Post not yet marked as solved
Hello!
We have a time reporting app of sorts, where one functionality we have is that users can turn on to check in and out from work via geofencing - i.e. they select a location when they want to start and end a work period. This works great.
We have had clients asking for some time to be able to use a wifi network to do the same thing. I.e. check in to work when they join a specific wifi network and checkout when they leave it. So, this is something they will want to use, and will turn on themselves if they want to use it.
I have found NWPathMonitor and this thread:
https://developer.apple.com/forums/thread/685255
that kind of asks the same thing, but it references specifying why i need it - so i did that above, hoping that someone knows whether i could accomplish this.
Thanks in advance!
Post not yet marked as solved
Hello everyone,I'm currently creating a Swift Framework to add TCP capabilities to a C++ application.And I have issues I don't meet when I test my Swift code out of a framework.To be brief: I never receive failed state updates, the stateUpdateHandler is never called with a failed State or with a cancelled State. This happens whatever the way the connection is cut, either when I kill the client application or when I call cancel() client side. I receive waiting and ready states properly and my connections work fine, which puzzles me.To describe precisely my configuration, both my client and my server are using a Swift framework using network.framework. They are both C++ applications, running on the same machine (development environment). Communication between the C++ and Swift part of the application is fine.I manage properly to create connections and send data over them. If I cancel the connection either client or server side, the other side never gets notified. Same behavior occurs if I kill the client or the server. If I test my code on a simple Swift project, it works fine. The Swift code must be inside a framework, in my opinion, for the issue to happen.I've looked at everything during 2 days, and I don't think I make any obvious mistake. The fact that I receive all the other states properly make me think there's an issue with the specific way failed and cancelled statuses are handled.Thanks for any help you can give me.
Post not yet marked as solved
Prior to watchOS 6 there was no support for low-level networking APIs in watchOS. watchOS 6 does support the use of Network framework, but only in the context of an audio streaming session. Low level networking APIs such at Network framework, BSD Sockets, and socket streams that are used outside the context of an audio stream session on watchOS will not work as expected and may result in inconsistent behavior compared to iOS. If you are not working on an audio app and wanting to utilize Network framework it’s best to do this work on iOS.
For higher level network API functionality, such as making HTTPS requests, my recommendation is to use NSURLSession for HTTPS requests as this continues to work as it always has on watchOS. Note that NSURLSession tasks such as NSURLSessionWebSocketTask - https://developer.apple.com/documentation/foundation/nsurlsessionwebsockettask and NSURLSessionStreamTask - https://developer.apple.com/documentation/foundation/nsurlsessionstreamtask do not work on watchOS as these tasks still considered low level networking APIs. For HTTPS requests I would recommend using NSURLSessionDataTask. - https://developer.apple.com/documentation/foundation/nsurlsessiondatatask
For more information on networking on watchOS, see the following 2019 WWDC session on Streaming Audio on watchOS 6. - https://developer.apple.com/videos/play/wwdc2019/716/
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Change history: 14th May 2021 - Updated to call out that NSURLSessionWebSocketTask and NSURLSessionStreamTask are not supported on watchOS.
Post not yet marked as solved
Hi Guys, looking for tcp trace route in OSX.
In built traceroute command does not work with tcp, does any one has any solution for traceroute working with tcp?
Post not yet marked as solved
I have a puzzle game that is being rejected as unresponsive when todays puzzle is clicked. The app works perfectly under local versions and on test flights.
The app downloads a file via ftp each time that button is clicked. Does anyone know of an issue in the apple test environment that would prohibit ftp? I am showing a message if the app is not connected to internet.
Post not yet marked as solved
I am testing a simple TCP server/client app using the Network support on mac os x. It basically works well except when the server sends a lot of data (definition of "a lot" is that the amount of data exceeds the maximumLength value in the connection.receive call). In this case the client will receive multiple segments (each of which has less than or equal maximumLength value). For example if the maximumLength is set to 30000 and the server sends 100000 bytes, the client receive loop will get around 4 segments each of which has length <= 30000.
