Hi,I am trying to create an NAT64 Network with Sharing options to test my Apps.I did follow the guide provided here https://forums.developer.apple.com/thread/14213But even with the option key pressed the "Create NAT64 Network" check box is still missing.I am using a OS X 10.11Any ideas?!

This problem doesn’t appear to relate to the app as everything worked when using http (although an https setup issue may still be the problem). The problem appears to relate to the SSL server certificate on the Ubuntu server and the fact that apple does not accept that it is secure. However I have no problem with the equivalent Android app or web browser connections to the same rest API web services. There are numerous posts on these problems on Apple and other Forums, but none have helped me successfully address the issue. I ran an SSL server test on https://www.ssllabs.com/ssltest/ which gives ratings for SSL sites. The test gave an A rating although a number of minor issues were shown that may be crucial to the iOS failure. Some Sectigo certificates said self signed, which I couldn't understand. Error message from XCode log attached 2025-09-10 10:28:01.725091+0100 locateandclock[2291:1585213] ATS failed system trust 2025-09-10 10:28:01.725192+0100 locateandclock[2291:1585213] Connection 1: system TLS Trust evaluation failed(-9802) 2025-09-10 10:28:01.725291+0100 locateandclock[2291:1585213] Connection 1: TLS Trust encountered error 3:-9802 2025-09-10 10:28:01.725352+0100 locateandclock[2291:1585213] Connection 1: encountered error(3:-9802) 2025-09-10 10:28:01.726727+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802]) 2025-09-10 10:28:01.736504+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x10681be00) s: *.xxxxxxxxxxx.co.uk i: Sectigo Public Server Authentication CA DV R36>", "<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>", "<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSErrorFailingURLStringKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSUnderlyingError=0x282361650 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281cf4460>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=( "<cert(0x10681be00) s: *.xxxxxxxxxxxxxco.uk i: Sectigo Public Server Authentication CA DV R36>", "<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>", "<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281cf4460>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

I cannot find in the documentation and samples how exactly the Bloom filter is generated. Is there any code sample for that?

iPhone 12 pro with iOS 26.0 (23A5276f) App: https://developer.apple.com/documentation/wifiaware/building-peer-to-peer-apps We aim to use Wi-Fi Aware to establish file transfer between Android and Apple devices. Apple will act as the Publisher, and Android will act as the Subscriber. According to the pairing process outlined in the Wi-Fi Aware protocol (Figure 49 in the Wi-Fi Aware 4.0 specification), the three PASN Authentication frames have been successfully exchanged. Subsequently, Android sends the encrypted Follow-up PMF to Apple, but the Apple log shows: Failed to parse event. Please refer to the attached complete log. We request Apple to provide a solution. apple Log-20250808a.txt

I haven’t come across any official documentation regarding the limit on the number of Network Extensions macOS can run. However, I did see some discussions suggesting that Apple might restrict this to 5 extensions in macOS Tahoe. Is there any official confirmation on this?

Hi! My project has the Local Push Connectivity entitlement for a feature we have requiring us to send low-latency critical notifications over a local, private Wi-Fi network. We have our NEAppPushProvider creating a SSE connection using the Network framework with our hardware running a server. The server sends a keep-alive message every second. On an iPhone 16 with iOS 18+, the connection is reliable and remains stable for hours, regardless of whether the iOS app is in the foreground, background, or killed. One of our QA engineers has been testing on an iPhone 13 running iOS 16, and has notice shortly after locking the phone, specifically when not connected to power the device seems to turn off the Wi-Fi radio. So when the server sends a notification, it is not received. About 30s later, it seems to be back on. This happens on regular intervals. When looking at our log data, the provider does seem to be getting stopped, then restarted shortly after. The reason code is NEProviderStopReasonNoNetworkAvailable, which further validates that the network is getting dropped by the device in regular intervals. My questions are: Were there possibly silent changes to the framework between iOS versions that could be the reason we're seeing inconsistent behavior? Is there a connection type we could use, instead of SSE, that would prevent the device from disconnecting and reconnecting to the Wi-Fi network? Is there an alternative approach to allow us to maintain a persistent network connection with the extension or app?

