Pf

From iPhone Development Wiki
Revision as of 12:32, 16 June 2020 by Cynder (talk | contribs) (This exists now)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

pf, PF, or PacketFilter, is a very thoroughly documented, very mature packet filter. The Wikipedia page below is a great place to start, and there's no point in copy-pasting existing text here.

https://en.wikipedia.org/wiki/PF_(firewall)#:~:text=PF%20(Packet%20Filter%2C%20also%20written,to%20many%20other%20operating%20systems.

pf is available on all darwin variants and is used across the system for tasks requiring packet manipulation, redirection, etc.

Purpose

Examples of usage in iOS include Airdrop, Tethering, and the system VPN.

pfctl

The command-line utility 'pfctl' is also included with iOS, located in /sbin/.

PacketFilter.framework

The closest thing pf provides to a public API is PacketFilter.framework. PacketFilter.framework is written in C, not Obj-C, and has no public Headers. However, opening it in your disassembler of choice will make it very easy to understand.

Jonathan Levin's *OS Internals, Volume 1 Chapter 16 contains the best research to date on any of these components:

http://newosxbook.com/bonus/vol1ch16.html

Although much research still needs to be done, the contents of this chapter are invaluable for anyone interested in low level, non-destructive packet filtering.