Hello all, I have a question, I am developing an application that uses the apply() function of the NEHotspotConfigurationManager class to switch the Wifi of the device. In the completionHandler of the apply() function, the error argument contains “Internal Error(8)” and the wifi switching may fail. We have never seen this problem during development, and since it occurs only in the market, we are at a loss as to the cause and countermeasure. Do you know the cause of the “Internal Error(8)” and how to fix it? A similar phenomenon has already been discussed in the following thread, but after countermeasures were taken in iOS12, it also occurs in iOS13 and later and no progress has been made since then. https://developer.apple.com/forums/thread/107851 I would appreciate it if someone could clarify what is happening with this error, as there is not much information on the web regarding this error. Thank you in advance.

Hey,I want to get nearby Wi-Fi network's SSID into the app using network extension framework.Right now I can get scan list by visiting the setting--->Wifi Screen but I want to get those Scan Result into the app without visiting the setting wifi screen.If anyone idea about it please let me know

I'm unable to set the "secure" property of HTTPCookieProperty (for initializing HTTPCookie) to false. tried: .secure: "FALSE" .secure: "false" .secure: false but all of above resulted in "cookie.isSecure" being true. The only thing that worked was not providing the field at all (which made the property default to false). Seems like a niche bug?

Hi, On macOS 15 beta 7, we get a network popup while launching application, "Allow "App" to find the devices on local network?" This popup we are not seeing in older versions of macOS. We also see a a new option in "System Settings->Privacy & Security->Local Network". Is there way to add the application entry in "Local Network" through a command so that we can suppress this popup on launching the applications? Regards Prema Kumar

There is no Network Extension icon missing in System Settings. Sequoia 15.1 (24B83) Screenshot attached

On iOS beta, monitoring network usage using the getifaddrs API sporadically causes system volume spikes. This happens even though the application does not interact with any audio-related code. The issue persists across different polling intervals (e.g., 0.05s to 1s) and only occurs when invoking getifaddrs. Replacing the API calls with mock data eliminates the problem, suggesting a potential issue with getifaddrs in the beta environment. The application updates UI elements based on network activity, but the volume spikes occur independently of UI or other observable app behavior. Steps to Reproduce: Create an app that monitors network usage using the getifaddrs API. Fetch network statistics on a timer (e.g., every 0.05 seconds). Observe system behavior while running the app on iOS beta. Note sporadic volume spikes during app runtime. Expected Result: Polling network usage with getifaddrs should not affect system volume or other unrelated resources. Actual Result: System volume spikes occasionally when network statistics are retrieved using getifaddrs. iOS 18.2 Beta, Tested on physical device ( iPhone 15 Pro )

Hi, TLDR: On iOS, when my PacketTunnel is running, can I exclude DNS requests from going into the tunnel? I have a test app, using Apple's AsyncDNSResolver, that makes a DNS call and it works when the tunnel is not running. If the tunnel is running it times out after 30 seconds and I get the error -65568. Here's how I'm setting up the tunnel func setup(tunnelRemoteAddress: String) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress) settings.ipv4Settings = NEIPv4Settings(addresses: [tunnelRemoteAddress], subnetMasks: ["255.255.255.255"]) settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()] let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: ProxyServerConfiguration.host, port: ProxyServerConfiguration.port) proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: LocalProxyServerConfiguration.host, port: LocalProxyServerConfiguration.port) proxySettings.excludeSimpleHostnames = true proxySettings.exceptionList = nil let dnsSettings = NEDNSSettings(servers: ["8.8.8.8"]) settings.dnsSettings = dnsSettings settings.proxySettings = proxySettings setTunnelNetworkSettings(settings) { error in // ... } } I've tried all combinations of setting/excluding the NEDNSSettings but the DNS call always fails when the tunnel is running. Thanks for any help.

