile/disinghal'] 2- Tested with NWConnection as well - it is also not receiving any response. [/quote] And just to be clear, that was from within your packet tunnel provider? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Error 9 is .serverSetupIncomplete. See here. IMPORTANT You can use code like to map NEURLFilterManager error codes to their symbolic values: let e = NEURLFilterManager.Error(rawValue: 9) print(e ?? -) // -> serverSetupIncomplete Errors like this are usually accompanied by a system log entry with more details. I’d expect the log entry to have a subsystem of com.apple.networkextension. For lots of information on using the system log effectively, see Your Friend the System Log. I also recommend that you enable additional NE logging, per the VPN (Network Extension) instructions on our Bug Reporting > Profiles and Logs page. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='875735022, Shin_kr, /thread/815160?answerId=875735022#875735022, /profile/Shin_kr'] we’re currently investigating based on telemetry only. [/quote] Yeah, that makes things tricky. It’s unlikely I’ll be able to offer useful insight without a sysdiagnose log )-: As to how you get that, I have some ideas on that topic in Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='815274021, ameydalvi_sophos, /thread/815274, /profile/ameydalvi_sophos'] I wanted to know if this is expected behavior. [/quote] Honestly, I’m not sure that matters. What you’re doing is a reasonable composition of existing APIs, and it should work. Given that, I recommend that you file a bug about this. Make sure to include a sysdiagnose log, one taken shortly after reproducing the problem on a Mac with extra NE logging enabled. See VPN (Network Extension) on our Bug Reporting > Profiles and Logs page. Please post your bug number, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

What Albert said plus… As things currently stand, my advice is that you: Survey the form to work out all the details that it requires you to supply. Collect together your answers in a separate document that you control. This doesn’t have to be anything special. You could just use Notes. When you’re all done and ready to submit your entry, copy’n’paste the answers over to the form. I use the approach for most web forms — including all my responses here on DevForums — for exactly the reasons you highlighted. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Apple’s relationship to ECN is nuanced, largely due to compatibility concerns. If you want to be traumatised, check out the xnu/blob/main/bsd/netinet/tcp_cache.c file in Darwin and the various callsites for that subsystem. So, my answer here depends on where you’re coming from. As a developer, you have APIs that allow you to opt out and opt in to ECN. For Network framework that is the ecnDisabled(_:) modifier [1]. For BSD Sockets there is the TCP_ENABLE_ECN socket option. The system will honour your request to specifically disable ECN, but there’s no guarantee that it will honour a request to enable it. It’s allowed to take other factors into account. That’s why ecnDisabled(_:) is named as it is. Note The name of the socket option doesn’t convey that subtlety. Notably, if you rummage around in Darwin you’ll find a related non-public socket option that better captures this nuance. Both APIs do have a way to determine whether ECN was actually used. For Network framework that’s the ecn property in the TCP metada

It looks like your goal here is to file a bug. If so, DevForums isn’t the right place for that. See Bug Reporting: How and Why? for lots of info about Apple’s bug reporting process. If you do file a bug, please post the bug number here, just for the record. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

kTCCServiceEndpointSecurityClient is an implementation detail. Likewise for the TCC database itself. I’m not prepared to explain these implementation details because of all the usual reasons. If you want Apple to take action here — document something, add a feature, or fix what you think is a bug — I suggest you request that via Feedback Assistant. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

It sounds like you’re trying to use Developer ID signing for day-to-day development. That’s something I recommend you avoid. Rather, use an Apple Development signing identity for development. For background on this, The Care and Feeding of Developer ID. Having said that, I can help you debug this specific problem. I recommend that you start out by isolating this from Xcode. If you run these commands, what do you see: % cp /usr/bin/true MyTrue % codesign -s Developer ID Application -f MyTrue Run these from Terminal, logged into the same GUI login session as you’re using for Xcode. If that prints a no identity found message, what do you see when you run this command: % security find-identity -p codesigning Policy: Code Signing Matching identities … 11) ADC03B244F4C1018384DCAFFC920F26136F6B59B Developer ID Application: Quinn Quinn (SKMME9E2Y8) (CSSMERR_TP_CERT_EXPIRED) 12) 3F8BE319780F84EB2E94ABDFA24E8045A0572A7B Developer ID Application: Quinn Quinn (SKMME9E2Y8) 12 identities found Valid identities only … 4) 3F

I tried to reproduce this but didn’t have any luck. If you extract the code out into a small test project — well, test playground I guess — does it have the same problem? If so, please reply here with a link to that. Note You might have to post the link in the clear; see tip 14 in Quinn’s Top Ten DevForums Tips. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com