Skip to content

NetworkExtension iOS xcode9 beta1

Jump to bottom Edit New page
Vincent Dondain edited this page Jun 5, 2017 · 1 revision

#NetworkExtension.framework

diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyManager.h	2017-05-19 18:39:22.000000000 -0400
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+NS_ASSUME_NONNULL_BEGIN
+
+/*!
+ * @file NEDNSProxyManager.h
+ * @discussion This file declares the NEDNSProxyManager API. The NEDNSProxyManager API is used to configure and control DNS proxies.
+ *
+ * This API is part of NetworkExtension.framework.
+ *
+ * This API is used to create DNS proxy configurations.
+ */
+
+#if defined(__cplusplus)
+#define NEDNSPROXY_EXPORT extern "C"
+#else
+#define NEDNSPROXY_EXPORT extern
+#endif
+
+@class NEDNSProxyProviderProtocol;
+
+/*!
+ * @typedef NEDNSProxyError
+ * @abstract DNS proxy error codes
+ */
+typedef NS_ENUM(NSInteger, NEDNSProxyManagerError) {
+	/*! @const NEDNSProxyManagerErrorConfigurationInvalid The DNS proxy configuration is invalid */
+	NEDNSProxyManagerErrorConfigurationInvalid = 1,
+	/*! @const NEDNSProxyManagerErrorConfigurationDisabled The DNS proxy configuration is not enabled. */
+	NEDNSProxyManagerErrorConfigurationDisabled = 2,
+	/*! @const NEDNSProxyManagerErrorConfigurationStale The DNS proxy configuration needs to be loaded. */
+	NEDNSProxyManagerErrorConfigurationStale = 3,
+	/*! @const NEDNSProxyManagerErrorConfigurationCannotBeRemoved The DNS proxy configuration cannot be removed. */
+	NEDNSProxyManagerErrorConfigurationCannotBeRemoved = 4,
+} NS_ENUM_AVAILABLE(NA, 11_0);
+
+/*! @const NEDNSProxyManagerErrorDomain The DNS proxy error domain */
+NEDNSPROXY_EXPORT NSString * const NEDNSProxyErrorDomain NS_AVAILABLE(NA, 11_0);
+
+/*! @const NEDNSProxyConfigurationDidChangeNotification Name of the NSNotification that is posted when the DNS proxy configuration changes. */
+NEDNSPROXY_EXPORT NSString * const NEDNSProxyConfigurationDidChangeNotification NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @interface NEDNSProxyManager
+ * @discussion The NEDNSProxyManager class declares the programmatic interface for an object that manages DNS proxy configurations.
+ *
+ * NEDNSProxyManager declares methods and properties for configuring and controlling a DNS proxy.
+ *
+ * Instances of this class are thread safe.
+ */
+NS_CLASS_AVAILABLE(NA, 11_0)
+@interface NEDNSProxyManager : NSObject
+
+/*!
+ * @method sharedManager
+ * @return The singleton NEDNSProxyManager object for the calling process.
+ */
++ (NEDNSProxyManager *)sharedManager NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method loadFromPreferencesWithCompletionHandler:
+ * @discussion This function loads the current DNS proxy configuration from the caller's DNS proxy preferences.
+ * @param completionHandler A block that will be called when the load operation is completed. The NSError passed to this block will be nil if the load operation succeeded, non-nil otherwise.
+ */
+- (void)loadFromPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method removeFromPreferencesWithCompletionHandler:
+ * @discussion This function removes the DNS proxy configuration from the caller's DNS proxy preferences. If the DNS proxy is enabled, the DNS proxy becomes disabled.
+ * @param completionHandler A block that will be called when the remove operation is completed. The NSError passed to this block will be nil if the remove operation succeeded, non-nil otherwise.
+ */
+- (void)removeFromPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method saveToPreferencesWithCompletionHandler:
+ * @discussion This function saves the DNS proxy configuration in the caller's DNS proxy preferences. If the DNS proxy is enabled, it will become active.
+ * @param completionHandler A block that will be called when the save operation is completed. The NSError passed to this block will be nil if the save operation succeeded, non-nil otherwise.
+ */
+- (void)saveToPreferencesWithCompletionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property localizedDescription
+ * @discussion A string containing a description of the DNS proxy.
+ */
+@property (copy, nullable) NSString *localizedDescription NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property providerProtocol
+ * @discussion An NEDNSProxyProviderProtocol object containing the provider-specific portion of the DNS proxy configuration.
+ */
+@property (strong, nullable) NEDNSProxyProviderProtocol *providerProtocol NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property enabled
+ * @discussion Toggles the enabled status of the DNS proxy. Setting this property will disable DNS proxy configurations of other apps. This property will be set to NO when other DNS proxy configurations are enabled.
+ */
+@property (getter=isEnabled) BOOL enabled NS_AVAILABLE(NA, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProvider.h	2017-05-20 01:44:24.000000000 -0400
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+#import <NetworkExtension/NEProvider.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class NEAppProxyFlow;
+@class NEDNSSettings;
+
+/*!
+ * @file NEDNSProxyProvider.h
+ * @discussion This file declares the NEDNSProxyProvider API. The NEDNSProxyProvider is used to implement custom DNS proxy solutions.
+ */
+
+/*!
+ * @interface NEDNSProxyProvider
+ * @discussion The NEDNSProxyProvider class declares the programmatic interface for an object that implements the client side of a custom DNS proxy solution.
+ *
+ * NEDNSProxyProvider is part of NetworkExtension.framework
+ */
+NS_CLASS_AVAILABLE(NA, 11_0)
+@interface NEDNSProxyProvider : NEProvider
+
+/*!
+ * @method startProxyWithOptions:completionHandler:
+ * @discussion This function is called by the framework when a new proxy instance is being created. Subclasses must override this method to perform whatever steps are necessary to ready the proxy for handling flows of network data.
+ * @param options A dictionary containing keys and values passed by the provider's containing app. If the containing app did not start the proxy then this parameter will be nil.
+ * @param completionHandler A block that must be called when the process of starting the proxy complete. If the proxy cannot be started then the subclass' implementation of this method must pass a non-nill NSError object to this block. A value of nil passed to the completion handler indicates that the proxy was successfully started.
+ */
+- (void)startProxyWithOptions:(nullable NSDictionary<NSString *,id> *)options completionHandler:(void (^)(NSError * __nullable error))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method stopProxyWithReason:completionHandler:
+ * @discussion This function is called by the framework when the proxy is being stopped. Subclasses must override this method to perform whatever steps are necessary to stop the proxy.
+ * @param reason An NEProviderStopReason indicating why the proxy is being stopped.
+ * @param completionHandler A block that must be called when the proxy is completely stopped.
+ */
+- (void)stopProxyWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method cancelProxyWithError:
+ * @discussion This function is called by proxy provider implementations to stop the proxy when a network error is encountered that renders the proxy no longer viable. Subclasses should not override this method.
+ * @param error An NSError object containing details about the error that the prxoy provider implementation encountered.
+ */
+- (void)cancelProxyWithError:(nullable NSError *)error NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @method handleNewFlow:
+ * @discussion This function is called by the framework to deliver a new network data flow to the proxy provider implementation. Subclasses must override this method to perform whatever steps are necessary to ready the proxy to receive data from the flow. The proxy provider implementation indicates that the proxy is ready to handle flow data by calling -[NEFlow openWithCompletionHandler:] on the flow. If the proxy implementation decides to not handle the flow and instead terminate it, the subclass implementation of this method should return NO. If the proxy implementation decides to handle the flow, the subclass implementation of this method should return YES. In this case the proxy implementation is responsible for retaining the NEFlow object.
+ * @param flow The new flow
+ * @return YES if the proxy implementation has retained the flow and intends to handle the flow data. NO if the proxy implementation has not retained the flow and will not handle the flow data. In this case the flow is terminated.
+ */
+- (BOOL)handleNewFlow:(NEAppProxyFlow *)flow NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property systemDNSSettings
+ * @discussion The current system DNS settings. Use KVO to watch for changes.
+ */
+@property (readonly, nullable) NSArray<NEDNSSettings *> *systemDNSSettings NS_AVAILABLE(NA, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEDNSProxyProviderProtocol.h	2017-05-20 02:25:01.000000000 -0400
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2017 Apple Inc.
+ * All rights reserved.
+ */
+
+#ifndef __NE_INDIRECT__
+#error "Please import the NetworkExtension module instead of this file directly."
+#endif
+
+#import <NetworkExtension/NEVPNProtocol.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/*!
+ * @file NEDNSProxyProviderProtocol.h
+ * @discussion This file declares the NEDNSProxyProviderProtocol API. The NEDNSProxyProviderProtocol API is used to specify configuration settings that are specific to Network Extensions provided by NEDNSProxyProviders.
+ *
+ * This API is part of NetworkExtension.framework
+ */
+
+/*!
+ * @interface NEDNSProxyProviderProtocol
+ * @discussion The NEDNSProxyProviderProtocol class declares the programmatic interface for an object that contains NEDNSProxyProvider-specific configuration settings.
+ *
+ * Instances of this class are thread safe.
+ */
+NS_CLASS_AVAILABLE(10_13, 11_0)
+@interface NEDNSProxyProviderProtocol : NEVPNProtocol
+
+/*!
+ * @property providerConfiguration
+ * @discussion A dictionary containing NEDNSProxyProvider vendor-specific configuration parameters. This dictionary is passed as-is to NEDNSProxyProviders when a DNS proxy is started.
+ */
+@property (copy, nullable) NSDictionary<NSString *,id> *providerConfiguration NS_AVAILABLE(10_13, 11_0);
+
+/*!
+ * @property providerBundleIdentifier
+ * @discussion A string containing the bundle identifier of the NEDNSProxyProvider to be used by this configuration.
+ */
+@property (copy, nullable) NSString *providerBundleIdentifier NS_AVAILABLE(10_13, 11_0);
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterControlProvider.h	2017-05-20 01:44:24.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -74,6 +74,13 @@
  */
 - (void)notifyRulesChanged NS_AVAILABLE(NA, 9_0);
 