Whenever I'm working on my content filter for macOS, I usually keep SIP disabled and with developer mode on (systemextensionsctl) as a convenience. The issue: content filter stopped receiving any kind of traffic when SIP is disabled. I don't see any log lines in Console for new flows, and the filter can't block anything, since it doesn't get any flows. Issue started yesterday. I tried several things and did some investigation, here are some findings: Reboot: rebooting did not fix the issue (while keeping SIP disabled). Reenabling SIP fixes the issue for both App Store and Xcode builds. Code: latest published version also stopped working with SIP disabled. This version is stable and confirmed to work as reported by users. Clean Xcode + rebuild did not fix the issue. Lastly, I inspected the logs and did not see any errors standing out. I noticed the filter does get started (startFilter is called) and registered, but after that there are no errors/new flows or anything, just silence (logs below). com.apple.networkextension default 15:22:22.270746-0300 : Calling startFilterWithCompletionHandler com.extension.MyExtension info 15:22:22.270998-0300 Success applying filter settings com.apple.networkextension debug 15:22:22.272705-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: Checking providerBundleIdentifier com.extension.MyExtension for pluginClass 4 com.apple.networkextension debug 15:22:22.272717-0300 Checking for com.extension.MyExtension - com.apple.networkextension.filter-data com.apple.networkextension default 15:22:22.272728-0300 Found 1 registrations for com.extension.MyExtension (com.apple.networkextension.filter-data) com.apple.networkextension debug 15:22:22.272778-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: com.extension.MyExtension is registered for pluginClass 4 Here are some additional info about my system: macOS 15.1 Between yesterday and today, the only new Installation is XProtectPlistConfigData at 12:10AM Thanks!

So I have a small homebuilt device that has a simple Arduino-like chip with wifi capabilities (to be precise, the Xiao Seeed ESP32C, for anyone who cares), and I need my iOS app to talk to this device. Using the CoreBluetooth framework, we've had no problems --- except that in "noisy" environments sometimes we have disconnects. So we want to try wifi. We assume that there is no public wifi network available. We'd love to do peer-to-peer networking using Network, but that's only if both devices are from Apple. They're not. Now, the Xiao device can act as an access point, and presumably I could put my iPhone on that network and use regular TCP calls to talk to it. The problem is that my app wants to both talk to this home-built device, but ALSO make http calls to my server an amazon. So: how do I let my iOS app talk over wifi to this simple chip, while not losing the ability to also have my app reach a general server (and receive push notifications, etc.) To be more concrete, imagine that my app needs to be able to discover the access point provided by my device, use low-level TCP socket calls to talk to this local wifi device, all without losing the ability to also make general http calls and be just accessible to push notifications as it was before connecting to this purely local (and very short range, i.e. no more than 30 meters distant) device. Does this make sense? Have I explained it well enough?

I'm use iPad OS 17.5.1, when I try to use socket to connect to an ipv6 address created by PacketTunnelProvider in my iOS device, an error occurs. Here is the code to create socket server and client: #include <stdio.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> int dx_create_ipv6_server(const char *ipv6_address, int port) { int server_fd; struct sockaddr_in6 server_addr; server_fd = socket(AF_INET6, SOCK_STREAM, 0); if (server_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(server_fd); return -1; } if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("bind() failed"); close(server_fd); return -1; } if (listen(server_fd, 5) == -1) { perror("listen() failed"); close(server_fd); return -1; } printf("Server is listening on [%s]:%d\n", ipv6_address, port); return server_fd; } int dx_accept_client_connection(int server_fd) { int client_fd; struct sockaddr_in6 client_addr; socklen_t client_addr_len = sizeof(client_addr); client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_addr_len); if (client_fd == -1) { perror("accept() failed"); return -1; } char client_ip[INET6_ADDRSTRLEN]; inet_ntop(AF_INET6, &client_addr.sin6_addr, client_ip, sizeof(client_ip)); printf("Client connected: [%s]\n", client_ip); return client_fd; } int dx_connect_to_ipv6_server(const char *ipv6_address, int port) { int client_fd; struct sockaddr_in6 server_addr; client_fd = socket(AF_INET6, SOCK_STREAM, 0); if (client_fd == -1) { perror("socket() failed"); return -1; } memset(&server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &server_addr.sin6_addr) <= 0) { perror("inet_pton() failed"); close(client_fd); return -1; } if (connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1) { perror("connect() failed"); close(client_fd); return -1; } printf("Connected to server [%s]:%d\n", ipv6_address, port); close(client_fd); return 0; } @implementation SocketTest + (void)startSever:(NSString *)addr port:(int)port { [[NSOperationQueue new] addOperationWithBlock:^{ int server_fd = dx_create_ipv6_server(addr.UTF8String, port); if (server_fd == -1) { return; } int client_fd = dx_accept_client_connection(server_fd); if (client_fd == -1) { close(server_fd); return; } close(client_fd); close(server_fd); }]; } + (void)clientConnect:(NSString *)addr port:(int)port{ [[NSOperationQueue new] addOperationWithBlock:^{ dx_connect_to_ipv6_server(addr.UTF8String, port); }]; } @end PacketTunnelProvider code: override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "fd84:306d:fc4e::1") let ipv6 = NEIPv6Settings(addresses: ["fd84:306d:fc4e::1"], networkPrefixLengths: 64) settings.ipv6Settings = ipv6 setTunnelNetworkSettings(settings) { error in if error == nil { self.readPackets() } completionHandler(error) } } private func readPackets() { // do nothing packetFlow.readPackets { [self] packets, protocols in self.packetFlow.writePackets(packets, withProtocols: protocols) self.readPackets() } } At main target, in viewcontroller's viewDidAppear, after starting the VPN, executed following code: [SocketTest startSever:@"fd84:306d:fc4e::1" port:12345]; sleep(3); [SocketTest clientConnect:@"fd84:306d:fc4e::1" port:12345]; The startSever is executed correctly, but when executing： connect(client_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) in clientConnect, the code is blocked until it times out and returns -1. **Even if I use GCDAsyncSocket or BlueSocket, I get the same error. The strange thing is that if I use the ipv4 address in PacketTunnelProvider, and change the above code to the ipv4 version and connect to ipv4 address, or use GCDAsyncSocket to perform the corresponding operation, it can be executed correctly. ** I tried to search Google for problems with ios-related ipv6 addresses, but I still couldn't find a solution. Is this a bug in the ios system or is there something wrong with my code? I hope to get your help! Stackoverflow url: iOS Socket cannot connect ipv6 address when use PacketTunnelProvider

