I am developing an app which heavily relies on TCP device to device connections in the local network. The devices (multiple iPhones 13) are connected through a common consumer wifi router and act as server and client simultaneously. My problem is that 2 out of 3 iPhones can't establish outgoing TCP connections. However, they can act as server and accept incoming connections. All devices have the same iOS version (17.5.1) and access to Local Network is granted in the Privacy & Security settings. All devices have IPs in the range 192.168.x.x and the correct subnet is set. Safari can connect to IPs in the local network but not my app. The wifi network does not provide access to internet. Mobile data is turned off on all devices. As the error is happening out in the field, I cannot reproduce it under controlled conditions. What settings (beside not granting access to Local Network) may block outgoing connections to local IPs? What configurations of the app (e.g. entries in Info.plist) may result in or fix this behaviour?

Hi all, I'm working on deploying a VPN for users of our enterprise app, using the built-in IKEv2 provider (configured either by a configuration profile or an app). I'm struggling to get the user experience right and was curious to hear if the behaviors I'm observing have been seen by other developers. The main behavior I am observing is that the client tends to randomly disconnect, and it does not attempt to reconnect. This is particularly problematic when paired with the includeAllNetworks option. Paired with includeAllNetworks: The device does not attempt to reconnect the tunnel Once the tunnel disconnects, onDemandRules don't seem to evaluate. Even if a NEOnDemandRuleConnect rule matches the current network, the connection does not reestablish. All network traffic remains blocked on both WiFi and Cellular (rendering any network-dependent app unusable) until the user intervenes and toggles the connection in the Settings app This seems like a problematic user experience and I would be surprised if this is by design. As for the disconnects themselves, I have had a hard time correlating them to any particular network condition or protocol behavior. I've seen a connection drop after as little as 10 minutes and stay up for over 16 hours (including while the device roamed from WiFi to Cellular networks and in and out of connectivity). We confirmed with server logs that the clients were able to successfully re-key both the IKE SA and CHILD SAs. I had difficulty retrieving system logs from iOS, but on macOS I was able to observe this error from NEIKEv2Provider that lined up with one of the disconnect events: "Internal: Initiate MOBIKE failed to migrate child SAs" (server logs showed a successful rekey exchange at the same time). Thanks, Lucas

Trying to send and receive data in the GameCenter environment using the following methods: func sendData(dictionaryWithData dictionary: Dictionary<String, Any>,toPeer targetPeers: [GKPlayer]) { guard let match = self.match else { return } do { let dataToSend = try NSKeyedArchiver.archivedData(withRootObject: dictionary, requiringSecureCoding: false) try match.send(dataToSend, to: targetPeers, dataMode: .reliable) } catch { #if DEBUG print("CONNECTION MANAGER SEND DATA ERROR") #endif } } public func match(_ theMatch: GKMatch,didReceive data: Data,forRecipient recipient: GKPlayer,fromRemotePlayer player: GKPlayer) { if match != theMatch { return } DispatchQueue.main.async { do { guard let message = NSDictionary.unsecureUnarchived(from: data) as? Dictionary<String, Any> else {return} ... <CODE> ... } ///Source: https://stackoverflow.com/questions/51487622/unarchive-array-with-nskeyedunarchiver-unarchivedobjectofclassfrom static func unsecureUnarchived(from data: Data) -> Self? { do { let unarchiver = try NSKeyedUnarchiver(forReadingFrom: data) unarchiver.requiresSecureCoding = false let obj = unarchiver.decodeObject(of: self, forKey: NSKeyedArchiveRootObjectKey) if let error = unarchiver.error { print("Error:\(error)") } return obj } catch { print("Error:\(error)") } return nil } Everything works great until the data exceeds 87K (which, I understand, is the limit for exchanging data in GameCenter). The data is not sent and gives the following error: Async message[1FCA0D11-05DE-47D0-9714-983C8023F5C1] send error: FailedToSendData: , InternalError: reliable, maxPayloadSizeExceeded Interesting enough, I do not have this problem when using MCSession, as follows, even if data exceeds 87K: func sendData(dictionaryWithData dictionary: Dictionary<String, Any>, toPeer targetPeers: [MCPeerID]) { do { let dataToSend = try NSKeyedArchiver.archivedData(withRootObject: dictionary, requiringSecureCoding: false) try session.send(dataToSend, toPeers: targetPeers, with: MCSessionSendDataMode.reliable) } catch { #if DEBUG print("CONNECTION MANAGER SEND DATA ERROR") #endif } } I have been doing research and found that I need to fragment data and send and receive it in packages. But I could not find a good explanation how to do it. Any help would be appreciated!

