Hello, I am looking into the newly announced Accessory Setup Kit and I'd like to replace my manual WiFi connection setup with it, but I cannot find a way how to specify WiFi password when configuring ASDiscoveryDescriptor, only ssid or ssidPrefix can be specified? Is it really not possible to connect to WiFi with password with this new framework? That kind of makes it unusable for my use case :( Since the accessory has password.

Is there a way to gather an IP address programmatically that is still acceptable by privacy standards? I see a lot of talk about using getifaddrs() but most of those threads are very old and there doesnt seem to be a lot of other options

I am updating a universal app for release on iOS 17+ devices using Xcode15.2 and Solar2d v3708. The last release was 7 years ago. The app connects to the local network and used a custom UDP protocol to connect to and control specific hardware devices. The protocol involves transmitting and receiving both broadcast and unicast messages to/from IPV4 capable proprietary devices on the local network. When I run the app in the Solar2d simulator and when I run the current version installed from the App store on my iPad, communications work well. When I build the same code into a new development build and transfer it to my iPad, I found that attempts to send broadcast messages are failing. When I print out the error returned from the socket interface to the console, I see the message is "No Route to Host". I requested multicast capability from Apple and when it appeared on my development portal I updated the App Id to include the multicast entitlement. I updated the development profile to include our new 6th gen IPad and the updated AppID. I downloaded and installed the development profile. That new profile is what I am selecting / using to sign the app. I am using lua socket library to send broadcast messages I created a very basic project with just the basic networking code example and built this for my iPad the results are the same. local socket = require("socket") local main, errorMain = socket.udp6() main:setoption('broadcast', true) local ack, mError = main:sendto("", "::FFFF:255.255.255.255", 3100) print("My Debug Message: Main sending - " .. (ack or "nil") .. ", Error : " .. (mError or "None")) I also tried modifying my code to use udp4 as follows and the results were the same. local socket = require("socket") local main, errorMain = socket.udp4() main:setoption('broadcast', true) local ack, mError = main:sendto("", "255.255.255.255", 3100) print("My Debug Message: Main sending - " .. (ack or "nil") .. ", Error : " .. (mError or "None")) console output: My Debug Message: Main sending - nil, Error : No route to host Any help or insight would be greatly appreciated.

On macOS 15, if a program installed in /Applications is allowed to connect to a PostgreSQL server on another machine on the local network, a program launched in debug mode from Xcode is not allowed to connect to the local network, and no prompt appears. Although it is possible to turn off registered programs in Local Network Privacy in Beta 2, permissions for programs launched from Xcode cannot be obtained at all. Does anyone know how to solve this problem?

Hi, I have a package which is signed and notarized. Still I get the warning message to "Allow/Deny" the "Accept incoming network connections" when I launch the application. I could see that the application is present in the firewall exceptions list. Please find the attached screen shots. regards Prema Kumar

Hello, I'm experiencing an issue with enabling a Content Filter Network Extension from a command line tool. When I call the LoadFromPreferences method on NEFilterManager.shared() the completion handler is not called. I've tried this with a simple semaphore and tried running it on a RunLoop, but none of this works. Any help would be appreciated. I've tried adding a small demo project illustrating the issue, but the add file option does not seem to work. I'll paste the code here: Semaphore Demo class SemaphoreDemo { let filterManager = NEFilterManager.shared() var semaphore = DispatchSemaphore(value: 0) func demo() { print("Semaphore demo") self.filterManager.loadFromPreferences { (error) in print("Load from preferences callback") if let error = error { print("ERROR \(error.localizedDescription)") return } let config = NEFilterProviderConfiguration() config.filterDataProviderBundleIdentifier = "BUNDLE_IDENTIFIER" config.filterSockets = true self.filterManager.isEnabled = true self.filterManager.localizedDescription = "LOCALIZED_DESCRIPTION" self.filterManager.providerConfiguration = config self.filterManager.saveToPreferences { (error) in if let error = error { print("ERROR \(error.localizedDescription)") } else { print("SUCCESS") } self.semaphore.signal() } } self.semaphore.wait() } } class RunloopDemo { let filterManager = NEFilterManager.shared() func demo() { print("Runloop demo") let currentRunLoop = CFRunLoopGetCurrent() // let currentRunLoop = CFRunLoopGetMain() self.filterManager.loadFromPreferences { [weak currentRunLoop] (error) in print("Load from preferences callback") if let error = error { print("ERROR \(error.localizedDescription)") return } let config = NEFilterProviderConfiguration() config.filterDataProviderBundleIdentifier = "Bundle IDENTIFIER" config.filterSockets = true self.filterManager.isEnabled = true self.filterManager.localizedDescription = "LOCALIZED DESCRIPTION" self.filterManager.providerConfiguration = config self.filterManager.saveToPreferences { (error) in if let error = error { print("ERROR \(error.localizedDescription)") } else { print("SUCCESS") } CFRunLoopStop(currentRunLoop) } } CFRunLoopRun() } } The callback is never called. Thanks.