I'm getting "unsatisfied (Local network prohibited)" when trying accessing my local http server running on mac (http://192.168.0.12:8000/test.txt) from an app running on iPhone with iOS 18.4. That's using URLSession, nothing fancy. This is the contents of the plist file of the app: NSAppTransportSecurity NSExceptionAllowsInsecureHTTPLoads true NSAllowsArbitraryLoads true NSAllowsLocalNetworking true NSExceptionDomains 192.168.0.12 NSIncludesSubdomains true NSAllowsLocalNetworking true NSExceptionAllowsInsecureHTTPLoads true NSLocalNetworkUsageDescription Hello The app correctly "prompts" the alert on the first app run, asking if I want to access local network, to which I say yes. Afterwards I could see that Local Network is enabled in iOS settings for the app, yet getting those "Local network prohibited" errors. From testing other global IP + 'http only" sites it feels like NSAllowsArbitraryLoads no longer works as it used to work before. But specifying other test "global" HTTP-only IP addresses in NSExceptionDomains work alright, it's just the local address doesn't. I could access that IP from iOS safari with no problem. The local web site is HTTP only. Googling reveals tons of relevant hits including FAQ articles from Quinn, but whatever I tried so far based on those hits doesn't seem to work.

While trying to use Bonjour, i am encountering an issue. I was following the setup of Bonjour as described here: (https://developer.apple.com/forums/thread/735862) the response is this : nw_browser_fail_on_dns_error_locked [B2] nw_browser_dns_service_browse_callback failed: PolicyDenied(-65570) browser did change state, new: waiting(-65570: PolicyDenied) i tried modifying the info.plist to include NSLocalNetworkUsageDescription and NSBonjourServices but still getting the same a workout or solution is much appreciated !

I have 3 phones iPhone 14 iOS 18.3 iPhone Xr iOS 18.5 iPhone Xr iOS 18.4.1 My app has a network extension, and I've noticed each phone having their connectivity interupted by calls on the push provider, calling stop with the noNetworkAvailable reason. The point of confusion is that each phone seems to get it's interuption at different times. For example one will get an interuption at 1:00, while the others is fine, while at 3:00 another will get an interuption, while the others are fine. This is confusing since a "no network available" seems to imply a problem with the router, or access point, but if that were the case, one would believe it should affect all the phones on the wifi. I don't see less interuptions on the iPhone14 vs the iPhone Xr. Do you believe the iOS version is affecting the performance? Could you please give me some insight, as to what could be going on inside these phones? P.S. I also see an error pop up when using NWConnection, this is inside the App. The state update handler will sometimes return the state, waiting(POSIX(.ENETDOWN)) Is there any relation to what's going on in the extension?

Hello everyone, I'm developing a macOS application with an integrated Content Filter System Extension. Both the main app and the extension are signed with a Developer ID Application provisioning profile. When building in Xcode, I'm encountering an entitlement mismatch error. I've inspected the provisioning profile using the command: security cms -D -i FilterContentExtension-prod-profile.provisionprofile | grep -A 10 com.apple.developer.networking.networkextension And found that the com.apple.developer.networking.networkextension section only contains values with the -systemextension suffix, for example: content-filter-provider-systemextension. However, when I enable Network Extension → Content Filter in Xcode, the .entitlements file is generated with: content-filter-provider. This leads to the error: "Provisioning profile 'FilterContentExtension-prod-profile' doesn't match the entitlements file’s value for the com.apple.developer.networking.networkextension entitlement." My specific questions are: Why does this error occur? How can I use the content-filter-provider entitlement? If I want to use the content-filter-provider entitlement inside com.apple.developer.networking.networkextension for my Content Filter System Extension, what should I do?

