I am writing an app using Microsoft's MAUI platform. I am posting this here because that team wants me to make an xcode project to help determine an issue I am having. My MAUI app sends a broadcast packet on a UDP socket using address 255.255.255.255. This worked fine in iOS version 17.x. After upgrading my phone to iOS 18.x it stopped working. The error I get is "no route to host". The exact same code works fine on MacOS. It does not work on iPadOs 18. My question here is 3 fold: Did something specific change between iOS 17 and 18 that would cause a 'no route to host' error when sending a UDP broadcast packet? Can someone provide sample code to show me how to do this type of broadcast using Swift in Xcode for iOS? I read an article that said my app would need the com.apple.developer.networking.multicast entitlement in order to use boradcast functionality. This was introduced in iOS 14. Why did my app work fine in iOS 17 then? Is this what changed? Did this requirement use to be optional and is now required? I did get this entitlement from Apple and applied it to my provisioning profile and my app gave the same "no route to host" error. Why?

In macOS Sequoia, there are up to 3 locations where an end user can enable or disable a Network Extension. In order of appearance in the System Settings.app application: Network > Filters General > Login Items & Extensions (1) General > Login Items & Extensions > Network Extensions a) it's quite difficult for an end user (and even a developer) to understand why there are 3 different locations and whether we are dealing with the same unique item or not. e.g. why would an end user have a clue about the difference between a Network Extension and a (Packet | Content) Filter? b) it's not possible for an end user to figure out what the consequences of disabling an item in one of these 3 locations is going to be, because, in each case, the consequences appear to be different, undocumented or not detailed clearly in the UI. (2) [Q] Is there a clear, complete and detailed documentation for Network Extensions UX controls in macOS Sequoia? For either end users or developers? I could't find one when searching inside www.apple.com or developer.apple.com. (1) not sure why a Network Extension also appears here as it's not a launchd daemon controlled by a 3rd party launchd plist. And not sure to understand why it's there since there's now the Network Extensions panel. (2) it does not help that the output of the systemextensionsctl command line tool, in most cases, reports that the extension is still activated and enabled.

I want to add encryption algorithms from liboqs in a VPN app I am building but I don't see any fields for adding custom encryption algorithms in NEVPNIKEv2SecurityAssociationParameters. Is it possible to do this?

I am getting an error when trying to call an api being hosted on my local development machine from an XCode project running on my iPhone: Task <xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>.<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “10.0.0.5” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x106046600) s: XXXXXXXXXX-Dev i: XXXXXXXXXX Dev CA>", "<cert(0x106047000) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>" ), NSErrorClientCertificateStateKey=0 I have followed the instructions for creating a certificate authority and certificate and installing it on my phone as outlined in Creating Certificates for TLS Testing and Installing a CA’s Root Certificate on Your Test Device. I have read posts in this forum without resolution and seen them on stack overflow like this one and this one which have not been answered or the solutions do not work in more current environments (example response: "This doesn't work in XCode 14.2"). I did have this running in earlier versions and with Android Studio. It would be ideal to have the current state answer to how to develop api's on your local machine and call them from your iPhone or simulator.

Hello, I am planning to create an app that can transfer files to hardware devices via WiFi. With devices like GoPro, I believe the typical setup involves the GoPro creating a WiFi hotspot to which the iOS app connects, allowing file transfers. But this setup establishes a 1:1 connection between the app and the hardware. To support multiple hardware devices simultaneously, I am considering reversing this setup: the iOS device would create a personal hotspot, and the hardware devices would connect to it. However, I have concerns about this approach: Reliability: I have read that the personal hotspot feature on iOS devices can be unreliable, especially with non-Apple devices, which tend to disconnect frequently. Manual Setup: There is no API to programmatically create the personal hotspot, so users would have to enable it manually in the Settings. I can use isIdleTimerDisabled to prevent the iOS screen from going to sleep, which might help with disconnection issues. Aside from this, are there other things I can do to ensure a stable connection? Given my limited experience with hardware connections, I am uncertain if having the iOS device act as the WiFi access point is a good design. Any advice or alternative solutions would be greatly appreciated. Thank you in advance!

Hello , I have obtained three strings from the server: ca (the root certificate), cert (the client certificate), and privateKey (the private key) for authentication between the iOS client and server. I have successfully used ca for server authentication. However, I am having trouble generating an NSURLCredential from the cert and privateKey strings for client authentication. Can anyone guide me on how to convert these strings into an NSURLCredential? Any example code would be greatly appreciated! Thank you for your help!

NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration]; configuration.URLCache = [[NSURLCache alloc] initWithMemoryCapacity:20 * 1024 * 1024 diskCapacity:100 * 1024 * 1024 diskPath:@"myCache"]; if (!configuration) { NSLog(@"Failed to create session configuration."); return; } NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration]; if (!session) { NSLog(@"Failed to create session."); return; } NSURL *url = [NSURL URLWithString:@"https://example.com"]; if (!url) { NSLog(@"Invalid URL."); return; } NSURLRequest *request = [NSURLRequest requestWithURL:url]; if (!request) { NSLog(@"Failed to create request."); return; } NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"Error: %@", error.localizedDescription); } else { NSLog(@"Data received: %@", data); } }]; if (!dataTask) { NSLog(@"Failed to create data task."); return; } dataTask.priority = NSURLSessionTaskPriorityDefault; [dataTask resume]; error message Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSFileManager createDirectoryAtURL:withIntermediateDirectories:attributes:error:]: URL is nil' *** First throw call stack: (0x1848bd08c 0x181bbf2e4 0x183585f48 0x185d2f2bc 0x185d2ec7c 0x10709271c 0x1070a3f04 0x185d2ea88 0x185d2db20 0x185d2d5f4 0x185d2d07c 0x185d274b0 0x185dd82c4 0x185dd8214 0x185dd730c 0x107090a30 0x10709271c 0x10709a5e8 0x10709b394 0x10709cb20 0x1070a85f0 0x1070a7c00 0x20bc27c7c 0x20bc24488) libc++abi: terminating due to uncaught exception of type NSException

Hi everyone, We are working on creating a virtual network interface using NEPacketTunnelProvider, with an MTU of 1500 bytes. I would like to understand what will happen if we attempt to write packets of approximately 65,000 bytes to this interface. Specifically, will the packets be fragmented based on protocol and flags, will they be dropped, or is there another unexpected behaviour we should anticipate? Thanks

Requirements: Suppose a carrier provides multiple networks and an iPhone can switch to the best network based on signal strength. Questions: In iOS, suppose we need to switch IMSI based on the best network available then is it possible to achieve that. We do have apple carrier entitlements as well. Can we achieve with Applet? if Yes so please describe it like how can we create applet and how applet works to switch IMSI profile.

Hi all, I would like to know if it is possible to activate a content filter through the command line interface (CLI). Based on my research, it seems that Apple does not allow this for security design reasons. If it’s indeed not permitted, is there a way to use a GUI-based app as a workaround, where the GUI would only serve the purpose of activating the content filter? After the filter is activated, I’d like to hide the GUI app and run the content filter in the background. Is this approach feasible, and what would be the best way to achieve it? Thanks in advance for your help!

