What is the memory limit for a network extension?

You’re right that the limit for packet tunnel providers has been raised. However, other providers still have really low limits. Here’s what I’m seeing currently.

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device / OS combinations.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

thanks Quinn,

our delivery of using the filter extensions would go from server based to local smart device if the 5/6 mb limits would be raised to 14/15. this would be an absolute game changer for us and change our entire focus and delivery

our delivery of using the filter extensions would go from server based to local smart device if the 5/6 mb limits would be raised to 14/15. this would be an absolute game changer for us and change our entire focus and delivery

Fair enough. If you want to get this feedback in front of folks who have the ability to actually change things, I recommend you file an enhancement request with the details. Please post your bug number, just for the record.

On a technical note, have you looked at using memory mapped files? It seems to me that content filters are likely to have a large amount of data that’s read a lot and only written too infrequently. That’s a good match for memory mapping, and memory mapping can radically change the memory management game.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

bug number 31223449

as always quinn, a pleasure talking with you

I had cause to look at the iOS 11 numbers today and I figured I might as well post an update here (for the benefit of Future Quinn™ if no one else).

The big change here is the increased headroom on the filter control provider. It looks like steelhead’s bug report got some traction (r. 31223449).

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device / OS combinations.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo,

I have implemented NEPacketTunnelProvider and VPN is connected successfuly in iOS, But when i am launching container app agiain as soon as i get call on


- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions function of container app, the extension process terminated. and i can't get the status of VPN that should be in connected state.

I want to continue with the same process that was started earlier. Is there any way to acheive this.


Thanks,

Amit

I recommend that you open a new thread for this question; it’s way off topic for this thread.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Could you please also update these numbers for iOS 12?

Could you please also update these numbers for iOS 12?

I’m happy to take another look at this once iOS 12 ships.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hello Future Quinn™!

Two questions:

1/ You say for iOS 11: "The big change here is the increased headroom on the filter control provider"

But in what you pasted, the filter control provider got not change (6 Mb, just like the previous version).

Did you mean the filter data provider, or did you swap the values in the table?

2/ iOS 12 is now available, would you be able to share the values for it, pretty please? 😀

Thanks a lot for this!

… did you swap the values in the table?

Yeah, that. I’ve edited the post to fix this.

iOS 12 is now available, would you be able to share the values for it, pretty please?

I had a quick look and, AFAICT, the limits are the same as iOS 11.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo,

Does this memory limit also apply on mac OS?

Thanks,

Jeff

Hi Eskimo,

Could you please also update these numbers for iOS 13 and iPadOS 13?

Hello eskimo, I want to know about the issue of Network Extension memory limit in iOS 13 or later, Will it add memory to the Network Extension?

Any update now? About the memory limit on mac OS?

Hi Eskimo,

Does this memory limit also apply on mac OS?

Does this memory limit also apply on mac OS?

It seems memory limits changed for iOS 15, at least for tunnel providers it seems to be 50 MB now. Can you confirm this @eskimo?

for tunnel providers it seems to be 50 MB now.

Indeed. That’s a big bump!

Anyway, here’s what I see on iOS 15.0:

And, just so we’re clear:

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device and OS combinations.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Is ios14 still 15m?

A quick check on iOS 14 (specifically iOS 14.8) indicates that has the same 15 MiB limit for packet tunnel providers as earlier systems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo - Any chance of listing the figures for iOS 16? Any changes?

Any chance of listing the figures for iOS 16?

This is what I’m seeing on iOS 16.0:

Be aware that I tested this on a very modern device, because that’s what I have iOS 16 installed on; it’s possible that the limits are lower on older devices.

And, just so we’re clear:

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device and OS combinations.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi Quinn

Looks like something is changed on iOS 17. Memory limit for Packet tunnel seems to be back to 15 Mb. Please see below logs where network extension is terminating at 12 Mb.Can you please check on your end if its a regression or new kind of restriction?

com.apple.MemoryMonitor default 30 2023-11-05 22:27:13.606499 -0800 UserEventAgent kernel jetsam snapshot note received
com.apple.xpc default 13177 2023-11-05 22:27:13.606503 -0800 com.apple.WebKit.Networking [0xc46648d20] activating connection: mach=true listener=false peer=false name=com.apple.trustd
com.apple.xpc default 134 2023-11-05 22:27:13.606630 -0800 trustd [0xc7ca4bdc0] activating connection: mach=false listener=false peer=true name=com.apple.trustd.peer.0xc7ca4bdc0
com.apple.securityd default 134 2023-11-05 22:27:13.607994 -0800 trustd Leaf has invalid basic constraints
com.apple.xpc default 13129 2023-11-05 22:27:13.609266 -0800 neagent [0xdcaa07ee0] invalidated on xpc_connection_cancel()
 default  2023-11-05 22:27:13.609347 -0800 kernel memorystatus: Looking for highwatermark kills.
 default  2023-11-05 22:27:13.609488 -0800 kernel memorystatus: Looking for highwatermark kills.
com.apple.securityd default 134 2023-11-05 22:27:13.609518 -0800 trustd ocsp responder: (null) did not include status of requested cert
com.apple.networkextension default 13130 2023-11-05 22:27:13.610271 -0800 tunnel [Extension com.test.test.tunnel]: Calling stopTunnelWithReason because: Stop command received



 default  2023-11-05 22:27:13.599524 -0800 kernel memorystatus: Looking for highwatermark kills.
 default  2023-11-05 22:27:13.599989 -0800 kernel memorystatus: killing process 13106 [nesessionmanager] in high band ? (140) - memorystatus_available_pages: 54696
 default  2023-11-05 22:27:13.604593 -0800 kernel 233725.356 memorystatus: killing_highwater_process pid 13106 [nesessionmanager] (highwater 140) 12929KB - memorystatus_available_pages: 56673 compressor_size:126801
 default  2023-11-05 22:27:13.609347 -0800 kernel memorystatus: Looking for highwatermark kills.
 default  2023-11-05 22:27:13.609488 -0800 kernel memorystatus: Looking for highwatermark kills.
 default  2023-11-05 22:27:13.758230 -0800 kernel nehelper[13175] Corpse allowed 1 of 5


 default  2023-11-05 22:27:13.604593 -0800 kernel 233725.356 memorystatus: killing_highwater_process pid 13106 [nesessionmanager] (highwater 140) 12929KB - memorystatus_available_pages: 56673 compressor_size:126801
pid/13106 [nesessionmanage] default 1 2023-11-05 22:27:13.605747 -0800 launchd shutting down
pid/13106 [nesessionmanage] default 1 2023-11-05 22:27:13.605778 -0800 launchd cleaning up
user/501/com.apple.nesessionmanager [13106] default 1 2023-11-05 22:27:13.606004 -0800 launchd exited with exit reason (namespace: 1 code: 0x2) - JETSAM_REASON_MEMORY_HIGHWATER
user/501/com.apple.nesessionmanager [13106] default 1 2023-11-05 22:27:13.606009 -0800 launchd process exited in a dirty state
user/501/com.apple.nesessionmanager [13106] default 1 2023-11-05 22:27:13.606017 -0800 launchd service state: exited
user/501/com.apple.nesessionmanager [13106] default 1 2023-11-05 22:27:13.606081 -0800 launchd internal event: EXITED, code = 0

FYI, I had a quick look at this today and both iOS 17 and iOS 18 (currently a release candidate) seems to have the same limits as iOS 16.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

How about iOS 26? Any plan for larger memory size?