Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Support for iOS next compiling (but kextload not yet working)

  • Loading branch information...
commit be8589bc4eded2efe564721cd15e38c834e689f3 1 parent 3600142
@ccp0101 authored
View
143 kernet.xcodeproj/project.pbxproj
@@ -15,8 +15,7 @@
741248B3130E036B00715730 /* manipulator.c in Sources */ = {isa = PBXBuildFile; fileRef = 741248AB130E036B00715730 /* manipulator.c */; };
741248CD130E03EB00715730 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 741248CC130E03EB00715730 /* main.c */; };
741248D3130E058500715730 /* common.h in Headers */ = {isa = PBXBuildFile; fileRef = 741248A2130E036B00715730 /* common.h */; };
- 74DAA0AC13125DFB00BE59FD /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 74DAA0AB13125DFB00BE59FD /* main.c */; };
- 74DAA0B21312689400BE59FD /* libpcre.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 74DAA0B11312689400BE59FD /* libpcre.dylib */; };
+ 7EF3551013FE90530049B88C /* ios_supporting.c in Sources */ = {isa = PBXBuildFile; fileRef = 7EF3550F13FE90530049B88C /* ios_supporting.c */; };
/* End PBXBuildFile section */
/* Begin PBXCopyFilesBuildPhase section */
@@ -29,15 +28,6 @@
);
runOnlyForDeploymentPostprocessing = 1;
};
- 74DAA0A613125DFB00BE59FD /* CopyFiles */ = {
- isa = PBXCopyFilesBuildPhase;
- buildActionMask = 2147483647;
- dstPath = /usr/share/man/man1/;
- dstSubfolderSpec = 0;
- files = (
- );
- runOnlyForDeploymentPostprocessing = 1;
- };
/* End PBXCopyFilesBuildPhase section */
/* Begin PBXFileReference section */
@@ -50,11 +40,13 @@
741248A9130E036B00715730 /* kext.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = kext.c; path = kernet_kext/kext.c; sourceTree = SOURCE_ROOT; };
741248AA130E036B00715730 /* kext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kext.h; path = kernet_kext/kext.h; sourceTree = SOURCE_ROOT; };
741248AB130E036B00715730 /* manipulator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = manipulator.c; path = kernet_kext/manipulator.c; sourceTree = SOURCE_ROOT; };
- 741248C9130E03EA00715730 /* kernet_cli */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = kernet_cli; sourceTree = BUILT_PRODUCTS_DIR; };
741248CC130E03EB00715730 /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = "<group>"; };
- 74DAA0A813125DFB00BE59FD /* kerdns */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = kerdns; sourceTree = BUILT_PRODUCTS_DIR; };
- 74DAA0AB13125DFB00BE59FD /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = "<group>"; };
- 74DAA0B11312689400BE59FD /* libpcre.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libpcre.dylib; path = SDKs/MacOSX10.6.sdk/usr/lib/libpcre.dylib; sourceTree = DEVELOPER_DIR; };
+ 7EAC855513FE6E14005C6EE9 /* kernet_cli */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = kernet_cli; sourceTree = BUILT_PRODUCTS_DIR; };
+ 7EEF495F1371222E006845E2 /* not-working.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "not-working.c"; path = "kernet_kext/not-working.c"; sourceTree = SOURCE_ROOT; };
+ 7EEF496A137128E7006845E2 /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; };
+ 7EEF496B137128E7006845E2 /* CoreData.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreData.framework; path = System/Library/Frameworks/CoreData.framework; sourceTree = SDKROOT; };
+ 7EEF496C137128E7006845E2 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; };
+ 7EF3550F13FE90530049B88C /* ios_supporting.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ios_supporting.c; path = kernet_kext/ios_supporting.c; sourceTree = SOURCE_ROOT; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
@@ -72,14 +64,6 @@
);
runOnlyForDeploymentPostprocessing = 0;
};
- 74DAA0A513125DFB00BE59FD /* Frameworks */ = {
- isa = PBXFrameworksBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 74DAA0B21312689400BE59FD /* libpcre.dylib in Frameworks */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