Hello everyone, I’m currently working on a Swift project using the Network framework to create a multicast-based communication system. Specifically, I’m implementing both a multicast receiver and a sender that join the same multicast group for communication. However, I’ve run into some challenges with the connection management, replying to multicast messages, and handling state updates for both connections and connection groups. Below is a breakdown of my setup and the specific issues I’ve encountered. I have two main parts in the implementation: the multicast receiver and the multicast sender. The goal is for the receiver to join the multicast group, receive messages from the sender, and send a reply back to the sender using a direct connection. Multicast Receiver Code: import Network import Foundation func setupMulticastGroup() -> NWConnectionGroup? { let multicastEndpoint1 = NWEndpoint.hostPort(host: NWEndpoint.Host("224.0.0.1"), port: NWEndpoint.Port(rawValue: 45000)!) let multicastParameters = NWParameters.udp multicastParameters.multipathServiceType = .aggregate do { let multicastGroup = try NWMulticastGroup(for: [multicastEndpoint1], from: nil, disableUnicast: false) let multicastConnections = NWConnectionGroup(with: multicastGroup, using: multicastParameters) multicastConnections.stateUpdateHandler = InternalConnectionStateUpdateHandler multicastConnections.setReceiveHandler(maximumMessageSize: 16384, rejectOversizedMessages: false, handler: receiveHandler) multicastConnections.newConnectionHandler = newConnectionHandler multicastConnections.start(queue: .global()) return multicastConnections } catch { return nil } } func receiveHandler(message: NWConnectionGroup.Message, content: Data?, isComplete: Bool) { print("Received message from \(String(describing: message.remoteEndpoint))") if let content = content, let messageString = String(data: content, encoding: .utf8) { print("Received Message: \(messageString)") } let remoteEndpoint = message.remoteEndpoint message.reply(content: "Multicast group on 144 machine ACK from recv handler".data(using: .utf8)) if let connection = multicastConnections?.extract(connectionTo: remoteEndpoint) { connection.stateUpdateHandler = InternalConnectionRecvStateUpdateHandler connection.start(queue: .global()) connection.send(content: "Multicast group on 144 machine ACK from recv handler".data(using: .utf8), completion: NWConnection.SendCompletion.contentProcessed({ error in print("Error code: \(error?.errorCode ?? 0)") print("Ack sent to \(connection.endpoint)") })) } } func newConnectionHandler(connection: NWConnection) { connection.start(queue: .global()) connection.send(content: "Multicast group on 144 machine ACK".data(using: .utf8), completion: NWConnection.SendCompletion.contentProcessed({ error in print("Error code: \(error?.errorCode ?? 0)") print("Ack sent to \(connection.endpoint)") })) } func InternalConnectionRecvStateUpdateHandler(_ pState: NWConnection.State) { switch pState { case .setup: NSLog("The connection has been initialized but not started") case .preparing: NSLog("The connection is preparing") case .waiting(let error): NSLog("The connection is waiting for a network path change. Error: \(error)") case .ready: NSLog("The connection is established and ready to send and receive data.") case .failed(let error): NSLog("The connection has disconnected or encountered an error. Error: \(error)") case .cancelled: NSLog("The connection has been canceled.") default: NSLog("Unknown NWConnection.State.") } } func InternalConnectionStateUpdateHandler(_ pState: NWConnectionGroup.State) { switch pState { case .setup: NSLog("The connection has been initialized but not started") case .waiting(let error): NSLog("The connection is waiting for a network path change. Error: \(error)") case .ready: NSLog("The connection is established and ready to send and receive data.") case .failed(let error): NSLog("The connection has disconnected or encountered an error. Error: \(error)") case .cancelled: NSLog("The connection has been canceled.") default: NSLog("Unknown NWConnection.State.") } } let multicastConnections = setupMulticastGroup() RunLoop.main.run() Multicast Sender Code: import Foundation import Network func setupConnection() -> NWConnection { let params = NWParameters.udp params.allowLocalEndpointReuse = true return NWConnection(to: NWEndpoint.hostPort(host: NWEndpoint.Host("224.0.0.1"), port: NWEndpoint.Port(rawValue: 45000)!), using: params) } func sendData(using connection: NWConnection, data: Data) { connection.send(content: data, completion: .contentProcessed { nwError in if let error = nwError { print("Failed to send message with error: \(error)") } else { print("Message sent successfully") } }) } func setupReceiveHandler(for connection: NWConnection) { connection.receive(minimumIncompleteLength: 1, maximumLength: 65000) { content, contentContext, isComplete, error in print("Received data:") print(content as Any) print(contentContext as Any) print(error as Any) setupReceiveHandler(for: connection) } } let connectionSender = setupConnection() connectionSender.stateUpdateHandler = internalConnectionStateUpdateHandler connectionSender.start(queue: .global()) let sendingData = "Hello, this is a multicast message from the process on mac machine 144".data(using: .utf8)! sendData(using: connectionSender, data: sendingData) setupReceiveHandler(for: connectionSender) RunLoop.main.run() Issues Encountered: Error Code 0 Even When Connection Refused: On the receiver side, I encountered this log: nw_socket_get_input_frames [C1.1.1:1] recvmsg(fd 8, 9216 bytes) [61: Connection refused] Error code: 0 Ack sent to 10.20.16.144:62707 Questions: how do I reply to the message if above usage pattern is wrong? how do I get a NWConnection from the received message to create a separate connection for communication with the sender. Any insights or suggestions on resolving these issues or improving my multicast communication setup would be greatly appreciated. Thanks :)

With the new macOS 15, Apple introduced the new Local Network Privacy feature. This is causing issues for our customers as - even though they granted the required permission for our software - connections to a server in their local network are being blocked. The situation is not fixed by recent macOS updates. As far as I know, this issue exists for machines running on Apple Silicon. Systems running macOS versions (e.g. Sonoma) are not affected. Currently, the workaround is to re-enable the permission under Settings > Privacy & Security > Local Network. The list shows our application with an enabled checkbox. Users now have to de-select the box and then re-select it again for the application to work. They have to do this after each and every reboot of their system, which is slightly annoying (so at the moment we recommend to not upgrade macOS to Sequoia, if possible) I did some research and saw that other products are also affected by this bug. Is there a solution to this issue or any plans to fix it?

