General: Forums subtopic: App & System Services > Networking TN3151 Choosing the right networking API Networking Overview document — Despite the fact that this is in the archive, this is still really useful. TLS for App Developers forums post Choosing a Network Debugging Tool documentation WWDC 2019 Session 712 Advances in Networking, Part 1 — This explains the concept of constrained networking, which is Apple’s preferred solution to questions like How do I check whether I’m on Wi-Fi? TN3135 Low-level networking on watchOS TN3179 Understanding local network privacy Adapt to changing network conditions tech talk Understanding Also-Ran Connections forums post Extra-ordinary Networking forums post Foundation networking: Forums tags: Foundation, CFNetwork URL Loading System documentation — NSURLSession, or URLSession in Swift, is the recommended API for HTTP[S] on Apple platforms. Network framework: Forums tag: Network Network framework documentation — Network framework is the recommended API for TCP, UDP, and QUIC on Apple platforms. Building a custom peer-to-peer protocol sample code (aka TicTacToe) Implementing netcat with Network Framework sample code (aka nwcat) Configuring a Wi-Fi accessory to join a network sample code Moving from Multipeer Connectivity to Network Framework forums post Network Extension (including Wi-Fi on iOS): See Network Extension Resources Wi-Fi Fundamentals TN3111 iOS Wi-Fi API overview Wi-Fi Aware framework documentation Wi-Fi on macOS: Forums tag: Core WLAN Core WLAN framework documentation Wi-Fi Fundamentals Secure networking: Forums tags: Security Apple Platform Security support document Preventing Insecure Network Connections documentation — This is all about App Transport Security (ATS). Available trusted root certificates for Apple operating systems support article Requirements for trusted certificates in iOS 13 and macOS 10.15 support article About upcoming limits on trusted certificates support article Apple’s Certificate Transparency policy support article What’s new for enterprise in iOS 18 support article — This discusses new key usage requirements. Technote 2232 HTTPS Server Trust Evaluation Technote 2326 Creating Certificates for TLS Testing QA1948 HTTPS and Test Servers Miscellaneous: More network-related forums tags: 5G, QUIC, Bonjour On FTP forums post Using the Multicast Networking Additional Capability forums post Investigating Network Latency Problems forums post WirelessInsights framework documentation iOS Network Signal Strength Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello, I make a matter device with extended color light functions. I add the mode select cluster in device to set work mode of device. I can not find the work mode in Apple Home application, only the light related functions show in UI. I tested my device with chip-tool, and read out the mode from device. B.R. Ray

Users are reporting that 3rd-party software that leverages Apple's Network Extensions (such as LuLu and Windows Defender) are causing networking issues after upgrading to macOS 15. However as such products were working seamlessly on macOS 14.* and nothing in the code of these products changed between then and now, this would point to bug in macOS. Users have mentioned the following work arounds: Disabling the internal (macOS) firewall Upgrading to macOS 15.1 beta More info about the issues and these "workarounds" here and here.. Looking for any guidance / insight / technical details from Apple, as users are (understandably) blaming these tools and their developers 😭 Of course if there are updated APIs or some other changes in macOS 15 that developers should consider / conform to, to ensure compatibility that'd be great to know too!

My app often fails to access the network (other apps on the device can access the network normally), and restarting the app is also ineffective. I need to open and close the flight mode to restore the app's network I used to suspect the background refresh was the cause, but removing the background refresh still occasionally causes this problem.

