In my application, there is a Network Extension with the bundle ID com.***.agent.yyy.zzz.ne. There is a user upgraded their system to macOS Sequoia 15.3, they faced an issue where enabling this Network Extension failed. Even after uninstalling the application and the Network Extension, restarting the system, and reinstalling multiple times, the enabling process still failed. it alert: Failed to enable the Network Extension. When checking the status via "systemextension list", it always shows "activated waiting for user". This shows the normal enabling process log: This shows the log when the enabling fails upon clicking. Strangely enough, there is no activation operation log when it fails. What could be the problem?

Our team has two products. The first product adds two /Library/LaunchDaemon startup items and one /Library/LaunchAgents startup item, which run normally after installation. A few months later, our team developed another product, which adds two /Library/LaunchDaemon startup items and one /Library/LaunchAgents startup item. However, we found that on some customers' systems, these startup items for the second product do not load correctly, and the processes do not start. Restarting the system does not resolve the issue. This occurs across systems running versions 14.5 to 14.6.1. The app's signatures, notarization, and Gatekeeper validations all pass. Eventually, we discovered that by disabling and then re-enabling our team's startup items in the System Settings - Login Items, all the startup items from our team load correctly. Could this be a caching bug related to new startup items from the same team?

- (NEFilterNewFlowVerdict *)handleNewFlow:(NEFilterFlow *)flow { DDLogDebug(@"method '%s' invoked for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString); int PEEKSIZE = 512; NEFilterNewFlowVerdict *flowVerdict = [NEFilterNewFlowVerdict filterDataVerdictWithFilterInbound:YES peekInboundBytes:PEEKSIZE filterOutbound:YES peekOutboundBytes:PEEKSIZE]; return flowVerdict; } - (NEFilterDataVerdict *)handleInboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes { DDLogDebug(@"method '%s' invoked for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString); return [self handlePacket:flow withExtraInfo: extraInfo]; } - (NEFilterDataVerdict *)handleOutboundDataFromFlow:(NEFilterFlow *)flow readBytesStartOffset:(NSUInteger)offset readBytes:(NSData *)readBytes { DDLogDebug(@"method '%s' invoked for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString); return [self handlePacket:flow withExtraInfo: extraInfo]; } - (NEFilterDataVerdict *)handleInboundDataCompleteForFlow:(NEFilterFlow *)flow { DDLogDebug(@"method '%s' invoked for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString); return [NEFilterDataVerdict allowVerdict]; } - (NEFilterDataVerdict *)handleOutboundDataCompleteForFlow:(NEFilterFlow *)flow { DDLogDebug(@"method '%s' invoked for flow: %@ ", __PRETTY_FUNCTION__, flow.identifier.UUIDString); return [NEFilterDataVerdict allowVerdict]; } 1. Why are handleInboundDataFromFlow and handleOutboundDataFromFlow sometimes not called? 2. If filtering for a flow, is it necessary not only to handle handleInboundDataFromFlow and handleOutboundDataFromFlow, but also to handle handleInboundDataCompleteForFlow and handleOutboundDataCompleteForFlow to ensure that all packets are processed? This is to avoid situations where some packets do not have a verdict returned, leading to a loss of internet connectivity. 3. In the context of flow handling, does handleInboundDataFromFlow or handleInboundDataCompleteForFlow get called exclusively, and similarly, does handleOutboundDataFromFlow or handleOutboundDataCompleteForFlow get called exclusively?