(related post: How to optimize my app for for a carrier-provided satellite network? ) I am trying to implement an app so that it works under a carrier-provided satellite network. The app uses (AS)WebAuthenticationSession for signing in. If the app is entitled to access a satellite network, will (AS)WebAuthenticationSession work as well? How about WKWebView and SFSafariViewController? Is there a way to test(simulate) a ultra-constrained network on a device or a simulator to see the expected behavior? Thanks,

I am trying to connect an iPhone 16 (iOS 18.3) to a Wi-Fi device with the SSID "DIRECT-DR_6930_KP201128", but every time, without being able to enter the Wi-Fi password, the message "Unable to join the network 'DIRECT-DR_6930_KP201128'" is displayed. Below are the system logs from the connection failure. Could you please tell me the cause of the connection failure? By the way, an iPhone SE 2nd (iOS 18.2.1) can connect to the same Wi-Fi device without any issues. System Logs: ・Jan 31 19:18:14 900-iPhone-16-docomo Preferences(WiFiKit)[351] : {ASSOC-} association finished for DIRECT-DR_6930_KP201128 - success 0 ・Jan 31 19:18:14 900-iPhone-16-docomo runningboardd(RunningBoard)[33] : Assertion 33-351-4412 (target:[app<com.apple.Preferences(DE1AB487-615D-473C-A8D6-EAEF07337B18)>:351]) will be created as inactive as start-time-defining assertions exist ・Jan 31 19:18:14 900-iPhone-16-docomo Preferences(WiFiKit)[351] : association failure: (error Error Domain=com.apple.wifikit.error Code=12 "Unknown Error" UserInfo={NSDebugDescription=Unknown Error, NSUnderlyingError=0x303307660 {Error　Domain=com.apple.corewifi.error.wifid Code=-3938 "(null)"}}) ・Jan 31 19:18:14 900-iPhone-16-docomo Preferences(WiFiKit)[351] : dismissing credentials view controller for DIRECT-DR_6930_KP201128

This problem doesn’t appear to relate to the app as everything worked when using http (although an https setup issue may still be the problem). The problem appears to relate to the SSL server certificate on the Ubuntu server and the fact that apple does not accept that it is secure. However I have no problem with the equivalent Android app or web browser connections to the same rest API web services. There are numerous posts on these problems on Apple and other Forums, but none have helped me successfully address the issue. I ran an SSL server test on https://www.ssllabs.com/ssltest/ which gives ratings for SSL sites. The test gave an A rating although a number of minor issues were shown that may be crucial to the iOS failure. Some Sectigo certificates said self signed, which I couldn't understand. Error message from XCode log attached 2025-09-10 10:28:01.725091+0100 locateandclock[2291:1585213] ATS failed system trust 2025-09-10 10:28:01.725192+0100 locateandclock[2291:1585213] Connection 1: system TLS Trust evaluation failed(-9802) 2025-09-10 10:28:01.725291+0100 locateandclock[2291:1585213] Connection 1: TLS Trust encountered error 3:-9802 2025-09-10 10:28:01.725352+0100 locateandclock[2291:1585213] Connection 1: encountered error(3:-9802) 2025-09-10 10:28:01.726727+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802]) 2025-09-10 10:28:01.736504+0100 locateandclock[2291:1585213] Task <4E41098F-6B71-4FB8-8753-78DD32961812>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x10681be00) s: *.xxxxxxxxxxx.co.uk i: Sectigo Public Server Authentication CA DV R36>", "<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>", "<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSErrorFailingURLStringKey=https://xxxxxxxxxxxx.co.uk/insertclocking, NSUnderlyingError=0x282361650 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281cf4460>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=( "<cert(0x10681be00) s: *.xxxxxxxxxxxxxco.uk i: Sectigo Public Server Authentication CA DV R36>", "<cert(0x10681c800) s: Sectigo Public Server Authentication CA DV R36 i: Sectigo Public Server Authentication Root R46>", "<cert(0x10681d200) s: Sectigo Public Server Authentication Root R46 i: Sectigo Public Server Authentication Root R46>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <4E41098F-6B71-4FB8-8753-78DD32961812>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281cf4460>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