After update to IOS18, my app crashed. following is the exception got from xcode: Trapped uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSFileManager createDirectoryAtURL:withIntermediateDirectories:attributes:error:]: URL is nil' ( 0 CoreFoundation 0x0000000194a79098 47427277-EE15-3C17-AD68-6886B0380B5E + 540824 1 libobjc.A.dylib 0x0000000191d7b2e4 objc_exception_throw + 88 2 Foundation 0x0000000193741f48 12E17A7A-B65F-35EE-82D7-CBC31004E223 + 1154888 3 CFNetwork 0x0000000195eeb2bc FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 164540 4 CFNetwork 0x0000000195eeac7c FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 162940 5 libdispatch.dylib 0x000000010342a71c _dispatch_client_callout + 20 6 libdispatch.dylib 0x000000010343bf04 _dispatch_lane_barrier_sync_invoke_and_complete + 176 7 CFNetwork 0x0000000195eeaa88 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 162440 8 CFNetwork 0x0000000195ee9b20 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 158496 9 CFNetwork 0x0000000195ee95f4 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 157172 10 CFNetwork 0x0000000195ee907c FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 155772 11 CFNetwork 0x0000000195ee34b0 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 132272 12 CFNetwork 0x0000000195f942c4 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 856772 13 CFNetwork 0x0000000195f94214 FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 856596 14 CFNetwork 0x0000000195f9330c FA95B718-E8EB-34BD-90FA-8FB1AFE016D6 + 852748 15 libdispatch.dylib 0x0000000103428a30 _dispatch_call_block_and_release + 32 16 libdispatch.dylib 0x000000010342a71c _dispatch_client_callout + 20 17 libdispatch.dylib 0x00000001034325e8 _dispatch_lane_serial_drain + 828 18 libdispatch.dylib 0x0000000103433394 _dispatch_lane_invoke + 460 19 libdispatch.dylib 0x0000000103434b20 _dispatch_workloop_invoke + 2264 20 libdispatch.dylib 0x00000001034405f0 _dispatch_root_queue_drain_deferred_wlh + 328 21 libdispatch.dylib 0x000000010343fc00 _dispatch_workloop_worker_thread + 580 22 libsystem_pthread.dylib 0x000000021bddfc7c _pthread_wqthread + 288 23 libsystem_pthread.dylib 0x000000021bddc488 start_wqthread + 8 ) This app works fine until ios 18 appear. Could you help me? thanks

I tried building some app logic around NetworkMonitor.isConnected in my watch app (I want to trigger an update when the user opens the app and isConnected == true, otherwise observe NetworkMonitor.isConnected until it changes to true), and I found out that on a real device, NetworkMonitor.isConnected is always false. This does not seem to be documented anywhere. Am I right in assuming NetworkMonitor is not to be trusted on the watch? watchOS version is 18. I found an old post where eskimo argues that NWPathMonitor is not useful on the watch (which is also not documented), is it the same for NetworkMonitor? https://forums.developer.apple.com/forums/thread/127080

In macOS Sequoia, there are up to 3 locations where an end user can enable or disable a Network Extension. In order of appearance in the System Settings.app application: Network > Filters General > Login Items & Extensions (1) General > Login Items & Extensions > Network Extensions a) it's quite difficult for an end user (and even a developer) to understand why there are 3 different locations and whether we are dealing with the same unique item or not. e.g. why would an end user have a clue about the difference between a Network Extension and a (Packet | Content) Filter? b) it's not possible for an end user to figure out what the consequences of disabling an item in one of these 3 locations is going to be, because, in each case, the consequences appear to be different, undocumented or not detailed clearly in the UI. (2) [Q] Is there a clear, complete and detailed documentation for Network Extensions UX controls in macOS Sequoia? For either end users or developers? I could't find one when searching inside www.apple.com or developer.apple.com. (1) not sure why a Network Extension also appears here as it's not a launchd daemon controlled by a 3rd party launchd plist. And not sure to understand why it's there since there's now the Network Extensions panel. (2) it does not help that the output of the systemextensionsctl command line tool, in most cases, reports that the extension is still activated and enabled.