IMPORTANT The approach used by this code no longer works. See TN3179 Understanding local network privacy for a replacement. Currently there is no way to explicitly trigger the local network privacy alert (r. 69157424). However, you can bring it up implicitly by sending dummy traffic to a local network address. The code below shows one way to do this. It finds all IPv4 and IPv6 addresses associated with broadcast-capable network interfaces and sends a UDP datagram to each one. This should trigger the local network privacy alert, assuming the alert hasn’t already been displayed for your app. Oh, and if Objective-C is more your style, use this code instead. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@apple.com" import Foundation /// Does a best effort attempt to trigger the local network privacy alert. /// /// It works by sending a UDP datagram to the discard service (port 9) of every /// IP address associated with a broadcast-capable interface. This should /// trigger the local network privacy alert, assuming the alert hasn’t already /// been displayed for this app. /// /// This code takes a ‘best effort’. It handles errors by ignoring them. As /// such, there’s guarantee that it’ll actually trigger the alert. /// /// - note: iOS devices don’t actually run the discard service. I’m using it /// here because I need a port to send the UDP datagram to and port 9 is /// always going to be safe (either the discard service is running, in which /// case it will discard the datagram, or it’s not, in which case the TCP/IP /// stack will discard it). /// /// There should be a proper API for this (r. 69157424). /// /// For more background on this, see [Triggering the Local Network Privacy Alert](https://developer.apple.com/forums/thread/663768). func triggerLocalNetworkPrivacyAlert() { let sock4 = socket(AF_INET, SOCK_DGRAM, 0) guard sock4 >= 0 else { return } defer { close(sock4) } let sock6 = socket(AF_INET6, SOCK_DGRAM, 0) guard sock6 >= 0 else { return } defer { close(sock6) } let addresses = addressesOfDiscardServiceOnBroadcastCapableInterfaces() var message = [UInt8]("!".utf8) for address in addresses { address.withUnsafeBytes { buf in let sa = buf.baseAddress!.assumingMemoryBound(to: sockaddr.self) let saLen = socklen_t(buf.count) let sock = sa.pointee.sa_family == AF_INET ? sock4 : sock6 _ = sendto(sock, &message, message.count, MSG_DONTWAIT, sa, saLen) } } } /// Returns the addresses of the discard service (port 9) on every /// broadcast-capable interface. /// /// Each array entry is contains either a `sockaddr_in` or `sockaddr_in6`. private func addressesOfDiscardServiceOnBroadcastCapableInterfaces() -> [Data] { var addrList: UnsafeMutablePointer<ifaddrs>? = nil let err = getifaddrs(&addrList) guard err == 0, let start = addrList else { return [] } defer { freeifaddrs(start) } return sequence(first: start, next: { $0.pointee.ifa_next }) .compactMap { i -> Data? in guard (i.pointee.ifa_flags & UInt32(bitPattern: IFF_BROADCAST)) != 0, let sa = i.pointee.ifa_addr else { return nil } var result = Data(UnsafeRawBufferPointer(start: sa, count: Int(sa.pointee.sa_len))) switch CInt(sa.pointee.sa_family) { case AF_INET: result.withUnsafeMutableBytes { buf in let sin = buf.baseAddress!.assumingMemoryBound(to: sockaddr_in.self) sin.pointee.sin_port = UInt16(9).bigEndian } case AF_INET6: result.withUnsafeMutableBytes { buf in let sin6 = buf.baseAddress!.assumingMemoryBound(to: sockaddr_in6.self) sin6.pointee.sin6_port = UInt16(9).bigEndian } default: return nil } return result } }

Hi Team, The Messages app is not working in the latest macOS Sequoia 15.0.1. We are unable to send messages or sync them when the VPN/TransparentAppProxy is connected. It was working fine in macOS 15.0 and earlier. A few users have reported the issue here: https://discussions.apple.com/thread/255802764?sortBy=rank

please help, upgrade to Sequoia 15, system default open it, how to close? how to turn off private WiFi address using code, swift or objective-c language

