Hello Folks, I'm trying to do a app which should redirect certain IP traffic, encrypt it and send it over another connection. Its mostly UDP traffic but might have a TCP component to it. My current design idea is based on a kernel extension which redirects all outgoing traffic to that specific UDP port and sends it to a specialised socket to which a userspace app is attached. That userspace app then would take care of the encryption and send the packets forward and decrypted responses and inject it back to the IP stack as if an unencrypted response would be received. This would make sure all apps could benefit from the encryption without modification.
My question to you is if this is the only feasible way to do this? Are there any built in mechanisms which could be used instead? like from the firewall space etc. And which structures in the kernel would have to be modified. I want to keep the code in the kernel to an absolute minimum. Also captive networks, NAT and the like would have to be considered as all specified packets to the public internet would have to be intercepted including ones from others behind the NAT and in case of captive networks, it might be necessary to pass certain packets unmodified so the signup to a captive network would work. In this respect it would be especially interesting to know how Apple does detect a captive network so we don't interfere with that detection and how we can find out at what time the "captive" aspect has been resolved. Thanks for your hints... Andreas
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to [email protected]
