I am writing a kext driver for OS X and would like to use functions from the library libpcap.dylib. Libpcap.dylib lives in /usr/lib on OS X. Can it be used from kernel space? How can I use libpcap.dylib from a kext using Xcode?
I manage to compile -- (-lpcap apears as link option) but:
"unexpected dylib" by linker. It is clear that is misplaced somehow.I am aware of similar question Linking Dylibs in Kexts? but want to know if someone have have used libpcap on a kext.
WinPcap has both user-land and kernel-mode components, because the Windows kernels don't provide the necessary kernel-mode components.
On UN*X systems - for example, on OS X - the kernel-mode components are part of the OS, and libpcap only includes user-mode code.
The equivalent, in *BSD and OS X, of WinPcap's kernel-mode code is BPF, which you won't be able to use from a kext. In addition, BPF has no equivalent of the send-queue stuff to do synchronized transmission of packets - you can send packets, but that just immediately injects the packet into the network stack - so neither using libpcap from your kext, nor using raw BPF from your kext, would help you with your timing needs.