Difference between revisions of "Pf"

From iPhone Development Wiki
Jump to: navigation, search
(This exists now)
 
(No difference)

Latest revision as of 12:32, 16 June 2020

pf, PF, or PacketFilter, is a very thoroughly documented, very mature packet filter. The Wikipedia page below is a great place to start, and there's no point in copy-pasting existing text here.

https://en.wikipedia.org/wiki/PF_(firewall)#:~:text=PF%20(Packet%20Filter%2C%20also%20written,to%20many%20other%20operating%20systems.

pf is available on all darwin variants and is used across the system for tasks requiring packet manipulation, redirection, etc.

Purpose

Examples of usage in iOS include Airdrop, Tethering, and the system VPN.

pfctl

The command-line utility 'pfctl' is also included with iOS, located in /sbin/.

PacketFilter.framework

The closest thing pf provides to a public API is PacketFilter.framework. PacketFilter.framework is written in C, not Obj-C, and has no public Headers. However, opening it in your disassembler of choice will make it very easy to understand.

Jonathan Levin's *OS Internals, Volume 1 Chapter 16 contains the best research to date on any of these components:

http://newosxbook.com/bonus/vol1ch16.html

Although much research still needs to be done, the contents of this chapter are invaluable for anyone interested in low level, non-destructive packet filtering.