Wednesday, March 8, 2023

macOS Network Metrics Using sysctl()

Milen Dzhumerov:

As part of my work on the Buck2 build system, I needed a way to observe the network throughput of the system. After some research, the conclusion was to use sysctl() with NET_RT_IFLIST2: this provided access to 64bit metrics which do not suffer from overflowing that affects the 32bit fields of the older APIs.


If you looked at the traffic metrics, they would only ever increase in multiples of 1KiB. The reason for the behaviour is that the kernel applies batching to prevent malicious code from fingerprinting the system. This restriction applies only to 3rd party programs (i.e., not codesigned by Apple).


Upon further investigation, it became clear that the API truncates and wraps around the traffic metrics at the 4GiB mark. Again, this only affects 3rd party programs.

Update (2023-03-29): Mojo66:

BTW, my currently-in-development Mac app “DerPinger” uses [sysctl()] to fetch 64-bit interface metrics, and does not have problems with 4GB wrapping on 13.2.1.

I’m looking for beta testers.

Comments RSS · Twitter · Mastodon

Leave a Comment