How to get socket filter descriptor value (sflt_filter.sf_handle) from apple site to register packet filtering

Question

How to get socket filter descriptor value (sflt_filter.sf_handle) from apple site to register packet filtering

I am trying to get a descriptor key for a socket filter to register packet filtering. I already registered it for TCP packets, now I want to register it for UDP packets. This descriptor key must be unique from other applications.

sflt_filter.sf_handle = 0xAACAF333;

I got it earlier than 2 years ago using the link ( http://developer.apple.com/datatype/ ), but now it is redirecting to another link.

I read a link which says that author codes are ignored 10.6 and higher. But to implement kext for batch filtering, we need this code to be unique.

Does anyone know how to get a unique key? OR no unique key required? Or their other way to use the pen now?

Thanks in advance.

+5

c udp kernel macos kernel-extension

hkb_macOSX Jan 28 '15 at 10:05

source share

1 answer

Arthur bulakaiev · Answer 1 · 2017-06-02T16:26:12+0000

I know the question is very outdated, but I ran into the same problem, and only for the following, who will be:

Now you can register and get a unique descriptor for calling the kev_vendor_code_find function of the filter from sys / kern_event.h, passing the packet identifier and a pointer to the uint32 variable.

After that, in user space, you can get this SIOCGKEVVENDOR ioctl descriptor by passing a pointer to the kev_vendor_code structure with the same package identifier in the vendor_string field.

You should not do anything to “unregister” this descriptor (but you must unregister the filter with this descriptor in the :: stop () driver)

How to get socket filter descriptor value (sflt_filter.sf_handle) from apple site to register packet filtering

More articles: