v.0.9.2

IPv6 support
support to older versions (OS X 10.9+)
alert window now modal  (#13)
allert window now resizable
binaries in app bundle's now selectable (#9)
only perform baseline one (first) time
supress alerts in passive mode (#7)
improved processing of (big) DNS responses from kext

kernelExtension/kernelExtension.xcodeproj/project.pbxproj

@@ -138,7 +138,7 @@
 		7D5208E81E41C23900832F57 /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0820;
+				LastUpgradeCheck = 0900;
 				ORGANIZATIONNAME = "Objective-See";
 				TargetAttributes = {
 					7D5208F01E41C23900832F57 = {
@@ -200,15 +200,21 @@
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_SUSPICIOUS_MOVES = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
@@ -232,7 +238,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				MACOSX_DEPLOYMENT_TARGET = 10.12;
+				MACOSX_DEPLOYMENT_TARGET = 10.10;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = macosx;
@@ -248,15 +254,21 @@
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_SUSPICIOUS_MOVES = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
@@ -274,7 +286,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				MACOSX_DEPLOYMENT_TARGET = 10.12;
+				MACOSX_DEPLOYMENT_TARGET = 10.10;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = macosx;
 			};

kernelExtension/kernelExtension/broadcastEvents.cpp

@@ -43,7 +43,6 @@ bool initBroadcast()
 }
 
 //broadcast an event to user mode
-//TODO: when IPV6 is supported; sockaddr/vs sockaddr_in/sockaddr_in6 for size
 bool broadcastEvent(int type, socket_t so, const struct sockaddr *to)
 {
     //return var
@@ -56,10 +55,10 @@ bool broadcastEvent(int type, socket_t so, const struct sockaddr *to)
     int processID = 0;
 
     //local socket address
-    struct sockaddr_in localAddress = {0};
+    struct sockaddr_in6 localAddress = {0};
 
     //remote socket address
-    struct sockaddr_in remoteAddress = {0};
+    struct sockaddr_in6 remoteAddress = {0};
 
     //socket type
     int socketType = 0;
@@ -166,6 +165,7 @@ bool broadcastEvent(int type, socket_t so, const struct sockaddr *to)
     return result;
 }
 
+/*
 //broadcast an DNS reponse to user mode
 bool broadcastDNSReponse(int type, void* packet, size_t length)
 {
@@ -228,4 +228,5 @@ bool broadcastDNSReponse(int type, void* packet, size_t length)
     
     return result;
 }
+*/
 

kernelExtension/kernelExtension/broadcastEvents.hpp

@@ -33,6 +33,6 @@ bool initBroadcast();
 bool broadcastEvent(int type, socket_t so, const struct sockaddr *to);
 
 //broadcast an DNS reponse to user mode
-bool broadcastDNSReponse(int type, void* packet, size_t length);
+//bool broadcastDNSReponse(int type, void* packet, size_t length);
 
 #endif

kernelExtension/kernelExtension/driver.cpp

@@ -99,7 +99,7 @@ bool com_objective_see_firewall::start(IOService *provider)
     }
 
     //init shared data queue
-    sharedDataQueue = IOSharedDataQueue::withCapacity(sizeof(firewallEvent) * (MAX_FIREWALL_EVENT + DATA_QUEUE_ENTRY_HEADER_SIZE));
+    sharedDataQueue = IOSharedDataQueue::withCapacity(sizeof(firewallEvent) * (MAX_FIREWALL_EVENTS + DATA_QUEUE_ENTRY_HEADER_SIZE));
     if(NULL == sharedDataQueue)
     {
         //bail