My requirement is to create a App and all the traffic from this App will be forwarded to relay servers(only implement socks5 protocol), the relay server then forward the traffic to the destination server. I have tried the two plans below: A. I tried the NEAppProxyProvider but it seemed to work only under MDM, MDM looks like very complex , so I gave it up. Actually this way is more appropraite for me. B. the other way is NEPacketTunnelProvider. I have figured out a common solution, steps: config the routes for NEPacketTunnelProvider get the fd from packetFlow start a tun2socks service to forward the traffic from the fd。 Sadly the way gettting the traffic from the fd is not recommened by apple official. so the only way to deal with the traffic is handling the packets. may be steps: parse the packet modify the packet write the packet back ... it seems even more complex than plan A,Besides, we have multiple relay servers, if there is a whole request we can make sure all this request data is forwarded by a same relay server, But if there is a packet, may be god can tell which relay server it should go to. We have implemented the same functionality in Android devices. can you help me to find out which way is better in iOS devices? I will be appreciated if you can provide more advice. Thanks.

I have an application that enables recording video from multiple iPhones through an iPad. It uses Multipeer Connectivity for all the device communication. When the user presses record on the iPad, it sends a command to each device in parallel and they start capturing video. But since network latency varies, I cannot guarantee that the recording start and stop times are consistent among all the iPhones. I need the frames to be exactly in sync. I tried using the system clock on each device for synchronizing the videos. If all the device system clocks were in sync within 3ms (30 frames per second), then it should be okay. But I tested and the clocks vary quite a bit, multiple seconds. So that won't work. I ultimately solved the problem by having a countdown timer on the iPad. The user puts the iPad in view of each phone with the countdown. Then later I use a python script to cut all the videos when the countdown timer goes to 0. But that's more work for the end user and requires manual work on our end. With a little ML text recognition, this could get better. Some people have suggested using a time server and syncing the clocks that way. I still haven't tried this out, and I'm not sure if it's even possible to run a NTP server on an iPad, and whether the NTP resolution will be below 3ms. I tried out Final Cut Camera and it has solved the synchronization problem. Each frame is in sync. The phones don't start and stop at exactly the same time, and they account for this by adding black frames to the front and/or back of videos to account for differences. I've searched online and other people have the same problem. I'd love to know how Apple was able to solve the synchronization issue when recording video from multiple iPhones from an iPad over what I assume is Multipeer Connectivity.

Hi everyone! I'm developing a smart shutter motor control application for a custom electric shutter motor. I'm creating the application in MAUI using Visual Studio Code. Almost everything works except for the initial setup of the motor, during which the phone needs to connect to the shutter motor's AP and send about 500 bytes via TCP socket. The TCP socket solution works when I upload the application with HOT RELOAD, but it doesn't work when I distribute it via TestFlight. I've tried using both the TcpClient class and the Socket class, but neither works under TestFlight. iOS 17.5.1 .net 8 It works on android, windows... Do you have any ideas? Thank you in advance.

I have a project with two processes: a UI app (non root) and a system extension (root). The XPC communication between them is functioning correctly. Now, I want to add another process for a different task. I created a new XPC target (HelperProcess) in Xcode and set up an XPC connection between the UI process and this new HelperProcess, which works fine. However, when I try to establish an XPC connection between the HelperProcess and the system extension, it fails. I used the same steps I did to set up the XPC connection between the HelperProcess and the UI process. Specifically, I am using initWithServiceName: to identify the process for communication, but this approach only fails for the system extension and not for the UI part.