My question is: is there some information that the client can examine from the connection after a receive to determine that more data is available?
Post not yet marked as solved
Apple's Certificate Transparency policy says that Signed Certificate Timestamps (SCTs) are accepted from TLS extension or OCSP Stapling in addition to the SCTs embedded in the certificate. If we're implementing our own Certificate Transparency enforcement in code written using URLSession, is there a way to obtain SCTs that were presented via TLS extension or OCSP Stapling?
I'm able to get the SCTs from the certificate by calling SecCertificateCopyValues with "1.3.6.1.4.1.11129.2.4.2" inside the urlSession(_:didReceive:completionHandler:) delegate function. I see that there are functions for adding TLS/OCSP SCTs to the ServerTrust, but I don't see any functions for getting them out, and I don't know if URLSession would be including those SCTs in the ServerTrust automatically anyway.
Is there any way to get these other SCTs using URLSession? Or would I have to drop down to Network Framework to do that?
Thanks for any help.
Some APIs seem to require entitlements for any use (sandboxed or not) but don't have any indication where we might sign up. The particular usage here is com.apple.vm.networking for vmnet, as it looks like we can't even get started in development without it.
phillips-hue-cert.txt
Accidentally close: https://developer.apple.com/forums/thread/707263
I want to connect to a Phillips Hue Api (something like that: https://<ip_address>/clip/v2/ressource/device).
The issue is that on the software Postman (to test), Phillips Hue says to disable "SSL Certificate Verification".
When I try to call with URLRequest in my app the same url, using URLSessions, I get this error:
Domain=kCFErrorDomainCFNetwork Code=-1202 NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “<ip_address_of_Hue_bridge>” which could put your confidential information at risk.
I read those articles:
https://developer.apple.com/forums/thread/67493
https://developer.apple.com/forums/thread/67493
I don't want to disable all HTTPS server trust evaluation, it’s super insecure. I want to customise the trust evaluation to let the connection through to be as secure as possible.
But I don't really know how to do this with URLSession or another thing if needed.
Phillips Hue is giving what looks like a pem certificate (see in attachements).
I don't know how to implement this in my URLSession request.
Thank you for your help
Post not yet marked as solved
When initializing a NWConnection I noticed in NWParameters you can require or prohibit types of interfaces such as wifi, cellular, or wiredEthernet.
I want to explicitly use awdl0 and not en0. Both are wifi type interfaces. I noticed sometimes my device uses en0 and other times uses awdl0.
Post not yet marked as solved
Hello,
Since the upgrade to Big Sur, I noticed network issues, regardless which network device is used Wi-Fi, LAN, it does not matter.
After some testing the issue is now reproducible as follows: Mount a samba share and copy a file to it, in my case it was PDF file with size of approx. 1.6 MB
The copy process does not finish and any samba share is no longer accessible
Furthermore DNS resolution no longer works: e.g. executing dig apple.com no longer works, opening any website in any browser just times out, etc.
Strangely enough ping apple.com works (...?)
If the browser has cached a domain name, the website opens just fine
What I tried so far to investigate the issue: I scrolled over the logs in the Console.app .. found nothing
Killed the macOS services mDNSResponderHelper, mDNSResponder .. nope
Flushed the DNS cache: sudo dscacheutil -flushcache .. nothing
Search the WWW for related issues and found these: Big Sur Network Connectivity Issue - https://discussions.apple.com/thread/252037776, Big Sur DNS Issue - https://developer.apple.com/forums/thread/667347 .. these two might be related, but who knows..
So far, only a reboot fixes this...
Can anyone else reproduce this issue ?
Any further ideas ?
