Hi Team: I first created a macOS app and added a target of the network extension of the system extension to the app. The function of my app is to enable the system extension and allow the network extension. The app only enables the network filter and does not perform other operations. After completion, it will execute [NSApp terminate:nil]; to exit. My network filter can run normally after the app exits, and I use rm -rf to delete the app from /Application, and the network filter can still run normally. This result is what I want, but I don’t know if it is reasonable to delete the app from /Application. My understanding is that the network filter I developed is registered with the system, so it is okay to delete it from /Application. Is this correct?

I'm trying to figure out how to debug failure to successfully resolve DNS queries. I have an app that installs a network extension as a system extension. Then, the system extension spawns a second process via posix_spawn. This second process fails to resolve DNS queries, but the initial system extension process can connect to a URL involving the same hostname. In mDNSResponder I see: 2024-08-23 11:01:30.313470+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56090] DNSServiceCreateConnection START PID[70515](coder) 2024-08-23 11:01:30.313857+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091] DNSServiceQueryRecord(15000, 0, <mask.hash: 'sUpGaOtvrWLwu6toEcVb1g=='>(e8da8e0d), A) START PID[70515](coder) 2024-08-23 11:01:30.314945+0400 0x2336 Debug 0x0 1320 0 mDNSResponder: (Network) [com.apple.network:] -[NWConcrete_nw_path_evaluator dealloc] AE46B126-E438-4804-B030-F0E337AED7A0 2024-08-23 11:01:30.315004+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q18806] InitDNSConfig: Setting StopTime on the uDNS question 0x13d356ce0 <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.315051+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] Question for <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) assigned DNS service 1461 2024-08-23 11:01:30.315075+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q18806] DetermineUnicastQuerySuppression: Query suppressed for <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> Addr (blocked by policy) 2024-08-23 11:01:30.316901+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] GenerateNegativeResponse: Generating negative response for question <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.316953+0400 0x2336 Debug 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091] QueryRecordOpCallback: Suppressed question <mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='> (Addr) 2024-08-23 11:01:30.316984+0400 0x2336 Default 0x0 1320 0 mDNSResponder: [com.apple.mDNSResponder:Default] [R56091->Q18806] DNSServiceQueryRecord(<mask.hash: 'H8NJEpnLHE9dtbSyztCK1A=='>(e8da8e0d), A) RESULT ADD interface 0: (mortal, DNSSEC Indeterminate)<mask.hash: 'fy5Hgf26/rhBtId5NoaY9A=='> So, my query is getting "suppressed" by mDNSResponder, blocked by policy. It doesn't seem to matter what DNS name my 2nd process queries---they are all suppressed. What policies does mDNSResponder enforce? How can I figure out why my queries are being suppressed?

While it is possible to create an IPPROTO_DIVERT socket and bind a divert port successfully, I couldn't find any command piece neither in pf manuel page nor in the web for diverting packets like divert-to, divert etc. My questions: Is packet divert mechanism still active in Sonomo ? If so, what is the correct rule syntax for PF for diverting packets on a specific port?

I am trying to implement BLE communication between installations of an iOS app and I am following Transferring Data Between Bluetooth Low Energy Devices since the data I need to transfer exceeds the 512 byte limit for attribute values. I already have this working based on an older version of the app, however after I integrated with the mainline of development I am getting CBATTErrorRequestNotSupported which seems to be caused by OSStatus 65535 (which is kBluetoothSDPErrorCodeReservedEnd, but that is documented to not even be present on iOS). So it seems that a change on our end is causing these errors, but I am completely stumped as to what change that might be. Is anyone able to enlighten me?

Hi, We are working with a small QUIC POC, in which the macbook pro is the server and the vision pro the client (we use it to test QUIC's functionality). We have below logic to send small buffers (128k) using only one stream because we want the data to arrive in order and reliably as QUIC guarantees: private func createDummyData() { dummyData.append(Data(bytes: &frameNumber, count: MemoryLayout<UInt64>.size)) frameNumber += 1 } private func sendDataToClient() { createDummyData() let start = Date() Thread.sleep(forTimeInterval: 0.015) outgoingConnection?.sendBuffer(dummyData) { [weak self] in let interval = Date().timeIntervalSince(start) print("--> frame #: \(String(describing: self?.frameNumber)), send took: \(interval) seconds") self?.dummyData.removeLast(8) self?.sendDataToClient() } } As you can see we are waiting for the completion handler to call the next send operation. We needed to add a delay (0.015) because even when the data is arriving in order, we are not receiving a considerable amount of buffer on the client side. If we remove the delay, this is the way we are receiving our data. By the way, we are including a frame number (1,2,3,4....) on each buffer so we know which one arrived at the client : Connected to QUIC bi-di tunnel id: 0... Timestamp: 00:42:40.413, Buffer received... Frame number: 0, received... Timestamp: 00:42:40.414, Buffer received... Frame number: 1, received... Timestamp: 00:42:40.416, Buffer received... Frame number: 29, received... Timestamp: 00:42:40.416, Buffer received... Frame number: 30, received... Timestamp: 00:42:40.418, Buffer received... Frame number: 43, received... Timestamp: 00:42:40.418, Buffer received... Frame number: 52, received... Timestamp: 00:42:40.422, Buffer received... Frame number: 65, received... Timestamp: 00:42:40.424, Buffer received... Frame number: 80, received... Timestamp: 00:42:40.426, Buffer received... Frame number: 90, received... As you can see, we have received frames number 0 and 1 but after that we received # 29 and then jumps from 30 to 43 and 52 and 65. Again, if we introduce the delay this is not the case, is not fixing it but at least there are not that many losses. We thought QUIC had an internal sending queue in which every frame is waiting to be sent and it will be delivered reliably. Kindly let us know what are we missing.