Network is not working when over 50MB size file upload smb using NEFilterDataProvider in macOS The event received through NEFilterDataProvider is returned immediately without doing any other work. override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .filterDataVerdict(withFilterInbound: true, peekInboundBytes: Int.max, filterOutbound: true, peekOutboundBytes: Int.max) } override func handleInboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return NEFilterDataVerdict(passBytes: readBytes.count, peekBytes: Int.max) } override func handleOutboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return NEFilterDataVerdict(passBytes: readBytes.count, peekBytes: Int.max) } override func handleInboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .allow() } override func handleOutboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict { guard let socketFlow = flow as? NEFilterSocketFlow, let auditToken = socketFlow.sourceAppAuditToken, let remoteEndpoint = socketFlow.remoteEndpoint as? NWHostEndpoint, let localEndpoint = socketFlow.localEndpoint as? NWHostEndpoint else { return .allow() } return .allow() } how can i fix it?

Hello, We have a SwiftUI-based application that runs as a LaunchAgent and communicates with other internal components using Unix domain sockets (UDS). On Sequoia (macOS virtualized environment), when installing the app, we encounter the Local Network Privacy Alert, asking: "Allow [AppName] to find and connect to devices on the local network?" We are not using any actual network communication — only interprocess communication via UDS. Is there a way to prevent this system prompt, either through MDM configuration or by adjusting our socket-related implementation? Here's a brief look at our Swift/NIO usage: class ClientHandler: ChannelInboundHandler { ... public func channelRead(context: ChannelHandlerContext, data: NIOAny) { ... } ... } // init bootstrap. var bootstrap: ClientBootstrap { return ClientBootstrap(group: group) // Also tried to remove the .so_reuseaddr, the prompt was still there. .channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1) .channelInitializer { channel in // Add ChannelInboundHandler reader. channel.pipeline.addHandler(ClientHandler()) } } // connect to the UDS. self.bootstrap.connect(unixDomainSocketPath: self.path).whenSuccess { (channel) in .. self.channel = channel } ... ... // Send some data. self.channel?.writeAndFlush(buffer).wait() Any guidance would be greatly appreciated.

Hi, I'm very new to everything related to networking and I've been trying to make some sort of "parental control" app for macOS where if the user tries to access some website domain (e.g youtube.com) the request is denied and the user can't access the website. Turns out I used NEFilterDataProvider and NEDNSProxyProvider to achieve that but it's not 100% bullet proof. First problem I had is that most of the time I can't access the hostname in the NEFilterDataProvider when trying to extract it from the socketFlow.remoteEndpoint. Most of the time I get the ipv4. And the problem is : I don't know the IPV4 behind the domains, specially when they're changing frequently. if let socketFlow = flow as? NEFilterSocketFlow { let remoteEndpoint = socketFlow.remoteFlowEndpoint switch remoteEndpoint { case .hostPort(let host, _): switch host { case .name(let hostname, _): log.info("🌿 Intercepted hostname: \(hostname, privacy: .public)") case .ipv4(let ipv4): let ipv4String = ipv4.rawValue.map { String($0) }.joined(separator: ".") log.info("🌿 Intercepted IPV4: \(ipv4String, privacy: .public)") So that's why I used the DNSProxyProvider. With it I can get the domains. I succeeded to drop some of the flows by not writing the datagrams when I see a domain to block, but that does not work 100% of the time and sometimes, for youtube.com for example then the website is still reachable (and sometimes it works successfully and I can't access it). I guess because the IP behind the domain has already been resolved and so it's cached somewhere and the browser does not need to send an UDP request anymore to know the IP behind the domain? Is there a 100% bullet proof way to block traffic to specific domains? Ideally I would like to get rid of the DNSProxyProvider and use only the NEFilterDataProvider but if I can't access the hostnames then I don't see how to do it.

Description: I'm noticing that when using the completion handler variant of URLSession.dataTask(with:), the delegate method urlSession(_:dataTask:didReceive:) is not called—even though a delegate is set when creating the session. Here's a minimal reproducible example: ✅ Case where delegate method is called: class CustomSessionDelegate: NSObject, URLSessionDataDelegate { func urlSession(_ session: URLSession, dataTask: URLSessionDataTask, didReceive data: Data) { print("✅ Delegate method called: Data received") } } let delegate = CustomSessionDelegate() let session = URLSession(configuration: .default, delegate: delegate, delegateQueue: nil) let request = URLRequest(url: URL(string: "https://httpbin.org/get")!) let task = session.dataTask(with: request) // ✅ No completion handler task.resume() In this case, the delegate method didReceive is called as expected. ❌ Case where delegate method is NOT called: class CustomSessionDelegate: NSObject, URLSessionDataDelegate { func urlSession(_ session: URLSession, dataTask: URLSessionDataTask, didReceive data: Data) { print("❌ Delegate method NOT called") } } let delegate = CustomSessionDelegate() let session = URLSession(configuration: .default, delegate: delegate, delegateQueue: nil) let request = URLRequest(url: URL(string: "https://httpbin.org/get")!) let task = session.dataTask(with: request) { data, response, error in print("Completion handler called") } task.resume() Here, the completion handler is executed, but the delegate method didReceive is never called. Notes: I’ve verified this behavior on iOS 16, 17, and 18. Other delegate methods such as urlSession(_:task:didFinishCollecting:) do get called with the completion handler API. This happens regardless of whether swizzling or instrumentation is involved — the issue is reproducible even with direct method implementations. Questions: Is this the expected behavior (i.e., delegate methods like didReceive are skipped when a completion handler is used)? If yes, is there any official documentation that explains this? Is there a recommended way to ensure delegate methods are invoked, even when using completion handler APIs? Thanks in advance!

Samsung's Quick Share uses Wi-Fi Aware to achieve one-to-many concurrent sharing. Can Apple's Wi-Fi Aware achieve one-to-many concurrent sharing? Apple's AirDrop does support one-to-many concurrent sharing.

Hello everyone, I'm developing a macOS application with an integrated Content Filter System Extension. Both the main app and the extension are signed with a Developer ID Application provisioning profile. When building in Xcode, I'm encountering an entitlement mismatch error. I've inspected the provisioning profile using the command: security cms -D -i FilterContentExtension-prod-profile.provisionprofile | grep -A 10 com.apple.developer.networking.networkextension And found that the com.apple.developer.networking.networkextension section only contains values with the -systemextension suffix, for example: content-filter-provider-systemextension. However, when I enable Network Extension → Content Filter in Xcode, the .entitlements file is generated with: content-filter-provider. This leads to the error: "Provisioning profile 'FilterContentExtension-prod-profile' doesn't match the entitlements file’s value for the com.apple.developer.networking.networkextension entitlement." My specific questions are: Why does this error occur? How can I use the content-filter-provider entitlement? If I want to use the content-filter-provider entitlement inside com.apple.developer.networking.networkextension for my Content Filter System Extension, what should I do?

I am creating an application that needs to connect to an Iot device, so i want to make a wifi hotspot with a custom SSID and password and WPA3. Could you please provide an example code in Objective-C to get started?

Hi! We are planning to build an app for a research project that collects sensitive information (such as symptoms, photos and audio). We don't want to store this data locally on the phone or within the app but rather have it securely transferred to a safe SFTP server. Is it possible to implement this i iOS, and if so, does anyone have any recommendations on how to do this?

Hi there. How can I do for the title? URLRequest seems not to have property for protocols. NSURLSessionWebSocketTask seems to have either URLRequest or protocols, but have neither of them. What I want to do is setting both protocols and headers when using WebSocket. Should I use Network.framework instead?

I am in the middle of investigating an issue arising in the call to setsockopt syscall where it returns an undocumented and unexpected errno. As part of that, I'm looking for a way to list any socket content filters or any such extensions are in play on the system where this happens. To do that, I ran: systemextensionsctl list That retuns the following output: 0 extension(s) which seems to indicate there's no filters or extensions in play. However, when I do: netstat -s among other things, it shows: net_api: 2 interface filters currently attached 2 interface filters currently attached by OS 2 interface filters attached since boot 2 interface filters attached since boot by OS ... 4 socket filters currently attached 4 socket filters currently attached by OS 4 socket filters attached since boot 4 socket filters attached since boot by OS What would be the right command/tool/options that I could use to list all the socket filters/extensions (and their details) that are in use and applicable when a call to setsockopt is made from an application on that system? Edit: This is on a macosx-aarch64 with various different OS versions - 13.6.7, 14.3.1 and even 14.4.1.