如何在 macos 内核扩展中的设备上执行 IOCTL?
How do I perform IOCTLs on a device in a macos kernel extension?
在我的网络内核扩展中,我需要修改防火墙规则。所以我需要向 /dev/pf 设备发出一些 ioctl()s - 实现此目的的最佳方法是什么?
我似乎找不到任何用于打开设备然后执行相关 ioctl 命令的内核 API。
编辑:是的,我知道 NKE 已被弃用,但不幸的是我还不能在网络扩展 API 中做我想做的事。
函数 VNOP_IOCTL、declared in <bsd/vnode_if.h> 看起来应该可以满足您的要求,但我自己还没有尝试过:
*!
@function VNOP_IOCTL
@abstract Call down to a filesystem or device driver to execute various control operations on or request data about a file.
@discussion Ioctl controls are typically associated with devices, but they can in fact be passed
down for any file; they are used to implement any of a wide range of controls and information requests.
fcntl() calls VNOP_IOCTL for several commands, and will attempt a VNOP_IOCTL if it is passed an unknown command,
though no copyin or copyout of arguments can occur in this case--the "arg" must be an integer value.
Filesystems can define their own fcntls using this mechanism. How ioctl commands are structured
is slightly complicated; see the manual page for ioctl(2).
@param vp The vnode to execute the command on.
@param command Identifier for action to take.
@param data Pointer to data; this can be an integer constant (of 32 bits only) or an address to be read from or written to,
depending on "command." If it is an address, it is valid and resides in the kernel; callers of VNOP_IOCTL() are
responsible for copying to and from userland.
@param ctx Context against which to authenticate ioctl request.
@return 0 for success or a filesystem-specific error.
*/
extern errno_t VNOP_IOCTL(vnode_t vp, u_long command, caddr_t data, int fflag, vfs_context_t ctx);
struct vnop_select_args {
struct vnodeop_desc *a_desc;
vnode_t a_vp;
int a_which;
int a_fflags;
void *a_wql;
vfs_context_t a_context;
};
它作为 BSD KPI 的一部分导出。
在我的网络内核扩展中,我需要修改防火墙规则。所以我需要向 /dev/pf 设备发出一些 ioctl()s - 实现此目的的最佳方法是什么?
我似乎找不到任何用于打开设备然后执行相关 ioctl 命令的内核 API。
编辑:是的,我知道 NKE 已被弃用,但不幸的是我还不能在网络扩展 API 中做我想做的事。
函数 VNOP_IOCTL、declared in <bsd/vnode_if.h> 看起来应该可以满足您的要求,但我自己还没有尝试过:
*!
@function VNOP_IOCTL
@abstract Call down to a filesystem or device driver to execute various control operations on or request data about a file.
@discussion Ioctl controls are typically associated with devices, but they can in fact be passed
down for any file; they are used to implement any of a wide range of controls and information requests.
fcntl() calls VNOP_IOCTL for several commands, and will attempt a VNOP_IOCTL if it is passed an unknown command,
though no copyin or copyout of arguments can occur in this case--the "arg" must be an integer value.
Filesystems can define their own fcntls using this mechanism. How ioctl commands are structured
is slightly complicated; see the manual page for ioctl(2).
@param vp The vnode to execute the command on.
@param command Identifier for action to take.
@param data Pointer to data; this can be an integer constant (of 32 bits only) or an address to be read from or written to,
depending on "command." If it is an address, it is valid and resides in the kernel; callers of VNOP_IOCTL() are
responsible for copying to and from userland.
@param ctx Context against which to authenticate ioctl request.
@return 0 for success or a filesystem-specific error.
*/
extern errno_t VNOP_IOCTL(vnode_t vp, u_long command, caddr_t data, int fflag, vfs_context_t ctx);
struct vnop_select_args {
struct vnodeop_desc *a_desc;
vnode_t a_vp;
int a_which;
int a_fflags;
void *a_wql;
vfs_context_t a_context;
};
它作为 BSD KPI 的一部分导出。