HI, I have Mac Sequoia Beta3. I installed Content Filer network extension which is same as https://developer.apple.com/documentation/networkextension/filtering_network_traffic in my machine. When I try to connect a machine through "ssh", NEFilterFlow.description in handleNewFlow(_ flow: NEFilterFlow) is showing "sourceAppIdentifier" (process name) as "Terminal" instead of "ssh". But other Mac OS versions, it is showing as "ssh". Is there any issue with Sequoia Beta3? or Is this expected? Thanks

Is there any cause that would make this happen? We all know that Apple does not provide any API to disconnect cellular data.

My iPhone 6s (iOS 15.0) is the national version of Chinese Mainland, without a sim card I have connected the WiFi of intelligent hardware, which is not connected to the Internet When downloading the app for the first time, the network permission pop-up cannot appear I have tried all the methods that can be found online, including simulating triggering network requests and making socket connections with devices What's even more outrageous is that there is no access option for network requests in the app settings Of course, I know that permission can be triggered when I connect to the Internet, but my usage scenario is not like that I am very grateful for any suggestions.

Is that possible to capture inbound DNS traffic using NEDNSProxyProvider using swift ? I can see the outbound DNS traffic via handleNewUDPFlow. how to get the inbound DNS traffic? I want to see all the DNS response in a macos device

We have BLE on a vehicle that acts as a peripheral and pairs with the user's iOS device as a central device. As we understand, the only way for a peripheral to be "remembered" for the next connection is registration with ANCS. If we don't register while being connected and then the user goes away, when he next time is in range, fresh pairing has to happen. Is that the right understanding? Before we register, we are discovering the ANCS on an iOS device, with UID for ANCS and connection handle as arguments. There are times when discovering API returns 0x06 (implying service not available). At times, we are able to discover the service and are able to register. We wanted to know if there is a deterministic way to ensure ANCS to be discoverable from the peripheral side? If not, is there another way (say any other service) by which the peripheral can take some action to be remembered?

Hi, we are developing a carpooling app. In our app, once, the car driver enters his car, the app connects automatically in the background to the car. The connection to the car is done either via CarPlay or Bluetooth. Currently, when setting up the app, the user has to define how the connection to the car is established. He can choose between three options: either 1)CarPlay, or 2)Bluetooth or 3)both. Is it correct, that starting with the AccessoyKit of IOS18, the user will only have to choose the device, he wants the app to be connected with? However, he no longer has to define the kind of connection, i. e. CarPlay or Bluetooth by which to connect to the device? So in future, users will be able to connect to their Car, but they do not even know, whether the connection is via Bluetooth or CarPlay? If that is the case, it would make our lives much easier;) Many thanks for your help! Greets, Simon

I'm very interested in whether it works and, if so, how the system decides to enable or not TFO when working with the network using URLSession. I didn't find any information in the documentation. For example, for NWConnection we need to manually add additional option: /* Allow fast open on the connection parameters */ parameters.allowFastOpen = true let connection = NWConnection(to: endpoint, using: parameters) /* Call send with idempotent initial data before starting the connection */ connection.send(content: initialData, completion: .idempotent) connection.start(queue: myQueue)