Best Regards
SH
I have written a WebSocket client using Apple Network Framework in C++. I use a sec_protocol_options_set_verify_block to customize the server SSL certificate trust evaluation. This includes logic to append a revocation policy to the trust object like this:
Code snippet
If CRL checks are set to HARD i.e kSecRevocationRequirePositiveResponse bit is set. Then the evaluation always fails with Trust evaluation result - kSecTrustResultRecoverableTrustFailure and the revocation result is FALSE. The error code is -67635 corresponding to errSecIncompleteCertRevocationCheck. But weirdly the error message printed is '"leafCert","CACert" certificates do not meet pinning requirements'. This does not match up to the error code seen.
These are placeholder names for my self signed server
certificates. The root is added to the Keychain and marked trusted in the keychain. If I put CRL checks to SOFT, no CRL check takes place but the trust evaluation succeeds.
Putting the error message anomaly aside. If I run WireShark traces on the server machine where the CRL distribution point is also located, I do not see any HTTP requests coming in for the CRL list. I have checked the CRL DP URL in a browser and it is reachable.
Is there something wrong with the policy creation process? Why is it not at least trying to access the CRL DP?
Post not yet marked as solved
Howdy from Germany.
I try to add a local httpServer with swift-http-server (https://github.com/bjtj/swift-http-server).
import SwiftUI
import SwiftHttpServer
@main
struct MyApp: App {
init() {
print("init")
let server = HttpServer(port: 9090)
class GetHandler: HttpRequestHandler {
var dumpBody: Bool = true
func onHeaderCompleted(header: HttpHeader, request: HttpRequest, response: HttpResponse) throws {
}
func onBodyCompleted(body: Data?, request: HttpRequest, response: HttpResponse) throws {
response.status = .ok
response.data = "Hello".data(using: .utf8)
}
}
do {
try server.route(pattern: "/", handler: GetHandler())
} catch let serverError {
print(serverError)
}
let queue = DispatchQueue.global(qos: .default)
queue.async {
do {
try server.run()
} catch let error {
print(error)
}
}
}
var body: some Scene {
WindowGroup {
ContentView() // Standard ContentView
}
}
}
When I try to add the local network rights on macOS (Montery 12.4 21F79) in the Playgrounds.app (Version 4.1 (1676.15)) it crashes everytime I hit the (+) button.
On iPad (Air 4th gen) with latest ipadOS it works fine. I can add the network rights and can serve the little hello page, by entering :9090/
As mentioned on macOS not possible. Of couse if I reload the Playgrounds project on the Mac, the local network rights are now included, but still on the mac the "Hello" page is not served.
Any hints/tips how to solve this problem? Need I to add more rights? Do I have to report the crash somewhere? I have the crashlog.
Thanks in advance.
Alex
PS: Background: I try to write a Playgrounds App which generates some output on a webpage, which then is served via the in-app webserver, which then is integrated on Obs via web page plugin...
Post not yet marked as solved
Hello. This week we had two users that have tried to using our app for the first time, but, saddly, for some reason they are not reaching our API. The devices are an iPhone 7 and 12, both with iOS 15.5. We already tried to get some information about a possible block on our Cloud Flare, but there aren't. They both can only reach our api when trying via web browser, but when trying with our app, they cannot reach our servers. We already tried reinstalling the app and rebooting both devices.
Please, any thoughts?
Hi,
I wanted to try using the new NWBrowser available in iOS 13 to replace my old Bonjour browsing code(NetServiceBrowser), problem is I'm unabe to get all IPv6 Addresses(except link local address) of the service I'm looking for.
In my environment, when I checked with ifconfig command, there are three IPv6 addresses.
fe80::c092:a0ff:fe51:3c8
fd1c:efcd:7e66:0:c092:a0ff:fe51:3c8
fd1c:efcd:7e66:0:68d:6b27:81e2:7511
Using NWBrowser and NWConnection, I ended up getting #1 address but I couldn't get #2, #3 addresses.