We want to ressolve dns for predefined sets of private app domains. We've added this rule: NENetworkRule(destinationHost: NWHostEndpoint(hostname: Private Domain1(example.com), port: 53), protocol: .UDP) As per apple documentation: A rule that matches all DNS queries/responses for hosts in the example.com domain. do you think it will work i.e it will forward DNS requests UDP flow to transparent provider in all the cases? or do you think the text is a bit misleading. it should instead say: "A rule that matches all DNS queries/responses for nameservers in the example.com domain"? This rule that look for port 53 of that domain only works if the system really asks a nameserver of that specific domain, right? So, what if a local DNS server or a different nameserver are taking care of the resolution?

MINI M2 Apache httpd stopped serving with this in log: "bug_type":"312","os_version":"macOS 15.2 (24C5079e)"} {"issueCategory":"hitch","logType":"Tailspin","uploadAttemptCount":0, Sequoia 15.2 Beta Server runs about 2 hours and then need to reboot computer to restart to server remote viewers. Brew Service ReStart and sudo apachectl graceful restart server for localhost but they will not restart server for remote viewers.

Hi everyone, Our app helps users block adult websites to promote focus and digital wellness. During the App Store review, it was flagged under Guideline 2.5.1 for using a VPN profile to block content, with Apple advising us to remove this feature. Since blocking adult content is core to our app, we’re looking for compliant alternatives: Can Network Extensions Framework (e.g., NEDNSProxyProvider) be used for on-device filtering? Would pre-configured safe DNS (e.g., CleanBrowsing) be acceptable? Are there compliant examples of similar apps? Any advice on achieving this functionality within Apple’s guidelines would be greatly appreciated. Thanks!

When transferring files in a Multipeer Session, using the Progress instances (returned by either sendResource in the sender or the delegate method session(didStartReceiving:) on the receiver) in a SwiftUI ProgressView will eventually cause a crash (EXC_BAD_ACCESS in swift_retain on com.apple.MCSession.syncQueue) I have created a small sample project that demonstrates the problem. It can be found at: https://github.com/eidria/Multipeer-Progress-Demo.git. A screen shot of the stack trace from a crash (crash.jpg) is in the “Images” folder. STEPS TO REPRODUCE Run the sample on two different hosts connected to the same network (project contains both iOS & macOS targets, bug manifests in any combination). When the second instance comes up, they will automatically find and connect to each other. When the “Send Files” button is enabled, clicking it will cause the sender to repeatedly send the file “Image.HEIC” from the “Images” folder to the receiver, which deletes it upon receipt of a successful transfer (i.e. delegate call back is called with a nil error). Subsequent transfers are triggered when the sender receives notice that the prior send completed successfully. Eventually, after some (usually small) number of files have been transferred, either the sender or receiver will crash in the middle of a transfer, with EXC_BAD_ACCESS in swift_retain on com.apple.MCSession.syncQueue. Commenting out the ProgressView in the file FileTransferView.swift will allow the apps to run in perpetuity.

