Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of SEESENT in bsdbpf BPF sniffer #1053

Open
Doridian opened this issue Aug 28, 2022 · 0 comments · May be fixed by #1091
Open

Allow configuration of SEESENT in bsdbpf BPF sniffer #1053

Doridian opened this issue Aug 28, 2022 · 0 comments · May be fixed by #1091

Comments

@Doridian
Copy link

Doridian commented Aug 28, 2022
edited
Loading

Right now, there is no way to set the SEESENT parameter of the BPF packet capturing system in bsdbpf.

Since I use the system for creating a VPN interface (best way to create a TAP-type VPN on macOS known so far afaik), I have no interest in the sent packets at all. In fact, I explicitly do not want to handle them.

BPF does offer the SEESENT ioctl for this. Sadly, while the BPF sniffer allows configuring almost all other options I need, this one is not supported.

Right now, the way I work around this problem is with some quite hacky reflection, like (for full context refer to: https://github.com/Doridian/water/blob/main/syscalls_darwin.go#L237-L262 ):

bpfCapture, err := bsdbpf.NewBPFSniffer(.....)

[...]

bpfFd := getPrivateField(bpfCapture, "fd").(int)
var enable int = 0
_, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(bpfFd), uintptr(syscall.BIOCSSEESENT), uintptr(unsafe.Pointer(&enable)))
if errno != 0 {
	bpfCapture.Close()
	closer.Close()
	return nil, fmt.Errorf("bpf ioctl error = %d", errno)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@Doridian