Remove or raise memory limit for Packet Tunnel Provider extension
| Originator: | a.pritchard | ||
| Number: | rdar://27660401 | Date Originated: | 2016-08-02 |
| Status: | Resolved | Resolved: | 2021-11-23 |
| Product: | iOS | Product Version: | iOS 9.x |
| Classification: | Enhancement | Reproducible: | Always |
We are implementing a custom protocol Packet Tunnel Provider, using the NEPacketTunnelProvider API. Our extension code consists of a NEPacketTunnelProvider subclass, a tunneling engine, and a relay to feed IP packet flow between the tunneling engine and the NEPacketTunnelProvider API. We have found that once we start our tunneling engine, our extension is terminated and we find a JetsamEvent diagnostic log indicating the "reason" is "per-process-limit". (We have also reproduced this termination by simply allocating a large byte buffer (~4MB) instead of starting our tunneling engine.) Apple technical support has confirmed that there is a 5-6MB memory limit for network extensions, raised to 15MB in iOS 10 Beta 2. These limits are insufficient. Our tunneling engine is more complex than a simple VPN since our app is a censorship circumvention system (https://psiphon3.com) which needs to try different tunneling protocols and discover new proxy servers, using a variety of mechanisms, in order to establish multiple simultaneous tunnels. (It is also certain that, in the future, we will need to add increasingly complex and intelligent mechanisms for bypassing censorship.) Our app is used by people who have only censored access to the internet, typically preventing them from accessing Facebook, Twitter, and other sites and services. Our VPN app is quite literally the most important app that they run -- without it many other apps are unusable. We are requesting that the memory limit be removed for VPN network extensions. (If there needs to be a limit, we are asking that it be at least 100MB.) We have tested our tunneling engine running in a normal app and it works fine, although the app lifetime isn't suitable for a long running tunnel. We have made efforts to reduce memory usage, such as limiting buffer sizes and growth, and restricting the number of tunnels. But there is absolutely no way that our censorship circumvention toolkit will run under the tiny network extension limit. Steps to Repro: 1. Make a Packet Tunnel Provider extension. 2. Allocate a large memory buffer. Expected Results: Successfully allocate required memory. Actual Results: Extension is terminated with per-process-limit Jetsam event.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
iOS 15 limit increase
As of iOS 15 the limit has been raised to 50MB. This is much more manageable and probably sufficient.
I'm going to close this issue (if I can figure out how).