+/*!
+ * @method handleReportForFlow:action:
+ * @discussion This function is called by the framework when the data provider extension calls -[NEFilterDataProvider reportFlow:action:]. Subclass implementations may override this method to handle the flow report.
+ * @param flow The flow being reported
+ * @param action The action taken by the data provider on the flow
+ */
+- (void)handleReportForFlow:(NEFilterFlow *)flow action:(NEFilterAction)action API_AVAILABLE(ios(11.0));
 @end
 
 NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterDataProvider.h	2017-05-20 02:25:01.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -87,11 +87,19 @@
 
 
 /*!
- * @meethod handleRulesChanged
+ * @method handleRulesChanged
  * @discussion This function is called by the framework when -[NEFilterControlProvider notifyRulesChanged] is called. Subclasses should override this method to reload new rules from disk.
  */
 - (void)handleRulesChanged NS_AVAILABLE(NA, 9_0);
 
+/*!
+ * @method reportFlow:action:
+ * @discussion This function causes the given flow and action to be passed to the control provider extension via the control provider's -[NEFilterControlProvider handleReportForFlow:action:] method. Since the data provider does not need to wait for a response from the control provider before continuing to process the flow, this method is a more efficient way to report a flow to the control provider than returning a "need rules" verdict.
+ * @param flow The flow to report
+ * @param action The action that the data provider is taking for the flow
+ */
+- (void)reportFlow:(NEFilterFlow *)flow action:(NEFilterAction)action NS_AVAILABLE(NA, 11_0);
+
 @end
 
 /*!
@@ -129,7 +137,7 @@
 /*!
  * @method dataVerdictWithPassBytes:peekBytes:
  * @discussion This class method returns a data verdict indicating that the filter is passing a given number of bytes through the filter and needs to see a given number of bytes after the bytes that are passed.
- * @param passBytes The number of bytes to pass through the filter. Note that the framework does not pass the bytes to the destination until a "final" allow/drop/remediate verdict is returned.
+ * @param passBytes The number of bytes to pass through the filter.
  * @param peekBytes The number of bytes after the end of the bytes passed that the filter wants to see in the next call to -[NEFilterDataProvider handleOutboundDataFromFlow:readBytesStartOffset:readBytes:] or -[NEFilterDataProvider handleInboundDataFromFlow:readBytesStartOffset:readBytes:].
  * @return The data flow verdict.
  */
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h	2016-09-25 09:44:24.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterFlow.h	2017-05-20 01:44:24.000000000 -0400
@@ -36,6 +36,25 @@
  * @discussion The flow's HTTP request URL. Will be nil if the flow did not originate from WebKit.
  */
 @property (readonly, nullable) NSURL *URL NS_AVAILABLE(NA, 9_0);
+
+/*!
+ * @property sourceAppUniqueIdentifier
+ * @discussion A blob of bytes that uniquely identifies the source app binary of the flow. This value is unique across multiple versions of the same app.
+ */
+@property (readonly, nullable) NSData *sourceAppUniqueIdentifier NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property sourceAppIdentifier
+ * @discussion A string containing the signing identifier of the source app of the flow.
+ */
+@property (readonly, nullable) NSString *sourceAppIdentifier NS_AVAILABLE(NA, 11_0);
+
+/*!
+ * @property sourceAppVersion
+ * @discussion The short version string of the source application. Will be nil if the app info is unavailable.
+ */
+@property (readonly, nullable) NSString *sourceAppVersion NS_AVAILABLE(NA, 11_0);
+
 @end
 
 /*!
@@ -48,13 +67,13 @@
 @interface NEFilterBrowserFlow :  NEFilterFlow <NSSecureCoding,NSCopying>
 /*!
  *	@property request
- *	@discussion The NSURLRequest of the flow.
+ *	@discussion The NSURLRequest of the flow. This property is always nil for the control providers.
  */
-@property (readonly) NSURLRequest *request NS_AVAILABLE(10_11, 9_0);
+@property (readonly, nullable) NSURLRequest *request NS_AVAILABLE(10_11, 9_0);
 
 /*!
  *	@property response
- *	@discussion The NSURLResponse of the flow. This will be nil until the request is sent to the server and the response headers are received.
+ *	@discussion The NSURLResponse of the flow. This will be nil until the request is sent to the server and the response headers are received. And this property is always nil for the control providers.
  */
 @property (readonly, nullable) NSURLResponse *response NS_AVAILABLE(10_11, 9_0);
 /*!
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h	2016-05-03 18:21:26.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEFilterProvider.h	2017-05-19 18:39:22.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015 Apple Inc.
+ * Copyright (c) 2015-2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -40,6 +40,19 @@
  * @discussion This file declares the NEFilterProvider API. The NEFilterProvider API is used to implement custom content filtering solutions.
  */
 