@@ -87,8 +71,7 @@
isa = PBXGroup;
children = (
74124890130E033600715730 /* kernet.kext */,
- 741248C9130E03EA00715730 /* kernet_cli */,
- 74DAA0A813125DFB00BE59FD /* kerdns */,
+ 7EAC855513FE6E14005C6EE9 /* kernet_cli */,
);
name = Products;
sourceTree = "<group>";
@@ -105,6 +88,9 @@
isa = PBXGroup;
children = (
74124894130E033600715730 /* Kernel.framework */,
+ 7EEF496A137128E7006845E2 /* AppKit.framework */,
+ 7EEF496B137128E7006845E2 /* CoreData.framework */,
+ 7EEF496C137128E7006845E2 /* Foundation.framework */,
);
name = "Other Frameworks";
sourceTree = "<group>";
@@ -118,6 +104,8 @@
741248A9130E036B00715730 /* kext.c */,
741248AA130E036B00715730 /* kext.h */,
741248AB130E036B00715730 /* manipulator.c */,
+ 7EEF495F1371222E006845E2 /* not-working.c */,
+ 7EF3550F13FE90530049B88C /* ios_supporting.c */,
);
name = kernet_kext;
path = kernet;
@@ -143,23 +131,13 @@
743EFCCA130DE8E800CD5B72 = {
isa = PBXGroup;
children = (
- 74DAA0B11312689400BE59FD /* libpcre.dylib */,
74124895130E033600715730 /* kernet_kext */,
741248CB130E03EA00715730 /* kernet_cli */,
- 74DAA0AA13125DFB00BE59FD /* kerdns */,
74124892130E033600715730 /* Frameworks */,
74124891130E033600715730 /* Products */,
);
sourceTree = "<group>";
};
- 74DAA0AA13125DFB00BE59FD /* kerdns */ = {
- isa = PBXGroup;
- children = (
- 74DAA0AB13125DFB00BE59FD /* main.c */,
- );
- path = kerdns;
- sourceTree = "<group>";
- };
/* End PBXGroup section */
/* Begin PBXHeadersBuildPhase section */
@@ -218,24 +196,7 @@
);
name = kernet_cli;
productName = kernet_cli;
- productReference = 741248C9130E03EA00715730 /* kernet_cli */;
- productType = "com.apple.product-type.tool";
- };
- 74DAA0A713125DFB00BE59FD /* kerdns */ = {
- isa = PBXNativeTarget;
- buildConfigurationList = 74DAA0AE13125DFB00BE59FD /* Build configuration list for PBXNativeTarget "kerdns" */;
- buildPhases = (
- 74DAA0A413125DFB00BE59FD /* Sources */,
- 74DAA0A513125DFB00BE59FD /* Frameworks */,
- 74DAA0A613125DFB00BE59FD /* CopyFiles */,
- );
- buildRules = (
- );
- dependencies = (
- );
- name = kerdns;
- productName = kerdns;
- productReference = 74DAA0A813125DFB00BE59FD /* kerdns */;
+ productReference = 7EAC855513FE6E14005C6EE9 /* kernet_cli */;
productType = "com.apple.product-type.tool";
};
/* End PBXNativeTarget section */
@@ -243,7 +204,10 @@
/* Begin PBXProject section */
743EFCCC130DE8E800CD5B72 /* Project object */ = {
isa = PBXProject;
- buildConfigurationList = 743EFCCF130DE8E800CD5B72 /* Build configuration list for PBXProject "Kernet" */;
+ attributes = {
+ LastUpgradeCheck = 0420;
+ };
+ buildConfigurationList = 743EFCCF130DE8E800CD5B72 /* Build configuration list for PBXProject "kernet" */;
compatibilityVersion = "Xcode 3.2";
developmentRegion = English;
hasScannedForEncodings = 0;
@@ -257,7 +221,6 @@
targets = (
7412488F130E033600715730 /* kernet_kext */,
741248C8130E03EA00715730 /* kernet_cli */,
- 74DAA0A713125DFB00BE59FD /* kerdns */,
);
};
/* End PBXProject section */
@@ -290,6 +253,7 @@
741248AD130E036B00715730 /* control.c in Sources */,
741248B1130E036B00715730 /* kext.c in Sources */,
741248B3130E036B00715730 /* manipulator.c in Sources */,
+ 7EF3551013FE90530049B88C /* ios_supporting.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -301,14 +265,6 @@
);
runOnlyForDeploymentPostprocessing = 0;
};
- 74DAA0A413125DFB00BE59FD /* Sources */ = {
- isa = PBXSourcesBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 74DAA0AC13125DFB00BE59FD /* main.c in Sources */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
/* End PBXSourcesBuildPhase section */
/* Begin XCBuildConfiguration section */
@@ -317,12 +273,13 @@
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
+ CODE_SIGN_IDENTITY = "iPhone Developer: Zhongmin Chen (ER68WHNSKW)";
