我试图挂钩iOS套接字连接方法,以获取本地主机和远程服务器之间连接端口的信息。
但是,从套接字struct sockaddr,sa_family始终是AF_SYSTEM(内核事件消息)。
引擎盖代码:
int (*origin_connect)(int socket, const struct sockaddr *address, socklen_t address_len);
int replaced_connect(int socket, const struct sockaddr *address, socklen_t address_len) {
int r = origin_connect(socket, address, address_len);
sa_family_t f = address->sa_family;
NSLog(@"CONNECT FAMILY %d", f);
if (f == AF_INET) {
struct sockaddr_in *addr = (struct sockaddr_in *)address;
NSString *remote_ip = [[NSString alloc]initWithCString:inet_ntoa(addr->sin_addr) encoding:NSUTF8StringEncoding];
uint16_t remote_port = ntohs(addr -> sin_port);
NSLog(@"The CONNECT ip = %@ port = %u", remote_ip, remote_port);
struct sockaddr local_address;
socklen_t addr_size = sizeof(local_address);
getsockname(socket, &local_address, &addr_size);
struct sockaddr_in *laddr = (struct sockaddr_in*)&local_address;
NSString *local_ip = [[NSString alloc]initWithCString:inet_ntoa(laddr->sin_addr) encoding:NSUTF8StringEncoding];
uint16_t local_port = ntohs(laddr->sin_port);
NSLog(@"The CONNECT Local ip = %@ port = %u", local_ip, local_port);
} else if (f == AF_SYSTEM) {
NSLog(@"hello there :(");
struct sockaddr_ctl * ctl = (struct sockaddr_ctl *)address;
}
return r;
}
我是否勾选了错误的方法,还是有其他方法来获取连接的端口信息?
答案 0 :(得分:0)
你正在获取AF_SYSTEM,因为当应用程序启动时,它们也会调用系统套接字。如果你允许你的钩子忽略它,下一个调用应该拦截TCP / IP套接字。
顺便说一下,有更好的方法可以做到这一点。您可以使用com.apple.network.statistics从外部获取已连接套接字甚至通知的信息。如何执行此操作的完整示例位于http://newosxbook.com/src.jl?tree=listings&file=lsock.c