What is the memory limit for a network extension?

I've been wondering what is the memory limit for network extensions. Specifically, I'm using the NEPacketTunnelProvider extension point.

The various posts on this forum mention 5 MB and 6 MB for 32-bit and 64-bit respectively. However I find that (at least on iOS 10) the upper limit seems to be 15 MB. Is this the new memory limit for extensions?

Answered by DTS Engineer in 732711022

Any chance of listing the figures for iOS 16?

This is what I’m seeing on iOS 16.0:


Provider Limit (MiB)
packet tunnel 50
app proxy 15
filter control 50
filter data 50
DNS proxy 15
app push 24

Be aware that I tested this on a very modern device, because that’s what I have iOS 16 installed on; it’s possible that the limits are lower on older devices.

And, just so we’re clear:

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device and OS combinations.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

You’re right that the limit for packet tunnel providers has been raised. However, other providers still have really low limits. Here’s what I’m seeing currently.

Provider32-bit64-bit
packet tunnel14 MiB15 MiB
app proxy14 MiB15 MiB
filter control5 MiB6 MiB
filter data5 MiB6 MiB

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device / OS combinations.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

thanks Quinn,


our delivery of using the filter extensions would go from server based to local smart device if the 5/6 mb limits would be raised to 14/15. this would be an absolute game changer for us and change our entire focus and delivery

our delivery of using the filter extensions would go from server based to local smart device if the 5/6 mb limits would be raised to 14/15. this would be an absolute game changer for us and change our entire focus and delivery

Fair enough. If you want to get this feedback in front of folks who have the ability to actually change things, I recommend you file an enhancement request with the details. Please post your bug number, just for the record.

On a technical note, have you looked at using memory mapped files? It seems to me that content filters are likely to have a large amount of data that’s read a lot and only written too infrequently. That’s a good match for memory mapping, and memory mapping can radically change the memory management game.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

bug number 31223449



as always quinn, a pleasure talking with you

I had cause to look at the iOS 11 numbers today and I figured I might as well post an update here (for the benefit of Future Quinn™ if no one else).

Provider64-bit
packet tunnel15 MiB
app proxy15 MiB
filter control6 12 MiB
filter data12 6 MiB
DNS proxy15 MiB

The big change here is the increased headroom on the filter control provider. It looks like steelhead’s bug report got some traction (r. 31223449).

IMPORTANT These limits have changed in the past and may well change in the future. I’m posting them to assist in your debugging. You should not hard code knowledge about these limits into your code. The only way to ensure that your provider can run within the system’s memory limits is to thoroughly test it on a wide range of device / OS combinations.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo,

I have implemented NEPacketTunnelProvider and VPN is connected successfuly in iOS, But when i am launching container app agiain as soon as i get call on


- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions function of container app, the extension process terminated. and i can't get the status of VPN that should be in connected state.

I want to continue with the same process that was started earlier. Is there any way to acheive this.


Thanks,

Amit

I recommend that you open a new thread for this question; it’s way off topic for this thread.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Could you please also update these numbers for iOS 12?

Could you please also update these numbers for iOS 12?

I’m happy to take another look at this once iOS 12 ships.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hello Future Quinn™!


Two questions:


1/ You say for iOS 11: "The big change here is the increased headroom on the filter control provider"

But in what you pasted, the filter control provider got not change (6 Mb, just like the previous version).

Did you mean the filter data provider, or did you swap the values in the table?


2/ iOS 12 is now available, would you be able to share the values for it, pretty please? 😀


Thanks a lot for this!

… did you swap the values in the table?

Yeah, that. I’ve edited the post to fix this.

iOS 12 is now available, would you be able to share the values for it, pretty please?

I had a quick look and, AFAICT, the limits are the same as iOS 11.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo,

Does this memory limit also apply on mac OS?


Thanks,

Jeff

Hi Eskimo,

Could you please also update these numbers for iOS 13 and iPadOS 13?

Hello eskimo, I want to know about the issue of Network Extension memory limit in iOS 13 or later, Will it add memory to the Network Extension?

Any update now? About the memory limit on mac OS?

What is the memory limit for a network extension?
 
 
Q