Are there any APIs for Mac (or darwin notifications) that can detect whenever routes are added, deleted, or modified ?
Detecting route modification on Mac
Added, deleted, or modified how? That is, what mechanisms are making the changes you’re trying to detect?
This matters because most network configuration changes go through System Configuration framework and its dynamic store API lets you see changes applied at the level. However, the routing table within the kernel can change in ways that aren’t seen reflected in the dynamic store.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Eg. if someone added/modified/delete a route using terminal commands or another network app/extension modifies the routes, what are the options for my network extension to detect that ?
There are Terminal commands and Terminal commands. Some tools, most notably scutil, use the System Configuration infrastructure. Other tools, like route, operate below it. If you’re OK with only handling the former, you can use the SC dynamic store API. If want to detect changes made by the latter, your only option is a routing socket.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Thanks. I want to detect any changes to the routing table of a mac computer (eg. via 'route' command or if some other network extension adds new routes). From your answer, I gather that I have to use something called 'routing socket'. I did an internet search for this term but found very few links, like https://www.netbsd.org/docs/internals/en/chap-networking-core.html and https://discussions.apple.com/thread/1019337 It looks like it would require writing route monitor at the kernel level ?
Honestly, I’m not up to speed on routing sockets myself. My focus is on System Configuration and above because configd is the central coordination point for the system’s network configuration. If folks are modifying the routing table ‘behind the back’ of configd, they are likely to run into problems when configd overwrites their setup.
Having said that, my go-to reference on this stuff UNIX Network Programming, by Stevens et al, has a chapter on routing sockets and that’s where I go when I want to learn about this stuff.
http://www.unpbook.com
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I want to get notifications on route changes. I'm trying to follow @eskimo 's recommendations. Assuming I want to monitor the System Configuration level as you say - where are the routes kept in the dynamic store? How can I see them or monitor them through the dynamic store API?
I found interface address information in the dynamic store, but I can't find routes.
I'm also wondering which applications modify the routes this way - which apps can I use to test any monitoring code I write?