How can I resolve the error（Code=65 "No route to host）. Xcode 16(SDK ios18): We invoke GCDAsyncUdpSocket to send UDP data to the broadcast address,then get Error Domain=NSPOSIXErrorDomain Code=65 "No route to host" Xcode 16.1 beta 2(SDK ios18.1): We invoke GCDAsyncUdpSocket to send UDP data to the broadcast address,then it work fine. Xcode 15.4(SDK ios17.5): We invoke GCDAsyncUdpSocket to send UDP data to the broadcast address,then it work fine. Notes: Privacy - Local Network Usage Description and the multicast entitlement has been added. Bonjour services has been added _http._tcp、_http._udp Code: GCDAsyncUdpSocket *gcdUdpSearchSocket = [[GCDAsyncUdpSocket alloc] initWithDelegate:self delegateQueue:dispatch_get_main_queue()]; NSError *error = nil; if (![gcdUdpSearchSocket enableBroadcast:YES error:&error]){ NSLog(@"gcdUdpSearchSocket enableBroadcast Error binding: %@", error); return; } if (![gcdUdpSearchSocket bindToPort:UDP_PORT error:&error]) { NSLog(@"GCDUdp Error binding: %@", error); return; } if (![gcdUdpSearchSocket beginReceiving:&error]) { NSLog(@"GCDUdp Error receiving: %@", error); return; }

Hi! I am new to Apple app development so please bear with me. I am trying to design an app that can mimic some of the functionality of iptables routing. The crux of it is I would like to redirect local traffic bound for a specific port to a different port and then redirect any outgoing traffic on that port back to the original port: outgoing packet bound for IP:1234 -> 127.0.0.1:2345 outgoing packet bound for IP:2345 -> IP:1234 I tried to implement this behavior with a packet tunnel but have not made any substantial progress. Is this the right approach? Here is my implementation: private func handleConnection(_ connection: NWConnection) { connection.receive(minimumIncompleteLength: 1, maximumLength: 65536) { [weak self] data, context, isComplete, error in if let data = data, !data.isEmpty { self?.processData(data, from: connection) } if let error = error { print("Connection error: \(error)") } if isComplete { connection.cancel() } else { self?.handleConnection(connection) // Continue to receive data } } connection.start(queue: .main) } private func processData(_ data: Data, from connection: NWConnection) { switch connection.endpoint { case .hostPort(let host, let port): let portNumber = port.rawValue let hostDescription = host.debugDescription print("Received data from host: \(hostDescription) on port: \(portNumber)") if portNumber == 1234 { // Rule 1: Redirect traffic from port 1234 to 127.0.0.1:2345 redirectTraffic(data, to: "127.0.0.1", port: 2345) print("Redirecting traffic from 1234 to 2345") } else if portNumber == 2345 { // Rule 2: Redirect traffic from port 2345 to the original IP address but port 1234 redirectTraffic(data, to: hostDescription, port: 1234) print("Redirecting traffic from 2345 back to 1234") } case .service(name: _, type: _, domain: _, interface: _): print("Received bonjour service") case .unix(path: _): print("Received unix domain path") case .url(_): print("Received url") case .opaque(_): print("Opaque?") @unknown default: fatalError("Unknown endpoint type") } }

NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration]; configuration.URLCache = [[NSURLCache alloc] initWithMemoryCapacity:20 * 1024 * 1024 diskCapacity:100 * 1024 * 1024 diskPath:@"myCache"]; if (!configuration) { NSLog(@"Failed to create session configuration."); return; } NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration]; if (!session) { NSLog(@"Failed to create session."); return; } NSURL *url = [NSURL URLWithString:@"https://example.com"]; if (!url) { NSLog(@"Invalid URL."); return; } NSURLRequest *request = [NSURLRequest requestWithURL:url]; if (!request) { NSLog(@"Failed to create request."); return; } NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"Error: %@", error.localizedDescription); } else { NSLog(@"Data received: %@", data); } }]; if (!dataTask) { NSLog(@"Failed to create data task."); return; } dataTask.priority = NSURLSessionTaskPriorityDefault; [dataTask resume]; error message Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSFileManager createDirectoryAtURL:withIntermediateDirectories:attributes:error:]: URL is nil' *** First throw call stack: (0x1848bd08c 0x181bbf2e4 0x183585f48 0x185d2f2bc 0x185d2ec7c 0x10709271c 0x1070a3f04 0x185d2ea88 0x185d2db20 0x185d2d5f4 0x185d2d07c 0x185d274b0 0x185dd82c4 0x185dd8214 0x185dd730c 0x107090a30 0x10709271c 0x10709a5e8 0x10709b394 0x10709cb20 0x1070a85f0 0x1070a7c00 0x20bc27c7c 0x20bc24488) libc++abi: terminating due to uncaught exception of type NSException

Hello, I have a Qt c++ executable that accesses a server backend on my local network. After building the executable, I can run it either from within the Qt Creator IDE, OR I can run it from the command line. When I launch from within the Qt Creator IDE, the same executable cannot talk to the backend server on my local network. However, the same executable when launched from the command line works fine. This started only with macOS Sequoia and the new "Local Network" permission. How can I get my IDE launched executable to work? Otherwise I cannot continue my app development.

Starting from macOS 15 (macOS Sequoia), a new pop-up is triggered: “Local Network Privacy.” We have some questions regarding this new pop-up on MacOS: Running the following simple code: cups_dest_t *dests; int num_dests = cupsGetDests(&dests); triggers the “Local Network Privacy” pop-up. Question: Is this intended behavior? Even if the user presses the “Deny” button, printers can still be iterated, and it is possible to set options for the printer. Is this intended behavior? If so, which actions related to the CUPS library will be denied when the user presses the “Deny” button? Question: Should this pop-up appear for daemons/launchd processes? We found similar questions on some forums, but the answers are unclear. It seems that the pop-up should not appear for launch daemons. We tested the mentioned code with CUPS, and the pop-up was triggered. Is this a bug? If so, will it be resolved before the new macOS version is released? Question: There is somewhere documented all the scenarios in which this pop-up may appear is challenging? Regarding automatically allowing or disallowing the pop-up: We found the following response: “There is no way to automatically allow or disallow the local network privacy prompt. If it shows up in your app, you will need to analyze your code to better understand how the prompt is being triggered. If the prompt is triggered by a library you do not control, you will need to either remove the library or inquire further with the library vendor.” Question: How can we ensure that a launchd daemon will work as expected if the user presses the “Deny” button? Is there any way to detect if the user pressed “Deny”?

Hi all, I would like to know if it is possible to activate a content filter through the command line interface (CLI). Based on my research, it seems that Apple does not allow this for security design reasons. If it’s indeed not permitted, is there a way to use a GUI-based app as a workaround, where the GUI would only serve the purpose of activating the content filter? After the filter is activated, I’d like to hide the GUI app and run the content filter in the background. Is this approach feasible, and what would be the best way to achieve it? Thanks in advance for your help!

Requirements: Suppose a carrier provides multiple networks and an iPhone can switch to the best network based on signal strength. Questions: In iOS, suppose we need to switch IMSI based on the best network available then is it possible to achieve that. We do have apple carrier entitlements as well. Can we achieve with Applet? if Yes so please describe it like how can we create applet and how applet works to switch IMSI profile.

Hi everybody! With latest updates on Ventura around 13.9.X, Sonoma 14.5 and upper, and most probably Sequoia, we notice a change on how to retrieve BSSID. We know Airport is discontinue, but also other commands are impacted by new security policies. Now, to make any command work in the proper way we need to ask for Location Permission. But here is where we are finding some issues to make it compatible with the new requirements. We have a web desktop app (Built with Electronjs) that use an mach-o executable (built on C++). This executable runs IOREG to retrieve the BSSID. One of the tries we did is to request the Location Permission on the parent/GUI app, but by doing this, IOREG was not able to retrieve the BSSID. Then, we try to look for a way to make a little test only with our executable. But in the attempt to, we do not found a way to trigger the location permission request, either manually or by a command. Is there a way to prompt the user from a terminal executable or the right way is to prompt from the GUI? Do we need to stop using Mach-o executable in c++ and move to a native mach-o executable in swift to be able to prompt from it (This executable runs in the machine frequently, several times per minute)? We are open to change the command if need it.