My Situation: I use the process 'socketfilterfw' related to the firewall. However, in macOS 15, the result message was different from previous versions. Some messages have only a few changes. However, the option '--listapps' has many changes. In previous version, the option showed results, including the path of each application. However, this is not the case with macOS 15. It only shows the name and status of the application. The list only shows the name and current status of the application. The results of this list alone cannot change the policy. I think this is a bug. I think we should let them know the absolute path of the application in the list, or we should be able to change the policy just with the name of the application. My Question: I wonder if these changes are intentional, and I want to get an absolute path for each application additionally, so I wonder what method to take. Terminal input : $ /usr/libexec/ApplicationFirewall/socketfilterfw --listapps Previous macOS result —————————————————————————————————— ALF: total number of apps = 5 1 : /Applications/Google Chrome.app ( Block incoming connections ) 2 : /usr/sbin/smbd ( Block incoming connections ) 3 : /Applications/FaceTime.app ( Block incoming connections ) 4 : /Applications/Safari.app ( Allow incoming connections ) 5 : /usr/sbin/cupsd ( Allow incoming connections ) —————————————————————————————————— On macOS 15, result —————————————————————————————————— 2024-06-24 16:21:15.599 socketfilterfw[2988:52866] ApplicationFirewall::AFGetAllApplications() processing response dictionary Total number of apps = 5 Google Chrome.app (state: 4) smbd (state: 4) FaceTime.app (state: 4) Safari.app (state: 1) cupsd (state: 1) —————————————————————————————————— —————————————————————————————————— —————————————————————————————————— On macOS 15 —————————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp FaceTime.app —————————————————————————————————— 2024-06-24 16:51:59.091 socketfilterfw[3185:69041] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { Result = 1; } —————————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /System/Applications/FaceTime.app —————————————————————————————————— 2024-06-24 16:52:34.093 socketfilterfw[3186:69310] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { ErrorMessage = "vendor config update success"; Result = 1; } ——————————————————————————————————

My Situation: I use the process 'socketfilterfw' related to the firewall. However, in macOS 15, the result message was different from previous versions. Some messages have only a few changes. However, the option '--listapps' has many changes. In previous version, the option showed results, including the path of each application. However, this is not the case with macOS 15. It only shows the name and status of the application. The list only shows the name and current status of the application. The results of this list alone cannot change the policy. I think this is a bug. I think we should let them know the absolute path of the application in the list, or we should be able to change the policy just with the name of the application. My Question: I wonder if these changes are intentional, and I want to get an absolute path for each application additionally, so I wonder what method to take. Terminal input : $ /usr/libexec/ApplicationFirewall/socketfilterfw --listapps Previous macOS result —————————————————————————————— ALF: total number of apps = 5 1 : /Applications/Google Chrome.app ( Block incoming connections ) 2 : /usr/sbin/smbd ( Block incoming connections ) 3 : /Applications/FaceTime.app ( Block incoming connections ) 4 : /Applications/Safari.app ( Allow incoming connections ) 5 : /usr/sbin/cupsd ( Allow incoming connections ) —————————————————————————————— In macOS 15, result —————————————————————————————— 2024-06-24 16:21:15.599 socketfilterfw[2988:52866] ApplicationFirewall::AFGetAllApplications() processing response dictionary Total number of apps = 5 Google Chrome.app (state: 4) smbd (state: 4) FaceTime.app (state: 4) Safari.app (state: 1) cupsd (state: 1) —————————————————————————————— On macOS 15 —————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp FaceTime.app —————————————————————————————— 2024-06-24 16:51:59.091 socketfilterfw[3185:69041] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { Result = 1; } —————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /System/Applications/FaceTime.app —————————————————————————————— 2024-06-24 16:52:34.093 socketfilterfw[3186:69310] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { ErrorMessage = "vendor config update success"; Result = 1; } ——————————————————————————————

