问题
I want to provide a user space function that obtains TCP connection stats by implementing a kernel extension. From examining the TCP source, I see the tcpcp struct holds such stats. How can I, given a socket handle from user space, obtain the associated tcpcb struct via a kernel extension and return the stats to user space?
回答1:
Direct answer to the question: I believe you can't get at this information from a kext without using some private headers to get the memory layout of the structs involved. This will break if/when Apple changes the layout of those structs.
However, it looks like you don't really care about the kext aspect and are happy to get the information from userspace, so have you investigated the TCPCTL_PCBLIST sysctl? This gives you the CBs for the TCP connections in the system, and the xtcpcb64 struct does contain the fields you're after. This mechanism might not be granular enough for your purposes though.
来源:https://stackoverflow.com/questions/31268658/mac-os-x-how-is-the-tcpcb-struct-of-a-tcp-connection-obtained-by-a-kernel-exten