Code I have used for years on Macs now crashes after updating OS: SSL_CTX *sslctx = SSL_CTX_new(SSLv23_client_method()); Reading the posts about TLS changes, I change it to this: SSL_CTX *sslctx = SSL_CTX_new(TLS_client_method()); In fact any method I give results in crash.. Is this a known issue? Is there something I now need to call before calling SSL_CTX_new()?

please help, upgrade to Sequoia 15, system default open it, how to close? how to turn off private WiFi address using code, swift or objective-c language

I am getting an error when trying to call an api being hosted on my local development machine from an XCode project running on my iPhone: Task <xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>.<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “10.0.0.5” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x106046600) s: XXXXXXXXXX-Dev i: XXXXXXXXXX Dev CA>", "<cert(0x106047000) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>" ), NSErrorClientCertificateStateKey=0 I have followed the instructions for creating a certificate authority and certificate and installing it on my phone as outlined in Creating Certificates for TLS Testing and Installing a CA’s Root Certificate on Your Test Device. I have read posts in this forum without resolution and seen them on stack overflow like this one and this one which have not been answered or the solutions do not work in more current environments (example response: "This doesn't work in XCode 14.2"). I did have this running in earlier versions and with Android Studio. It would be ideal to have the current state answer to how to develop api's on your local machine and call them from your iPhone or simulator.

Hi all, I am overhauling code of an iPadOS app that discovers devices on a network using a custom UDP broadcast based discovery protocol. This is how the discovery mechanism should work: The iPad sends an IPv4 broadcast message to the network's broadcast address using a fixed destination port, but a random source port (determined at bind time). The device responds with a unicast message to the source IP address and port of the discovery message. Until now the code is based on BSD sockets using GCDAsyncUdpSocket and has been working well for around ten years with a single socket that was used to both send and receive the discovery messages and replies. We would like to make the move to the Network Framework now and I tried to recreate this discovery mechanism with the Network Framework in Objective-C. I am able to create an nw_connection_t with the broadcast address as hostname and the specific destination port as port. I am able to send discovery messages to the device and the device sends a reply (verified with Wireshark). But calling nw_connection_receive_message(...) never fires. Also in Wireshark the iPad replies with Destination unreachable (Port unreachable). When I create the connection with the unicast address of the device, the reply is received. It seems to me, that the connection doesn't accept replies from addresses / ports that don't match, what was set when the connection was created. Is there a way to also accept messages from other sources? E.g. there is nw_multicast_group_descriptor_set_disable_unicast_traffic when doing multicast. This seems to solve this problems when doing mutlicast. This is a code excerpt of what I tried: // Create default UDP parameters without DTLS nw_parameters_t params = nw_parameters_create_secure_udp(NW_PARAMETERS_DISABLE_PROTOCOL, NW_PARAMETERS_DEFAULT_CONFIGURATION); // Enable P2P (should enable broadcast and multicast) nw_parameters_set_include_peer_to_peer(params, true); // Require the active interface // The active interface comes from a path monitor callback nw_parameters_require_interface(params, self.networkUtils.activeInterface.interface); // Setup the remote endpoint with the "ping" (discovery) broadcast IP address and port const char *endpointAddress = [pingAddress.ipAddress cStringUsingEncoding:NSUTF8StringEncoding]; NSString *portString = @(pingAddress.port).stringValue; const char *endpointPort = [portString cStringUsingEncoding:NSUTF8StringEncoding]; nw_endpoint_t broadcastEndpoint = nw_endpoint_create_host(endpointAddress, endpointPort); nw_connection_t tmpConnection = nw_connection_create(broadcastEndpoint, params); __weak __typeof(self) weakSelf = self; nw_connection_set_state_changed_handler(tmpConnection, ^(nw_connection_state_t state, nw_error_t _Nullable error) { __strong __typeof(weakSelf) strongSelf = weakSelf; MSLogVerbose("State changed: %d; error: %@", state, error); strongSelf.connectionState = state; if (state == nw_connection_state_ready) { [strongSelf receiveMessageForConnection:tmpConnection]; } }); nw_connection_set_queue(tmpConnection, AGGalileoBrowser.browserQueue); nw_connection_start(tmpConnection); Thanks for your help! Arno