+ 
+/*!
+ * @discussion The keys below are the types of actions made by a data provider extension that can be reported to the control provider extension.
+ * @const NEFilterActionAllow Allowing the flow
+ * @const NEFilterActionDrop  Dropping the flow
+ * @const NEFilterActionRemeidate Remediating the flow
+ */
+typedef enum {
+	NEFilterActionAllow = 1,
+	NEFilterActionDrop = 2,
+	NEFilterActionRemediate = 3
+} NEFilterAction API_AVAILABLE(ios(11.0));
+
 /*!
  * @interface NEFilterProvider
  * @discussion The NEFilterProvider class is an abstract base class that declares the programmatic interface of an object that implements a socket filter.
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotConfigurationManager.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotConfigurationManager.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotConfigurationManager.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotConfigurationManager.h	2017-05-20 02:25:01.000000000 -0400
@@ -0,0 +1,448 @@
+/*
+ * Copyright © 2017 Apple Inc. All rights reserved.
+ */
+
+/*!
+ * @file NEHotspotConfigurationManager.h
+ *
+ * @discussion
+ *   The NEHotspotConfigurationManager interface allows an application to
+ *   configure Wi-Fi networks.
+ *   An application can use NEHotspotConfiguration API to configure
+ *   Open, WEP, WPA/WPA2 Personal, WPA/WPA2 Enterprise and Hotspot 2.0 Wi-Fi networks.
+ *
+ *   An application that needs access to the NEHotspotConfiguration API must have
+ *   the “com.apple.developer.networking.HotspotConfiguration” entitlement.
+ *
+ *   This API does not support configuring a Wi-Fi network that has a hidden SSID.
+ *
+ *   When this API is used to add new network configuration a dialog is displayed on
+ *   the device asking for user's consent. The users must give their consent before
+ *   the new configuration is added.
+ *
+ *   Application will provide SSID, Security type and corresponding credentials to
+ *   the API. For Hotspot 2.0 Enterprise(802.1X) networks, Application needs to provide
+ *   HS2.0 Domain Name instead of SSID.
+ *
+ *   Application can use API to query the networks that it has configured.
+ *   The query should return list of names (SSID/HS2.0 domain Name) of the networks that
+ *   the application has configured.
+ *
+ *   Application can use the API to update the configuration for the previously configured
+ *   SSID, and there is no user’s approval required for the configuration update if the
+ *   application already owns the configuration.
+ *
+ *   Application can use the API to delete the configuration that it has configured.
+ *
+ *   Application can update configuration for a SSID that has been configured by other
+ *   application or user, and in such case API will prompt UI to take user’s approval.
+ *
+ *   Application cannot delete a configuration added by some other application or user.
+ *
+ *   Uninstallation of application will lead to removal of configuration for all the networks
+ *   that the application had configured. This will also remove the keychain items belonging
+ *   to those network configurations.
+ *
+ *   The API also supports life-time for the configuration which means configuration would be
+ *   valid for configured number of days (min = 1 day and max = 30 days). Default value is 30 Days.
+ *   The Life Time configuration does not apply to Enterprise and HS2.0 networks.
+ *
+ *   Application will fail to add configuration if same SSID or HS2.0 domain name is already
+ *   configured through MDM Profile or Carrier bundle.
+ *
+ *   If Application has already configured a SSID or HS2.0 Domain name, and later if MDM profile
+ *   or Carrier bundle is installed matching the SSID or HS2.0 domain, then MDM/Carrier configured
+ *   network will take a priority over it and thus will overwrite the configuration provided by
+ *   the application.
+ *
+ *   User can see name of the application in Settings > Wi-Fi when the configured network
+ *   is available in the scan list.
+ *
+ *   User can forget the configured networks from Settings > Wi-Fi.
+ *
+ *
+ * @ignorefuncmacro NS_OPTIONS
+ * @ignorefuncmacro NS_ENUM
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/*!
+ * @typedef NEHotspotConfigurationEAPType
+ * @abstract EAP Type.
+ * @const NEHotspotConfigurationEAPTypeTLS EAP-TLS.
+ * @const NEHotspotConfigurationEAPTypeTTLS TTLS.
+ * @const NEHotspotConfigurationEAPTypePEAP PEAP.
+ * @const NEHotspotConfigurationEAPTypeFAST EAP-FAST.
+ */
+typedef NS_ENUM(NSInteger, NEHotspotConfigurationEAPType) {
+	NEHotspotConfigurationEAPTypeEAPTLS = 13,
+	NEHotspotConfigurationEAPTypeEAPTTLS = 21,
+	NEHotspotConfigurationEAPTypeEAPPEAP = 25,
+	NEHotspotConfigurationEAPTypeEAPFAST = 43
+} API_AVAILABLE(ios(11.0)) NS_SWIFT_NAME(NEHotspotEAPSettings.EAPType);
+
+/*!
+ * @typedef NEHotspotConfigurationEAPTTLSInnerAuthenticationType
+ * @abstract TTLS Inner Authentication Type.
+ * @const NEHotspotConfigurationEAPTTLSInnerAuthenticationPAP PAP.
+ * @const NEHotspotConfigurationEAPTTLSInnerAuthenticationCHAP CHAP.
+ * @const NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAP MSCHAP.
+ * @const NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAPv2 MSCHAPv2.
+ * @const NEHotspotConfigurationEAPTTLSInnerAuthenticationEAP EAP (Default).
+ */
+typedef NS_ENUM(NSInteger, NEHotspotConfigurationTTLSInnerAuthenticationType) {
