I am planning to implement Peer to Peer data exchange between 2 iOS devices. I have the following queries. My devices are connected through Ethernet. I would prefer to use this route if possible before switching over to Wifi. I can see there is an option to use prohibitedInterfaceTypes but that doesn't guarantee the route to use Ethernet when there are multiple available. Does the connection automatically switch between ethernet and Wifi or does that have to be handled via isViable and betterPathAvailable? I'm unsure when I should be using a custom framing protocol. I just need to exchange codable objects between the devices. Is the custom protocol required only if I use TCP as the underlying protocol? Can NSURLSessionStreamTask be used for this use case?

I have a pretty straightforward code to connect to a given ip address and port using NWConnection. On the first attempt to connect to the Local Network I see the "Local Network Privacy" dialog and sometimes if I press "Don't Allow" on that dialog everything starts to fail. No matter I do I keep receiving the following error: POSIXErrorCode(rawValue: 50): Network is down Obviously going to settings and allowing local network access to the app doesn't fix the issue. Neither deleting the app and installing it again. The only workaround I found is to restart my device which is unacceptable for a user. My code is really simple, I tried a lot of different approaches to connect but neither approach worked. I am on iOS 18. Is it a known bug? could be possible a bug on my code? Any idea would be really appreciated, thanks!

We use as content filter in our app to monitor flows, we gather data about the flow and block flows deemed suspicious. Our content filter is activated/deactivated by a UI app but the flows are reported via XPC to a separate daemon process for analysis. As of macOS 15, we are seeing cases where flows are missing or flows are not received at all by the content filter. The behaviour is not consistent, some devices seem to receive flows normally but others don't. It appears Intel devices are much less prone to showing the problem, whereas Arm devices routinely exhibit missing flows. On macOS 14 or earlier, there is no sign of missing flows. Testing on earlier beta versions of macOS 15 did not appear to show the problem, however I can't rule out if issue was present but it wasn't spotted. Experimenting with simple examples of using a content filter (e.g. QNE2FilterMac) does not appear to reproduce the issue. Questions, What has changed between macOS 14 and 15 that could be the cause of the lack of flows? Is our approach to using an app activated content filter reporting to a daemon connected via XPC unsupported?

Hello all, I have a question, I am developing an application that uses the apply() function of the NEHotspotConfigurationManager class to switch the Wifi of the device. In the completionHandler of the apply() function, the error argument contains “Internal Error(8)” and the wifi switching may fail. We have never seen this problem during development, and since it occurs only in the market, we are at a loss as to the cause and countermeasure. Do you know the cause of the “Internal Error(8)” and how to fix it? A similar phenomenon has already been discussed in the following thread, but after countermeasures were taken in iOS12, it also occurs in iOS13 and later and no progress has been made since then. https://developer.apple.com/forums/thread/107851 I would appreciate it if someone could clarify what is happening with this error, as there is not much information on the web regarding this error. Thank you in advance.

So I have a small homebuilt device that has a simple Arduino-like chip with wifi capabilities (to be precise, the Xiao Seeed ESP32C, for anyone who cares), and I need my iOS app to talk to this device. Using the CoreBluetooth framework, we've had no problems --- except that in "noisy" environments sometimes we have disconnects. So we want to try wifi. We assume that there is no public wifi network available. We'd love to do peer-to-peer networking using Network, but that's only if both devices are from Apple. They're not. Now, the Xiao device can act as an access point, and presumably I could put my iPhone on that network and use regular TCP calls to talk to it. The problem is that my app wants to both talk to this home-built device, but ALSO make http calls to my server an amazon. So: how do I let my iOS app talk over wifi to this simple chip, while not losing the ability to also have my app reach a general server (and receive push notifications, etc.) To be more concrete, imagine that my app needs to be able to discover the access point provided by my device, use low-level TCP socket calls to talk to this local wifi device, all without losing the ability to also make general http calls and be just accessible to push notifications as it was before connecting to this purely local (and very short range, i.e. no more than 30 meters distant) device. Does this make sense? Have I explained it well enough?

