Skip to content

NetworkExtension macOS xcode9 beta1

Jump to bottom Edit New page
Vincent Dondain edited this page Jun 5, 2017 · 1 revision

#NetworkExtension.framework

diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h	2017-05-19 18:39:22.000000000 -0400
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+NS_ASSUME_NONNULL_BEGIN
+
+/*!
+ * @file NEDNSProxyManager.h
+ * @discussion This file declares the NEDNSProxyManager API. The NEDNSProxyManager API is used to configure and control DNS proxies.
+ *
+ * This API is part of NetworkExtension.framework.
+ *
+ * This API is used to create DNS proxy configurations.
+ */
+
+#if defined(__cplusplus)
+#define NEDNSPROXY_EXPORT extern "C"
+#else
+#define NEDNSPROXY_EXPORT extern
+#endif
+
+@class NEDNSProxyProviderProtocol;
+
+/*!
+ * @typedef NEDNSProxyError
+ * @abstract DNS proxy error codes
+ */
+typedef NS_ENUM(NSInteger, NEDNSProxyManagerError) {
+	/*! @const NEDNSProxyManagerErrorConfigurationInvalid The DNS proxy configuration is invalid */
+	NEDNSProxyManagerErrorConfigurationInvalid = 1,
+	/*! @const NEDNSProxyManagerErrorConfigurationDisabled The DNS proxy configuration is not enabled. */
+	NEDNSProxyManagerErrorConfigurationDisabled = 2,
+	/*! @const NEDNSProxyManagerErrorConfigurationStale The DNS proxy configuration needs to be loaded. */
+	NEDNSProxyManagerErrorConfigurationStale = 3,
+	/*! @const NEDNSProxyManagerErrorConfigurationCannotBeRemoved The DNS proxy configuration cannot be removed. */
+	NEDNSProxyManagerErrorConfigurationCannotBeRemoved = 4,
+} NS_ENUM_AVAILABLE(NA, 11_0);
+
+/*! @const NEDNSProxyManagerErrorDomain The DNS proxy error domain */
+NEDNSPROXY_EXPORT NSString * const NEDNSProxyErrorDomain NS_AVAILABLE(NA, 11_0);
+
+/*! @const NEDNSProxyConfigurationDidChangeNotification Name of the NSNotification that is posted when the DNS proxy configuration changes. */
+NEDNSPROXY_EXPORT NSString * const NEDNSProxyConfigurationDidChangeNotification NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @interface NEDNSProxyManager
+ * @discussion The NEDNSProxyManager class declares the programmatic interface for an object that manages DNS proxy configurations.
+ *
+ * NEDNSProxyManager declares methods and properties for configuring and controlling a DNS proxy.
+ *
+ * Instances of this class are thread safe.
+ */
+NS_CLASS_AVAILABLE(NA, 11_0)
+@interface NEDNSProxyManager : NSObject
+
+/*!
+ * @method sharedManager
+ * @return The singleton NEDNSProxyManager object for the calling process.
+ */
++ (NEDNSProxyManager *)sharedManager NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method loadFromPreferencesWithCompletionHandler:
+ * @discussion This function loads the current DNS proxy configuration from the caller's DNS proxy preferences.
+ * @param completionHandler A block that will be called when the load operation is completed. The NSError passed to this block will be nil if the load operation succeeded, non-nil otherwise.
+ */
+- (void)loadFromPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method removeFromPreferencesWithCompletionHandler:
+ * @discussion This function removes the DNS proxy configuration from the caller's DNS proxy preferences. If the DNS proxy is enabled, the DNS proxy becomes disabled.
+ * @param completionHandler A block that will be called when the remove operation is completed. The NSError passed to this block will be nil if the remove operation succeeded, non-nil otherwise.
+ */
+- (void)removeFromPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method saveToPreferencesWithCompletionHandler:
+ * @discussion This function saves the DNS proxy configuration in the caller's DNS proxy preferences. If the DNS proxy is enabled, it will become active.
+ * @param completionHandler A block that will be called when the save operation is completed. The NSError passed to this block will be nil if the save operation succeeded, non-nil otherwise.
+ */
+- (void)saveToPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property localizedDescription
+ * @discussion A string containing a description of the DNS proxy.
+ */
+@property (copy, nullable) NSString *localizedDescription NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property providerProtocol
+ * @discussion An NEDNSProxyProviderProtocol object containing the provider-specific portion of the DNS proxy configuration.
+ */
+@property (strong, nullable) NEDNSProxyProviderProtocol *providerProtocol NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property enabled
+ * @discussion Toggles the enabled status of the DNS proxy. Setting this property will disable DNS proxy configurations of other apps. This property will be set to NO when other DNS proxy configurations are enabled.
+ */
+@property (getter=isEnabled) BOOL enabled NS_AVAILABLE(NA, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h	2017-05-20 01:44:24.000000000 -0400
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+#import <NetworkExtension/NEProvider.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class NEAppProxyFlow;
+@class NEDNSSettings;
+
+/*!
+ * @file NEDNSProxyProvider.h
+ * @discussion This file declares the NEDNSProxyProvider API. The NEDNSProxyProvider is used to implement custom DNS proxy solutions.
+ */
+
+/*!
+ * @interface NEDNSProxyProvider