+	NEHotspotConfigurationEAPTTLSInnerAuthenticationPAP = 0,
+	NEHotspotConfigurationEAPTTLSInnerAuthenticationCHAP = 1,
+	NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAP = 2,
+	NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAPv2 = 3,
+	NEHotspotConfigurationEAPTTLSInnerAuthenticationEAP = 4
+} API_AVAILABLE(ios(11.0)) NS_SWIFT_NAME(NEHotspotEAPSettings.TTLSInnerAuthenticationType);
+
+/*!
+ * @typedef NEHotspotConfigurationEAPTLSVersion
+ * @abstract TLS version to use during TLS handshke.
+ * @const NEHotspotConfigurationEAPTLSVersion_1_0 TLS version 1.0.
+ * @const NEHotspotConfigurationEAPTLSVersion_1_1 TLS version 1.1.
+ * @const NEHotspotConfigurationEAPTLSVersion_1_1 TLS version 1.2 (Default).
+ */
+typedef NS_ENUM(NSInteger, NEHotspotConfigurationEAPTLSVersion) {
+	NEHotspotConfigurationEAPTLSVersion_1_0 = 0,
+	NEHotspotConfigurationEAPTLSVersion_1_1 = 1,
+	NEHotspotConfigurationEAPTLSVersion_1_2 = 2,
+} API_AVAILABLE(ios(11.0)) NS_SWIFT_NAME(NEHotspotEAPSettings.TLSVersion);
+
+/*!
+ * @interface NEHotspotHS20Settings
+ * @discussion
+ *   NEHotspotHS20Settings class provides a set of properties that are required
+ *   to discover and negotiate Hotspot 2.0 Wi-Fi networks.
+ */
+API_AVAILABLE(ios(11.0))
+@interface NEHotspotHS20Settings : NSObject <NSCopying,NSSecureCoding>
+
+/*!
+ * @property domainName
+ * @discussion Domain Name of Legacy Hotspot or Hotspot 2.0 Wi-Fi Network.
+ *   This Domain Name is used for Wi-Fi Hotspot 2.0 negotiation.
+ */
+@property (nonnull, readonly) NSString *domainName API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property roamingEnabled
+ * @discussion If set to YES, allows connection to networks of roaming service
+ *   providers. Defaults to NO.
+ */
+@property (getter=isRoamingEnabled) BOOL roamingEnabled API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property roamingConsortiumOIs
+ * @discussion Array of Roaming Consortium Organization Identifiers used
+ *   for Wi-Fi Hotspot 2.0 negotiation.
+ */
+@property (copy) NSArray<NSString *> *roamingConsortiumOIs;
+
+/*!
+ * @property naiRealmNames
+ * @discussion Array of Network Access Identifier Realm names used for
+ *   Wi-Fi Hotspot 2.0 negotiation.
+ */
+@property (copy) NSArray<NSString *> *naiRealmNames;
+
+/*!
+ * @property MCCAndMNCs
+ * @discussion Array of Mobile Country Code (MCC)/Mobile Network Code (MNC)
+ *   pairs used for Wi-Fi Hotspot 2.0 negotiation. Each string must contain
+ *   exactly six digits.
+ */
+@property (copy) NSArray<NSString *> *MCCAndMNCs;
+
+/*!
+ * @method initWithDomainName:roamingEnabled
+ * @discussion
+ *   A designated initializer to instantiate a new NEHotspotHSSettings object.
+ *   This initializer is used to configure Legacy Hotspot or HS2.0 Wi-Fi Networks.
+ *
+ * @param domainName The domain name of HS2.0 Wi-Fi Network
+ * @param roamingEnabled If YES, allows connections to networks of roaming service providers.
+ */
+- (instancetype)initWithDomainName:(NSString *)domainName
+						   roamingEnabled:(BOOL)roamingEnabled API_AVAILABLE(ios(11.0));
+
+@end
+
+/*!
+ * @interface NEHotspotEAPSettings
+ * @discussion
+ *   NEHotspotEAPSettings class provides a set of properties that are required
+ *   to configure a WPA/WPA2 Enterprise or Hotspot 2.0 Wi-Fi networks.
+ */
+API_AVAILABLE(ios(11.0))
+@interface NEHotspotEAPSettings : NSObject <NSCopying,NSSecureCoding>
+
+/*!
+ * @property supportedEAPTypes
+ * @discussion Array of supported EAP Types. Refer to NEHotspotConfigurationEAPType
+ *   for valid values.
+ */
+@property (copy) NSArray<NSNumber *> *supportedEAPTypes API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property username
+ * @discussion A UTF-8 encoded string containing username component of the user authentication
+ *   credentials. Length of this property must be between 1 and 253 characters.
+ */
+@property (copy) NSString *username API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property outerIdentity
+ * @discussion Identity string to be used in EAP-Response/Identity of the outer phase. This key is only
+ *   relevant to TTLS, PEAP, and EAP-FAST.
+ */
+@property (copy) NSString *outerIdentity API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property ttlsInnerAuthentication
+ * @discussion Specifies the inner authentication used by the TTLS module.
+ *   Possible values are PAP, CHAP, MSCHAP, MSCHAPv2, and EAP. Defaults to EAP.
+ */
+@property NEHotspotConfigurationTTLSInnerAuthenticationType ttlsInnerAuthenticationType API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property password
+ * @discussion The password component of the 802.1X authentication credential.
+ *   Length of this property must be between 1 and 64 characters.
+ */
+@property (copy) NSString *password API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property trustedServerNames
+ * @discussion Array of server certificate common names that will be used to verify server's certificate.
+ *   The string could have wildcards to specify the name, such as "*.mycompany.net". If a server presents
+ *   a certificate with DNSName or Common Name that isn't in this list, it won't be trusted.
+ */
+@property (copy) NSArray<NSString *> *trustedServerNames API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property isTLSClientCertificateRequired
+ * @discussion If YES, supports two-factor authentication for EAP-TTLS, PEAP, or EAP-FAST.