Ex Windows programmer trying to evolve to Mac... please go easy. :-) As part of my transition I'm trying to get some older stuff I wrote for myself to work. I have a command line utility program which uses socket(), connect(), send(), select/recv() to create a RAW socket and send a ICMP_ECHO packet to a host and then await its return. Essentially, PING with some minor variation in its output. Got it built in Xcode. Found that socket() with SOCK_RAW failed until I ran as root (via SUDO). OK, no problem. Now it sends, but it never receives a response. The select() always times out rather than receiving the reply. When I run my Windows cmd line version on the same machine under Parallels, it works fine. So I'm confident the other host is able to be reached from my network, etc. I can use actual PING from the command line just fine too. Is there some other permission facility in MacOS that would prevent me from receiving the reply packets? What would it be called, how would I either turn it off or work with it? Thanks for any help!

Hi, I have been using iPhones 14Pro, 15Pro for the last couple of years for 5G SA research applications. As far as the iPhone14 Pro goes, even with the latest upgrade 18.2 beta 2 it works flawlessly, upon inserting the SIM CARD, I can activate VoLTE and then there is a toggle that enables 5G SA. The phone connects to the network using PLMN 001 01 and functions perfectly. iPhone 15 Pro is behaving completely different. Upon inserting the SIMCARD it also lets enabling the 5G SA functionality but the phone never searches for a cell. Even putting the phone into mobile field test, it never searches for NR even with the same SIM card working in the 14 PRO. This particular mobile phone did work in the first iOS versions and stopped working after upgrading to 18.1. Just a few days ago, I bought a 16 PRO to try it with our 5G SA networks, and it is behaving the exact same way as the iPhone 15 PRO. It never tries to attach to the 5G SA even with the same SIM card as the 14PRO. I would like to understand this difference in behaviour across all these devices and understand if this is a new implementation or a SW bug. In the case this is a new implementation, please point me towards novel documentation so I can understand what to change in the network configurations to have the communication back. Thanks.

Hi, I'm using the Network framework to browse for devices on the local network. Unfortunately, I get many crash reports that crash in nw_browser_cancel, of which two are attached. This discussion seems to have a similar issue, but it was never resolved: https://forums.developer.apple.com/forums/thread/696037 Contrary to the situation in the linked thread, my implementation uses DispatchQueue.main as the queue for the browser, so I don't think over-releasing the queue is the problem. I am unable to reproduce this problem myself, but one of my users can reproduce it reliably it seems. How can I resolve this crash? 2024-11-10_14-24-35.3886_+0100-4fdbdb8e944a4b655d60df53da3aa8c759f4fd1f.crash 2024-11-08_08-54-31.6366_+0100-303cabefb74bf89cdea3127b1cad122ee46016f2.crash

Hi Everyone, Is there a framework or pattern to allow peer to peer communication between multiple iOS application? The use case would be as follow: An organizer creates a session with multiple users. The users receive an invitation (initially via email or sms), they install the app, upon accepting the invitation, they join a session. The session then allow peer to peer communication between users, not necessarily in the form of text messages, but more on information and synchronization between states of models between the members. Is there a framework for such a communication, or are we forced to go through a server to relay messages? I found the Multipeer communication Framework but it is for the discovery of devices, not for communication between applications. Thanks a lot.

Kindly suggest the best approach for the below requirement. Requirement Summary: I have a camera that generates its own Wi-Fi network with some specifications, and I need my iOS app to automatically connect to that Wi-Fi whenever it's in range. This Wi-Fi network is used for transferring files between the camera and the iOS app and to give commands to camera to do certain actions. This Wi-Fi does not provide internet access. Details: The iOS app should automatically connect to the camera's Wi-Fi network once it launches. The camera's Wi-Fi does not have internet access; it is purely for file transfers (e.g., photos/videos) between the camera and the iOS app and to command camera to do certain actions The iOS device should still use mobile data for internet access while connected to the camera's Wi-Fi. The mobile data will be used to upload files to the cloud, as I have a large data plan available for internet use. The app should maintain the connection to the camera's Wi-Fi as long as the iOS device is within proximity of the camera. If the device moves out of range and then comes back, the iOS app should prefer and reconnect to the camera's Wi-Fi over any other available networks. I am looking for a solution or approach that can make this seamless, ensuring a stable connection between the camera and the iOS app while prioritizing mobile data for internet connectivity.

