I'm implementing a kext that needs to redirect some outgoing connections via a transparent proxy app on the same machine.
Our Proof of Concept is working wonderfully by modifying the 'to' sockaddr passed into sf_connect_out_func.
e.g for AF_INET addresses
static errno_t
my_connect_out(void *cookie, socket_t so, const struct sockaddr *to)
{
if (to->sa_family == AF_INET && (ip address and port is one I want to redirect))
{
struct sockaddr_in* toAsIPv4 = (struct sockaddr_in*)to;
toAsIPv4->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
toAsIPv4->sin_port = htons(proxyPortNumber);
}
return 0;
}This has been working great for a while without issue, but the fact that the 'to' parameter is declared as a const struct makes me wonder if I'm misusing the filter function by actually modifying *to. Should I be worried or is the sf_connect_out_func wrong in declaring *to as a const?
If I am misusing it, any other suggestions on how to correctly redirect from conntect_out?
Thanks