.local domain and iOS/OSX - ios

Hello I'm working with an hardware team to a really nice device that we can connect through with an iOS application. Currently we are using an ip address to perform calls on this device and it is working perfectly. Since we read about the new ATS specifics by Apple, we are trying to move the connection to a .local domain instead of using an IP address, so that we can configure domains exceptions in the App Transport Security Settings. We are experiencing a lot of problems trying to connect to the .local domains from the App... it seems that the DNS is never resolved. Are there any known bug related to .local domain? I seen some very old bugs... but nothing related to iOS 10/9.
Note: Currently to connect to the device we have to put the device in Access Point mode and from iOS settings we choose it as "wi-fi" router.

You're looking for Zero configuration networking, specifically DNS Service Discovery, an industry standard that Apple markets as Bonjour. That's what allows a device to list its services for DNS discovery through the .local top-level domain.
"Publication: An Example" in Apple's Bonjour guide is a good place to start for understanding what you'd need to do to implement this as a hardware vendor.

Related

Starter code to monitor DHCP, m-DNS,DNS traffic in iOS

We are new to iOS apple development and iOS network extension but we do have general application development experience. We are wondering if there is a starter code available which we could utilize for our project.
We are looking for a virtual network interface in iOS so could monitor network traffic. Our goal is to monitor DHCP broadcast,m-DNS, DNS traffic.
If there are other methods, we would love to know.
There are different ways you can intercept DNS traffic in NE. However, if you are only interested in capturing DNS traffic, DNS Proxy Provider would your best option. Although, DNS Proxy Provider has limitation that it is only supported on managed devices.
Few discussions that would help:
https://developer.apple.com/forums/thread/81103?answerId=246229022
https://developer.apple.com/forums/thread/665480
How to use NEDNSProxyProvider in iOS 11
Few samples on GitHub:
https://github.com/pusateri/DNS-TLS
https://github.com/GroupeMINASTE/FMobile-iOS
You can search for NEDNSProxyProvider in developer forums to find quite a few discussions about it. This discussion also provides some good details. Also, this one.
You may also use Packet Tunnel Provider with match domains or empty match domains and full tunnel. This will allow you to support NE without MDM.
Few examples of Packet Tunnel Providers:
https://github.com/douxinchun/RabbitVpnDemo
https://github.com/OperatorFoundation/PacketTunnelExample
https://github.com/davlxd/NEPacketTunnelVPNDemo

Objective-C - itune app store rejected my app after review, main reason is IPv4 needs to be IPv6?

I have WebRTC framework for my iOS app.
But Apple iTune app store review team, rejected my app (even though it was working in my local hardware's, cost me 6 months of work). After waiting so long, they rejected, because its IPv4, has to be IPv6?
I cant simply change the whole WebRTC Framework that i have used in my app.
My target clients are only IPv4 (not IPv6, i am not even interested to use IPv6), is there no way to solve it? I am using this framework: https://cocoapods.org/pods/libjingle_peerconnection
Any advise/suggestion, has anyone tried the libjingle_peerconnection library to make compatible for IPv6?
EDIT: at 3.56AM
You need to add more details in your question to get an appropriate and correct answer.
My reason for putting an answer is not to answer your question as we need further information. My goal to answer is to make everyone aware how IPv6 functionality can be enabled when developing an Webrtc app.
Server side
Generally speaking primarily there are two main backend components the Webrtc clients connect to:
Signaling server : This is used to carry signaling information such as your sdp between Webrtc endpoints. Can be implemented using web sockets or http or other mechanisms
Stun and a relay/turn server: for obvious Udp hole punching through NAT traversal and if p2p not possible, to act as a relay between endpoints.
For IPv6 both of these servers should support IPv6 connections to it.
Client side
When apple tests IPv6, it must be disabling IPv4 network interface so that the iOS networking stack is forced to use IPv6. Hence you need to enable Webrtc stack to use IPv6 interface. This can be done by adding the constraint googIPv6 : true in the createpeerconnection constraints.
Other than this if you are using any other app servers in your code, you will have to make sure they accept v6 connections.

Service discovery using dns-sd

I have a device which is configured in station mode. Device is connected to a smart phone over hotspot provided by smartphone. Device needs to search for a service published by an application on smartphone say _abc._tcp.
I am using the command dns-sd -B _abc._tcp but no output.
Please guide me what I may be missing.
The application publishes the service. I verified it using Bonjour application on android.
Also please clarify
Is it possible to discover the services while in station mode.
While searching for services is it necessary to provide complete service name. If not how we can discover all the services published on the smart phone
Can firewall settings on device affect for service discovery?
How can we achieve the same in C++. Any libraries which can help in discovering.
Thanks is advance.
Is it possible to discover the services while in station mode.
see station mode
While searching for services is it necessary to provide complete
service name.
yes
If not how we can discover all the services published on
the smart phone
Service discovery is meant to be used to discover a severice you're looking for like a printer or a webpage.
One solution you might use is to find all services and query for each instance of the service. Each instance has a name and an ip which you can compare to the phone's ip. Well this is quite ugly I think.
Can firewall settings on device affect for service discovery?
Yes
How can we achieve the same in C++. Any libraries which can help in
discovering.
There are libs in almost every language... search for c++ service discovery in your favourite search engine and you will find plenty (or another so-thread with links to one or more)
Codewing has already provided answers.
To add to above answers.
Can firewall settings on device affect for service discovery?
Yes. Also service discovery can happen on multiple interfaces (wlan0, eth0...).
These interfaces also affect service discovery. To check on this dns configuration file can be checked. In my case interface wlan was disabled in configuration file so I was unable to discover services.