Hello, I have a company laptop thats connected to the internet without a VPN. I need to be able to resolve my company's sub domains using a specific dns server, and have all other domains resolved by the system wide name server. In windows, this is trivial to do. In an admin powershell I run "Add-DnsClientNrptRule -Namespace ".foo.mycompany.com" -Nameserver "127.0.0.1" and resolution requests for *.foo.mycompany.com is sent to a name server running on the localhost. All other dns resolution requests are handled by the system configured resolver. MacOS does have the /etc/resolver/ solution for this, but my understanding from these forums is that this is not the recommended approach. Note - I have tried it and it works. AFAIU, the recommended approach is to create a system Network extension using NEDNSProxyProvider, override handleNewFlow() and do what's necessary. The issue with this solution is that it requires handling all the dns flow parsing of DNS datagrams to extract the host forwarding the datagrams to the appropriate dns server Handle responses. Deal with flow control Handle edge cases. I was hoping for something much simpler than us needing to implement datagram parsing. Could you please shed light on our options and how we could proceed ?

In the past, I used to ping my iPhone‘s local IP address via UDP. If local network permissions were not enabled, it would return an error. If they were enabled, it would return success, which I used to determine whether my app had local network permissions enabled. Now, with iOS 18, it seems to not work anymore. Regardless of whether local network permissions are enabled, pinging the iPhone‘s local IP address always returns success. Is there any other good method to check this permission status? Case-ID: 9934335

I'm use iPad OS 17.5.1, when I try to use socket to connect to an ipv6 address created by PacketTunnelProvider in my iOS device, an error occurs. Here is the code to create socket server and client: #include <stdio.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> int dx_create_ipv6_server(const char *ipv6_address, int port) { int server_fd; struct sockaddr_in6 server_addr; server_fd = socket(AF_INET6, SOCK_STREAM, 0); if (server_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(server_fd); return -1; } if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("bind() failed"); close(server_fd); return -1; } if (listen(server_fd, 5) == -1) { perror("listen() failed"); close(server_fd); return -1; } printf("Server is listening on [%s]:%d\n", ipv6_address, port); return server_fd; } int dx_accept_client_connection(int server_fd) { int client_fd; struct sockaddr_in6 client_addr; socklen_t client_addr_len = sizeof(client_addr); client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_addr_len); if (client_fd == -1) { perror("accept() failed"); return -1; } char client_ip[INET6_ADDRSTRLEN]; inet_ntop(AF_INET6, &client_addr.sin6_addr, client_ip, sizeof(client_ip)); printf("Client connected: [%s]\n", client_ip); return client_fd; } int dx_connect_to_ipv6_server(const char *ipv6_address, int port) { int client_fd; struct sockaddr_in6 server_addr; client_fd = socket(AF_INET6, SOCK_STREAM, 0); if (client_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(client_fd); return -1; } if (connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("connect() failed"); close(client_fd); return -1; } printf("Connected to server [%s]:%d\n", ipv6_address, port); close(client_fd); return 0; } @implementation SocketTest + (void)startSever:(NSString *)addr port:(int)port { [[NSOperationQueue new] addOperationWithBlock:^{ int server_fd = dx_create_ipv6_server(addr.UTF8String, port); if (server_fd == -1) { return; } int client_fd = dx_accept_client_connection(server_fd); if (client_fd == -1) { close(server_fd); return; } close(client_fd); close(server_fd); }]; } + (void)clientConnect:(NSString *)addr port:(int)port{ [[NSOperationQueue new] addOperationWithBlock:^{ dx_connect_to_ipv6_server(addr.UTF8String, port); }]; } @end PacketTunnelProvider code: override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "fd84:306d:fc4e::1") let ipv6 = NEIPv6Settings(addresses: ["fd84:306d:fc4e::1"], networkPrefixLengths: 64) settings.ipv6Settings = ipv6 setTunnelNetworkSettings(settings) { error in if error == nil { self.readPackets() } completionHandler(error) } } private func readPackets() { // do nothing packetFlow.readPackets { [self] packets, protocols in self.packetFlow.writePackets(packets, withProtocols: protocols) self.readPackets() } } At main target, in viewcontroller's viewDidAppear, after starting the VPN, executed following code: [SocketTest startSever:@"fd84:306d:fc4e::1" port:12345]; sleep(3); [SocketTest clientConnect:@"fd84:306d:fc4e::1" port:12345]; The startSever is executed correctly, but when executing： connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) in clientConnect, the code is blocked until it times out and returns -1. **Even if I use GCDAsyncSocket or BlueSocket, I get the same error. The strange thing is that if I use the ipv4 address in PacketTunnelProvider, and change the above code to the ipv4 version and connect to ipv4 address, or use GCDAsyncSocket to perform the corresponding operation, it can be executed correctly. ** I tried to search Google for problems with ios-related ipv6 addresses, but I still couldn't find a solution. Is this a bug in the ios system or is there something wrong with my code? I hope to get your help! Stackoverflow url: iOS Socket cannot connect ipv6 address when use PacketTunnelProvider