We found there is a significant crash reports (most of them are from iOS 17, the rest are iOS 16 and 15) comes from network loader from CFNetwork. Apparently it seems there are two types of crashes if we checked from the stack trace, the one we found from both Xcode organizer and 3rd party crash reporter is referring to URLConnectionLoader::loadWithWhatToDo and the other one from our 3rd party crash reporter (didn’t found the report from Xcode organizer) referring to _CFURLResponseCreateFromArchiveList (this one only happened on iOS 17.5 and later devices). It seems that they are both kinda similar which might point to the same root cause. From what I’ve seen, we never touch the lower level API directly, we usually use the URLSession to manage our API request. The crashed stack trace also didn’t give any indication about which of our app code that triggered the crash, it only shows calls to Apple’s internal SDKs so we are unsure how to approach this issue meanwhile the crash event already reached 800+ in the last 30 days. Unfortunately, we cannot reproduce the issue as the stack trace itself seems unclear to us. I have submitted a report through feedback assistant with number: FB14679252. Would appreciate if anyone can give any advice on what we can do to avoid this in the future and probably any hint on why it could happened. Hereby I attached the crash reports that we found each from Xcode crash report and our 3rd party crash reporter (the report said it crashed on com.apple.CFNetwork.LoaderQ) so you could get a glimpse of the similarity. Xcode crash report xcode crash report.crash 3rd party crash report 3rd party crash report.txt

Hi, Our project is a MacOS SwiftUI GUI application that bundles a (Sandboxed) System Network Extension, signed with a Developer ID certificate for distribution outside of the app store. The system network extension is used to write a packet tunnel provider (NEPacketTunnelProvider), as our project requires the creation of a TUN device. In order for our System VPN to function, it must reach out to a (self-hosted) server (i.e. to discover a list of peers). Being self-hosted, this server is typically not accessible via the public web, and may only be accessible from within a VPN (such as those also implemented using NEPacketTunnelProvider, e.g. Tailscale, Cloudflare WARP). What we've discovered is that the networking code of the System Network Extension process does not attempt to use the other VPN network interfaces (utunX) on the system. In practice, this means requests to IPs and hostnames that should be routed to those interfaces time out. Identical requests made outside of the Network System Extension process use those interfaces and succeed. The simplest example is where we create a URLSession.downloadTask for a resource on the server. A more complicated example is where we execute a Go .dylib that continues to communicate with that server. Both types of requests time out. Two noteworthy logs appear when packets fail to send, both from the kernel 'process': cfil_hash_entry_log:6088 <CFIL: Error: sosend_reinject() failed>: [30685 com.coder.Coder-Desktop.VPN] <UDP(17) out so b795d11aca7c26bf 57728068503033955 57728068503033955 age 0> lport 3001 fport 3001 laddr 100.108.7.40 faddr 100.112.177.88 hash 58B15863 cfil_service_inject_queue:4472 CFIL: sosend() failed 49 I also wrote some test code that probes using a UDP NWConnection and NWPath availableInterfaces. When run from the GUI App, multiple interfaces are returned, including the one that routes the address, utun5. When ran from within the sysex, only en0 is returned. I understand routing a VPN through another is unconventional, but we unfortunately do need this functionality one way or another. Is there any way to modify which interfaces are exposed to the sysex? Additionally, are these limitations of networking within a Network System Extension documented anywhere? Do you have any ideas why this specific limitation might exist?

I've implemented a custom VPN system extension for macOS, utilizing Packet Tunnel Provider. One of the users reported a problem: he was connected to the VPN, and then his Mac entered sleep mode. Upon waking, the VPN is supposed to connect automatically (because of the on-demand rules). The VPN's status changed to 'connecting', but it remained stuck in this status. From my extension logs, I can see that the 'startTunnelWithOption()' function was called 2 minutes after the user clicked the 'connect' button. From the system logs, I noticed some 'suspicious' logs, but I can't be sure if they are related to the problem. Some of them are: kernel: (Sandbox) Sandbox: nesessionmanager(562) deny(1) system-fsctl (_IO "h" 47) entitlement com.apple.developer.endpoint-security.client not present or not true (I don't need this entitlement at the extension) nesessionmanager: [com.apple.networkextension:] NESMVPNSession[Primary Tunnel:XXXXXX(null)]: Skip a start command from YYYYY:session in state connecting NetworkExtension.com.***: RunningBoard doesn't recognize submitted process - treating as a anonymous process sysextd: activateDecision found existing entry of same version: state activated_enabled, ID FAE... Are any of the logs related to the above problem? How can I debug such issues? What info should I get from the user?