+ *   If NO, allows for zero-factor authentication for EAP-TLS. The default is YES for EAP-TLS,
+ *   and NO for other EAP types.
+ */
+@property (getter=isTLSClientCertificateRequired) BOOL tlsClientCertificateRequired API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property preferredTLSVersion
+ * @discussion TLS version to use during the TLS handshake.
+ *   Default value is NEHotspotConfigurationEAPTLSVersion_1_2.
+ */
+@property NEHotspotConfigurationEAPTLSVersion preferredTLSVersion API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method setIdentity
+ * @discussion Setter to configure the EAP peer identity. The application needs to store
+ * this identity in keychain access group "$(TeamIdentifierPrefix)com.apple.networkextensionsharing".
+ * The API uses SecItemCopyMatching to obtain persistent reference for this identity from application's
+ * keychain and uses that at the time of EAP authentication.
+ * This property is mandatory when EAP-TLS is desired or tlsClientCertificateRequired is set to YES.
+ *
+ * @param identity The identity of the EAP Peer. This is a SecIdentityRef object that contains
+ * a SecKeyRef object and an associated SecCertificateRef object.
+ * @result returns NO if the parameter is not an object of SecIdentityRef type or if the persistent reference
+ * is not found in the application's keychain else returns YES.
+ *
+ */
+- (BOOL) setIdentity:(SecIdentityRef) identity;
+
+/*!
+ * @method setTrustedServerCertificates
+ * @discussion Setter to configure an array of trusted server certificates used for trust evaluation of
+ * the server certificate.
+ *
+ * @param certificates Each value in the array is a SecCertificateRef object. Application needs to store
+ * the certificates in keychain access group "$(TeamIdentifierPrefix)com.apple.networkextensionsharing".
+ * The API uses SecItemCopyMatching to obtain persistent reference for each certificate from application's
+ * keychain and uses that at the time os EAP authentication.
+ * Number of elements in the array cannot be more than 10.
+ *
+ * @result returns NO if any element in the array is not an object of type SecCertificateRef or if API
+ * fails to find persistent reference for each element from the application's keychain else return YES.
+ */
+- (BOOL) setTrustedServerCertificates:(NSArray *) certificates;
+
+@end
+
+/*!
+ * @interface NEHotspotConfiguration
+ * @discussion
+ *   The NEHotspotConfiguration class represents set of properties that are required
+ *   to configure a Wi-Fi Network.
+ */
+API_AVAILABLE(ios(11.0))
+@interface NEHotspotConfiguration : NSObject <NSCopying,NSSecureCoding>
+
+/*!
+ * @property SSID
+ * @discussion SSID of the Wi-Fi Network.
+ */
+@property (readonly) NSString * SSID API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property joinOnce
+ * @discussion if set to YES the configuration will not be persisted. Default is NO.
+ */
+@property BOOL joinOnce API_AVAILABLE(ios(11.0));
+
+/*!
+ * @property lifeTimeInDays
+ * @discussion The lifetime of the configuration in days. The configuration is stored for the
+ *   number of days specified by this property. The minimum value is 1 day and maximum value is 30 days.
+ *   If this property is not set or is set with an invalid value then configuration is stored for 30 days.
+ *   This property does not apply to Enterprise and HS2.0 networks.
+ */
+@property (copy) NSNumber * lifeTimeInDays API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method initWithSSID:
+ * @discussion
+ *   A designated initializer to instantiate a new NEHotspotConfiguration object.
+ *   This initializer is used to configure open Wi-Fi Networks.
+ *
+ * @param SSID The SSID of the Open Wi-Fi Network.
+ *   Length of SSID must be between 1 and 32 characters.
+ */
+- (instancetype)initWithSSID:(NSString *)SSID API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method initWithSSID:passphrase:isWEP
+ * @discussion
+ *   A designated initializer to instantiate a new NEHotspotConfiguration object.
+ *   This initializer is used configure either WEP or WPA/WPA2 Personal Wi-Fi Networks.
+ *
+ * @param SSID The SSID of the WEP or WPA/WPA2 Personal Wi-Fi Network
+ * @param passphrase The passphrase credential.
+ *   For WPA/WPA2 Personal networks: between 8 and 63 characters.
+ *   For Static WEP(64bit)  : 10 Hex Digits
+ *   For Static WEP(128bit) : 26 Hex Digits
+ * @param isWEP YES specifies WEP Wi-Fi Network else WPA/WPA2 Personal Wi-Fi Network
+ */
+- (instancetype)initWithSSID:(NSString *)SSID
+					  passphrase:(NSString *)passphrase isWEP:(BOOL)isWEP API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method initWithSSID:eapSettings
+ * @discussion
+ *   A designated initializer to instantiate a new NEHotspotConfiguration object.
+ *   This initializer is used configure WPA/WPA2 Enterprise Wi-Fi Networks.
+ *
+ * @param SSID The SSID of WPA/WPA2 Enterprise Wi-Fi Network
+ * @param eapSettings EAP configuration
+ */
+- (instancetype)initWithSSID:(NSString *)SSID
+					  eapSettings:(NEHotspotEAPSettings *)eapSettings API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method initWithHS20Settings:eapSettings
+ * @discussion
+ *   A designated initializer to instantiate a new NEHotspotConfiguration object.
+ *   This initializer is used configure HS2.0 Wi-Fi Networks.
+ *
+ * @param hs20Settings Hotspot 2.0 configuration
+ * @param eapSettings EAP configuration