When I try to use socket to connect to an ipv6 address created by PacketTunnelProvider in my iOS device, an error occurs. Here is the code to create socket server and client: #include <stdio.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> int dx_create_ipv6_server(const char *ipv6_address, int port) { int server_fd; struct sockaddr_in6 server_addr; server_fd = socket(AF_INET6, SOCK_STREAM, 0); if (server_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(server_fd); return -1; } if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("bind() failed"); close(server_fd); return -1; } if (listen(server_fd, 5) == -1) { perror("listen() failed"); close(server_fd); return -1; } printf("Server is listening on [%s]:%d\n", ipv6_address, port); return server_fd; } int dx_accept_client_connection(int server_fd) { int client_fd; struct sockaddr_in6 client_addr; socklen_t client_addr_len = sizeof(client_addr); client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_addr_len); if (client_fd == -1) { perror("accept() failed"); return -1; } char client_ip[INET6_ADDRSTRLEN]; inet_ntop(AF_INET6, &client_addr.sin6_addr, client_ip, sizeof(client_ip)); printf("Client connected: [%s]\n", client_ip); return client_fd; } int dx_connect_to_ipv6_server(const char *ipv6_address, int port) { int client_fd; struct sockaddr_in6 server_addr; client_fd = socket(AF_INET6, SOCK_STREAM, 0); if (client_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(client_fd); return -1; } if (connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("connect() failed"); close(client_fd); return -1; } printf("Connected to server [%s]:%d\n", ipv6_address, port); close(client_fd); return 0; } @implementation SocketTest + (void)startSever:(NSString *)addr port:(int)port { [[NSOperationQueue new] addOperationWithBlock:^{ int server_fd = dx_create_ipv6_server(addr.UTF8String, port); if (server_fd == -1) { return; } int client_fd = dx_accept_client_connection(server_fd); if (client_fd == -1) { close(server_fd); return; } close(client_fd); close(server_fd); }]; } + (void)clientConnect:(NSString *)addr port:(int)port{ [[NSOperationQueue new] addOperationWithBlock:^{ dx_connect_to_ipv6_server(addr.UTF8String, port); }]; } @end PacketTunnelProvider code: override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "fd84:306d:fc4e::1") let ipv6 = NEIPv6Settings(addresses: ["fd84:306d:fc4e::1"], networkPrefixLengths: 64) settings.ipv6Settings = ipv6 setTunnelNetworkSettings(settings) { error in if error == nil { self.readPackets() } completionHandler(error) } } private func readPackets() { // do nothing packetFlow.readPackets { [self] packets, protocols in self.packetFlow.writePackets(packets, withProtocols: protocols) self.readPackets() } } At main target, in viewcontroller's viewDidAppear, after starting the VPN, executed following code: [SocketTest startSever:@"fd84:306d:fc4e::1" port:12345]; sleep(3); [SocketTest clientConnect:@"fd84:306d:fc4e::1" port:12345]; The startSever is executed correctly, but when executing： connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) in clientConnect, the code is blocked until it times out and returns -1. Even if I use GCDAsyncSocket or BlueSocket, I get the same error. The strange thing is that if I use the ipv4 address in PacketTunnelProvider, and change the above code to the ipv4 version and connect to ipv4 address, or use GCDAsyncSocket to perform the corresponding operation, it can be executed correctly. I tried to search Google for problems with ios-related ipv6 addresses, but I still couldn't find a solution. Is this a bug in the ios system or is there something wrong with my code? I hope to get your help!

Hello! I'd like to ask about the best way of getting a list of DNS servers from the system (iOS & macOS). Why? I am using NEPacketTunnelProvider to implement a VPN app. When a device joins a network with a Captive Portal and the VPN is on, the VPN should redirect DNS queries to the DNS servers that were received from the network's DHCP server. So that my VPN is able to correctly reroute the traffic which is not blocked by the network's gateway and the Captive Portal landing page is served. When I don't do anything, the traffic goes to the tunnel and the tunnel's encrypted traffic is then dropped by the gateway serving the Captive Portal. When I temporarily turn off the VPN, opt out of all the traffic or pass the traffic to the system resolver, the traffic gets affected by other network settings (like DNSSettings) which leads to the same situation - the user not being able to authenticate with the Captive Portal. So far, I have tried multiple ways, including res_9_getservers but unsuccessfully. As a part of my investigation, I have found out that the /etc/resolv.conf file is not populated with DNS servers until the Captive Portal is acknowledged by the user which makes getaddrinfo unusable to achieve my goal. But I am not sure if that's a bug or intended behavior. Thank you for your help!

