Introduction to Network Kernel Extensions Programming Guide
Network kernel extensions (NKEs) provide a way to extend and modify the networking infrastructure of OS X while the kernel is running, without requiring the kernel to be recompiled, relinked, or rebooted.
NKEs allow you to create modules that can be loaded and unloaded dynamically at specific positions in the network hierarchy. These modules can monitor and modify network traffic, and can receive notification of asynchronous events from the driver layer, such as interface status changes.
This document is primarily of interest to developers who need to extend or modify the OS X networking infrastructure. This includes:
Adding support for new, non-ethernet interface types.
Designing custom routing technologies.
Creating link-layer encryption technologies.
This document assumes a significant understanding of networking concepts, including a basic familiarity with sockets, packet filtering, and so on. It also assumes that you are already familiar with the basics of kernel-level operating systems programming.
Because even minor bugs in kernel-level code can cause serious consequences, including application instability, data corruption, and even kernel panics, the techniques described in this document should be used only if no other mechanism already exists. For example, where possible, IP filtering should generally be done using
ipfw. Similarly, packet logging should generally be done using
This document is intended to provide supplementary conceptual material specific to network kernel extensions. It is not intended as a reference document, and assumes prior knowledge of OS X kernel extensions (KEXTs). For reference material specific to networking KEXTs, see the document KPI Reference. For additional information on OS X KEXTs in general, see the document Kernel Extension Programming Topics.
The following sources provide additional information that may be of interest to developers of network kernel extensions:
Kernel Extension Programming Topics—conceptual information about kernel extensions in OS X.
KPI Reference—reference documentation specific to network kernel extensions and other non-I/O Kit (device driver) KEXTs.
Kernel Framework Reference—reference documentation for I/O Kit device drivers, including network device drivers.
The Design and Implementation of the 4.4 BSD Operating System. M. K. McKusick et al., Addison-Wesley, Reading, 1996.
Unix Network Programming, Second Edition, volume 1. Richard W. Stevens, Prentice Hall, New York, 1998.
TCP/IP Illustrated, volume 1: The Protocols. Richard W. Stevens, Addison-Wesley, Reading, 1994.
TCP/IP Illustrated, volume 2: The Implementation. Richard W. Stevens and Gary R. Wright, Addison-Wesley, Reading, 1995.
TCP/IP Illustrated, volume 3: Other Protocols. Richard W. Stevens, Addison-Wesley, Reading, 1996.
The following websites provide information about the Berkeley Software Distribution (BSD):