Hi all, My co-worker today noticed that on his Mac running a beta of Sequoia, the IPv6 multicast functionality of our application was no longer working. This same executable works fine under Sonoma and earlier versions of MacOS, and has worked fine for a number of years. Under Sequoia, however, calls to sendto() a packet to an IPv6-link-local-multicast address (e.g. ff12::bead:cede:deed:feed, preceeded by a call to setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, ...) to specify the appropriate network interface index) return -1 and set errno to EHOSTUNREACH aka "No route to host". The interesting thing about it is, this problem only occurs if we launch our app by double-clicking on its icon; if we instead run the app from Terminal (e.g. by entering ./MyApp.app/Contents/MacOS/MyApp), the multicast functionality works as expected. Our app is signed and notarized in all the usual expected ways. My question is, is this "just" a networking regression in the Sequoia beta, or is there some new requirement in macOS/Sequoia for IPv6-link-local-multicast-using apps to have a multicast entitlement (a la iOS) or something?

I have an application that uses Bonjour to communicate with other instances of the app on other devices. If I start an NWBrowser and the user has "Local Network" turned off for my app, the stateUpdateHandler for the browser gets .waiting with an error containing the string "PolicyDenied." This lets me show an alert to the user explaining what's happening, with a link to the app's Settings screen. But if I use NWListener (the counterpart of NWBrowser) and have "Local Network" turned off, there's no indication of any problem. After I start the listener, stateUpdateHandler is called with .ready as the state - even though it's not really ready to listen at all. The FAQ for Local Network Privacy suggests that any Bonjour operation will raise kDNSServiceErr_PolicyDenied if Local Network is off. However, in my application, that only seems to be true for browsing, not listening. Is there a way to detect a missing Local Network entitlement for NWListener? I know there are solutions involving sending a message to localhost, etc, but ideally there would be something simpler.

Due to some challenging corporate network firewall, security filters and certificate management, I would like to implement a TLS server where it initiates the TCP connection to the client side so that once TCP is connected, the client side sends its Client Hello message. Everything then continues as expected. The connection would use Bonjour to locate the TLS client endpoint that is hosted on iOS. The TLS server will be hosted on MacOS. Swapping the normal tcp listener as TLS server will help with certificate management as the Mac will have the server cert installed and the iOS device will have the client cert installed.

Forward posting from the Swift Forums. Within my iOS project (thesis project) I have set up a MITM server that is being sent data from a Packet Tunnel Provider. I am currently seeing that all IPv6 requests aren't able to have their IP address resolved when passed to Swift NIO that uses the default system DNS resolver. On the Packet Tunnel Provider, I have set it to use the DNS's 8.8.8.8 and 8.8.4.4 that are also the system defaults. I have also attempted to use my routers DNS routing to no avail. Both v4 and v6 traffic are proxied to the MITM server that uses Swift NIO, with v4 traffic successfully being processed on ingress and egress as intended. IPv6 traffic is failing to resolve with the following error: dev.thesis.apps.LocalProxyServer.ConnectHandler : [LocalPacketTunnelProvider] Connect failed: NIOConnectionError(host: "ipv6.mythic-beasts.com", port: 443, dnsAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), dnsAAAAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), connectionErrors: []) ipv6.mythic-beasts.com for the purposes of this is just a test website I am using that only has a AAAA record associated with it: When not connected to the Packet Tunnel Provider, the website is successfully resolved and can be viewed within the browser - so I have narrowed it down to either the server or tunnel configuration. The server uses the GetaddrinfoResolver, that utilises the iOS's system default DNS resolver. This should conform to necessary RFC. Could anyone provide me with a reason why this could be happening and if possible a link to a resource that could assist with remediating the issue? I'll be the first to admit this isn't my forte so would appreciate some support if possible. I am aware that this isn't an expected use cases for Network Extension packet tunnel providers (as per TN3120). I'm just concerned as IPv4 DNS records are resolving but IPv6 aren't so wondering if this is a wider issue. would expect the system DNS resolver to still work as intended though.