+ * @discussion The NEDNSProxyProvider class declares the programmatic interface for an object that implements the client side of a custom DNS proxy solution.
+ *
+ * NEDNSProxyProvider is part of NetworkExtension.framework
+ */
+NS_CLASS_AVAILABLE(NA, 11_0)
+@interface NEDNSProxyProvider : NEProvider
+
+/*!
+ * @method startProxyWithOptions:completionHandler:
+ * @discussion This function is called by the framework when a new proxy instance is being created. Subclasses must override this method to perform whatever steps are necessary to ready the proxy for handling flows of network data.
+ * @param options A dictionary containing keys and values passed by the provider's containing app. If the containing app did not start the proxy then this parameter will be nil.
+ * @param completionHandler A block that must be called when the process of starting the proxy complete. If the proxy cannot be started then the subclass' implementation of this method must pass a non-nill NSError object to this block. A value of nil passed to the completion handler indicates that the proxy was successfully started.
+ */
+- (void)startProxyWithOptions:(nullable NSDictionary<NSString *,id> *)options completionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method stopProxyWithReason:completionHandler:
+ * @discussion This function is called by the framework when the proxy is being stopped. Subclasses must override this method to perform whatever steps are necessary to stop the proxy.
+ * @param reason An NEProviderStopReason indicating why the proxy is being stopped.
+ * @param completionHandler A block that must be called when the proxy is completely stopped.
+ */
+- (void)stopProxyWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method cancelProxyWithError:
+ * @discussion This function is called by proxy provider implementations to stop the proxy when a network error is encountered that renders the proxy no longer viable. Subclasses should not override this method.
+ * @param error An NSError object containing details about the error that the prxoy provider implementation encountered.
+ */
+- (void)cancelProxyWithError:(nullable NSError *)error NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method handleNewFlow:
+ * @discussion This function is called by the framework to deliver a new network data flow to the proxy provider implementation. Subclasses must override this method to perform whatever steps are necessary to ready the proxy to receive data from the flow. The proxy provider implementation indicates that the proxy is ready to handle flow data by calling -[NEFlow openWithCompletionHandler:] on the flow. If the proxy implementation decides to not handle the flow and instead terminate it, the subclass implementation of this method should return NO. If the proxy implementation decides to handle the flow, the subclass implementation of this method should return YES. In this case the proxy implementation is responsible for retaining the NEFlow object.
+ * @param flow The new flow
+ * @return YES if the proxy implementation has retained the flow and intends to handle the flow data. NO if the proxy implementation has not retained the flow and will not handle the flow data. In this case the flow is terminated.
+ */
+- (BOOL)handleNewFlow:(NEAppProxyFlow *)flow NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property systemDNSSettings
+ * @discussion The current system DNS settings. Use KVO to watch for changes.
+ */
+@property (readonly, nullable) NSArray<NEDNSSettings *> *systemDNSSettings NS_AVAILABLE(NA, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h	2017-05-19 18:39:22.000000000 -0400
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+#import <NetworkExtension/NEVPNProtocol.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/*!
+ * @file NEDNSProxyProviderProtocol.h
+ * @discussion This file declares the NEDNSProxyProviderProtocol API. The NEDNSProxyProviderProtocol API is used to specify configuration settings that are specific to Network Extensions provided by NEDNSProxyProviders.
+ *
+ * This API is part of NetworkExtension.framework
+ */
+
+/*!
+ * @interface NEDNSProxyProviderProtocol
+ * @discussion The NEDNSProxyProviderProtocol class declares the programmatic interface for an object that contains NEDNSProxyProvider-specific configuration settings.
+ *
+ * Instances of this class are thread safe.
+ */
+NS_CLASS_AVAILABLE(10_13, 11_0)
+@interface NEDNSProxyProviderProtocol : NEVPNProtocol
+
+/*!
+ * @property providerConfiguration
+ * @discussion A dictionary containing NEDNSProxyProvider vendor-specific configuration parameters. This dictionary is passed as-is to NEDNSProxyProviders when a DNS proxy is started.
+ */
+@property (copy, nullable) NSDictionary<NSString *,id> *providerConfiguration NS_AVAILABLE(10_13, 11_0);
+
+/*!
+ * @property providerBundleIdentifier
+ * @discussion A string containing the bundle identifier of the NEDNSProxyProvider to be used by this configuration.
+ */
+@property (copy, nullable) NSString *providerBundleIdentifier NS_AVAILABLE(10_13, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h	2017-05-20 01:44:24.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -74,6 +74,13 @@
  */
 - (void)notifyRulesChanged NS_AVAILABLE(NA, 9_0);
 