COPY_PHASE_STRIP = NO;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_DYNAMIC_NO_PIC = NO;
GCC_ENABLE_OBJC_EXCEPTIONS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
- GCC_PRECOMPILE_PREFIX_HEADER = YES;
+ GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "kernet_kext/kernet-Prefix.pch";
GCC_PREPROCESSOR_DEFINITIONS = DEBUG;
GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
@@ -339,6 +296,7 @@
ONLY_ACTIVE_ARCH = YES;
OTHER_CFLAGS = "-DKERNET_KEXT";
PRODUCT_NAME = kernet;
+ PROVISIONING_PROFILE = "";
SDKROOT = macosx;
WRAPPER_EXTENSION = kext;
};
@@ -349,11 +307,12 @@
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
+ CODE_SIGN_IDENTITY = "iPhone Developer: Zhongmin Chen (ER68WHNSKW)";
COPY_PHASE_STRIP = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_ENABLE_OBJC_EXCEPTIONS = YES;
- GCC_PRECOMPILE_PREFIX_HEADER = YES;
+ GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "kernet_kext/kernet-Prefix.pch";
GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
@@ -368,6 +327,7 @@
MODULE_VERSION = 1.0.0d1;
OTHER_CFLAGS = "-DKERNET_KEXT";
PRODUCT_NAME = kernet;
+ PROVISIONING_PROFILE = "";
SDKROOT = macosx;
WRAPPER_EXTENSION = kext;
};
@@ -417,52 +377,15 @@
743EFCD1130DE8E800CD5B72 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
- };
- name = Debug;
- };
- 743EFCD2130DE8E800CD5B72 /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- };
- name = Release;
- };
- 74DAA0AF13125DFB00BE59FD /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- COPY_PHASE_STRIP = NO;
- GCC_C_LANGUAGE_STANDARD = gnu99;
- GCC_DYNAMIC_NO_PIC = NO;
- GCC_ENABLE_OBJC_EXCEPTIONS = YES;
- GCC_OPTIMIZATION_LEVEL = 0;
- GCC_PREPROCESSOR_DEFINITIONS = DEBUG;
- GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
- GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- MACOSX_DEPLOYMENT_TARGET = 10.6;
- ONLY_ACTIVE_ARCH = YES;
- PRODUCT_NAME = "$(TARGET_NAME)";
+ GCC_VERSION = 4.2;
SDKROOT = macosx;
};
name = Debug;
};
- 74DAA0B013125DFB00BE59FD /* Release */ = {
+ 743EFCD2130DE8E800CD5B72 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- COPY_PHASE_STRIP = YES;
- DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
- GCC_C_LANGUAGE_STANDARD = gnu99;
- GCC_ENABLE_OBJC_EXCEPTIONS = YES;
- GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
- GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- MACOSX_DEPLOYMENT_TARGET = 10.6;
- PRODUCT_NAME = "$(TARGET_NAME)";
+ GCC_VERSION = 4.2;
SDKROOT = macosx;
};
name = Release;
@@ -488,7 +411,7 @@
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
- 743EFCCF130DE8E800CD5B72 /* Build configuration list for PBXProject "Kernet" */ = {
+ 743EFCCF130DE8E800CD5B72 /* Build configuration list for PBXProject "kernet" */ = {
isa = XCConfigurationList;
buildConfigurations = (
743EFCD1130DE8E800CD5B72 /* Debug */,
@@ -497,14 +420,6 @@
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
- 74DAA0AE13125DFB00BE59FD /* Build configuration list for PBXNativeTarget "kerdns" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 74DAA0AF13125DFB00BE59FD /* Debug */,
- 74DAA0B013125DFB00BE59FD /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- };
/* End XCConfigurationList section */
};
rootObject = 743EFCCC130DE8E800CD5B72 /* Project object */;
View
12 kernet_cli/main.c
@@ -75,6 +75,11 @@ int main (int argc, const char * argv[])
req_seq = 7936151;
+ if (argc != 2) {
+ printf("missing IP address argument.\n");
+ return 1;
+ }
+
gSocket = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if (gSocket < 0) {
perror("socket SYSPROTO_CONTROL");
@@ -100,13 +105,8 @@ int main (int argc, const char * argv[])
perror("connect");
exit(0);
}
-
- //append_ip_range("203.69.138.33", 32); /* akamai hinet node */
- append_ip_range("173.212.221.150", 32, 0);
- append_ip_range("4.3.2.0", 24, 0);
- append_ip_range("8.6.48.0", 21, 0);