Hello Folks, Can we capture below information for connected WIFI { AdapterType SSIDName DefaultAuthenticationAlgorithm DefaultCipherAlgorithm SecurityEnabled ConnectionStatus VpnConnectionStatus BssType NetworkConnectable NumberOfSSIDs ProfileName Bssid FrequencyType SignalQuality }

We are encountering an issue with the MFi modal in our iOS application. Occasionally, when attempting to display the MFi modal, it either loads completely empty or shows the WiFi Network field as empty. This issue seems to occur intermittently.

I have configured includedRoutes and excludedRoutes with specific IP addresses and masks. All applications, except for the app store, are following the access routes as intended. However, app store traffic is bypassing the defined access routes and going over the tunnel. The routing method is set to be destination IP.

I have configured includedRoutes and excludedRoutes with specific IP addresses and masks. All applications, except for the app store, are following the access routes as intended. However, app store traffic is bypassing the defined access routes and going over the tunnel.

Hi, On macOS 15 beta 7, we get a network popup while launching application, "Allow "App" to find the devices on local network?" This popup we are not seeing in older versions of macOS. We also see a a new option in "System Settings->Privacy & Security->Local Network". Is there way to add the application entry in "Local Network" through a command so that we can suppress this popup on launching the applications? Regards Prema Kumar

I am trying to connect to localhost:8081 from simulator, but it is unable to connect with following logs: info 12:07:49.167248+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000003 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=IN6ADDR_ANY ttl=60 info 12:07:49.167310+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000002 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=INADDR_ANY ttl=108002 Macos 14.6.1 iOS simulator version 17.5 Som observations localhost:8081 does not load on simulator but 0.0.0.0:8081 loads fine, also 127.0.0.0:8081 loads fine on simulator. My laptop is a managed device with network filter Switching network sometimes fixes the issue. Restarting laptop sometimes fixes the issue. localhost:8081 opens find on laptop, but not on simulator. Contents of my laptop's /etc/hosts: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost

I'm looking to see if there's any suggested libraries / frameworks to use for transferring files between Macs. The setup is a few dozen Macs (each with 10g networking) and a custom app that handles the transfer of files between them on a local network. I looked into raw TCP sockets but the file sizes will make this tricky. Some files can be up to 150gb. Maybe SFTP to AFP? But not sure how this looks in code and I know I don't want to be mounting computers in finder - ideally it's an app that hosts it's own server to handle the transfers. Any insight on this would be helpful. Thanks!

I have 3 functions to run in series , all have api calls to make but 2nd function has multiple api call and after all api of 2nd function is executed and saved to Core Data then 3rd function is called . Then after 3rd function again all functions are called I want all this to work when app in background . i am currently using begin background task and end background task

NETransparentProxyProvider have below method: override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool This method is blocking. Until we returns value from this method, next flow will be blocked, macOS doesn’t calls it on new thread. for example: if we take 10 second to check what to do with this flow, whether to handle it(true) or return to kernel(false), another flow will be block for 10 sec. how to not block future flow while it is taking longer to process current flow?

How can we get the BSSID value for a wifi network without sudo we have tried with different options but they dont seem to work.It seems they have been deprecated. /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en1 --getinfo | grep BSSID | awk -F ': ' '{print $2}' ioreg -l -n AWDLPeerManager | perl -lne 'print $1 if $_ =~ /IO80211BSSID.&lt;(.)&gt;/;' | fold -w2 | paste -sd: -

Since Apple Multipeer framework does not really work without crashes, I implemented my own multipeer with the Network.framework. like let tcpOptions = NWProtocolTCP.Options.createDefault() let parameters = NWParameters(tls: NWProtocolTLS.Options(), tcp: tcpOptions) parameters.setDefaultSettings() let browser = NWBrowser( for: .bonjour( type: config.bonjourServiceType, domain: nil ), using: parameters ) and extension NWParameters { func setDefaultSettings() { self.includePeerToPeer = true self.requiredInterfaceType = .wifi self.preferNoProxies = true } } extension NWProtocolTCP.Options { static func createDefault() -> NWProtocolTCP.Options { let tcpOptions = NWProtocolTCP.Options() tcpOptions.enableKeepalive = true tcpOptions.keepaliveIdle = 10 // 10 seconds keepalive interval tcpOptions.noDelay = true // Disable Nagle's algorithm for low latency return tcpOptions } } it works well up to approx. 30 meter outside with free view. What's the max range for the peer to peer via bonjour? And is there a way to get longer distance than 30 meter?