PLATFORM AND VERSION: iOS Development environment: Xcode 15.3, macOS 14.7.1 (23H222) Run-time configuration: iOS 18.3.1 DESCRIPTION OF PROBLEM: Our app uses NEHotspotConfigurationManager with joinOnce set to false to connect to an IoT device's Wi-Fi hotspot. Later, we programmatically disconnect from this hotspot. We are wondering if, after this programmatic disconnection, there is a possibility that the iPhone will automatically reconnect to the hotspot (even when our app is not running). Does it matter if the hotspot's SSID is hidden or not? This concern arises because the iPhone is already familiar with the hotspot's network configuration. Our testing indicates that this does not happen, but we want to be certain. This is a behavior we do NOT want to occur. We set joinOnce to false because we experience connectivity issues with the IoT device when joinOnce is true (there are several discussions in forums regarding issues with setting it to true). Thank you. Thanks.

Recently, my application was having trouble connecting socket using TCP protocol after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so socket connect interface worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and socket connect interfcae does not work properly (connect interface return errno 65, the system version and code have not changed). Fortunately, socket connect success after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for socket coonnect to take effect.

Recently, my application was having trouble sending udp messages after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so udp worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and udp does not work properly (no messages can be sent, the system version and code have not changed). Fortunately, udp worked after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for udp to take effect. I'm not sure if it's the system, or if it's a similar situation as described here, hopefully that will help me find out

iOS 18.4 introduced some requirements on the Key Usage of 802.1x server certificates, as described here. https://support.apple.com/en-us/121158 When using TLS_ECDHE_RSA or TLS_DHE_RSA cipher suites, 802.1X server certificates containing a Key Usage extension must have Digital Signature key usage set. When using the TLS_RSA cipher suite, 802.1X server certificates containing a Key Usage extension must have Key Encipherment key usage set. It reads like the change is supposed to affect 802.1x only. However, we have found out that the new restrictions are actually imposed on all TLS connections using the Network framework, including in Safari. Unlike other certificate errors which can be either ignored by users (as in Safari) or by code (via sec_protocol_options_set_verify_block), these new ones can't. Even if passing completion(true) in the TLS verification block, the connection still ends up in waiting state with error -9830: illegal parameter. I understand that these requirements are valid ones but as a generic TLS library I also expect that Network framework could at least allow overriding the behavior. The current treatment is not consistent with those on other certificate errors. Since I can't upload certificates, here is how to reproduce a certificate that fails. Create a OpenSSL config file test.cnf [ req ] default_bits = 2048 distinguished_name = dn x509_extensions = v3_ca prompt = no [ dn ] CN = example.com [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:TRUE keyUsage = critical, keyCertSign, cRLSign Generate certificate and private key openssl req -x509 -new -nodes -keyout key.pem -out cert.pem -days 365 -config test.cnf And here is the client code to test. // Target server and port let host = NWEndpoint.Host("example.com") let port = NWEndpoint.Port("443")! // Configure insecure TLS options let tlsOptions = NWProtocolTLS.Options() sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { _, _, completion in // Always trust completion(true) }, DispatchQueue.global()) let params = NWParameters(tls: tlsOptions) let connection = NWConnection(host: .init(host), port: .init(rawValue: port)!, using: params) connection.stateUpdateHandler = { newState in switch newState { case .ready: print("TLS connection established") case .failed(let error): print("Connection failed: \(error)") case .cancelled: print("Connection canceled") case .preparing: print("Connection preparing") case .waiting(let error): print("Connection waiting: \(error)") case .setup: print("Connection setup") default: break } } connection.start(queue: .global()) Output Connection preparing Connection waiting: -9830: illegal parameter Previously reported as FB17099740

Hi, I am trying to update an old prototype I made for tvOS using DNSServiceBrowse(). The target was tvOS 17. My old build from September 2023 still works fine: It can discover computers on the same local network as the Apple TV (simulator). However, now that I am using Xcode 16, the DNSServiceBrowse() callback (of type DNSServiceBrowseReply) receives the error code: -65570. The call to DNSServiceBrowse() itself returns no error, neither does the following call to DNSServiceProcessResult() — which actually triggers the call of the callback. I found nowhere in the Internet any list of possible error codes received by the callback, so I have no idea what it means. So, my first question is: What does this error code mean? (And is there any list of the possible errors somewehere, with their meaning?) Since it was a prototype, I have no provisioning profile defined for it. Could that be related to the issue? Since I will make a real app out that prototype (targeting tvOS 18), I will have to define a provisioning profile for it. Would a provisioning profile for the app solve the issue? If yes, are there any requirements for that profile that I should take into account to solve the issue? Thank you in advance for any help, Marc

I'm establishing a connection with NWListener and NWConnection which is working great. However, if the listener disappears, a lot of logs are appearing: Is there a way to hide these logs? I'm aware of OS_ACTIVITY_MODE=disabled, but that will also hide a lot of other logs. I also know you can hide these using Xcode's filtering. I'm looking for a programmatically way to hide these completely. I'm not interested in seeing these at all, or, at least, I want to be in control. Thanks!