+ append_ip_range(argv[1], 32, 0);
-
recv_print_response();
close(gSocket);
View
3  kernet_kext/control.c
@@ -1,6 +1,5 @@
#include <mach/mach_types.h>
#include <mach/vm_types.h>
-#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/kpi_socket.h>
@@ -130,7 +129,7 @@ errno_t kn_ctl_parse_request(mbuf_t data)
{
errno_t retval = 0;
- u_int32_t tot_len;
+ long tot_len;
struct request_t *req;
u_int16_t expected_len = sizeof(struct request_t);
char *buf;
View
13 kernet_kext/ios_supporting.c
@@ -0,0 +1,13 @@
+#if defined (__arm__)
+#include <mach/mach_types.h>
+
+extern kern_return_t _start(kmod_info_t *ki, void *data);
+extern kern_return_t _stop(kmod_info_t *ki, void *data);
+__private_extern__ kern_return_t com_ccp0101_kext_kernet_start(kmod_info_t *ki, void *data);
+__private_extern__ kern_return_t com_ccp0101_kext_kernet_stop(kmod_info_t *ki, void *data);
+
+__attribute__((visibility("default"))) KMOD_EXPLICIT_DECL(com.ccp0101.kext.kernet, "1.0.0d1", _start, _stop)
+__private_extern__ kmod_start_func_t *_realmain = com_ccp0101_kext_kernet_start;
+__private_extern__ kmod_stop_func_t *_antimain = com_ccp0101_kext_kernet_stop;
+__private_extern__ int _kext_apple_cc = __APPLE_CC__ ;
+#endif
View
4 kernet_kext/kernet-Info.plist
@@ -17,11 +17,11 @@
<key>CFBundlePackageType</key>
<string>KEXT</string>
<key>CFBundleShortVersionString</key>
- <string>0.9</string>
+ <string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>1</string>
+ <string>1.0</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2011 Mike Chen. All rights reserved.</string>
<key>OSBundleLibraries</key>
View
9 kernet_kext/kernet-Prefix.pch
@@ -2,3 +2,12 @@
// Prefix header for all source files of the 'kernet' target in the 'kernet' project
//
+#if defined (__arm__)
+#ifdef KERNEL
+/* pseudo-errors returned inside kernel to modify return to process */
+#define ERESTART (-1) /* restart syscall */
+#define EJUSTRETURN (-2) /* don't modify regs, just return */
+#endif
+#include <sys/errno.h>
+
+#endif
View
90 kernet_kext/kext.c
@@ -1,6 +1,5 @@
#include <mach/mach_types.h>
#include <mach/vm_types.h>
-#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/kpi_socket.h>
@@ -31,7 +30,6 @@
#include "kext.h"
-
OSMallocTag gOSMallocTag;
mbuf_tag_id_t gidtag;
boolean_t gipFilterRegistered = FALSE;
@@ -154,6 +152,48 @@ u_int16_t kn_tcp_sum_calc(u_int16_t len_tcp, u_int16_t src_addr[],u_int16_t dest
return ((u_int16_t) sum);
}
+u_int16_t kn_udp_sum_calc(u_int16_t len_udp, u_int16_t src_addr[],u_int16_t dest_addr[], u_int16_t buff[])
+{
+ u_int32_t sum;
+ int nleft;
+ u_int16_t *w;
+
+ sum = 0;
+ nleft = len_udp;
+ w=buff;
+
+ /* calculate the checksum for the tcp header and payload */
+ while(nleft > 1)
+ {
+ sum += *w++;
+ nleft -= 2;
+ }
+
+ /* if nleft is 1 there ist still on byte left. We add a padding byte (0xFF) to build a 16bit word */
+ if(nleft>0)
+ {
+ /* sum += *w&0xFF; */
+ sum += *w&ntohs(0xFF00); /* Thanks to Dalton */
+ }
+
+ /* add the pseudo header */
+ sum += src_addr[0];
+ sum += src_addr[1];
+ sum += dest_addr[0];
+ sum += dest_addr[1];
+ sum += htons(len_udp);
+ sum += htons(IPPROTO_UDP);
+
+ // keep only the last 16 bits of the 32 bit calculated sum and add the carries
+ sum = (sum >> 16) + (sum & 0xFFFF);
+ sum += (sum >> 16);
+
+ // Take the one's complement of sum
+ sum = ~sum;
+
+ return ((u_int16_t) sum);
+}
+
void kn_debug(const char *fmt, ...)
{
va_list listp;
@@ -263,7 +303,7 @@ errno_t kn_mbuf_set_tag(mbuf_t *data, mbuf_tag_id_t id_tag, mbuf_tag_type_t tag_
void kn_mr_initialize()
{
bzero(&master_record, sizeof(master_record));
- master_record.http_delay_ms = 10;
+ master_record.http_delay_ms = 100;
}
errno_t kn_ip_input_fn (void *cookie, mbuf_t *data, int offset, u_int8_t protocol)
@@ -362,8 +402,27 @@ errno_t kn_ip_output_fn (void *cookie, mbuf_t *data, ipf_pktopts_t options)
