Calling DNSServiceNATPortMappingCreate returns kDNSServiceErr_NoError like expected but the port mapping actually fails right away in the callback.
I'm calling this in a daemon via XPC. Are there new restrictions or permissions required?
I can confirm this. The externalPort is 0 in my DNSServiceNATPortMappingReply despite kDNSServiceErr_NoError. I'm calling directly in my app's code, not via XPC.
Also, I've noticed that the callback returns a different internal port than the initial one. Somehow internalPort is always set to 3095 in my case.
I guess it's radar time.
My internalPort is as expected FWIW.
Silly me, forgot to call ntohs() on internalPort.
Thanks!
Is DNSServiceNATPortMappingCreate now only available for sandboxed apps? If I enable Sandbox in the test project I included with the radar, DNSServiceNATPortMappingCreate returns kDNSServiceErr_NoError. Port mapping still fails of course but if I disable Sandbox, I get this error:
DNSCreate[30499:361087] dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:3 Err:-1 Errno:1 Operation not permitted
Unfortunately since it seems like this won't be addressed until GM ships (still not fixed in macOS 12 Beta 7), I have no way to know for sure if this is just a bug or a new requirement.
And because of that, I have no way to prepare for this and it may be too late when GM ships. That is if this issue is resolved then.
Not cool. Not cool at all.
DNSServiceNATPortMappingCreate is still broken on macOS 12.0.1, which shows that either Apple doesn't care or lied about fixing this while they just wanted to remove that API.
Luckily I was able to find an alternative so my users (which are Apple's as well to an extent) don't end up with a broken service.
If you want to retire the API, just say so.
which shows that … Apple … lied about fixing this
We did? Internally I see that your bug (FB9137313) is still listed as not fixed. Did someone tell you that it was fixed?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I was told that this should be fixed when Monterey shipped at the latest. Now, many apps will stop working when people start to upgrade to Monterey.
Since this is a serious regression, I wonder why this bug hasn't been fixed yet.
Moreover, I filed a radar days after the first Monterey beta was released during WWDC. We're constantly told "file your bugs early" by Apple but I guess this isn't enough.
For those affected by this regression, check out monkeydom/TCMPortMapper on GitHub. TCMPortMapper is pretty ancient but still works pretty well.
I was told that this should be fixed when Monterey shipped at the latest.
Who told you that?
If you don’t want to post the details here on DevForums, feel free to contact me via email (my email address is in my signature).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I don't remember their name, sorry. I spoke to an engineer during a WWDC lab and they told me that.
But the real issue here is why such a serious regression never got fixed? Do you understand that this bug may render some apps useless? This may impact tens of thousands of users.
What do we tell our users when their app stops working when they upgrade to Monterey? In my case I was able to go around the problem but this may not be the case for others.
I spoke to an engineer during a WWDC lab and they told me that.
OK.
The reason I ask is that public-facing folks, like myself, have long been wary of predicting the future because things don’t always play out how you’d expect.
But the real issue here is why such a serious regression never got fixed?
I can’t talk to that. Apple’s engineering sets their own priorities and, even if I was privy to that process, I wouldn’t be able to discuss it publicly.
This may impact tens of thousands of users.
Yeah, that sucks )-:
In my case I was able to go around the problem but this may not be the case for others.
So you have a workaround? OK, cool. Given that macOS 12 is now at the release candidate stage, I think you can safely assume that this won’t be fixed in the final release and plan on deploying that workaround.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
It appears that their "workaround" is to dump the DNSService API and adopt the 3rd party TCMPortMapper framework. The response "OK, cool" to that is... not cool. Does Apple not care at all about binary compatibility on the Mac anymore? I personally reported this bug in Feedback Assistant the first week of WWDC.
As Lucky7 said, "If you want to retire the API, just say so." The API has been effectively retired in Monterey, whether Apple has announced it or not. You are correct that "Apple’s engineering sets their own priorities", and it's quite obvious from their actions — err, inaction — that they've chosen to ignore this API, so why don't they just say so? Developers who are using the API need guidance desperately right now.
Let me put it this way: "The API is not retired, but it's completely nonfunctional now" is not a coherent position. Also, once developers dump the API, either by adopting 3rd party code, or by removing features from their software, they are NEVER coming back to this API. You lose our trust in this very acute way, and that's it, nobody in their right mind would ever come back. So as I said, the API seems to be retired now, is it not?
Still not fixed in macOS 12.1 beta 1. I guess it's now unofficially deprecated. Can't wait for macOS 13 and see which other APIs get the same treatment.
Received an email from an Apple engineer and apparently this has been fixed in the latest macOS 12.1 beta.
apparently this has been fixed in the latest macOS 12.1 beta.
That is, indeed, our understanding. For those folks being affected by this, I encourage you to test the fix to ensure that the patch stuck.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
As I said a month ago, it's too late. I already made the difficult decision to discontinue my app and remove it from the Mac App Store. I'm not going to reverse the decision now, especially since it's clear that this feature has a very low priority within Apple and may be broken without care or comment.