Hi, I am developing the browser based on Chromium, which initially relies on the nw_browser stack for discovering locally available network resources. We have observed an issue where, after each software update—specifically, whenever additional files are written into the application bundle—a popup appears requesting the user to allow local network access, even if this permission was already granted. The behavior is reproducible: simply overwriting files in the app bundle (we are using rsync as Chromium), even while the application is already running, causes the prompt to reappear. We have also noticed that Chromium itself exhibits the same behavior. Also I found the mess in system settings, it has several Google Chrome for example: https://www.loom.com/share/da401f39ab134628807d77f1ca3185f5?from_recorder=1&focus_title=1 We would like to provide a smoother experience for our users and avoid confusing them with repeated permission prompts. Could you please advise on possible approaches or best practices to improve our update mechanism in this regard?

Our company has a VPN client that uses the Packet Tunnel Provider network extension and when 18 came out we noticed that we were no longer seeing DNS requests get sent to the VPNs TUN interface. Do a packet trace, once the VPN becomes active we see requests to _dns.resolver.arpa and 12-courier.push.apple.com, which both get resolved as expected. Also our main app that controls the VPN service and does authentication has to resolve a hostname to get to an authentication service and we see those requests just fine as well. However, when we try to resolve by going to a webpage in Safari we see no DNS request corresponding to that. What are we missing? At first I thought it was the RFC9461 stuff but from the packet traces I don't believe that is the case. I have also tried other networking tools to send the DNS requests and that failed as well.

We've received several reports of a new bug while setting up our products with WAC. The Accessory Setup UI appears with a blank network selected and the message 'This accessory will be set up to join "(null)".' at top. The user can tap "Show Other Networks..." to select another network, but this experience is very confusing. Why does this UI present a choice that is known to be invalid when other valid choices exist? I've captured a screenshot and sysdiagnose from this case. In most cases this problem happens only intermittently, but I can reproduce it consistently by disconnecting my iPhone from any WiFi network (WiFi remains enabled). My suggestion for a better user experience is that this UI should select the default network according to these rules: The network to which iPhone is currently connected. Any network which is in the known/my list for this iPhone Any valid network I believe rule #1 is the existing behavior, but applying rules #2 and #3 as fallbacks would be an improvement. Is there anything I can change in my iOS code or in my accessory's WAC server to improve this experience?

This is a major issue. After my iPhone 12 Pro was upgraded to iOS 26 beta 6, Apple's official Wi-Fi Aware Sample APP crashed immediately and couldn't be opened. It just force closes. Has any developer encountered this problem?

Hi, I'm trying to set up automated backups on my machine using a combination of restic, a wrapper script, and a launchd agent, but I think I'm hitting a problem with the local network privacy dialogue. Basically, the script sets up the environment variables for Restic, which then tries to backup to a local REST server. Problem is, when trying to do that, I get the following error: Fatal: unable to open config file: Head "https://X:X@X.X.X.network:8000/X/X.X.X.network/config": dial tcp 192.168.50.229:8000: connect: no route to host So it resolves DNS just fine, but can't connect to the local server. I tried a couple of things, tools such as ping work and can ping the local server, but nothing I do fixes the issue with restic itself. After reading about the network privacy feature, which I loved by the way, I believe it's the culprit here. This is the .plist file I'm using, which lives in ~/Library/LaunchAgents/com.james.local-backup.plist: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.james.local-backup</string> <key>ProgramArguments</key> <array> <string>/Users/james/.local/bin/replicator</string> <string>--backup</string> <string>rest:https://X.X.X.network:8000/X/X.X.X.network</string> </array> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/opt/homebrew/opt/coreutils/libexec/gnubin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string> <key>XDG_CONFIG_HOME</key> <string>/Users/james/.config</string> </dict> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>13</integer> <key>Minute</key> <integer>0</integer> </dict> <key>StandardErrorPath</key> <string>/tmp/com.user.backup.err</string> <key>StandardOutPath</key> <string>/tmp/com.user.backup.out</string> <key>ProcessType</key> <string>Background</string> </dict> </plist> The local network dialogue never shows up, so I can't give the wrapper script or restic access to the local network, which I assume is why it can't connect to the local server. Any way I can solve this? I could build a proper Swift CLI that calls restic, but I assume I'd hit the same issue. Plus, it seems overkill for my needs.