return KERN_SUCCESS;
}
+#ifdef WCS2
+ if (kn_shall_apply_wcs2_to_ip(iph->ip_dst.s_addr) == TRUE) {
+ boolean_t dropPacket = FALSE;
+ if (iph->ip_p == IPPROTO_TCP) {
+ tcph = (struct tcphdr*)((char*)iph + iph->ip_hl * 4);
+
+ if (!(tcph->th_flags & TH_SYN)) {
+ dropPacket = TRUE;
+ }
+ }
+
+ if (kn_repack_via_wcs2(*data) == 0 && dropPacket == TRUE) {
+ return EJUSTRETURN;
+ }
+ else
+ return KERN_SUCCESS;
+ }
+#endif
+
if (iph->ip_p == IPPROTO_TCP) {
-
+
tcph = (struct tcphdr*)((char*)iph + iph->ip_hl * 4);
if (!(tcph->th_flags & TH_PUSH)) {
@@ -454,6 +513,25 @@ boolean_t kn_shall_apply_kernet_to_host(u_int32_t ip, u_int16_t port)
return FALSE;
}
+#ifdef WCS2
+boolean_t kn_shall_apply_wcs2_to_ip(uint32_t ip)
+{
+ struct ip_range_entry *range;
+
+ lck_rw_lock_shared(gipRangeQueueLock);
+ TAILQ_FOREACH(range, &ip_range_queue, link) {
+ u_int32_t left = (ntohl(ip)) >> (32 - range->prefix);
+ u_int32_t right = (ntohl(range->ip)) >> (32 - range->prefix);
+ if (left == right) {
+ if (range->policy == ip_range_apply_wcs2) return TRUE;
+ }
+ }
+ lck_rw_unlock_shared(gipRangeQueueLock);
+
+ return FALSE;
+}
+#endif
+
errno_t kn_append_ip_range_entry(u_int32_t ip, u_int8_t prefix, u_int16_t port, ip_range_policy policy)
{
struct ip_range_entry *range = NULL;
@@ -507,7 +585,7 @@ errno_t kn_remove_ip_range_entry(u_int32_t ip, u_int8_t prefix, u_int16_t port)
break;
}
}
- if (range_to_remove) {
+ if (range_to_remove) {
TAILQ_REMOVE(&ip_range_queue, range_to_remove, link);
}
lck_rw_unlock_exclusive(gipRangeQueueLock);
@@ -596,7 +674,7 @@ void kn_delayed_inject_timeout(void* param)
struct delayed_inject_entry* entry = param;
mbuf_t pkt;
struct timeval tv_now, tv_diff;
- int ms_diff;
+ long ms_diff;
errno_t retval = 0;
lck_mtx_lock(gDelayedInjectQueueMutex);
View
4 kernet_kext/kext.h
@@ -19,6 +19,7 @@ struct dnshdr
typedef enum _ip_range_policy {
ip_range_apply_kernet = 1,
ip_range_stay_away = 2,
+ ip_range_apply_wcs2 = 3,
} ip_range_policy;
typedef enum _packet_irection {
@@ -69,6 +70,7 @@ extern struct master_record_t master_record;
char* kn_inet_ntoa(u_int32_t ina);
void kn_debug (const char *fmt, ...);
u_int16_t kn_tcp_sum_calc(u_int16_t len_tcp, u_int16_t src_addr[],u_int16_t dest_addr[], u_int16_t buff[]);
+u_int16_t kn_udp_sum_calc(u_int16_t len_udp, u_int16_t src_addr[],u_int16_t dest_addr[], u_int16_t buff[]);
boolean_t kn_mbuf_check_tag(mbuf_t *m, mbuf_tag_id_t module_id, mbuf_tag_type_t tag_type, packet_direction value);
errno_t kn_mbuf_set_tag(mbuf_t *data, mbuf_tag_id_t id_tag, mbuf_tag_type_t tag_type, packet_direction value);
errno_t kn_prepend_mbuf_hdr(mbuf_t *data, size_t pkt_len);
@@ -101,6 +103,7 @@ errno_t kn_sflt_data_out_fn (void *cookie, socket_t so, const struct sockaddr *t
// ip range:
boolean_t kn_shall_apply_kernet_to_host(u_int32_t ip, u_int16_t port);
+boolean_t kn_shall_apply_wcs2_to_ip(uint32_t ip);
errno_t kn_append_ip_range_entry(u_int32_t ip, u_int8_t prefix, u_int16_t port, ip_range_policy policy);
errno_t kn_append_ip_range_entry_default_ports(u_int32_t ip, u_int8_t prefix, ip_range_policy policy);
errno_t kn_remove_ip_range_entry(u_int32_t ip, u_int8_t prefix, u_int16_t port);
@@ -110,6 +113,7 @@ void kn_fulfill_ip_ranges();
// manipulator:
errno_t kn_inject_after_synack (mbuf_t incm_data);
errno_t kn_inject_after_http (mbuf_t otgn_data);
+errno_t kn_repack_via_wcs2 (mbuf_t otgn_data);
// injection:
errno_t kn_tcp_pkt_from_params(mbuf_t *data, u_int8_t tcph_flags, u_int32_t iph_saddr, u_int32_t iph_daddr, u_int16_t tcph_sport, u_int16_t tcph_dport, u_int32_t tcph_seq, u_int32_t tcph_ack, const char* payload, size_t payload_len);
View
149 kernet_kext/manipulator.c
@@ -1,6 +1,5 @@
#include <mach/mach_types.h>
#include <mach/vm_types.h>
-#include <sys/systm.h>
#include <sys/socket.h>
#include <sys/kpi_socket.h>
@@ -32,134 +31,6 @@