Hello, I am trying to apply ProxyConfiguration on the WebKit webview. I referred to the following sources: https://forums.developer.apple.com/forums/thread/110312 and https://developer.apple.com/videos/play/wwdc2023/10002/ import WebKit class WebKitViewModel: ObservableObject { let webView: WKWebView @Published var urlString: String = "https://example.com" init() { webView = WKWebView(frame: .zero) } func loadUrl() { guard let url = URL(string: urlString) else { return } var request = URLRequest(url: url) let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: 9077) let proxyConfig = ProxyConfiguration.init(httpCONNECTProxy: endpoint) let websiteDataStore = WKWebsiteDataStore.default() websiteDataStore.proxyConfigurations = [proxyConfig] webView.configuration.websiteDataStore = websiteDataStore webView.load(request) } } However, this configuration only works for HTTP proxies. When I try to use an HTTPS proxy, it does not work. When I use NWConnection to connect to the proxy, it works successfully: import Foundation import Network public class HTTPProxy { private let proxyHost: NWEndpoint.Host private let proxyPort: NWEndpoint.Port private var connection: NWConnection? public init(proxyHost: String, proxyPort: UInt16) { self.proxyHost = NWEndpoint.Host(proxyHost) self.proxyPort = NWEndpoint.Port(rawValue: proxyPort)! } public func sendHTTPRequest(completion: @escaping (Result<String, Error>) -> Void) { let tlsOptions = NWProtocolTLS.Options() let parameters = NWParameters(tls: tlsOptions) connection = NWConnection(host: proxyHost, port: proxyPort, using: parameters) connection?.stateUpdateHandler = { [weak self] state in switch state { case .ready: self?.sendConnectRequest(completion: completion) case .failed(let error): completion(.failure(error)) default: break } } connection?.start(queue: .global()) } private func sendConnectRequest(completion: @escaping (Result<String, Error>) -> Void) { guard let connection = connection else { completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil))) return } let username = "xxxx" let password = "xxxx" let credentials = "\(username):\(password)" guard let credentialsData = credentials.data(using: .utf8) else { print("Error encoding credentials") fatalError() } let base64Credentials = credentialsData.base64EncodedString() let proxyAuthorization = "Basic \(base64Credentials)" let connectString = "CONNECT api.ipify.org:80 HTTP/1.1\r\n" + "Host: api.ipify.org:80\r\n" + "Proxy-Authorization: \(proxyAuthorization)\r\n" + "Connection: keep-alive\r\n" + "\r\n" if let connectData = connectString.data(using: .utf8) { connection.send(content: connectData, completion: .contentProcessed { error in if let error = error { completion(.failure(error)) } else { self.receiveConnectResponse(completion: completion) } }) } } private func receiveConnectResponse(completion: @escaping (Result<String, Error>) -> Void) { connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in if let data = data, let responseString = String(data: data, encoding: .utf8) { if responseString.contains("200 OK") { self.sendRequest(completion: completion) } else { completion(.failure(NSError(domain: "Failed to establish connection", code: -1, userInfo: nil))) } } else if let error = error { completion(.failure(error)) } } } private func sendRequest(completion: @escaping (Result<String, Error>) -> Void) { guard let connection = connection else { completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil))) return } let requestString = "GET /?format=json HTTP/1.1\r\n" + "Host: api.ipify.org\r\n" + // "Proxy-Authorization: Basic xxxxxxxx\r\n" + "Connection: keep-alive\r\n" + "\r\n" print("Sending HTTP request:\n\(requestString)") if let requestData = requestString.data(using: .utf8) { connection.send(content: requestData, completion: .contentProcessed { error in if let error = error { completion(.failure(error)) } else { self.receiveResponse(completion: completion) } }) } } private func receiveResponse(completion: @escaping (Result<String, Error>) -> Void) { connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in if let data = data, !data.isEmpty { print ("Data: \(data)") if let responseString = String(data: data, encoding: .utf8) { print("Received response:\n\(responseString)") completion(.success(responseString)) } else { completion(.failure(NSError(domain: "Invalid response data", code: -1, userInfo: nil))) } } else if let error = error { completion(.failure(error)) } if isComplete { self.connection?.cancel() self.connection = nil } else { self.receiveResponse(completion: completion) } } } } This approach works for connecting to the proxy, but it does not help with configuring the proxy for WebKit. Could someone please assist me in configuring a proxy for WebKit WebView to work with HTTPS proxies? Thank you!