Here is my code.
let bonjour = NWBrowser.Descriptor.bonjourWithTXTRecord(type: serviceType, domain: searchDomain)
let params = NWParameters.init()
self.nwBrowser = NWBrowser(for: bonjour, using: params)
self.nwBrowser?.browseResultsChangedHandler = { [weak self] results, changes in
guard let self = self else { return }
for change in changes {
if case .added(let result) = change {
let connection = NWConnection(to: result.endpoint, using: .udp)
connection.stateUpdateHandler = { [weak self] state in
switch state {
case .ready:
if let remoteEndpoint= connection.currentPath?.remoteEndpoint,
case .hostPort(let host, let port) = innerEndpoint {
// here I can get #1 address from host
// but, I couldn't get #2, #3 addresses
}
}
}
connection.start(queue: .main)
}
}
}
self.nwBrowser?.start(queue: .main)
Using NetServiceBrowser and netServiceDidResolveAddress(), I can get All IP addresses(#1, #2, #3)
Here is my code.
let netServiceBrowser = NetServiceBrowser()
netServiceBrowser.delegate = self
netServiceBrowser.searchForServices(ofType: serviceType, inDomain: searchDomain)
func netServiceBrowser(_ browser: NetServiceBrowser, didFind service: NetService, moreComing: Bool) {
service.delegate = self
service.resolve(withTimeout: resolutionTimeoutSeconds)
}
func netServiceDidResolveAddress(_ service: NetService) {
// service.addresses is [Data], I can get all addresses I want.
}
I wonder if getting only Link Local Address through NWConnection is the intended behavior.
Or is there a way to get all address using NWBrowser and NWConnection?
Post not yet marked as solved
I want to track iOS device's Ip address and submit it to server for fraud detection purpose.so#1. In iOS 12 using swift language, can we access device ip address without any restriction?#2. Whether apple allowed to track device ip address and is there any public API provided by apple to track device ip address?#3. if we track device IP address wther apple reject app on appstore?
QUIC support in Network framework in iOS 15 and macOS 12 seems to be aware of the datagram draft, but there doesn’t seem to be any way to configure NWProtocolQUIC.Options to set the datagram transport parameter (0x20).
If I configure the server to send a datagram to a Swift client, it closes the connection with a PROTOCOL_VIOLATION frame with the error message "DATAGRAM frame size too big".
Given that Eric Kinnear at Apple is an author of the datagram draft, is support for this intentionally missing?
https://www.ietf.org/archive/id/draft-ietf-quic-datagram-03.html
You can see a minimal example here: https://github.com/alta/swift-quic-datagram-example
Thanks!
Post not yet marked as solved
I am looking all over documentation and different frameworks but it looks like I can't find a way for this.Basically, I need to call the HTTPS route only on a cellular network. I've looked into NWConnection and the Network Framework which can setup requiredInterfaceType = .cellular but I am not sure I can call an https using NWConnection.Is there any option on setting NSURLSession to be routed only through cellular or any way to combine it with NWConnection?Any help would be appreciated.
Post not yet marked as solved
General:
Networking Overview document — Despite the fact that this is in the archive, this is still really useful.
TLS for App Developers DevForums post
Choosing a Network Debugging Tool documentation
Low-Level Networking on watchOS DevForums post
Foundation networking:
DevForums tags: Foundation, CFNetwork
URL Loading System documentation — NSURLSession, or URLSession in Swift, is the recommended API for HTTP[S] on Apple platforms.
Network framework:
DevForums tag: Network
Network framework documentation — Network framework is the recommended API for TCP, UDP, and QUIC on Apple platforms.
Network Extension (including Wi-Fi on iOS):
See Network Extension Resources
Wi-Fi on macOS:
DevForums tag: Core WLAN
Core WLAN framework documentation
Secure networking:
DevForums tags: Security
Apple Platform Security support document
Preventing Insecure Network Connections documentation — This is all about App Transport Security.