+/*!
+ * @method handleReportForFlow:action:
+ * @discussion This function is called by the framework when the data provider extension calls -[NEFilterDataProvider reportFlow:action:]. Subclass implementations may override this method to handle the flow report.
+ * @param flow The flow being reported
+ * @param action The action taken by the data provider on the flow
+ */
+- (void)handleReportForFlow:(NEFilterFlow *)flow action:(NEFilterAction)action API_AVAILABLE(ios(11.0));
 @end
 
 NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h	2017-05-20 02:25:01.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -87,11 +87,19 @@
 
 
 /*!
- * @meethod handleRulesChanged
+ * @method handleRulesChanged
  * @discussion This function is called by the framework when -[NEFilterControlProvider notifyRulesChanged] is called. Subclasses should override this method to reload new rules from disk.
  */
 - (void)handleRulesChanged NS_AVAILABLE(NA, 9_0);
 
+/*!
+ * @method reportFlow:action:
+ * @discussion This function causes the given flow and action to be passed to the control provider extension via the control provider's -[NEFilterControlProvider handleReportForFlow:action:] method. Since the data provider does not need to wait for a response from the control provider before continuing to process the flow, this method is a more efficient way to report a flow to the control provider than returning a "need rules" verdict.
+ * @param flow The flow to report
+ * @param action The action that the data provider is taking for the flow
+ */
+- (void)reportFlow:(NEFilterFlow *)flow action:(NEFilterAction)action NS_AVAILABLE(NA, 11_0);
+
 @end
 
 /*!
@@ -129,7 +137,7 @@
 /*!
  * @method dataVerdictWithPassBytes:peekBytes:
  * @discussion This class method returns a data verdict indicating that the filter is passing a given number of bytes through the filter and needs to see a given number of bytes after the bytes that are passed.
- * @param passBytes The number of bytes to pass through the filter. Note that the framework does not pass the bytes to the destination until a "final" allow/drop/remediate verdict is returned.
+ * @param passBytes The number of bytes to pass through the filter.
  * @param peekBytes The number of bytes after the end of the bytes passed that the filter wants to see in the next call to -[NEFilterDataProvider handleOutboundDataFromFlow:readBytesStartOffset:readBytes:] or -[NEFilterDataProvider handleInboundDataFromFlow:readBytesStartOffset:readBytes:].
  * @return The data flow verdict.
  */
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h	2017-05-20 01:44:24.000000000 -0400
@@ -36,6 +36,25 @@
  * @discussion The flow's HTTP request URL. Will be nil if the flow did not originate from WebKit.
  */
 @property (readonly, nullable) NSURL *URL NS_AVAILABLE(NA, 9_0);
+
+/*!
+ * @property sourceAppUniqueIdentifier
+ * @discussion A blob of bytes that uniquely identifies the source app binary of the flow. This value is unique across multiple versions of the same app.
+ */
+@property (readonly, nullable) NSData *sourceAppUniqueIdentifier NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property sourceAppIdentifier
+ * @discussion A string containing the signing identifier of the source app of the flow.
+ */
+@property (readonly, nullable) NSString *sourceAppIdentifier NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property sourceAppVersion
+ * @discussion The short version string of the source application. Will be nil if the app info is unavailable.
+ */
+@property (readonly, nullable) NSString *sourceAppVersion NS_AVAILABLE(NA, 11_0);
+
 @end
 