+ */
+- (instancetype)initWithHS20Settings:(NEHotspotHS20Settings *)hs20Settings
+						eapSettings:(NEHotspotEAPSettings *)eapSettings API_AVAILABLE(ios(11.0));
+
+
+@end
+
+
+/*!
+ * @typedef NEHotspotConfigurationError
+ * @abstract Hotspot Configuration error codes
+ * @const NEHotspotConfigurationErrorInvalid The Wi-Fi configuration is invalid
+ * @const NEHotspotConfigurationErrorInvalidSSID The given SSID string is invalid.
+ * @const NEHotspotConfigurationErrorInvalidWPAPassphrase The given WPA/WPA2 Personal passphrase is invalid.
+ * @const NEHotspotConfigurationErrorInvalidWEPPassphrase The given WEP passphrase is invalid.
+ * @const NEHotspotConfigurationErrorInvalidHS20DomainName The given HS2.0 domain name is invalid.
+ * @const NEHotspotConfigurationErrorUserDenied Failed to get the user's approval to add a new configuration.
+ * @const NEHotspotConfigurationErrorInternal An internal error was encountered.
+ * @const NEHotspotConfigurationErrorPending Previous request by the calling application is pending.
+ * @const NEHotspotConfigurationErrorSystemConfiguration The calling application cannot modify the System(MDM/Carrier) configuration.
+ * @const NEHotspotConfigurationErrorUnknown An unknown configuration error occurred.
+ * @const NEHotspotConfigurationErrorJoinOnceNotSupported JoinOnce option is not support for EAP configuration.
+ * @const NEHotspotConfigurationErrorAlreadyAssociated Wi-Fi is already associated.
+ * @const NEHotspotConfigurationErrorAssociationFailed Wi-Fi association failed.
+ * @const NEHotspotConfigurationErrorApplicationIsNotInForeground The application is not in the foreground.
+ */
+typedef NS_ENUM(NSInteger, NEHotspotConfigurationError) {
+	NEHotspotConfigurationErrorInvalid 				= 0,
+	NEHotspotConfigurationErrorInvalidSSID 				= 1,
+	NEHotspotConfigurationErrorInvalidWPAPassphrase 		= 2,
+	NEHotspotConfigurationErrorInvalidWEPPassphrase 		= 3,
+	NEHotspotConfigurationErrorInvalidEAPSettings 			= 4,
+	NEHotspotConfigurationErrorInvalidHS20Settings 			= 5,
+	NEHotspotConfigurationErrorInvalidHS20DomainName 		= 6,
+	NEHotspotConfigurationErrorUserDenied 				= 7,
+	NEHotspotConfigurationErrorInternal 				= 8,
+	NEHotspotConfigurationErrorPending 				= 9,
+	NEHotspotConfigurationErrorSystemConfiguration 			= 10,
+	NEHotspotConfigurationErrorUnknown 				= 11,
+	NEHotspotConfigurationErrorJoinOnceNotSupported 		= 12,
+	NEHotspotConfigurationErrorAlreadyAssociated 			= 13,
+	NEHotspotConfigurationErrorAssociationFailed 			= 14,
+	NEHotspotConfigurationErrorApplicationIsNotInForeground 	= 15
+} API_AVAILABLE(ios(11.0));
+
+/*!
+ * @interface NEHotspotConfigurationManager
+ * @discussion
+ *   The NEHotspotConfigurationManager class allows an application to
+ *   Add/Update/Remove Wi-Fi Network Configuraton.
+ */
+API_AVAILABLE(ios(11.0))
+@interface NEHotspotConfigurationManager : NSObject
+
++ (NEHotspotConfigurationManager *)sharedManager;
+
+/*!
+ * @method applyConfiguration:
+ * @discussion This function adds or updates a Wi-Fi network configuration.
+ * @param configuration NEHotspotConfiguration object containing the Wi-Fi network configuration.
+ * @param completionHandler A block that will be called when add/update operation is completed.
+ *   This could be nil if application does not intend to receive the result.
+ *   The NSError passed to this block will be nil if the configuration is successfully stored, non-nil otherwise.
+ *   If the configuration is found invalid or API encounters some other error then completionHandler is called
+ *   with instance of NSError containing appropriate error code.
+ *
+ */
+- (void)applyConfiguration:(NEHotspotConfiguration *)configuration
+						completionHandler:(void (^ __nullable)(NSError * __nullable error))completionHandler API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method removeConfigurationForSSID:
+ * @discussion This function removes Wi-Fi configuration.
+ * @param SSID Wi-Fi SSID for which the configuration is to be deleted.
+ */
+- (void)removeConfigurationForSSID:(NSString *)SSID API_AVAILABLE(ios(11.0));
+
+/*!
+ * @method removeConfigurationForNetworkName:
+ * @discussion This function removes Wi-Fi configuration.
+ * @param domainName HS2.0 domainName for which the configuration is to be deleted.
+ */
+- (void)removeConfigurationForHS20DomainName:(NSString *)domainName API_AVAILABLE(ios(11.0));
+
+
+/*!
+ * @method getConfiguredSSIDsWithCompletionHandler:
+ * @discussion This function returns array of SSIDs and HS2.0 Domain Names that the calling application has configured.
+ *   It returns nil if there are no networks configurred by the calling application.
+ */
+- (void)getConfiguredSSIDsWithCompletionHandler:(void (^)(NSArray<NSString *> *))completionHandler API_AVAILABLE(ios(11.0));
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotHelper.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotHelper.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotHelper.h	2016-05-03 18:21:25.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEHotspotHelper.h	2017-05-20 01:44:24.000000000 -0400
@@ -502,7 +502,7 @@
  *   nil if no network interfaces are being managed,
  *   non-nil NSArray of NEHotspotNetwork objects otherwise.
  */
-+ (NSArray *)supportedNetworkInterfaces /* of NEHotspotNetwork */
++ (NSArray *_Nullable)supportedNetworkInterfaces /* of NEHotspotNetwork */
 	NS_AVAILABLE(NA, 9_0);
 