Hi! I have been working on one idea for a while but can't figure out the proper way to do that. My app includes Content Filter and DNSProxy providers for filtering logic. And for the NEFilterSocketFlow everything works well, because the connection is first handled from DNSProxy and if it's blocked, NEFilterDataProvider returns datagrams that I wrote from DNSProxy (I return nxdomain). However, for NEFilterBrowserFlow it doesn't work, because webkit generated flows are for some reason intercepted by Content Filter first and at the time when the flow is checked for rules, there're none yet as DNSProxy didn't handle connection yet. So the app returns the following behaviour: In case the requested domain is not filtered by DNSProxy, the user is able to visit requested page, but if it's filtered, the flow just freezes and the page will never load for user. But I wanted to add proper handling and display block page. In case I am using some third-party apps for testing like ICS Dig, filtered domains return nxdomain properly. Not sure if there's a way to achieve desired result, but would be very grateful for any suggestions

Hey, I'm currently developing an app that uses NEHotspotConfigurationManager to connect to and disconnect from a WiFi network based on user actions. I'm using the following code to connect and disconnect: Connect let configuration = NEHotspotConfiguration(ssid: ssid, passphrase: password, isWEP: false) configuration.joinOnce = true NEHotspotConfigurationManager.shared.apply(configuration) { (error) in if let error = error { print("Error connecting to WiFi network: \(error.localizedDescription)") } else { self.lastSSID = ssid } } Disconnect NEHotspotConfigurationManager.shared.removeConfiguration(forSSID: self.lastSSID) The issue I'm encountering is that the app successfully connects to the WiFi network and disconnects properly the first time. However, after connecting again, the second disconnect attempt fails to disconnect from the WiFi network. I found a similar bug report from 2020 that mentioned this issue. The suggested workaround involved setting joinOnce = false, which is not suitable for my app's requirements.

We are using CoreTelephony's CTTelephonyNetworkInfo to access Carrier information such as carrierName, mobileNetworkCode, mobileCountryCode and CTTelephonyNetworkInfo().subscriberCellularProviderDidUpdateNotifier to know whether any event has occurred in the sim. We are using these above data for the Sim Binding process of UPI for our Financial App as per the requirement from NPCI(RBI). Now that these are deprecated, what is the appropriate or alternative way to get these details?

Our app uses NEVPNManager with IPsec to create VPN. Full tunnel is working fine both with NEVPNManager API and profile created using Apple Configurator. Now, we are trying to create split tunnel using the same. Apple Configurator created profile is working when DNS Supplemental Match domains is set to empty string. But we couldn't find the equivalent to the DNS Supplemental Match domains in the NEVPNManager API. In NEVPNManager config, all DNS is routing to the default route instead of VPN. Can you please help us on this?

iOS 18 beta, iPhone 14 plus. Doesn't work mac address rotation in Wi-Fi network settings. It does nothing, when I toggle on-off the switch

I was developing an electron based app, and I want to embed a system extension in it, everything works fine with SIP disabled. But for normal cases, I found out: Notarization require hardened runtime enabled. The container is an electron based app, which has JIT related feature, so it requires hardened runtime relaxation entitlements (some exception) But System extension disallow these entitlements, this error message is captured from the log system: Hardened Runtime relaxation entitlements disallowed on System Extensions So does this mean we can't embed a system extension in an Electron-based app?

OS: MacOS 14.3 (23D56) I have PacketTunnelProvider VPN running with MTU on utun interface as 1300. % ifconfig utun4 utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet 192.166.54.1 --> 192.166.54.1 netmask 0xffffff00 nd6 options=201<PERFORMNUD,DAD> When I am sending Jumbo size packets using ICMP and it is working fine till 4068 bytes packet size, after that ICMP responses are not accepted by the utun interface. Working till 4068 packets: % ping 13.71.68.85 -s 4068 PING 13.71.68.85 (13.71.68.85): 4068 data bytes 4076 bytes from 13.71.68.85: icmp_seq=0 ttl=56 time=46.040 ms 4076 bytes from 13.71.68.85: icmp_seq=1 ttl=56 time=25.353 ms Not Working after sending 4069 packets: % ping 13.71.68.85 -s 4069 PING 13.71.68.85 (13.71.68.85): 4069 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 In System logs I could see below errors: % log stream | grep utun4 2024-06-19 17:22:34.666286+0530 0x7ee9e2 Error 0x0 0 0 kernel: utun_netif_sync_rx utun4: legacy packet length 4097 > 4096 2024-06-19 17:22:35.637723+0530 0x7ee9e2 Error 0x0 0 0 kernel: utun_netif_sync_rx utun4: legacy packet length 4097 > 4096 Note: Same works fine on en0 interface when packet is not routed via utun interface. Working till 8184 packets on en0 interface: % ping 13.71.68.85 -s 8184 PING 13.71.68.85 (13.71.68.85): 8184 data bytes 8192 bytes from 13.71.68.85: icmp_seq=0 ttl=51 time=198.928 ms 8192 bytes from 13.71.68.85: icmp_seq=1 ttl=51 time=46.139 ms % ping 13.71.68.85 -s 8185 PING 13.71.68.85 (13.71.68.85): 8185 data bytes ping: sendto: Message too long ping: sendto: Message too long Does this mean, on utun interface we do not support packet inception of more than 4096 size?