 /*!
@@ -48,13 +67,13 @@
 @interface NEFilterBrowserFlow :  NEFilterFlow <NSSecureCoding,NSCopying>
 /*!
  *	@property request
- *	@discussion The NSURLRequest of the flow.
+ *	@discussion The NSURLRequest of the flow. This property is always nil for the control providers.
  */
-@property (readonly) NSURLRequest *request NS_AVAILABLE(10_11, 9_0);
+@property (readonly, nullable) NSURLRequest *request NS_AVAILABLE(10_11, 9_0);
 
 /*!
  *	@property response
- *	@discussion The NSURLResponse of the flow. This will be nil until the request is sent to the server and the response headers are received.
+ *	@discussion The NSURLResponse of the flow. This will be nil until the request is sent to the server and the response headers are received. And this property is always nil for the control providers.
  */
 @property (readonly, nullable) NSURLResponse *response NS_AVAILABLE(10_11, 9_0);
 /*!
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h	2016-05-03 18:21:26.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h	2017-05-19 18:39:22.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -40,6 +40,19 @@
  * @discussion This file declares the NEFilterProvider API. The NEFilterProvider API is used to implement custom content filtering solutions.
  */
 
+ 
+/*!
+ * @discussion The keys below are the types of actions made by a data provider extension that can be reported to the control provider extension.
+ * @const NEFilterActionAllow Allowing the flow
+ * @const NEFilterActionDrop  Dropping the flow
+ * @const NEFilterActionRemeidate Remediating the flow
+ */
+typedef enum {
+	NEFilterActionAllow = 1,
+	NEFilterActionDrop = 2,
+	NEFilterActionRemediate = 3
+} NEFilterAction API_AVAILABLE(ios(11.0));
+
 /*!
  * @interface NEFilterProvider
  * @discussion The NEFilterProvider class is an abstract base class that declares the programmatic interface of an object that implements a socket filter.
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h	2017-05-20 01:44:24.000000000 -0400
@@ -69,29 +69,28 @@
 typedef NS_ENUM(NSInteger, NEVPNIKEv2DiffieHellmanGroup) {
 	/*! @const NEVPNIKEv2DiffieHellmanGroupInvalid Diffie Hellman group 0 is not a valid DH group*/
 	NEVPNIKEv2DiffieHellmanGroupInvalid = 0,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup1 Diffie Hellman group 1 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup1 Diffie Hellman group 1 (768-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup1 = 1,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup2 Diffie Hellman group 2 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup2 Diffie Hellman group 2 (1024-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup2 = 2,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup5 Diffie Hellman group 5 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup5 Diffie Hellman group 5 (1536-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup5 = 5,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup14 Diffie Hellman group 14 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup14 Diffie Hellman group 14 (2048-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup14 = 14,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup15 Diffie Hellman group 15 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup15 Diffie Hellman group 15 (3072-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup15 = 15,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup16 Diffie Hellman group 16 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup16 Diffie Hellman group 16 (4096-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup16 = 16,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup17 Diffie Hellman group 17 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup17 Diffie Hellman group 17 (6144-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup17 = 17,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup18 Diffie Hellman group 18 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup18 Diffie Hellman group 18 (8192-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup18 = 18,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup19 Diffie Hellman group 19 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup19 Diffie Hellman group 19 (256-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup19 = 19,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup20 Diffie Hellman group 20 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup20 Diffie Hellman group 20 (384-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup20 = 20,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup21 Diffie Hellman group 21 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup21 Diffie Hellman group 21 (521-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup21 = 21,
-	
 } NS_ENUM_AVAILABLE(10_11, 8_0);
 
 /*!
@@ -110,6 +109,21 @@
 } NS_ENUM_AVAILABLE(10_11, 8_3);
 