 @end
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h	2016-09-23 18:47:08.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NEVPNProtocolIKEv2.h	2017-05-20 01:44:24.000000000 -0400
@@ -69,29 +69,28 @@
 typedef NS_ENUM(NSInteger, NEVPNIKEv2DiffieHellmanGroup) {
 	/*! @const NEVPNIKEv2DiffieHellmanGroupInvalid Diffie Hellman group 0 is not a valid DH group*/
 	NEVPNIKEv2DiffieHellmanGroupInvalid = 0,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup1 Diffie Hellman group 1 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup1 Diffie Hellman group 1 (768-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup1 = 1,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup2 Diffie Hellman group 2 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup2 Diffie Hellman group 2 (1024-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup2 = 2,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup5 Diffie Hellman group 5 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup5 Diffie Hellman group 5 (1536-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup5 = 5,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup14 Diffie Hellman group 14 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup14 Diffie Hellman group 14 (2048-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup14 = 14,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup15 Diffie Hellman group 15 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup15 Diffie Hellman group 15 (3072-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup15 = 15,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup16 Diffie Hellman group 16 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup16 Diffie Hellman group 16 (4096-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup16 = 16,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup17 Diffie Hellman group 17 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup17 Diffie Hellman group 17 (6144-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup17 = 17,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup18 Diffie Hellman group 18 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup18 Diffie Hellman group 18 (8192-bit MODP) */
 	NEVPNIKEv2DiffieHellmanGroup18 = 18,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup19 Diffie Hellman group 19 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup19 Diffie Hellman group 19 (256-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup19 = 19,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup20 Diffie Hellman group 20 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup20 Diffie Hellman group 20 (384-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup20 = 20,
-	/*! @const NEVPNIKEv2DiffieHellmanGroup21 Diffie Hellman group 21 */
+	/*! @const NEVPNIKEv2DiffieHellmanGroup21 Diffie Hellman group 21 (521-bit random ECP) */
 	NEVPNIKEv2DiffieHellmanGroup21 = 21,
-	
 } NS_ENUM_AVAILABLE(10_11, 8_0);
 
