Can a user application on macOS receive raw ethernet packets? I have a piece of hardware that uses it's own custom ethernet protocol and has it's own ether type defined. Is there anyway I can create a user application that sends / receives these packets? Mac OS does not support AF_PACKET. I believe Berkeley Packet Filter requires root access. Are there any other options?
Install libpcap library - https://formulae.brew.sh/formula/libpcap
Then you could sniff and/or inject arbitrary packets.
Can a user application on macOS receive raw ethernet packets?
Yes. See, for example, /usr/sbin/tcpdump.
I believe Berkeley Packet Filter requires root access.
Yes, by default; that's what the "launch daemon that adjusts capture permissions at system startup" provided by Wireshark does (it's based on stuff from the libpcap source distribution) - it makes the BPF devices readable and writable by a group, so if your code runs with that group as one of the groups in its group set, it can read (capture) and write (transmit) on BPF devices.
Are there any other options?
PF_NDRV sockets might work. See, for example, this chapter from a macOS/iOS/etc. internal book and this StackOverflow answer.
Install libpcap library
Note that libpcap ships as part of macOS, and the headers ship as part of the macOS SDK, so that, on macOS, you can build programs that use it without installing anything other than Xcode (or the Xcode Command Line Tools), just as you can, on Linux, build programs that use libpcap without installing anything other than a compiler and your distribution's libpcap "developer package", and you can, on *BSD, build it without having installed anything other than whatever the installer says you need for developing software (it might even install the compiler/linker and the appropriate headers by default).
Related
I have a custom i.MX6Q-based board with working U-Boot and Linux (Ubuntu) setups. The micro and board have support for USB-OTG and one serial port; currently, the serial port serves the console for both U-Boot and Linux. However, we may need to use the serial port for another purpose, but we don't want to lose the console for U-Boot and Linux. Is it possible to use the USB-OTG port for the system console for both U-Boot and Linux?
I've done some research and found a couple of promising articles here and here, though the second article says this tidbit:
Unfortunately it won't work as system console as the gadget driver is loaded as a module, but we can use it for serial console.
I'm not sure I understand this, but it sounds like the method won't meet my needs, which is to use USB-OTG for both U-Boot and Linux system consoles. I did try these methods, but without luck, which may mean that U-Boot and Linux aren't built properly for the desired functionality.
So here are my questions:
Can this work for U-Boot?
Can this work for Linux?
Am I insane for contemplating this path?
For either, any guidance (e.g. tutorials, examples, etc.) would be greatly appreciated.
Thanks!
Can this work for U-Boot?
Yes, at least since U-Boot version 2008.10, the README file has stated:
Define the below if you wish to use the USB console.
CONFIG_USB_DEVICE
Define this to build a UDC device
CONFIG_USB_TTY
Define this to have a tty type of device available to
talk to the UDC device
CFG_CONSOLE_IS_IN_ENV
Define this if you want stdin, stdout &/or stderr to
be set to usbtty.
Note that these configuration symbols are not accessible using the menuconfig, and must be enabled in a configuration file.
Currently at least five boards use this U-Boot capability, based on the occurrence of CONFIG_USB_TTY in files in include/configs/, for example include/configs/ti_omap4_common.h.
This USB configuration requires non-default definitions for the stdin and stdout environment variables. Refer to the README documentation for the details.
Can this work for Linux?
Yes, Linux (at least since version 4.5) can have a serial console on a USB connection, either a USB-to-serial adapter on a host port or a USB serial gadget on a device port (using CDC/ACM).
For instance, in drivers/usb/gadget/Kconfig there's the selection:
config U_SERIAL_CONSOLE
bool "Serial gadget console support"
depends on USB_G_SERIAL
help
It supports the serial gadget can be used as a console.
In the Linux 5.7.8 kernel only two boards have default configurations that use this capability, for example see arch/arm/configs/aspeed_g4_defconfig.
Besides a proper configuration to build the necessary drivers, a serial-gadget console requires (1) the kernel parameter specification (e.g. console=ttyGS0,...), and (2) a login session initiated by a getty command (e.g. in the inittab file).
Am I insane for contemplating this path?
No comment.
Beware that should you encounter a kernel boot issue, the Linux serial-gadget console does not support earlycon nor earlyprintk capability.
Personally I prefer to use a serial link that is persistent regardless of the target board's state. That ensures the terminal emulator program does not complain about lost connections.
Addendum
Unfortunately this Linux console on a USB serial gadget does not display boot messages generated by the kernel (before the login prompt), even if all drivers are statically linked in to the kernel image.
Although the syslog has messages like
console [ttyGS0] enabled
g_serial gadget: g_serial ready
...
gs_open: ttyGS0 ((ptrval),(ptrval))
before the salient Freeing unused kernel memory message, the host side does not receive any console messages until userspace is active.
This shortcoming is also reported in this guide: https://linux-sunxi.org/USB_Gadget/Serial
Does anyone know if there is a Windows equivalent for the RDMA Communication Manager found on Linux (http://linux.die.net/man/7/rdma_cm -- librdmacm), and also ib verbs (libibverbs)?