Can we download a file directly into a connected external storage like a pendrive without downloading it into App Sandbox environment first and then copying the file to external storage, in case of larger files.

Our app has been crashing in the CFNetwork Framework frequently, but the attached TestFlight crash logs do not help in identifying the possible root cause of the same. Any help would be greatly appreciated.

I would like to connect an iPhone to Wi-Fi from my app without any popups. I work for a Wi-Fi testing company, and we have hundreds of iPhones that need to be connected to and disconnected from Wi-Fi frequently. We need to automate this process. Please let me know if there is any way to achieve this. Thanks in advance.

Greetings, I am trying to mimic what the official WireGuard client (available on AppStore, source code is publicly available) does regarding the routing tables. The client uses NetworkExtension framework. When a VPN connection is established with all traffic routed through WireGuard (AllowedIPs = 0.0.0.0/0), the routing table is amend with something like this: Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire default link#36 10.10.10.2 UCSg 114 0 1420 utun7 10.10.10.2 10.10.10.2 10.10.10.2 UH 0 10 1420 utun7 224.0.0/4 link#36 10.10.10.2 UmCS 0 0 1420 utun7 255.255.255.255/32 link#36 10.10.10.2 UCS 0 0 1420 utun7 Please note that another default route exists to the working Ethernet interface, but I have not mentioned it above. I would like to do something similar for wireguard-go (open source WireGuard implementation written in Go), in particular start it, assign an IP address, then add the routes. sudo env LOG_LEVEL=debug wireguard-go -f utun sudo ifconfig utun5 10.10.10.2 10.10.10.2 netmask 255.255.255.255 Here is the code fragment written in C which suppose to add default route (0.0.0.0/0) to the link layer address: void add_link_route() { struct { struct rt_msghdr hdr; struct sockaddr_in dest; struct sockaddr_dl gateway; struct sockaddr_in netmask; } rt; memset(&amp;rt, 0, sizeof(rt)); int sockfd = socket(PF_ROUTE, SOCK_RAW, 0); if (sockfd == -1) { perror("socket"); return; } unsigned int if_index = if_nametoindex("utun5"); rt.hdr.rtm_msglen = sizeof(rt); rt.hdr.rtm_version = RTM_VERSION; rt.hdr.rtm_type = RTM_ADD; rt.hdr.rtm_index = if_index; rt.hdr.rtm_flags = RTF_UP | RTF_STATIC | RTF_CLONING; rt.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_NETMASK; rt.hdr.rtm_seq = 1; rt.hdr.rtm_pid = getpid(); rt.dest.sin_len = sizeof(struct sockaddr_in); rt.dest.sin_family = AF_INET; rt.dest.sin_addr.s_addr = INADDR_NONE; rt.gateway.sdl_len = sizeof(struct sockaddr_dl); rt.gateway.sdl_family = AF_LINK; rt.gateway.sdl_index = if_index; rt.gateway.sdl_type = IFT_PPP; rt.netmask.sin_len = sizeof(struct sockaddr_in); rt.netmask.sin_family = AF_INET; rt.netmask.sin_addr.s_addr = INADDR_NONE; if (write(sockfd, &amp;rt, sizeof(rt)) == -1) { perror("write"); } close(sockfd); } But, when executed, write() returns EEXIST (File exists) error, meaning, the default route cannot be overwritten (because another default route exists which points to the existing Ethernet interface). At this point I have no idea how the routes could be created successfully inside NetworkExtension, and I would like to do the same. For comparison, there is another case when all traffice is not routed through the VPN. Then, the routes are created like this: Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire default link#36 10.10.10.2 UCSIg 0 0 1420 utun7 10.10.10.2 10.10.10.2 10.10.10.2 UH 0 0 1420 utun7 224.0.0/4 link#36 10.10.10.2 UmCSI 0 0 1420 utun7 255.255.255.255/32 link#36 10.10.10.2 UCSI 0 0 1420 utun7 The difference is that now the scope is bound to the network interface. And in such case, my C code succeeds, providing I add RTF_IFSCOPE flag to rtm_flags. I would appreciate if someone helped me with this problem.