 /*!
@@ -110,6 +109,21 @@
 } NS_ENUM_AVAILABLE(10_11, 8_3);
 
 /*!
+ * @typedef NEVPNIKEv2CertificateType
+ * @abstract IKEv2 Certificate types
+ */
+typedef NS_ENUM(NSInteger, NEVPNIKEv2TLSVersion) {
+	/*! @const NEVPNIKEv2TLSVersionDefault Use the default TLS configuration */
+	NEVPNIKEv2TLSVersionDefault = 0,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.0 */
+	NEVPNIKEv2TLSVersion1_0 = 1,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.1 */
+	NEVPNIKEv2TLSVersion1_1 = 2,
+	/*! @const NEVPNIKEv2TLSVersion1_0 TLS 1.2 */
+	NEVPNIKEv2TLSVersion1_2 = 3,
+} NS_ENUM_AVAILABLE(10_13, 11_0);
+
+/*!
  * @class NEVPNIKEv2SecurityAssociationParameters
  * @discussion The NEVPNIKEv2SecurityAssociationParameters class declares the programmatic interface of an object that manages parameters for an IPSec Security Association
  *
@@ -226,6 +240,18 @@
  */
 @property BOOL strictRevocationCheck NS_AVAILABLE(10_11, 9_0);
 
+/*!
+ * @property minimumTLSVersion
+ * @discussion Sets a minimum TLS version to allow for EAP-TLS authentication. Default is NEVPNIKEv2TLSVersionDefault.
+ */
+@property NEVPNIKEv2TLSVersion minimumTLSVersion NS_AVAILABLE(10_13, 11_0);
+
+/*!
+ * @property maximumTLSVersion
+ * @discussion Sets a maximum TLS version to allow for EAP-TLS authentication. Default is NEVPNIKEv2TLSVersionDefault.
+ */
+@property NEVPNIKEv2TLSVersion maximumTLSVersion NS_AVAILABLE(10_13, 11_0);
+
 @end
 
 NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.apinotes	2017-05-20 02:25:01.000000000 -0400
@@ -0,0 +1,39 @@
+---
+Name: NetworkExtension
+Tags:
+- Name: NEAppProxyFlowError
+  NSErrorDomain: NEAppProxyErrorDomain
+- Name: NEFilterError
+  NSErrorDomain: NEFilterErrorDomain
+- Name: NETunnelProviderError
+  NSErrorDomain: NETunnelProviderErrorDomain
+- Name: NEVPNError
+  NSErrorDomain: NEVPNErrorDomain
+Classes:
+- Name: NEPacketTunnelNetworkSettings
+  Properties:
+    - Name: IPv4Settings
+      PropertyKind: Instance
+      SwiftName: ipv4Settings
+    - Name: IPv6Settings
+      PropertyKind: Instance
+      SwiftName: ipv6Settings
+SwiftVersions:
+- Version: 3.0
+  Classes:
+    - Name: NEPacketTunnelNetworkSettings
+      Properties:
+      - Name: IPv4Settings
+        PropertyKind: Instance
+        SwiftName: iPv4Settings
+      - Name: IPv6Settings
+        PropertyKind: Instance
+        SwiftName: iPv6Settings
+    - Name: NEFilterBrowserFlow
+      Properties:
+      - Name: request
+        Nullability: N
+    - Name: NEHotspotHelper
+      Properties:
+      - Name: supportedNetworkInterfaces
+        Nullability: N
diff -ruN /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h
--- /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h	2016-09-25 09:44:24.000000000 -0400
+++ /Applications/Xcode9-beta1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/NetworkExtension.framework/Headers/NetworkExtension.h	2017-05-20 02:25:01.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2015 Apple Inc.
+ * Copyright (c) 2014-2015, 2017 Apple Inc.
  * All rights reserved.
  */
 
@@ -15,6 +15,9 @@
 #import <NetworkExtension/NEAppProxyTCPFlow.h>
 #import <NetworkExtension/NEAppProxyUDPFlow.h>
 #import <NetworkExtension/NEAppRule.h>
+#import <NetworkExtension/NEDNSProxyManager.h>
+#import <NetworkExtension/NEDNSProxyProvider.h>
+#import <NetworkExtension/NEDNSProxyProviderProtocol.h>
 #import <NetworkExtension/NEDNSSettings.h>
 #import <NetworkExtension/NEFilterControlProvider.h>
 #import <NetworkExtension/NEFilterDataProvider.h>
@@ -25,6 +28,7 @@
 #import <NetworkExtension/NEFlowMetaData.h>
 #if TARGET_OS_IPHONE
 #import <NetworkExtension/NEHotspotHelper.h>
+#import <NetworkExtension/NEHotspotConfigurationManager.h>
 #endif
 #import <NetworkExtension/NEIPv4Settings.h>
 #import <NetworkExtension/NEIPv6Settings.h>
Add a custom footer

Bindings

Tips & tricks

Release Notes

Clone this wiki locally