 /*!
+ * @typedef NEVPNIKEv2CertificateType
+ * @abstract IKEv2 Certificate types
+ */
+typedef NS_ENUM(NSInteger, NEVPNIKEv2TLSVersion) {
+	/*! @const NEVPNIKEv2TLSVersionDefault Use the default TLS configuration */
+	NEVPNIKEv2TLSVersionDefault = 0,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.0 */
+	NEVPNIKEv2TLSVersion1_0 = 1,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.1 */
+	NEVPNIKEv2TLSVersion1_1 = 2,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.2 */
+	NEVPNIKEv2TLSVersion1_2 = 3,
+} NS_ENUM_AVAILABLE(10_13, 11_0);
+
+/*!
  * @class NEVPNIKEv2SecurityAssociationParameters
  * @discussion The NEVPNIKEv2SecurityAssociationParameters class declares the programmatic interface of an object that manages parameters for an IPSec Security Association
  *
@@ -226,6 +240,18 @@
  */
 @property BOOL strictRevocationCheck NS_AVAILABLE(10_11, 9_0);
 
+/*!
+ * @property minimumTLSVersion
+ * @discussion Sets a minimum TLS version to allow for EAP-TLS authentication. Default is NEVPNIKEv2TLSVersionDefault.
+ */
+@property NEVPNIKEv2TLSVersion minimumTLSVersion NS_AVAILABLE(10_13, 11_0);
+
+/*!
+ * @property maximumTLSVersion
+ * @discussion Sets a maximum TLS version to allow for EAP-TLS authentication. Default is NEVPNIKEv2TLSVersionDefault.
+ */
+@property NEVPNIKEv2TLSVersion maximumTLSVersion NS_AVAILABLE(10_13, 11_0);
+
 @end
 
 NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes	2017-05-19 18:39:22.000000000 -0400
@@ -0,0 +1,39 @@
+---
+Name: NetworkExtension
+Tags:
+- Name: NEAppProxyFlowError
+  NSErrorDomain: NEAppProxyErrorDomain
+- Name: NEFilterError
+  NSErrorDomain: NEFilterErrorDomain
+- Name: NETunnelProviderError
+  NSErrorDomain: NETunnelProviderErrorDomain
+- Name: NEVPNError
+  NSErrorDomain: NEVPNErrorDomain
+Classes:
+- Name: NEPacketTunnelNetworkSettings
+  Properties:
+    - Name: IPv4Settings
+      PropertyKind: Instance
+      SwiftName: ipv4Settings
+    - Name: IPv6Settings
+      PropertyKind: Instance
+      SwiftName: ipv6Settings
+SwiftVersions:
+- Version: 3.0
+  Classes:
+    - Name: NEPacketTunnelNetworkSettings
+      Properties:
+      - Name: IPv4Settings
+        PropertyKind: Instance
+        SwiftName: iPv4Settings
+      - Name: IPv6Settings
+        PropertyKind: Instance
+        SwiftName: iPv6Settings
+    - Name: NEFilterBrowserFlow
+      Properties:
+      - Name: request
+        Nullability: N
+    - Name: NEHotspotHelper
+      Properties:
+      - Name: supportedNetworkInterfaces
+        Nullability: N
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h	2017-05-19 18:39:22.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2015 Apple Inc.
+ * Copyright (c) 2014-2015, 2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -15,6 +15,9 @@
 #import <NetworkExtension/NEAppProxyTCPFlow.h>
 #import <NetworkExtension/NEAppProxyUDPFlow.h>
 #import <NetworkExtension/NEAppRule.h>
+#import <NetworkExtension/NEDNSProxyManager.h>
+#import <NetworkExtension/NEDNSProxyProvider.h>
+#import <NetworkExtension/NEDNSProxyProviderProtocol.h>
 #import <NetworkExtension/NEDNSSettings.h>
 #import <NetworkExtension/NEFilterControlProvider.h>
 #import <NetworkExtension/NEFilterDataProvider.h>
@@ -25,6 +28,7 @@
 #import <NetworkExtension/NEFlowMetaData.h>
 #if TARGET_OS_IPHONE
 #import <NetworkExtension/NEHotspotHelper.h>
+#import <NetworkExtension/NEHotspotConfigurationManager.h>
 #endif
 #import <NetworkExtension/NEIPv4Settings.h>
 #import <NetworkExtension/NEIPv6Settings.h>
Add a custom footer

Bindings

Tips & tricks

Release Notes

Clone this wiki locally