We've been directed here by Quinn in DTS. We use multicast/broadcast messages extensively in our physical products for discovery purposes. If, for whatever reason, our customers cannot get this to work on their home Wi-Fi network, we advise that they connect to an iPhone hotspot to confirm behaviour and perform firmware updates as needed. As of iOS 18, we're seeing odd behaviour when using Personal Hotspot. Interestingly, we're also seeing that client devices connected to the Hotspot network are not showing a Subnet Mask in the Wi-Fi Details screen in the iOS Settings app - I don't know if that's related. We're also seeing that screen show an IP address of 192.0.0.2 for all client iPhones connected to an iPhone Hotspot. Getting more specific, we're seeing that multicast messages are no longer being received by clients when connected to an iPhone Hotspot where the iPhone running the hotspot is running iOS 18.0 or newer. By "multicast", I mean we're using a BSD socket to send data to 255.255.255.255 I've confirmed that our app has the multicast entitlement, the user has granted Local Network permission, and we've created a small sample app that demonstrates this behaviour perfectly - when connected to any other test network, multicast messages are received correctly by clients. We've also confirmed that this behaviour doesn't happen when the iPhone running the hotspot is running older iOS versions. We've tried a number of iOS 17.x releases and a number of iOS 16.x releases specifically with our sample app, but have been using this exact code since our app's original iOS 9 deployment target and have had no issues until now.

I need to run multiple, slightly different copies of a modeling tool, which all need access to a model repository on a different machine. Security Settings -> Network tends to pick one modeling tool (and unfortunately the wrong one) for permission, but the dialog offers no way to add the other copies manually. Where can I configure the permission on low level. [macOS Sequoia 15.6.1]

I am trying to make http3 client with Network.framework on Apple platforms. Codes that implement NWConnectionGroup.start with NWListener don't always work with warning below. I assume NWConnectionGroup.newConnectionHandler or NWListener.newConnectionHandler will be called to start connection from the server if it works. nw_protocol_instance_add_new_flow [C1.1.1:2] No listener registered, cannot accept new flow quic_stream_add_new_flow [C1.1.1:2] [-fde1594b83caa9b7] failed to create new stream for received stream id 3 so I tried: create the NWListener -> not work check whether NWConnectionGroup has a member to register or not NWListener -> not work (it doesn't have). use NWConnection instead of NWConnectionGroup -> not work Is my understanding correct? How should I do to set or associate listener with NWConnection/Group for newConnectionHandler is called and to delete wanings? What is the best practice in the case? Sample codes are below. Thanks in advance. // http3 needs unidirectional stream by the server and client. // listener private let _listener: NWListener let option: NWProtocolQUIC.Options = .init(alpn:["h3"]) let param: NWParameters = .init(quic: option) _listener = try! .init(using: param) _listener.stateUpdateHandler = { state in print("listener state: \(state)") } _listener.newConnectionHandler = { newConnection in print("new connection added") } _listener.serviceRegistrationUpdateHandler = { registrationState in print("connection registrationstate") } // create connection private let _group: NWConnectionGroup let options: NWProtocolQUIC.Options = .init(alpn: ["h3"]) options.direction = .unidirectional options.isDatagram = false options.maxDatagramFrameSize = 65535 sec_protocol_options_set_verify_block(options.securityProtocolOptions, {(_: sec_protocol_metadata_t, _: sec_trust_t, completion: @escaping sec_protocol_verify_complete_t) in print("cert completion.") completion(true) }, .global()) let params: NWParameters = .init(quic: options) let group: NWMultiplexGroup = .init( to: .hostPort(host: NWEndpoint.Host("google.com"), port: NWEndpoint.Port(String(443))!)) _group = .init(with: group, using: params) _group.setReceiveHandler {message,content,isComplete in print("receive: \(message)") } _group.newConnectionHandler = {newConnection in print("newConnectionHandler: \(newConnection.state)") } _group.stateUpdateHandler = { state in print("state: \(state)") } _group.start(queue: .global()) _listener.start(queue: .global()) if let conn = _group.extract() { let data: Data = .init() let _ = _group.reinsert(connection: conn) conn.send(content: data, completion: .idempotent) }