When I initiate the following request in the app delegate, it is good in iOS 17, but it will crash in iOS 18. The code is as below: NSString *url = @"https://www.baidu.com"; NSString * restr = [NSString stringWithContentsOfURL:[NSURL URLWithString:url] encoding:NSUTF8StringEncoding error:nil]; The stack is as below: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSFileManager createDirectoryAtURL:withIntermediateDirectories:attributes:error:]: URL is nil' *** First throw call stack: ( 0 CoreFoundation 0x00007ff8004c14d5 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff800084116 objc_exception_throw + 62 2 Foundation 0x00007ff800f00861 -[NSFileManager contentsOfDirectoryAtPath:error:] + 0 3 CFNetwork 0x00007ff804c66bfd -[_NSHTTPAlternativeServicesStorage _onqueue_initializeDatabaseIfNotEmpty:] + 488 4 CFNetwork 0x00007ff804c69350 __66-[_NSHTTPAlternativeServicesStorage HTTPServiceEntriesWithFilter:]_block_invoke + 48 5 libdispatch.dylib 0x0000000115349f32 _dispatch_client_callout + 8 6 libdispatch.dylib 0x000000011535ad86 _dispatch_lane_barrier_sync_invoke_and_complete + 133 7 CFNetwork 0x00007ff804c65bf7 -[_NSHTTPAlternativeServicesStorage HTTPServiceEntriesWithFilter:] + 211 8 CFNetwork 0x00007ff804cd5ccc _ZN11TubeManager34_onqueue_enqueueRequestForProtocolEP25MetaConnectionCacheClientPK18HTTPRequestMessage21MetaConnectionOptionsP16BaseAwaitingTube + 264 9 CFNetwork 0x00007ff804bf8b0c ___ZN12XTubeManager25enqueueRequestForProtocolEP25MetaConnectionCacheClientPK18HTTPRequestMessage21MetaConnectionOptionsPK17CoreSchedulingSet_block_invoke + 328 10 CFNetwork 0x00007ff804bf8832 _ZN12XTubeManager15withTubeManagerEPK17CoreSchedulingSetU13block_pointerFvP15GlueTubeManagerE + 516 11 CFNetwork 0x00007ff804d27823 _ZN12HTTPProtocol81asynchronouslyCreateAndOpenStream_WithMessage_AfterCookiesAndAuthenticatorHeadersEP15__CFHTTPMessage + 6077 12 CFNetwork 0x00007ff804d25ea3 _ZN12HTTPProtocol48asynchronouslyAddAuthenticatorHeadersAndContinueEP15__CFHTTPMessage + 103 13 CFNetwork 0x00007ff804d295b3 ___ZN12HTTPProtocol35asynchronouslyAddCookiesAndContinueEP15__CFHTTPMessage_block_invoke_3 + 26 14 CFNetwork 0x00007ff804e0fdb7 ___ZNK18QCoreSchedulingSet12performAsyncEU13block_pointerFvvE_block_invoke + 41 15 libclang_rt.asan_iossim_dynamic.dyl 0x0000000115d0fa4c __wrap_dispatch_async_block_invoke + 204 16 libdispatch.dylib 0x0000000115348ba9 _dispatch_call_block_and_release + 12 17 libdispatch.dylib 0x0000000115349f32 _dispatch_client_callout + 8 18 libdispatch.dylib 0x0000000115351e3b _dispatch_lane_serial_drain + 1078 19 libdispatch.dylib 0x0000000115352bbc _dispatch_lane_invoke + 448 20 libdispatch.dylib 0x0000000115353be7 _dispatch_workloop_invoke + 876 21 libdispatch.dylib 0x000000011535fcc6 _dispatch_root_queue_drain_deferred_wlh + 318 22 libdispatch.dylib 0x000000011535f205 _dispatch_workloop_worker_thread + 853 23 libsystem_pthread.dylib 0x000000011521db84 _pthread_wqthread + 327 24 libsystem_pthread.dylib 0x000000011521cacf start_wqthread + 15 ) libc++abi: terminating due to uncaught exception of type NSException