Calling DNSServiceNATPortMappingCreate returns kDNSServiceErr_NoError like expected but the port mapping actually fails right away in the callback.
I'm calling this in a daemon via XPC. Are there new restrictions or permissions required?
DNSServiceNATPortMappingCreate now just fails on macOS 12
I can confirm this. The externalPort is 0 in my DNSServiceNATPortMappingReply despite kDNSServiceErr_NoError. I'm calling directly in my app's code, not via XPC.
Also, I've noticed that the callback returns a different internal port than the initial one. Somehow internalPort is always set to 3095 in my case.
I guess it's radar time.
For those who'd like to dupe this and for Apple folks: FB9137313
Is DNSServiceNATPortMappingCreate now only available for sandboxed apps? If I enable Sandbox in the test project I included with the radar, DNSServiceNATPortMappingCreate returns kDNSServiceErr_NoError. Port mapping still fails of course but if I disable Sandbox, I get this error:
DNSCreate[30499:361087] dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:3 Err:-1 Errno:1 Operation not permitted
Unfortunately since it seems like this won't be addressed until GM ships (still not fixed in macOS 12 Beta 7), I have no way to know for sure if this is just a bug or a new requirement.
And because of that, I have no way to prepare for this and it may be too late when GM ships. That is if this issue is resolved then.
Not cool. Not cool at all.
DNSServiceNATPortMappingCreate is still broken on macOS 12.0.1, which shows that either Apple doesn't care or lied about fixing this while they just wanted to remove that API.
Luckily I was able to find an alternative so my users (which are Apple's as well to an extent) don't end up with a broken service.
If you want to retire the API, just say so.
which shows that … Apple … lied about fixing this
We did? Internally I see that your bug (FB9137313) is still listed as not fixed. Did someone tell you that it was fixed?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
For those affected by this regression, check out monkeydom/TCMPortMapper on GitHub. TCMPortMapper is pretty ancient but still works pretty well.
I was told that this should be fixed when Monterey shipped at the latest.
Who told you that?
If you don’t want to post the details here on DevForums, feel free to contact me via email (my email address is in my signature).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I don't remember their name, sorry. I spoke to an engineer during a WWDC lab and they told me that.
But the real issue here is why such a serious regression never got fixed? Do you understand that this bug may render some apps useless? This may impact tens of thousands of users.
What do we tell our users when their app stops working when they upgrade to Monterey? In my case I was able to go around the problem but this may not be the case for others.
I spoke to an engineer during a WWDC lab and they told me that.
OK.
The reason I ask is that public-facing folks, like myself, have long been wary of predicting the future because things don’t always play out how you’d expect.
But the real issue here is why such a serious regression never got fixed?
I can’t talk to that. Apple’s engineering sets their own priorities and, even if I was privy to that process, I wouldn’t be able to discuss it publicly.
This may impact tens of thousands of users.
Yeah, that sucks )-:
In my case I was able to go around the problem but this may not be the case for others.
So you have a workaround? OK, cool. Given that macOS 12 is now at the release candidate stage, I think you can safely assume that this won’t be fixed in the final release and plan on deploying that workaround.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Still not fixed in macOS 12.1 beta 1. I guess it's now unofficially deprecated. Can't wait for macOS 13 and see which other APIs get the same treatment.
Received an email from an Apple engineer and apparently this has been fixed in the latest macOS 12.1 beta.
apparently this has been fixed in the latest macOS 12.1 beta.
That is, indeed, our understanding. For those folks being affected by this, I encourage you to test the fix to ensure that the patch stuck.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"