Available trusted root certificates for Apple operating systems support article
Requirements for trusted certificates in iOS 13 and macOS 10.15 support article
About upcoming limits on trusted certificates support article
Technote 2232 HTTPS Server Trust Evaluation
Technote 2326 Creating Certificates for TLS Testing
QA1948 HTTPS and Test Servers
Miscellaneous:
More network-related DevForums tags: 5G, QUIC, Bonjour
On FTP DevForums post
Using the Multicast Networking Additional Capability DevForums post
Investigating Network Latency Problems DevForums post
Local Network Privacy FAQ DevForums post
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Post marked as Apple Recommended
Hi,We are getting background crash in CFNetwork with tubemanager internal class. I have provided crashed thread and full log below. Could you please suggest solution to this crash.Thread 2 name:Thread 2 Crashed:0 CFNetwork 0x00000001825119e0 CFAllocatedReferenceCountedObject::_retainable_hash(void const*) + 0 (CFObject.cpp:204)1 CoreFoundation 0x0000000181d26fb8 CFBasicHashFindBucket + 164 (CFBasicHash.c:426)2 CoreFoundation 0x0000000181d26ec0 CFDictionaryGetValue + 160 (CFDictionary.c:416)3 CFNetwork 0x000000018253f3dc TubeManager::_onqueue_enqueueRequestForProtocol(MetaConnectionCacheClient*, HTTPRequestMessage const*, MetaConnectionOptions, BaseAwaitingTube*) + 80 (CFObject.h:712)4 CFNetwork 0x00000001825402f4 TubeManager::_onqueue_reenqueueAwaitingTube(BaseAwaitingTube*) + 112 (TubeManager.cpp:447)5 CFNetwork 0x0000000182540378 ___ZN11TubeManager21_onqueue_newTubeReadyEP4Tube13CFStreamError_block_invoke + 28 (TubeManager.cpp:662)6 libdispatch.dylib 0x0000000180cdd1c0 _dispatch_client_callout + 16 (object.m:455)7 libdispatch.dylib 0x0000000180ce8b24 _dispatch_block_invoke_direct + 376 (queue.c:2872)8 CFNetwork 0x000000018266ee98 RunloopBlockContext::_invoke_block(void const*, void*) + 36 (CoreSchedulingSet.mm:361)9 CoreFoundation 0x0000000181d2d9a8 CFArrayApplyFunction + 68 (CFArray.c:650)10 CFNetwork 0x000000018266ed7c RunloopBlockContext::perform() + 136 (CoreSchedulingSet.mm:315)11 CFNetwork 0x00000001826700a4 MultiplexerSource::perform() + 312 (CFNRunLoopMultiplexer.c:282)12 CFNetwork 0x000000018266fe10 MultiplexerSource::_perform(void*) + 64 (CFNRunLoopMultiplexer.c:47)13 CoreFoundation 0x0000000181e02278 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1943)14 CoreFoundation 0x0000000181e01bc0 __CFRunLoopDoSources0 + 524 (CFRunLoop.c:1989)15 CoreFoundation 0x0000000181dff7c0 __CFRunLoopRun + 804 (CFRunLoop.c:2821)16 CoreFoundation 0x0000000181d2e048 CFRunLoopRunSpecific + 444 (CFRunLoop.c:3113)17 CFNetwork 0x000000018251bcec +[NSURLConnection(Loader) _resourceLoadLoop:] + 336 (NSURLConnection.mm:364)18 Foundation 0x000000018293a50c __NSThread__start__ + 1024 (NSThread.m:1163)19 libsystem_pthread.dylib 0x0000000180ee7860 _pthread_body + 240 (pthread.c:697)20 libsystem_pthread.dylib 0x0000000180ee7770 _pthread_start + 284 (pthread.c:744)21 libsystem_pthread.dylib 0x0000000180ee4dbc thread_start + 4https://mcafee.box.com/s/tdyjymvudfakt7k1nzszf7lpy9o6tr74
Mathias_.
