kern_return_t SocketForward_start(kmod_info_t* ki, void* d)
{
kern_return_t ret = KERN_SUCCESS;
pp("启动");
if (alloc_locks() != 0) {
ret = KERN_FAILURE;
goto finally;
}
ret = sf_init();
if (ret != 0) {
goto finally;
}
ret = sflt_register(&sf_sflt_filter, PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ret == 0) {
pp("sflt_register 注册, 返回 %d.", ret);
} else {
pp("sflt_register 注册失败, 返回 %d.", ret);
goto finally;
}
return ret;
g_filter_registered = TRUE;
finally:
sflt_unregister(SF_HANDLE);
free_locks();
return ret;
}
bool IOWebFilterClass::start (IOService *provider)
{
bool res = super::start(provider);
IOLog("IOKitTest::start\n");
if(!_queue)
{
_queue = IOSharedEventQueue::withCapacity(MAX_SHAREDMEM_SIZE);
}
sflt_register(&ipv4_filter, PF_INET, SOCK_STREAM, IPPROTO_TCP);
registerService();
return res;
}
//register socket filters
kern_return_t registerSocketFilters()
{
//return
IOReturn result = kIOReturnError;
//status var
kern_return_t status = kIOReturnError;
//dbg msg
IOLog("LULU: in %s\n", __FUNCTION__);
//sanity check
if( (true == gRegisteredTCPIPV4) ||
(true == gRegisteredUDPIPV4) ||
(true == gRegisteredTCPIPV6) ||
(true == gRegisteredUDPIPV6) )
{
//err msg
IOLog("LULU ERROR: socket filters already registered (%d/%d/%d/%d)\n", gRegisteredTCPIPV4, gRegisteredUDPIPV4, gRegisteredTCPIPV6, gRegisteredUDPIPV6);
//bail
goto bail;
}
//register socket filter
// ->AF_INET domain, SOCK_STREAM type, TCP protocol
status = sflt_register(&tcpFilterIPV4, AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(kIOReturnSuccess != status)
{
//err msg
IOLog("LULU ERROR: sflt_register('tcpFilterIPV4') failed with %d\n", status);
//bail
goto bail;
}
//set global flag
gRegisteredTCPIPV4 = true;
//dbg msg
IOLog("LULU: registerd socker filter for tcp ipv4\n");
//register socket filter
// ->AF_INET domain, SOCK_DGRAM type, UDP protocol
status = sflt_register(&udpFilterIPV4, AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if(kIOReturnSuccess != status)
{
//err msg
IOLog("LULU ERROR: sflt_register('udpFilterIPV4') failed with %d\n", status);
//bail
goto bail;
}
//set global flag
gRegisteredUDPIPV4 = true;
//dbg msg
IOLog("LULU: registerd socker filter for udp ipv4\n");
//register socket filter
// ->AF_INET6 domain, SOCK_STREAM type, TCP protocol
status = sflt_register(&tcpFilterIPV6, AF_INET6, SOCK_STREAM, IPPROTO_TCP);
if(kIOReturnSuccess != status)
{
//err msg
IOLog("LULU ERROR: sflt_register('tcpFilterIPV6') failed with %d\n", status);
//bail
goto bail;
}
//set global flag
gRegisteredTCPIPV6 = true;
//dbg msg
IOLog("LULU: registerd socker filter for tcp ipv6\n");
//register socket filter
// ->AF_INET6 domain, SOCK_DGRAM type, UDP protocol
status = sflt_register(&udpFilterIPV6, AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if(kIOReturnSuccess != status)
{
//err msg
IOLog("LULU ERROR: sflt_register('udpFilterIPV6') failed with %d\n", status);
//bail
goto bail;
}
//set global flag
gRegisteredUDPIPV6 = true;
//dbg msg
IOLog("LULU: registerd socker filter for udp ipv6\n");
//happy
result = kIOReturnSuccess;
bail:
return result;
}
__private_extern__
int pp_filter_register()
{
struct sflt_filter pp_filter = {
0, // sf_handle
SFLT_GLOBAL, // sf_flags
0, // sf_name
ppfilter_unregister, // sf_unregistered