A few months ago, I remember reading some official documentation that was describing how to switch to a background upload when the app is about to be suspended. Unfortunately, I can't find that resource back, so it would be fantastic if someone would point it out to me. If I remember correctly, the procedure described was to start a regular upload task within some UIApplication.backgroundTask, and in any case the upload wasn't finished at the moment the system would call the suspension handler, the upload was "transitioned" into a a background one while preserving the current progress (I think because it was using the same URLSession or something, hence why I want to find back the documentation!) Note that I don't want to start a background upload from the beginning (this is what we do already!). I'm mostly looking for that piece of documentation to experiment if that scheme would improve our upload performance. Thanks!

Code I have used for years on Macs now crashes after updating OS: SSL_CTX *sslctx = SSL_CTX_new(SSLv23_client_method()); Reading the posts about TLS changes, I change it to this: SSL_CTX *sslctx = SSL_CTX_new(TLS_client_method()); In fact any method I give results in crash.. Is this a known issue? Is there something I now need to call before calling SSL_CTX_new()?

I need to connect to a JMS that publishes data that I need to collect. I am trying one solution: RabbitMQ with the JMS plugin. I succeeded to install RabbitMQ and send messages from one process to another. However, I need to consume a JMS that an external party publishes. Can anybody tell me how I should configure the Host, Port, Username, Password and Queue name for RabbitMQ/JMS so that I can consume (or subscribe to) that JMS? Or does anybody know another way to consume (or subscribe to) a JMS from Swift? I have no idea which of the provided Tags I should select. Thanks! Wouter

I am developing an iOS application based on Objective-C, and I have encountered a requirement where I need to determine if the password for the currently connected Wi-Fi is empty. If it is empty, the user is allowed to proceed to the next step. If it is not empty, they must enter a password. This will be used in the next process, which is the network configuration of a physical device. After researching documentation, I found two possible approaches to determine if the Wi-Fi password is empty. The first approach is to directly check the encryption type of the current Wi-Fi. If there is no encryption type, the Wi-Fi password is empty. The second approach is to use Apple's NEHotspotConfiguration class to attempt connecting to the Wi-Fi and determine if the password is empty. However, both approaches have encountered issues. For the first approach, there seems to be no public API available to directly retrieve the Wi-Fi encryption type. For the second approach, when using NEHotspotConfiguration to connect, I first get the Wi-Fi's SSID and then attempt to connect with an empty password. I am using [NEHotspotConfiguration alloc] initWithSSID:ssid] to create a configuration, and then I call [NEHotspotConfigurationManager sharedManager] applyConfiguration: to connect. However, regardless of whether the Wi-Fi is actually encrypted or unencrypted, no error is returned. The code is as follows: NSString *ssid = [NetInterface getCurrent_SSID]; // The Wi-Fi SSID that needs to be checked NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc] initWithSSID:ssid]; configuration.joinOnce = YES; // Remove previous configuration (optional) [[NEHotspotConfigurationManager sharedManager] removeConfigurationForSSID:ssid]; self.isWiFiEmptyOperateState = 1; // Attempt to apply the new configuration [[NEHotspotConfigurationManager sharedManager] applyConfiguration:configuration completionHandler:^(NSError * _Nullable error) { self.isWiFiEmptyOperateState = 2; if (error) { if (error.code == NEHotspotConfigurationErrorInvalid) { NSLog(@"Wi-Fi %@ is encrypted, a password is required", ssid); } else if (error.code == NEHotspotConfigurationErrorUserDenied) { NSLog(@"User denied the Wi-Fi configuration"); } else { NSLog(@"Other error: %@", error.localizedDescription); } } else { NSLog(@"Successfully connected to Wi-Fi %@, this network might be open", ssid); } }]; In the code above, it always ends up logging "Successfully connected to Wi-Fi." Is there any other approach that can fulfill my functional requirement? I noticed that some apps on the App Store have implemented this functionality, but all my attempts so far have failed.

Hello, I'm wondering if a NEDNSProxyProvider should supports TCP DNS query or not ? DNS UDP datagrams are limited to 512 bytes and sometimes, a DNS resolver should fallback to TCP to handle large queries. But I don't see anything about supporting TCP flow in the DNS Proxy provider reference. Is there a guarantee that it will only receive UDP flow ? How is the system handling large DNS queries in that case ?