I am working on developing a Mac app (WireGuard Apple VPN) that will be distributed outside the App Store. I have added the network extension which is included in the system extension with packet tunneling capability. I have created a build following these steps here: https://developer.apple.com/forums/thread/737894 as per your suggestions in my accepted post: https://developer.apple.com/forums/thread/761251 It works fine in this case when the machine has SIP disabled and systemextensionsctl developer enabled. As soon as I have made changes on the machine to disable systemextensionsctl developer and enable SIP, it loads the system extension and also asks for network extension permission. But it does not connect to the VPN. I have copied the app to the "/Applications" directory before opening it. This issue is specific to macOS 15.1. It works fine for macOS 14.* and 13.*. Speaking of macOS 15.0, it didn't work in both cases with SIP enabled or disabled. So, it seems that it must be a bug in macOS 15.0 and it seems that this bug was partially fixed in macOS 15.1. Is that right? I am currently planning to distribute the app to testers for final testing before rolling it out to a wider audience. Am I missing something? Thanks in advance.

I have a need to do a coverage test for the networkextension function code implemented by the system extension, but I don't know how to implement this method. For example, how do you use gtest or how do you use xctest to achieve these capabilities? If you know, please let me know. Thanks

I'm working on a network extension that provides a VPN tunnel. The logic behind the tunnel provider requires me to connect the backend to pull recent configuration and then configure the routing. It works in general but fails with some circumstances. I have 100% reproducible fails if I run OpenVPN tunnel in parallel. When it happens it looks like the network extension cannot connect the backend (any internet resource actually). Requests fail by timeout. To troubleshoot this situations I've added NWPathMonitor at my NEPacketTunnelProvider subclass: pathMonitor?.pathUpdateHandler = { path in logger.info("Path update: \(path)") logger.info(" : \(path.availableInterfaces)") } On successful scenarios I observed logs: 14:53:19:829 Starting VPN tunnel... 14:53:19:895 Path update: satisfied (Path is satisfied), interface: en0[802.11], scoped, ipv4, ipv6, dns, uses wifi 14:53:19:899 : [en0] 14:53:22:237 Path update: satisfied (Path is satisfied), interface: en0[802.11], scoped, ipv4, ipv6, dns, uses wifi 14:53:22:253 : [en0, utun12] 14:53:22:325 VPN tunnel is started. But if I start another tunnel first using OpenVPN (it's our corporate VPN) I observe failures with such log messages: 14:54:26:113 Starting VPN tunnel... 14:54:26:140 Path update: satisfied (Path is satisfied), interface: en0[802.11], scoped, ipv4, ipv6, dns, uses wifi 14:54:26:141 : [en0] 14:55:28:259 Failed to start VPN tunnel. utun12 that was used by the extension in case of success is now occupied by the OpenVPN tunnel. The system creates utun13 for me but it feels like its misconfigured: > ifconfig (omitted most of the output) utun12: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 172.28.11.236 --> 172.28.10.1 netmask 0xfffffe00 nd6 options=201<PERFORMNUD,DAD> utun13: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> Is it a system bug and what else can I do to diagnose the root cause of these failures?

