阻止应用程序通过Cocoa API(LittleSnitch API)访问网络? [英] Block Application access to network via a Cocoa API (LittleSnitch APIs)?

问题描述

我正在使用OS X 10.5，并且正在寻找一种方法来检测应用程序是否尝试访问Internet.此时，如果它与我将定义的一组规则匹配，我想阻止该应用程序.

I am using OS X 10.5 and I am looking for a way to detect if an application attempts to access the Internet. At this point I would like to block the application if it matches a set of rules that I will define.

我意识到有一个 ipfw Unix命令可以用来阻止对某些端口的访问，但这会影响所有应用程序.我阅读了手册页，但没有找到使用ipfw阻止访问的方法，但只能将其限制为特定应用程序.

There is the ipfw Unix command that I realise can be used to block access to certain ports, but that affects ALL applications. I read the man pages and didn't see a way to use ipfw to block access but limit it to a specific application.

我的主要问题在于检测哪个应用程序试图获得对网络的外部访问.以编程方式必须有一种方法，无论是通过使用某些Mac OS X API还是使用Unix命令，该如何完成?

My main problem lies in detecting which application that is trying to gain outside access to the network. Programmatically there must be a way to do this, whether is it by using some Mac OS X API or Unix command how can this be accomplished?

更新: 本质上，我想做Little Snitch要做的事情，但是我想从头开始写它，因为我不喜欢Little Snitch.我只需要知道哪些API可以让我完成应用程序网络沙箱操作，Little Snitch究竟是如何做到的?

Update: Essentially I want to do what Little Snitch does, but i want to write it from scratch myself because I don't like Little Snitch. I just need to know what API's can let me accomplish the application network sandboxing and how exactly does Little Snitch do this?

推荐答案

我意识到这已经晚了一年，但我一直在寻找类似的东西，并发现了我认为的答案.希望这可以帮助其他人.

I realize this is a year late, but I was digging for something similar and came across what I think is the answer. Hopefully this could help someone else down the line.

Little Snitch似乎使用了网络内核扩展过滤进入系统的流量.我通过发现它在盒子上安装了内核扩展来对此进行了验证:

Little Snitch appears to use Network Kernel Extensions to filter traffic coming into the system. I've validated this by discovering it installs a kernel extension on the box:

[~] kextstat
...
55 0 0x687000 0x2b000 0x2a000 at.obdev.nke.LittleSnitch (2.0.46) <7 6 5 4 2>
...

如果您以编程方式希望阻止对另一个应用程序的网络访问，那么这似乎是最好的选择.但是，如果您只想监视其他应用程序的网络使用情况，则可以使用其他选项，例如libpcap.

If you programmatically wish to prevent network access to another application, this seems to be your best bet. If you simply want to monitor network usage by other apps, however, you have other options, like libpcap.

这篇关于阻止应用程序通过Cocoa API(LittleSnitch API)访问网络?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！