I am applying for the NEHotspot API Entitlement with the details below, but Apple has rejected it multiple times. Can you help me understand what I am doing wrong? Q. In how many countries are your hotspots located? A - 1 Q. What is the approximate total number of hotspots you manage? A - 1000 Q. Which of the following best explains the relationship between you, the app publisher, and the users of these hotspots? A - These hotspots are free for anyone to use. Hotspot Helper API usage Q. A hotspot helper must claim the hotspot networks that it supports by setting a confidence value of either .low or .high when responding to the .evaluate command. See Figure 1-1 in Hotspot Network Subsystem Programming Guide for more background on this. When the helper claims a network, its display name (kNEHotspotHelperOptionDisplayName) is shown in Settings &amp;gt; Wi-Fi. What value do you intend to use for this? A - BSSID(MAC) Q. When responding to the .authenticate command, you system must interact with your hotspot to instruct it to pass traffic from the device to the wider internet. What network protocols does it use? A - DNS , HTTP Q. Provide any additional details about your usage to help us understand your planned implementation. A - We are implementing the following functionalities in our project: Connect to a Wi-Fi hotspot with a specified SSID. Remove Wi-Fi configurations for specific SSIDs. Initialize a new hotspot configuration with the specified SSID.

Hello all, I am working on a project to connect to infra-WIFI via hotspot 2.0 (passpoint in WiFi alliance) from a loyalty app (to load trust anchor and client certificate) into iOS device using EAP-TLS. Apple's documentation only describe generic hotspot 2.0 support (probably R1). The UX for loading certificate is not user friendly compare with Android. I wish to confirm if iOS can support Passpoint R2 / R3 from apple to complete the App UX design. Please advise. Thanks. I am not doing EAP-AKA like what mobile telco ATT does for cellular offload to infrastructure WiFi for data traffic. This URL outline what is passpoint well for reference. https://syndicated.wifinowglobal.com/resource/secure-and-seamless-carrier-wi-fi-services-with-passpoint/

I am developing a watchOS-only app, and whenever I attempt to make a network request, it always fails and throws the following error: Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." I noticed that when I turn off Wi-Fi and Bluetooth in the settings of the iPhone paired with the Apple Watch (thus disconnecting the Apple Watch from the iPhone), my app can successfully connect to the network. Additionally, when the app contains both an iOS app and a watchOS app, after granting network permissions on the iOS app, the watchOS app can access the network normally when connected to the iPhone. When opening some system apps on the Apple Watch (such as the "Workout" app), the app will display a network permission request similar to that on iOS, but this request does not automatically pop up when my watchOS app attempts to access the network. Is there a way to request network permissions in a watchOS-only app so that it can access the network while connected to the iPhone?

I want to make a program which configures my Mac to broadcast a Wi-Fi Direct hotspot: a peer-to-peer network without an internet connection which is joinable by other devices including non-Apple devices (e.g. Android devices). This connection would allow for low latency comunication between external devices and my Mac without the need for extra Wi-Fi router hardware. From my understanding, the Mac network interface must be configured to be in Host AP (Access Point) mode so that it can host other connections. How can I write a program which enables Host AP mode and broadcasts a Wi-Fi hotspot from my Mac? Note: I do not want to create an Ad-Hoc (IBSS) connection because Android devices do not support joining this kind of Wi-Fi connection. Many years ago, it was possible to set the Mac Wi-Fi interface to Host AP mode via a function in CoreWLAN: CWInterface.startHostAPModeWithSSID. You can see this function referenced in this gist. But sadly, this function is no longer accessible. At this point in time, I see no way in the CoreWLAN library to set a CWInterface to be in hostAP interface mode, although the CWInterfaceMode.hostAP enumeration suggests this is possible. It is possible to enable Host AP mode via the Settings app > Sharing > Internet Sharing settings. But this requires a legitimate internet connection to be present. For my use case, I do not want a connection to the internet. I simply want to allow devices to communicate with my Mac directly, peer-to-peer over Wi-Fi. Is there any alternative? Could I implement this functionality in a Network Extension or Kernel Extension? Thank you all for any help you can provide!

It looks like that, with Sequoia, it is not possible to open an NSURLSession or any other TCP connection to a machine on the local network if the application is not in the "Applications" folder. That is pretty inconvenient when debugging or running via Xcode since the build folder is not within the Applications folder. And, yes, the NSLocalNetworkUsageDescription key and description strings are in the Info.plist file (and it asks for permission). How can we expect to debug applications like that ? Is anybody else experiencing this ?