Hi, I would like to know if it is safe to call the uploadTask from URLSession from the main thread ? We've a user who is reporting repeated crashes at startup, here is the stack we see: Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: FRONTBOARD 2343432205 <RBSTerminateContext| domain:10 code:0x8BADF00D explanation:scene-update watchdog transgression: app<com.appspot.myApp(E7590BB1-722C-491D-9199-F867DE4B880A)>:2212 exhausted real (wall clock) time allowance of 10.00 seconds ProcessVisibility: Background ProcessState: Running WatchdogEvent: scene-update WatchdogVisibility: Background WatchdogCPUStatistics: ( "Elapsed total CPU time (seconds): 21.260 (user 10.230, system 11.030), 35% CPU", "Elapsed application CPU time (seconds): 0.006, 0% CPU" ) reportType:CrashLog maxTerminationResistance:Interactive> Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x1def7a688 mach_msg2_trap + 8 1 libsystem_kernel.dylib 0x1def7dd98 mach_msg2_internal + 80 2 libsystem_kernel.dylib 0x1def7dcb0 mach_msg_overwrite + 424 3 libsystem_kernel.dylib 0x1def7dafc mach_msg + 24 4 libdispatch.dylib 0x1968d8f14 _dispatch_mach_send_and_wait_for_reply + 544 5 libdispatch.dylib 0x1968d92b4 dispatch_mach_send_with_result_and_wait_for_reply + 60 6 libxpc.dylib 0x21714a930 xpc_connection_send_message_with_reply_sync + 256 7 Foundation 0x18d80a3ac __NSXPCCONNECTION_IS_WAITING_FOR_A_SYNCHRONOUS_REPLY__ + 16 8 Foundation 0x18d806b14 -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 2160 9 CoreFoundation 0x18eb868dc ___forwarding___ + 1004 10 CoreFoundation 0x18eb86430 _CF_forwarding_prep_0 + 96 11 CFNetwork 0x1900c71e0 -[__NSURLBackgroundSession setupBackgroundSession] + 800 12 CFNetwork 0x1900b3e80 -[__NSURLBackgroundSession initWithConfiguration:delegate:delegateQueue:delegateDispatchQueue:] + 552 13 CFNetwork 0x1900b4784 +[NSURLSession _sessionWithConfiguration:delegate:delegateQueue:delegateDispatchQueue:] + 1496 14 MyApp 0x1054210b4 CombineBgXferRepository.session.getter (in MyApp) (CombineBgXferRepository.swift:62) + 7966900 15 MyApp 0x105422fa4 CombineBgXferRepository.startUploadTask(fileURL:request:) (in MyApp) (CombineBgXferRepository.swift:310) + 7974820 If it is ok to call this uploadTask from the main thread, does this crash indicate a problem with the operating system? Are there scenarios where the background upload service does not respond to requests?

Starting on macOS Sequoia, flows originated in Firefox have an empty sourceAppAuditToken. Other apps contain a valid token. Background: in order to fetch process info for a certain NEFilterFlow, my content filter extension uses sourceAppAuditToken, audit_token_to_pid() and proc_* (as recommended in #126820). When that fails, we use SecCodeCopyGuestWithAttributes, recommended in some other thread as a better alternative. Both approaches break when the sourceAppAuditToken is empty since they need the pid. Debugging: My logging shows audit token is empty for Firefox Typical logs from com.apple.networkextension also indicate it fails to fetch the same info I'm looking for: com.apple.networkextension debug 11:22:07.024588-0300 Fetching appInfo from cache for pid: 948 uuid: 5C40B765-C6C9-3641-A822-2BC44D264361 bundle id: (null) com.apple.networkextension debug 11:22:07.024657-0300 Calling delegate lookup handler with pid: 948, uuid: 5C40B765-C6C9-3641-A822-2BC44D264361, bundleID: (null) com.apple.networkextension debug 11:22:07.025856-0300 Could not look up appInfo for pid: 948 bundle id: (null) uuid: 5C40B765-C6C9-3641-A822-2BC44D264361 com.apple.networkextension error 11:22:07.025897-0300 Could not find app info, return the original flow without filling in app info Handling new flow: identifier = D89B5B5D-793C-4940-D992-4E90F2AD1900 procPID = 953 eprocPID = 948 direction = outbound inBytes = 0 outBytes = 0 signature = {length = 32, bytes = 0x4afeafde b484aa0c c5cb8698 0567343d ... 7cdee33e 135666dd } socketID = 19adf2904e92d9 localEndpoint = 0.0.0.0:0 remoteEndpoint = 17.33.202.170:443 protocol = 6 family = 2 type = 1 procUUID = 0C68E603-967E-3643-B225-378BD2A655F7 eprocUUID = 5C40B765-C6C9-3641-A822-2BC44D264361 Perhaps there's a bug when generating the audit token or could it be something with the Firefox signature? I double-checked Firefox and it seems fine: $ codesign --verify --verbose /Applications/Firefox.app /Applications/Firefox.app: valid on disk /Applications/Firefox.app: satisfies its Designated Requirement Not sure if relevant, but codesign with -dv showed different flags in CodeDirectory when compared to chrome: codesign -dv /Applications/Firefox.app ... CodeDirectory v=20500 size=863 flags=0x10000(runtime) hashes=18+5 ... Versus chrome CodeDirectory v=20500 size=1821 flags=0x12a00(kill,restrict,library-validation,runtime) hashes=46+7 location=embedded