Well, yes. You could start by looking to the documentation called "Network Kernel Extensions Programming Guide" [1]. There is a section called "IP Filters" which describes how IP filters work and how they integrate in the network stack. Using an IP filter and socket controls, your kext can then notify your users pace application for packets going out towards selected IP destinations. You could also do that at a higher level, using a socket filter. But you would then need to register a filter for each protocol that you would like to monitor. This approach has its own issues.
Whatever the kind of filter you select, going down this road will lead you to write a kernel extension. While this is not a hard task, it requires a rigorous programming style, thorough error handling and very careful planning. So, be sure you really want to invest some effort in it, and be absolutely positive that there is no other way to achieve whatever you are trying to do. To state the apple's documentation "Kernel code must be nearly perfect" "Kernel programming is a black art that should be avoided if at all possible." "kernel programming is an immense responsibility. You must be exceptionally careful to ensure that your code does not cause the system to crash, does not provide any unauthorized user access to someone else’s files or memory, does not introduce remote or local root exploits, and does not cause inadvertent data loss or corruption."
If this is your first kext, I would also recommend that you read: Kernel Extension Programming Topics [2] Kernel Programming Guide [3]
Depending on your background, you may also want : Networking Programming Topics [4] Networking Concepts [5] Networking Overview [6] Mac Technology Overview [7]
You can also check out the "Kernel Framework Reference" if you need it. [8]
Hope this helps, Jean
[2] https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/KEXTConcept/KEXTConcept.pdf[3] https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/KernelProgramming/KernelProgramming.pdf
Jean Suisse
Institut de Chimie Moléculaire de l’Université de Bourgogne
(ICMUB) — UMR 6302 U.F.R. Sciences et Techniques, Bâtiment Mirande
Aile B, bureau 411
9, avenue Alain Savary — B.P. 47870
21078 DIJON CEDEX – FRANCE
F: +339-7223-9232
On 19 oct. 2012, at 11:14, [ChungwaSoft] Fabian Jäger wrote: Dear Jean, all,
thank you for your response.
I am not so much interested in a certain protocol, but more a certain IP range (including all protocols/ports). Do you have any weblinks regarding how to implement your proposed IP filter technique?
Best regards,
Fabian
|