Accessing remotely my web service

I have implemented a web service on my mac and I am able to access its functionalities through the url "http://localhost:8080/ServiceApp-war/resources/".
As I got satisfying results that I could see in the iPhone simulator in Xcode, I decided to connect my iPhone and test on it. But for this to work I think I need to change the "localhost" in my URL to the IP address of my mac.
I tried to replace it with my public IP address and I got a "could not connect to the server" error on my console. I also tried to replace "localhost" with the IP address I found in System Preferences-->Network-->Wi-Fi and I could see that it was working on the simulator but still nothing when I connect my iPhone and run the application on it.
Please provide a solution for accessing my web service remotely.
Thank you.
Create hotspot from your mac, connect to it with your iPhone and try again.
<lame solution>
Try some service for temporary domain, it will make your computer accessible from anywhere.
How do you "connect" your iPhone? USB connection does not create a network. Well, it does create if you turn on Personal Hotspot on your iPhone (maybe in some other cases, dunno). But the most simple way is to connect Mac and iPhone to the same WiFi network.
Once connected, you can use any of "ping" apps available on App Store. Just look for "ping" (some kind of "network reachability test" or so). You can check if your Mac is really reachable on the network.
If it's not reachable, check your network settings on both devices: do they belong to the same subnet, do they use the same gateway, etc.
If your Mac is reachable with ping, then you should deal with your web service. I setup the web server (which is already distributed within OS X): it already has all the settings to allow other devices to connect. But your web service may require some additional setup. It's two basic things: it should bind to your IP address (please check http://YOUR.IP:8080/ServiceApp-war/resources/ from your Mac!) and second, accept incoming connections from other agents, you should find it somewhere in its settings.
Ngrok was the perfect solution I was looking for.
https://ngrok.com
You could also try finch, which is similar to ngrok. It has a nice friendly GUI. https://meetfinch.com

Apples new security policy over HTTPs and iPv6-Clarifications

We have existing iPhone/ipad application and currently we are consuming HTTP soap and Rest services.
As per the new rules and regulations of Apple, do We need to Convert our existing HTTP services to HTTPs?
Can We user Self signed certificate in the server to make the service SSL enables one?
Is there any problem for the apple if we are using the self signed certificate? or Do we need to purchase new SSL certificate ?
Also currently I am accessing the webservices through the ipv4 address.
Do I need to change it to ipv6?
when will apple start reviewing these conditions? I want to release the updated version of my app on next month. Do I need to follow these rules on the next build onwards?
In terms of ATS (App Transport Security), yes it is a new requirement for all iOS 9 devices running apps built with Xcode 7.
https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
All connections using the NSURLConnection, CFURL, or NSURLSession APIs
use App Transport Security default behavior in apps built for iOS 9.0
or later, and OS X v10.11 or later. Connections that do not follow the
requirements will fail.
BUT your application can specifically opt-out if needed by adding exceptions to your Info.plist, at least until Apple changes that, assuming sometime in the future they will enforce 100% compliance, maybe the iOS 10 release(?), maybe earlier(?)...
Opt-out Example:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Via: Google Ads Developer :http://googleadsdeveloper.blogspot.ch/2015/08/handling-app-transport-security-in-ios-9.html
Note: You can use "nscurl --ats-diagnostics" via OS-X 10.11 installation to test for ATS compliance on the URLS that your app will use. I would highly recommend doing that before app (re)submission to insure that you do not need to request exceptions via the Info.plist.
Self-signed certs will not work unless you add the signing CA details and trust it, or again disable ATS via an Info.plist exception. Save yourself the trouble and just purchase a compliant SSL cert.
Also currently I am accessing the webservices through the ipv4
address. Do I need to change it to ipv6?
No, your servers do not need to run IPv6, they should but that is up to you and your hosting provider as some mobile operators have moved to IPv6 only due to lack of IPv4 addresses, but, of course, they are providing NAT translation to IPv4.
But your app HAS to be IPv6 enabled/ready in order to work with those providers otherwise you will get an app rejection. I highly recommend reading the Apple doc on this.
Several situations can prevent an app from supporting IPv6 and these get rejected:
IP address literals embedded in protocols. Many communications protocols, such as Session Initiation Protocol (SIP), File Transfer Protocol (FTP), WebSockets, and Peer-to-Peer Protocol (P2PP), include IP address literals in protocol messages. See Use High-Level Networking Frameworks and Don’t Use IP Address Literals.
IP address literals embedded in configuration files. Configuration files often include IP address literals. See Don’t Use IP Address Literals.
Network preflighting. Many apps attempt to proactively check for an Internet connection or an active Wi-Fi connection by passing IP address literals to network reachability APIs.
Using low-level networking APIs. Some apps work directly with sockets and other raw network APIs such as gethostbyname, gethostbyname2, and inet_aton. These APIs are prone to misuse or they only support IPv4—for example, resolving hostnames for the AF_INET address family, rather than the AF_UNSPEC address family.
Using small address family storage containers. Some apps and networking libraries use address storage containers—such as uint32_t, in_addr, and sockaddr_in—that are 32 bits or smaller.
See for more details and how to workaround/resolve the above items:
https://developer.apple.com/library/prerelease/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html#//apple_ref/doc/uid/TP40010220-CH213-SW1
iOS9 requires the server to only support TLSv1.2 and support perfect forward security.
Also must required is for the app to support IPV6 including not using hard-coded IP addresses.
Certificate at the server must be signed by an authorized CA.
New security feature that blocks non-HTTPS traffic in your app. However, this is a new feature that is only enabled for apps building with X Code 7 and iOS 9 SDK today. It will not break existing apps.
For app in non production environment and debug you can disable ATS from plist.
Thanks.

Resources