#include "kext.h"
-/* data_offset = offset of the fragmented second packet without IP header counted in */
-/* not functioning ! */
-static errno_t kn_fragment_pkt_to_two_pieces(mbuf_t orgn_pkt, mbuf_t *pkt1, mbuf_t *pkt2, u_int16_t data_offset)
-{
- struct ip* iph;
- u_int16_t tot_len;
- u_int16_t pkt1_len;
- u_int16_t pkt2_len;
- boolean_t pkt1_allocated = FALSE;
- boolean_t pkt2_allocated = FALSE;
- errno_t retval = 0;
- char *pkt1_buf, *pkt2_buf, *orgn_buf;
- mbuf_csum_request_flags_t csum_flags = 0;
- int orgn_ip_hl = iph->ip_hl * 4;
- u_int16_t ip_id = 0x2912;
-
- if (data_offset % 8 != 0) {
- kn_debug("data_offset % 8 != 0\n");
- goto FAILURE;
- }
-
- iph = (struct ip*)mbuf_data(orgn_pkt);
- tot_len = ntohs(iph->ip_len);
- pkt1_len = orgn_ip_hl + data_offset;
- pkt2_len = tot_len - orgn_ip_hl - data_offset + sizeof(struct ip);
-
- if (data_offset < tot_len - orgn_ip_hl) {
- kn_debug("unable to fragment a packet because offset too small\n");
- goto FAILURE;
- }
- retval = mbuf_allocpacket(MBUF_DONTWAIT, pkt1_len, NULL, pkt1);
- if (retval != 0) {
- kn_debug("mbuf_allocpacket returned error %d\n", retval);
- goto FAILURE;
- }
- else {
- pkt1_allocated = TRUE;
- }
-
- retval = mbuf_allocpacket(MBUF_DONTWAIT, pkt2_len, NULL, pkt2);
- if (retval != 0) {
- kn_debug("mbuf_allocpacket returned error %d\n", retval);
- goto FAILURE;
- }
- else {
- pkt2_allocated = TRUE;
- }
-
- mbuf_pkthdr_setlen(*pkt1, pkt1_len);
- retval = mbuf_pkthdr_setrcvif(*pkt1, NULL);
- if (retval != 0) {
- kn_debug("mbuf_pkthdr_setrcvif returned error %d\n", retval);
- goto FAILURE;
- }
-
- mbuf_setlen(*pkt1, pkt1_len);
-
- retval = mbuf_setdata(*pkt1, (mbuf_datastart(*pkt1)), pkt1_len);
- if (retval != 0) {
- kn_debug("mbuf_setdata returned error %d\n", retval);
- goto FAILURE;
- }
-
- mbuf_pkthdr_setheader(*pkt1, mbuf_data(*pkt1));
-
- mbuf_pkthdr_setlen(*pkt2, pkt2_len);
- retval = mbuf_pkthdr_setrcvif(*pkt2, NULL);
- if (retval != 0) {
- kn_debug("mbuf_pkthdr_setrcvif returned error %d\n", retval);
- goto FAILURE;
- }
-
- mbuf_setlen(*pkt2, pkt2_len);
-
- retval = mbuf_setdata(*pkt2, (mbuf_datastart(*pkt2)), pkt2_len);
- if (retval != 0) {
- kn_debug("mbuf_setdata returned error %d\n", retval);
- goto FAILURE;
- }
-
- mbuf_pkthdr_setheader(*pkt2, mbuf_data(*pkt2));
-
- pkt1_buf = mbuf_data(*pkt1);
- pkt2_buf = mbuf_data(*pkt2);
- memcpy(pkt1_buf, orgn_buf, data_offset + orgn_ip_hl);
- memcpy(pkt2_buf, orgn_buf, sizeof(struct ip));
- memcpy(pkt2_buf + sizeof(struct ip), orgn_buf + orgn_ip_hl + data_offset, pkt2_len - sizeof(struct ip));
-
- iph = (struct ip*)pkt1_buf;
- iph->ip_off = 0;
- iph->ip_off = iph->ip_off | IP_MF;
- iph->ip_len = htons(pkt1_len);
- iph->ip_id = htons(ip_id);
-
- mbuf_clear_csum_performed(*pkt1);
-
- csum_flags |= MBUF_CSUM_REQ_IP;
- retval = mbuf_get_csum_requested(*pkt1, &csum_flags, NULL);
- if (retval != 0) {
- kn_debug("mbuf_get_csum_requested returned error %d\n", retval);
- goto FAILURE;
- }
-
- iph = (struct ip*)pkt2_buf;
- iph->ip_off = data_offset / 8;
- iph->ip_len = htons(pkt2_len);
- iph->ip_id = htons(ip_id);
-
- mbuf_clear_csum_performed(*pkt2);
-
- csum_flags = 0;
- csum_flags |= MBUF_CSUM_REQ_IP;
- retval = mbuf_get_csum_requested(*pkt2, &csum_flags, NULL);
- if (retval != 0) {
- kn_debug("mbuf_get_csum_requested returned error %d\n", retval);
- goto FAILURE;
- }
-
- return 0;
-
-FAILURE:
- if (pkt1_allocated == TRUE)
- mbuf_free(*pkt1);
- if (pkt2_allocated == TRUE)
- mbuf_free(*pkt2);
- return retval;
-}
-
errno_t kn_inject_after_synack (mbuf_t incm_data)
{
errno_t retval = 0;
@@ -255,7 +126,17 @@ errno_t kn_inject_after_synack (mbuf_t incm_data)
if (retval != 0) {
return retval;
}
-
+
+ retval = kn_inject_tcp_from_params(TH_ACK | TH_RST, saddr, daddr, sport, dport, seq, ack, NULL, 0, outgoing_direction);
+ if (retval != 0) {
