UDP filter is always not filtered in sflt_data_in and sflt_data_out

[LittleLydia]

it seems that entry->ump_ipv4_attached is always false in the two call-back functions: sflt_data_in and sflt_data_out

[keenjoy95]

Always false? Let me check it.
btw, what version of macOS are you using? If you are using macOS 10.15, you can find here that the sflt_* APIs are deprecated, including: sflt_register, sflt_unregister, sflt_attach and sflt_detach.
https://developer.apple.com/support/kernel-extensions/

[keenjoy95]

"udp_ipv4_attached" is always false means sflt_attach_udp_ipv4 / sflt_register initialization failed:
https://github.com/didi/kemon/blob/master/kemon/network.c#L230

Can you see the error message from this UDP branch?
https://github.com/didi/kemon/blob/master/kemon/network.c#L2060

[LittleLydia]

"udp_ipv4_attached" is always false means sflt_attach_udp_ipv4 / sflt_register initialization failed:
https://github.com/didi/kemon/blob/master/kemon/network.c#L230

Can you see the error message from this UDP branch?
https://github.com/didi/kemon/blob/master/kemon/network.c#L2060

Always false? Let me check it.
btw, what version of macOS are you using? If you are using macOS 10.15, you can find here that the sflt_* APIs are deprecated, including: sflt_register, sflt_unregister, sflt_attach and sflt_detach.
https://developer.apple.com/support/kernel-extensions/

The MacOS version I am using is 10.13.6.

It was always true in sflt_attach_udp_ipv4 call back, but whenever it comes to callback sflt_data_in and sflt_data_out, the value becomes false. Well, the tcp call back is right.

[LittleLydia]

I think you have added some redundant checks in your code when dealing with the udp handling. I found out that in network.c, some native udp request or requests with source port being 0 or dst port being zero. And entry->info.first_in_packet isn't null after the first callback. so this check if (!entry->info.first_in_packet) is superfluous.