CODEWITHSUNDEEP
macosfirewallkernel-extension
horseyguy
horseyguy

Reputation: 29915

How do I perform IOCTLs on a device in a macos kernel extension?

In my Network Kernel Extension i need to modify the firewall rules. So i need to issue some ioctl()s to the /dev/pf device - what is the best way to achieve this?

I can't seem to find any kernel APIs for opening a device and then performing the relevant ioctl commands.

EDIT: Yes i know NKEs are deprecated, but unfortunately I cannot do what I want in the Network Extension API just yet.

Upvotes: 0

Views: 1339

Answers (1)

pmdj
pmdj

Reputation: 23438

The function VNOP_IOCTL, declared in <bsd/vnode_if.h>, looks like it should do what you want, but I've not tried it myself:

*!
 @function VNOP_IOCTL
 @abstract Call down to a filesystem or device driver to execute various control operations on or request data about a file.
 @discussion Ioctl controls are typically associated with devices, but they can in fact be passed
 down for any file; they are used to implement any of a wide range of controls and information requests. 
 fcntl() calls VNOP_IOCTL for several commands, and will attempt a VNOP_IOCTL if it is passed an unknown command, 
 though no copyin or copyout of  arguments can occur in this case--the "arg" must be an integer value.  
 Filesystems can define their own fcntls using this mechanism.  How ioctl commands are structured 
 is slightly complicated; see the manual page for ioctl(2).
 @param vp The vnode to execute the command on.
 @param command Identifier for action to take.
 @param data Pointer to data; this can be an integer constant (of 32 bits only) or an address to be read from or written to, 
 depending on "command."  If it is an address, it is valid and resides in the kernel; callers of VNOP_IOCTL() are 
 responsible for copying to and from userland.
 @param ctx Context against which to authenticate ioctl request.
 @return 0 for success or a filesystem-specific error.  
 */
extern errno_t VNOP_IOCTL(vnode_t vp, u_long command, caddr_t data, int fflag, vfs_context_t ctx);

struct vnop_select_args {
    struct vnodeop_desc *a_desc;
    vnode_t a_vp;
    int a_which;
    int a_fflags;
    void *a_wql;
    vfs_context_t a_context;
};

It's exported as part of the BSD KPI.

Upvotes: 1

Related Questions