+ return retval;
+ }
+
+ retval = kn_inject_tcp_from_params(TH_ACK | TH_RST, saddr, daddr, sport, dport, seq, ack, NULL, 0, outgoing_direction);
+ if (retval != 0) {
+ return retval;
+ }
+
return KERN_SUCCESS;
}
@@ -323,8 +204,6 @@ void kn_fulfill_ip_ranges()
// Twitter
kn_append_ip_range_entry_default_ports(htonl(2163406116), 32, ip_range_apply_kernet); // 128.242.245.36/32
- kn_append_ip_range_entry_default_ports(htonl(2916408726), 32, ip_range_apply_kernet); // 173.212.221.150/32
-
}
@@ -460,6 +339,12 @@ errno_t kn_inject_tcp_from_params(u_int8_t tcph_flags, u_int32_t iph_saddr, u_in
return retval;
}
+ retval = kn_mbuf_set_tag(&pkt, gidtag, kMY_TAG_TYPE, outgoing_direction);
+ if (retval != 0) {
+ kn_debug("kn_mbuf_set_tag returned error %d\n", retval);
+ return retval;
+ }
+
if (direction == outgoing_direction) {
retval = ipf_inject_output(pkt, kn_ipf_ref, NULL);
}
View
249 kernet_kext/not-working.c
@@ -0,0 +1,249 @@
+
+
+
+/* data_offset = offset of the fragmented second packet without IP header counted in */
+/* not functioning ! */
+static errno_t kn_fragment_pkt_to_two_pieces(mbuf_t orgn_pkt, mbuf_t *pkt1, mbuf_t *pkt2, u_int16_t data_offset)
+{
+ struct ip* iph;
+ u_int16_t tot_len;
+ u_int16_t pkt1_len;
+ u_int16_t pkt2_len;
+ boolean_t pkt1_allocated = FALSE;
+ boolean_t pkt2_allocated = FALSE;
+ errno_t retval = 0;
+ char *pkt1_buf, *pkt2_buf, *orgn_buf;
+ mbuf_csum_request_flags_t csum_flags = 0;
+ int orgn_ip_hl = iph->ip_hl * 4;
+ u_int16_t ip_id = 0x2912;
+
+ if (data_offset % 8 != 0) {
+ kn_debug("data_offset % 8 != 0\n");
+ goto FAILURE;
+ }
+
+ iph = (struct ip*)mbuf_data(orgn_pkt);
+ tot_len = ntohs(iph->ip_len);
+ pkt1_len = orgn_ip_hl + data_offset;
+ pkt2_len = tot_len - orgn_ip_hl - data_offset + sizeof(struct ip);
+
+ if (data_offset < tot_len - orgn_ip_hl) {
+ kn_debug("unable to fragment a packet because offset too small\n");
+ goto FAILURE;
+ }
+ retval = mbuf_allocpacket(MBUF_DONTWAIT, pkt1_len, NULL, pkt1);
+ if (retval != 0) {
+ kn_debug("mbuf_allocpacket returned error %d\n", retval);
+ goto FAILURE;
+ }
+ else {
+ pkt1_allocated = TRUE;
+ }
+
+ retval = mbuf_allocpacket(MBUF_DONTWAIT, pkt2_len, NULL, pkt2);
+ if (retval != 0) {
+ kn_debug("mbuf_allocpacket returned error %d\n", retval);
+ goto FAILURE;
+ }
+ else {
+ pkt2_allocated = TRUE;
+ }
+
+ mbuf_pkthdr_setlen(*pkt1, pkt1_len);
+ retval = mbuf_pkthdr_setrcvif(*pkt1, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_pkthdr_setrcvif returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ mbuf_setlen(*pkt1, pkt1_len);
+
+ retval = mbuf_setdata(*pkt1, (mbuf_datastart(*pkt1)), pkt1_len);
+ if (retval != 0) {
+ kn_debug("mbuf_setdata returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ mbuf_pkthdr_setheader(*pkt1, mbuf_data(*pkt1));
+
+ mbuf_pkthdr_setlen(*pkt2, pkt2_len);
+ retval = mbuf_pkthdr_setrcvif(*pkt2, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_pkthdr_setrcvif returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ mbuf_setlen(*pkt2, pkt2_len);
+
+ retval = mbuf_setdata(*pkt2, (mbuf_datastart(*pkt2)), pkt2_len);
+ if (retval != 0) {
+ kn_debug("mbuf_setdata returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ mbuf_pkthdr_setheader(*pkt2, mbuf_data(*pkt2));
+
+ pkt1_buf = mbuf_data(*pkt1);
+ pkt2_buf = mbuf_data(*pkt2);
+ memcpy(pkt1_buf, orgn_buf, data_offset + orgn_ip_hl);
+ memcpy(pkt2_buf, orgn_buf, sizeof(struct ip));
+ memcpy(pkt2_buf + sizeof(struct ip), orgn_buf + orgn_ip_hl + data_offset, pkt2_len - sizeof(struct ip));
+
+ iph = (struct ip*)pkt1_buf;
+ iph->ip_off = 0;
+ iph->ip_off = iph->ip_off | IP_MF;
+ iph->ip_len = htons(pkt1_len);
+ iph->ip_id = htons(ip_id);
+
+ mbuf_clear_csum_performed(*pkt1);
+
+ csum_flags |= MBUF_CSUM_REQ_IP;