ppfilter_attach, // sf_attach
ppfilter_detach, // sf_detach
NULL, // sf_notify
NULL, // sf_getpeername
NULL, // sf_getsockname
NULL, // sf_data_in
NULL, // sf_data_out
ppfilter_connect_in, // sf_connect_in
ppfilter_connect_out, // sf_connect_out
NULL, // sf_bind
NULL, // sf_setoption
NULL, // sf_getoption
NULL, // sf_listen
NULL, // sf_ioctl
};
int i;
for(i=0; i < PP_DYN_ENTRIES_COUNT; ++i)
pp_dyn_entries[i].addr = INADDR_NONE;
pp_dynlck = lck_spin_alloc_init(pp_spin_grp, LCK_ATTR_NULL);
if (!pp_dynlck)
return (ENOMEM);
errno_t err;
pp_filter.sf_handle = PP_FILTER_TCP_HANDLE;
// data filter is used for PASV FTP support
pp_filter.sf_data_in = ppfilter_data_in;
pp_filter.sf_name = "PeerGuardian TCP";
if ((err = sflt_register(&pp_filter, AF_INET, SOCK_STREAM, IPPROTO_TCP))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
return (err);
}
pp_filter.sf_handle = PP_FILTER_TCP6_HANDLE;
pp_filter.sf_name = "PeerGuardian TCP6";
if ((err = sflt_register(&pp_filter, AF_INET6, SOCK_STREAM, IPPROTO_TCP))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
pp_filter_deregister_handle(PP_FILTER_TCP_HANDLE, &tcpFiltDone);
goto filter_register_exit;
}
pp_filter.sf_data_in = (typeof(pp_filter.sf_data_in))NULL;
// UDP can "connect", but it can also just send the data, so we need to monitor both
pp_filter.sf_data_in = ppfilter_data_in_raw;
pp_filter.sf_data_out = ppfilter_data_out_raw;
pp_filter.sf_handle = PP_FILTER_UDP_HANDLE;
pp_filter.sf_name = "PeerGuardian UDP";
if ((err = sflt_register(&pp_filter, AF_INET, SOCK_DGRAM, IPPROTO_UDP))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
pp_filter_deregister_handle(PP_FILTER_TCP_HANDLE, &tcpFiltDone);
pp_filter_deregister_handle(PP_FILTER_TCP6_HANDLE, &tcp6FiltDone);
goto filter_register_exit;
}
pp_filter.sf_handle = PP_FILTER_UDP6_HANDLE;
pp_filter.sf_name = "PeerGuardian UDP6";
if ((err = sflt_register(&pp_filter, AF_INET6, SOCK_DGRAM, IPPROTO_UDP))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
pp_filter_deregister_handle(PP_FILTER_TCP_HANDLE, &tcpFiltDone);
pp_filter_deregister_handle(PP_FILTER_TCP6_HANDLE, &tcp6FiltDone);
pp_filter_deregister_handle(PP_FILTER_UDP_HANDLE, &udpFiltDone);
goto filter_register_exit;
}
// RAW sockets don't "connect", they just send/recv data
pp_filter.sf_connect_in = (typeof(pp_filter.sf_connect_in))NULL;
pp_filter.sf_connect_out = (typeof(pp_filter.sf_connect_out))NULL;
// Failures of the following are not fatal
pp_filter.sf_handle = PP_FILTER_ICMP_HANDLE;
pp_filter.sf_name = "PeerGuardian ICMP";
if ((err = sflt_register(&pp_filter, AF_INET, SOCK_RAW, IPPROTO_ICMP))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
icmpFiltDone = -1;
}
pp_filter.sf_handle = PP_FILTER_ICMP6_HANDLE;
pp_filter.sf_name = "PeerGuardian ICMP6";
if ((err = sflt_register(&pp_filter, AF_INET6, SOCK_RAW, IPPROTO_ICMPV6))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
icmp6FiltDone = -1;
}
pp_filter.sf_handle = PP_FILTER_RAW_HANDLE;
pp_filter.sf_name = "PeerGuardian RAW";
if ((err = sflt_register(&pp_filter, AF_INET, SOCK_RAW, IPPROTO_RAW))) {
printf("PeerGuardian: Failed to register '%s' filter: %d.\n", pp_filter.sf_name, err);
rawFiltDone = -1;
}
err = 0;
filter_register_exit:
if (err && pp_dynlck)
lck_spin_free(pp_dynlck, pp_spin_grp);
return (err);
}