Network Extension- Packet Filter vs Logs

Console.app shows a lot of logs from NEFilterPacketInterpose when you use a Network Extension (possibly a NEFilterPacketProvider) repeatedly.

I'm a bit worried by these from a performance point of view considering that:

  • there is a huge number of them over time.

  • turning off developer mode via systemextensionsctl does not appear to disable those logs.

  • these logs are printed for release flavors of NEs not just debug flavors.


Questions:

  • Is this pointless worrying and it does not have any impact on performances?

  • Is there a way to turn them off (not just filter them in Console.app)?

Up vote post of tartempion Down vote post of tartempion
886 views
Posted by
tartempion
Reply
Add a Comment

Replies

Any system generated logs from the Network System Extension itself should not impact system performance. If you are generating a high volume of your own logs with an API like os_log I want to same the same thing, that this should not impact system performance, but probably the right approach here is to take some measurements to validate this assertion. That way you have concrete measurements to know if this is pointless worrying or if there are places where it makes more sense to leave logging out of the equation.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
Keep in mind that the unified logging system is very good about minimising the logging overhead for log entries that aren’t being recorded. For example, log entries of type OS_LOG_TYPE_INFO and OS_LOG_TYPE_DEFAULT are not recorded by default and thus have virtually no impact on performance.

Conversely, watching these logs (in the Console app, with Action > Include {Info,Debug} Messages enabled, or using log stream) can significantly impact system performance.

If you’re curious how this works under the covers, I recommend watching WWDC 2016 Session 721 Unified Logging and Activity Tracing.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment