Socket/Interface filter Ioctl callback not getting called

Question

I have a small C program that does the following:

 int fd;
 fd = socket(AF_INET, SOCK_STREAM, 0);

 ioctl(fd, ..., ...);

 close(fd);

My kext ioctl callback looks as follows:

errno_t
Router::Ioctl(void *cookie, socket_t so, unsigned long request, const char* argp)
{
    IOLog("-- SOCK IOCTL Request is %lu\n", request);
    return KERN_SUCCESS;
}

When I open a web page in Safari and stuff, I can see the output in the Console application

default 16:09:08.557920 +0200 kernel -- IOCTL Request is 2147772030

But when I execute my C program, it seems like it 'skips' my kext and nothing is printed.

Ideas on why this happens?

EDIT

Just for the sake of it, I also tried doing the same with an Interface filter - same result

Answer 1

Not a conclusive answer as such, as your sample code is extremely vague and incomplete. A few suggestions and extra information that might help diagnose this:

1. What does your sflt_register() call look like? Your socket is a datagram (UDP) socket, but Safari is probably using a stream (TCP) socket. Socket filters are for one type of socket.

2. What ioctl are you performing in your test program? (Are you aware that custom ioctls on sockets are not supported?)

3. Do you see other (non-ioctl) socket events in your filter?

4. What were you expecting in the interface filter? Ioctls to a socket don't propagate to the interface.

5. Finally, be aware that NKEs are effectively deprecated. If you will likely need NKE functionality over the next few macOS releases, you need to get in touch with Apple. (Radar enhancement request and/or DTS)