Both these libraries are available when installing drivers for Infiniband Hardware on Linux distributions.....but what about Windows?
I've read about Windows Network Direct, but since i'm already familiar with the above mentioned Linux libs, I would like to use (if possible) their equivalents on Windows.
I have established data transfer (RDMA writes) between Linux nodes, but now I have to RDMA data from a Windows node to a Linux node, but at the moment I'm not sure which route to follow....
How do I determine whether Windows Network Direct will be compatible with IB verbs/RDMA CM?
I was under the impression that the verbs spec would be implemented on both platforms...!
Kind regards
librdmacm and libibverbs should be provided by your OpenFabrics Enterprise Distribution (OFED). There's an open source OFED for Windows provided by OFA: https://www.openfabrics.org/index.php/-download-windows-installer-.html.
I want to monitor packets on specific ports in Mac OS X. Being able to read their contents and sometimes changing their contents (if possible). I was wondering if it's possible by writing a KEXT or can I do this in an application and showing results instantly. I would appreciate any information on libraries and approaches I can use to achieve this.
"Monitor packets" in what sense?
If you mean "watch what packets to or from specific TCP or UDP ports are sent" or "what packets are sent or received on particular network interfaces", you would use the pcap library, just as on other UN*Xes. libpcap/WinPcap is the library that Wireshark - and tcpdump - use; on OS X, the underlying kernel mechanism it uses is BPF (the Berkeley Packet Filter), which is built into XNU (it is open-source - see the bsd/net/bpf.c and bsd/net/bpf_filter.c files, and the header files they include, in the XNU source) and doesn't require a kext. (Wireshark does not have its own kext; it uses libpcap/WinPcap so that it can work on Linux and OS X and *BSD and Solaris and HP-UX and AIX and Tru64 UNIX and IRIX and so on, as well as on Windows if WinPcap is installed, so, on OS X and *BSD, it ultimately uses BPF.)
Libpcap/WinPcap doesn't, except on Linux, allow you to capture on all interfaces with one "handle"; you would have to use pcap_findalldevs() to find all the currently-available interfaces, and then open separate handles for each of them. If by "ports" you mean "network ports", so that one "port" is your Ethernet port and another is your Wi-Fi adapter, you'd have to individually open all the "ports" on which you want to capture.
If by "ports" you mean TCP or UDP ports, and you only want to watch traffic to or from particular ports, you'd have to specify a "filter" expression, translate it to "BPF code" with pcap_compile(), and then make it the filter for a particular libpcap/WinPcap handle with pcap_setfilter().
If you want to use a Cocoa wrapper for pcap, a Google search I did a while ago found packetsniffer and CapKit; I have not used either of those, so I can't recommend one or the other.
Have you seen Apple's overview documentation on Network Kernel Extensions? That should get you started.
The downloadable source code for this book also contains a few packet filtering example NKEs at various levels of the network stack. (The book of course also explains this stuff in some detail in chapter 13)
You also may be able to re-use an existing open source kext for pure monitoring: The Wireshark application already does this, and you should be able to hook into its kext. For actually modifying the packet stream, you will probably have to do that purely in the kernel.
Because OS X and iOS are Unix and Objective-C is C, the answer is, "the same way you do it on Unix in C" - Cocoa is high-level and what you want to do is low level. I can't find the question on SO but someone suggested looking at the source for MenuMeters as an example of network monitoring.
I have written a application in Qt and what is the best way to communicate with a custom USB device (does not belong to any class - need to write custom drivers for it) under Windows. In Linux I could just share the data with user space from the /dev or /sys filesystems. What are the equivalent alternative in Windows ?
There are a couple of user-space USB libraries for Windows. While Microsoft do provide WinUSB directly, I'd recommend using either libusbx or libusb and installing the driver for your device with zadig.
Using libusbx rather than the Microsoft driver directly has the advantage of being easier to port to other operating systems, which might be a consideration for you as you are using Qt.
I'm trying to compile a C program that uses libpcap in statistical mode on OSX. The original code was written for Windows, using the winpcap library. The version of libpcap on my Mac has never heard of the pcap_setmode function that it uses - I've got a nasty feeling that it might be Windows-specific.
Is there any way to capture in stats-mode on OSX? If not, is there something about the architecture/capabilities of the OS that prevents this, or is this an extra feature added to WinPcap which has never been a feature of the main library?
pcap_setmode() only has a definition in the Win32 port, because the WinPcap driver for Windows is the only packet capture mechanism that supports statistical mode; BPF in Mac OS X and *BSD and AIX and Solaris 11 don't support it, PF_PACKET sockets in Linux don't support it, DLPI in Solaris and HP-UX don't support it, etc..
UN*Xes generally come with a mechanism that supports capturing packets, so libpcap can just use that, without adding its own kernel-mode code; this means it can't control what facilities those capture mechanisms have - if a capture mechanism doesn't have it, libpcap can't add it. Windows doesn't come with such a mechanism; it does come with NDIS, which can support such a mechanism, so WinPcap comes with a kernel-mode driver that uses NDIS to implement such a mechanism, and thus has some more control over what features it offers.
pcap_setmode() only has a definition in the Win32 port (for unknown reasons to me).