We have developed a network filter based on the Network extension framework in macOS. However, we have found that after blocking a network, the poll socket value still returns as 1, which causes some applications to run abnormally.
We return dropVerdict in the callback handleNewFlow
We simulated the process of an application initiating a network request.
Create an asynchronous socket.
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
perror("socket");
exit(EXIT_FAILURE);
}
int flags = fcntl(sockfd, F_GETFL, 0);
fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
connect server
// Connect to the server
ret = connect(sockfd, (struct sockaddr *)&server_addr, sizeof(server_addr));
if (ret < 0) {
NSLog(@"connect, errno:%d, err str:%s.", errno, strerror(errno));
}
we found the connect return -1, errno return EINPROGRESS, means operation now in progress.
poll socket
int timeout = 5000; // 5 seconds
struct pollfd fds[MAX_EVENTS];
fds[0].fd = sockfd;
fds[0].events = POLLIN;
ret = poll(fds, 1, timeout)
return 1, means the number of descriptors that are ready for I/O.
We believe it is unreasonable for poll to return 1 after network disruption, which leads to abnormal application processing.