Hi there, I have some thread related questions regards to network framework completion callbacks. In short, how should I process cross thread data in the completion callbacks? Here are more details. I have a background serial dispatch queue (call it dispatch queue A) to sequentially process the nw_connection and any network io events. Meanwhile, user inputs are handled by serial dispatch queue ( dispatch queue B). How should I handle the cross thread user data in this case? (I write some simplified sample code below) struct { int client_status; char* message_to_sent; }user_data; nw_connection_t nw_connection; dispatch_queue_t dispatch_queue_A static void send_message(){ dispatch_data_t data = dispatch_data_create(message, len(message), dispath_event_loop->dispatch_queue, DISPATCH_DATA_DESTRUCTOR_DEFAULT); nw_connection_send( nw_connection, data, NW_CONNECTION_DEFAULT_MESSAGE_CONTEXT, false, ^(nw_error_t error) { user_data.client_status = SENT; mem_release(user_data.message_to_sent); }); }); } static void setup_connection(){ dispatch_queue_A= dispatch_queue_create("unique_id_a", DISPATCH_QUEUE_SERIAL); nw_connection = nw_connection_create(endpoint, params); nw_connection_set_state_changed_handler(){ if (state == nw_connection_state_ready) { user_data.client_status = CONNECTED } // ... other operations ... } nw_connection_start(nw_connection); nw_retain(nw_connection); } static void user_main(){ setup_connection() user_data.client_status = INIT; dispatch_queue_t dispatch_queue_B = dispatch_queue_create("unique_id_b", DISPATCH_QUEUE_SERIAL); // write socket dispatch_async(dispatch_queue_B, ^(){ if (user_data.client_status != CONNECTED ) return; user_data.message_to_sent = malloc(XX,***) // I would like to have all io events processed on dispatch queue A so that the io events would not interacted with the user events dispatch_async_f(dispatch_queue_A, send_message); // Disconnect block dispatch_async(dispatch_queue_B, ^(){ dispatch_async_f(dispatch_queue_A, ^(){ nw_connection_cancel(nw_connection) }); user_data.client_status = DISCONNECTING; }); // clean up connection and so on... } To be more specific, my questions would be: As I was using serial dispatch queue, I didn't protect the user_data here. However, which thread would the send_completion_handler get called? Would it be a data race condition where the Disconnect block and send_completion_handler both access user_data? If I protect the user_data with lock, it might block the thread. How does the dispatch queue make sure it would NOT put a related execution block onto the "blocked thread"?

On Sequoia it became impossible to properly debug programs using third party mDNS, multicast or broadcast, thanks to a bug? in I guess the new local network privacy feature, every send call returns no route to host. If I run the CI job, which properly packages, signs, notarizes said program, the resulting .app works fine and also requests permission to access the local network - which is impossible through lldb as it doesn't have an Info.plist, just the ***** binary itself. However this may not be the issue, see the repro method below. A fast and easy method to reproduce is using an example from this repo: https://github.com/keepsimple1/mdns-sd/ Running the query example in a good old shell without lldb (cargo run --example query _smb._tcp) starts outputting results. Then running the same binary through lldb (lldb -o run target/debug/examples/query _smb._tcp) would result in no route to host errors. I can't provide an output anymore as I was forced to downgrade. It works fine again on 14.6.1. I'm a bit reluctant to even try 14.7. Also reported in feedback assistant: FB15185667