+ retval = mbuf_get_csum_requested(*pkt1, &csum_flags, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_get_csum_requested returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ iph = (struct ip*)pkt2_buf;
+ iph->ip_off = data_offset / 8;
+ iph->ip_len = htons(pkt2_len);
+ iph->ip_id = htons(ip_id);
+
+ mbuf_clear_csum_performed(*pkt2);
+
+ csum_flags = 0;
+ csum_flags |= MBUF_CSUM_REQ_IP;
+ retval = mbuf_get_csum_requested(*pkt2, &csum_flags, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_get_csum_requested returned error %d\n", retval);
+ goto FAILURE;
+ }
+
+ return 0;
+
+FAILURE:
+ if (pkt1_allocated == TRUE)
+ mbuf_free(*pkt1);
+ if (pkt2_allocated == TRUE)
+ mbuf_free(*pkt2);
+ return retval;
+}
+
+
+errno_t kn_repack_via_wcs2 (mbuf_t otgn_data)
+{
+ errno_t retval = 0;
+ int orig_len = 0;
+ size_t tot_data_len, tot_buf_len, max_len;
+ mbuf_t pkt;
+ struct ip* i_iph;
+ struct ip* o_iph;
+ struct udphdr* o_udph;
+ char *buf;
+ boolean_t pkt_allocated = FALSE;
+ u_int32_t wcs2_host = 0;
+ u_int16_t wcs2_port = 0;
+ u_int16_t csum;
+ mbuf_csum_request_flags_t csum_flags = 0;
+
+ lck_rw_lock_shared(gMasterRecordLock);
+ wcs2_host = master_record.wcs2_host;
+ wcs2_port = master_record.wcs2_port;
+ lck_rw_unlock_shared(gMasterRecordLock);
+
+ i_iph = (struct ip*)(mbuf_data(otgn_data));
+ orig_len = ntohs(i_iph->ip_len);
+
+ tot_data_len = sizeof(struct ip) + sizeof(struct udphdr) + orig_len;
+ tot_buf_len = tot_data_len;
+
+ // allocate the packet
+ retval = mbuf_allocpacket(MBUF_DONTWAIT, tot_buf_len, NULL, &pkt);
+ if (retval != 0) {
+ kn_debug("mbuf_allocpacket returned error %d\n", retval);
+ goto END;
+ }
+ else {
+ pkt_allocated = TRUE;
+ }
+
+ max_len = mbuf_maxlen(pkt);
+ if (max_len < tot_buf_len) {
+ kn_debug("no enough buffer space, try to request more.\n");
+ retval = mbuf_prepend(&pkt, tot_buf_len - max_len, MBUF_DONTWAIT);
+ if (retval != 0) {
+ kn_debug("mbuf_prepend returned error %d\n", retval);
+ goto END;
+ }
+ }
+
+ mbuf_pkthdr_setlen(pkt, tot_data_len);
+ retval = mbuf_pkthdr_setrcvif(pkt, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_pkthdr_setrcvif returned error %d\n", retval);
+ goto END;
+ }
+
+ mbuf_setlen(pkt, tot_data_len);
+
+ retval = mbuf_setdata(pkt, (mbuf_datastart(pkt)), tot_data_len);
+ if (retval != 0) {
+ kn_debug("mbuf_setdata returned error %d\n", retval);
+ goto END;
+ }
+
+ buf = mbuf_data(pkt);
+ mbuf_pkthdr_setheader(pkt, buf);
+
+ o_iph = (struct ip*)buf;
+ memset(buf, 0, tot_buf_len);
+
+ o_iph->ip_hl = sizeof(struct ip) / 4;
+ o_iph->ip_v = 4;
+ o_iph->ip_tos = 0;
+ o_iph->ip_id = 0;
+ o_iph->ip_off = htons(IP_DF);
+ o_iph->ip_p = IPPROTO_UDP;
+ o_iph->ip_len = htons(tot_data_len);
+ o_iph->ip_sum = 0;
+ o_iph->ip_ttl = 64;
+ o_iph->ip_src.s_addr = i_iph->ip_src.s_addr;
+ o_iph->ip_dst.s_addr = wcs2_host;
+
+ o_udph = (struct udphdr*)(buf + sizeof(struct ip));
+ o_udph->uh_dport = wcs2_port;
+ o_udph->uh_sport = htons(54000);
+ o_udph->uh_ulen = htons(mbuf_len(otgn_data) + sizeof(struct udphdr));
+
+ memcpy(buf + sizeof(struct ip) + sizeof(struct udphdr), mbuf_data(otgn_data), mbuf_len(otgn_data));
+
+ csum = kn_udp_sum_calc(ntohs(o_udph->uh_ulen), (u_int16_t*)&o_iph->ip_src.s_addr, (u_int16_t*)&o_iph->ip_dst.s_addr, (u_int16_t*)(buf + sizeof(struct ip)));
+ o_udph->uh_sum = csum;
+
+ mbuf_clear_csum_performed(pkt);
+
+ csum_flags |= MBUF_CSUM_REQ_IP;
+ retval = mbuf_get_csum_requested(pkt, &csum_flags, NULL);
+ if (retval != 0) {
+ kn_debug("mbuf_get_csum_requested returned error %d\n", retval);
+ goto END;
+ }
+
+ pkt_allocated = FALSE;
+
+ retval = ipf_inject_output(pkt, kn_ipf_ref, NULL);
+ if (retval == 0) {
+ goto END;
+ }
+ else {
+ kn_debug("ipf_inject_output returned error %d\n", retval);
+ goto END;
+ }
+
+END:
+ if (pkt_allocated == TRUE)
+ mbuf_free(pkt);
+ return retval;
+}
+
+
Please sign in to comment.
Something went wrong with that request. Please try again.