NEFilterRule
has a size on the heap of 24 bytes.
You have misunderstood how these sizes are calculated.
NEFilterRule
is a small object but it has references to lots of other objects. Moreover, it’s not just the in-memory cost you have to consider. The system has to move these rules between processes.
One way to get a rough understanding of this cost is to archive the resulting rules. For example:
let rules = (0..<50000).map { i -> NEFilterRule in
let b3 = i & 0xff
let b2 = (i >> 8) & 0xff
let endpoint = NWHostEndpoint.init(hostname: "1.2.\(b2).\(b3)", port: "0")
let networkRule = NENetworkRule(destinationNetwork: endpoint, prefix: 24, protocol: .any)
let filterRule = NEFilterRule(networkRule: networkRule, action: .filterData)
return filterRule
}
let settings = NEFilterSettings(rules: rules, defaultAction: .allow)
let start = Date()
let data = try! NSKeyedArchiver.archivedData(withRootObject: settings, requiringSecureCoding: true)
let end = Date()
print(end.timeIntervalSince(start))
print(data.count)
On my main work Mac (a 2016 MacBook Pro) it takes roughly 1.5 seconds to archive the rules and the resulting archive is roughly 16 MiB.
I am not entirely sure what you mean by processing the IP addresses into a smaller set of rules. I am not clear how that could be done.
My suggestion is that you group addresses by their common prefix. For example, if you have 1.2.3.4 and 1.2.3.13, you could create a rule that matches 1.2.3.0/28 (that is 1.2.3.0 through 1.2.3.15).
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