The update to IOS 18.1 broke my VPN app. It was still working with 18.0.1. First analysis indicates that packets are not received through packetflow. Postings like this also indicates that there has something changed about the routing: https://developer.apple.com/forums/thread/767315 So what is going on here? I am using the following NEPacketTunnelNetworkSettings: static private func buildSettings() -> NEPacketTunnelNetworkSettings { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1") let ipv4Settings = NEIPv4Settings(addresses: ["10.42.0.1"], subnetMasks: ["255.255.0.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] ipv4Settings.excludedRoutes = [] settings.ipv4Settings = ipv4Settings settings.mtu = 1500 let dnsSettings = NEDNSSettings(servers: ["10.42.0.1"]) settings.dnsSettings = dnsSettings let ipv6Settings = NEIPv6Settings.init(addresses: ["fdb2:d970:8536:8dc6:0000:0000:0000:0001"], networkPrefixLengths: [64]) ipv6Settings.includedRoutes = [NEIPv6Route.default()] settings.ipv6Settings = ipv6Settings return settings } Any help would be greatly appreciated.

I can build the SimpleFirewall application (https://developer.apple.com/documentation/networkextension/filtering_network_traffic ) using xcode: After I run the application, seems can't block any traffic. I find there is some logs from network extension process: networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception. Any step I am missing ?

We have Mac OS VM which has two network interfaces and both are active. In our application we need “State:/Network/Global/IPv6” to do some task but on this machine it seems to be missing, however if we disable one of the interface then the same setting seems to be available and our code works fine. Please find the attached screenshots of working & non-working details:

hello, we're currently working on a way to adapt the behavior of our app when the device is running with a low free memory remaining, or a bad network. For the network, we though about implementing a speedtest, but the issue with this solution is that we want to test regularly the quality of the network, so if the device is running with a poor/bad network, the speedtest with stuck the app. I was looking for other way to check the displayed informations in the status bar: private func getWiFiRSSI() -> Int? { let app = UIApplication.shared var rssi: Int? let exception = tryBlock { guard let statusBar = app.value(forKey: "statusBar") as? UIView else { return } if let statusBarMorden = NSClassFromString("UIStatusBar_Modern"), statusBar .isKind(of: statusBarMorden) { return } guard let foregroundView = statusBar.value(forKey: "foregroundView") as? UIView else { return } for view in foregroundView.subviews { if let statusBarDataNetworkItemView = NSClassFromString("UIStatusBarDataNetworkItemView"), view .isKind(of: statusBarDataNetworkItemView) { if let val = view.value(forKey: "wifiStrengthRaw") as? Int { rssi = val break } } } } if let exception = exception { print("getWiFiRSSI exception: \(exception)") } return rssi } I've checked the AppStore Guidelines but I'm not sure that this kind of code will not be subject to rejection by the Review team. Anyone having trying to submit with a similar approach? Did you already managed to monitor network regularly, without using a speedtest? Thanks for the help!

I've been trying very unsuccessfully to get the Filtering Network Traffic example code to work. I've read many forum posts but I still wasn't able to figure it out. I download the example project and set my development team for both targets. From then on the project is configured to create unique bundle identifiers and app group. Signing and provisioning profile is created and managed by Xcode with all the necessary entitlements. I am able to build the app (debug with provisioning profile) and then copy it to /Applications. I open the app, click start, enable and allow the network extension. Activity Monitor shows that the extension is running. But when I test local connections to port 8888 nothing happens in the app, the connection are just allowed. I tested with the following setup: create a local webserver with python3 -m http.server 8888 and make a request via curl and the webbrowser normal tcp connection with nc (nc -l 8888 and nc localhost 8888) I added lots of logging and I can see that the startFilter method is called, but never the handleNewFlow method. The only error I see in Console is networkd_settings_read_from_file Sandbox is preventing this process from reading networkd settings file at "/Library/Preferences/com.apple.networkd.plist", please add an exception. but don't know what to do about that. I also read the debugging guide (very helpful). I'm used to jump through a lot of hoops with this stuff, but I can't figure out what the problem is.

Hi, I am new to swift and IOS development, I was developing an app which can be used to communicating between Apple Watch and iPhone. Something strange occurred when I was trying to observe the status of the message(UserInfo) sent by func transferUserInfo(_ userInfo: [String : Any] = [:]) -> WCSessionUserInfoTransfer. I was trying to observe isTransferring(a boolean value) in WCSessionUserInfoTransfer which was returned by the function mentioned above, but it seems cannot be updated even if the message queue was empty, it seems to always be True. Here is my sample code: let transfer = session.transferUserInfo(message) if transfer.isTransferring { Timer.scheduledTimer(withTimeInterval: 0.5, repeats: true) { timer in print("Queued message count: \(self.session.outstandingUserInfoTransfers.count), isTransferring:\(transfer.isTransferring)") if !transfer.isTransferring { timer.invalidate() // irrelevant codes... } } } else { // other irrelevant codes... } Appreciate if anyone can help me out of this problem. Best wishes.