www.it-ebooks.info


www.it-ebooks.info

ffirs.indd ii

9/29/2012 5:55:03 PM


MAC OS® X AND iOS INTERNALS
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxv

PART I

FOR POWER USERS

CHAPTER 1

Darwinism: The Evolution of OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

CHAPTER 2

E Pluribus Unum: Architecture of OS X and iOS . . . . . . . . . . . . . . . . . . . . .17

CHAPTER 3

On the Shoulders of Giants: OS X and iOS Technologies . . . . . . . . . . . 55

CHAPTER 4

Parts of the Process: Mach-O, Process, and Thread Internals . . . . . . . . 91

CHAPTER 5

Non Sequitur: Process Tracing and Debugging . . . . . . . . . . . . . . . . . . . .147

CHAPTER 6

Alone in the Dark: The Boot Process: EFI and iBoot . . . . . . . . . . . . . . . 183

CHAPTER 7

The Alpha and the Omega — launchd . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

PART II

THE KERNEL

CHAPTER 8

Some Assembly Required: Kernel Architectures . . . . . . . . . . . . . . . . . . 261

CHAPTER 9

From the Cradle to the Grave — Kernel Boot and Panics . . . . . . . . . . . 299

CHAPTER 10

The Medium Is the Message: Mach Primitives . . . . . . . . . . . . . . . . . . . . 343


CHAPTER 11

Tempus Fugit — Mach Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

CHAPTER 12

Commit to Memory: Mach Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . 447

CHAPTER 13

BS”D — The BSD Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

CHAPTER 14

Something Old, Something New: Advanced BSD Aspects . . . . . . . . . 539

CHAPTER 15

Fee, FI-FO, File: File Systems and the VFS . . . . . . . . . . . . . . . . . . . . . . . 565

CHAPTER 16

To B (-Tree) or Not to Be — The HFS+ File Systems . . . . . . . . . . . . . . . . 607

CHAPTER 17

Adhere to Protocol: The Networking Stack . . . . . . . . . . . . . . . . . . . . . . . 649

CHAPTER 18


Modu(lu)s Operandi — Kernel Extensions . . . . . . . . . . . . . . . . . . . . . . . . . 711

CHAPTER 19

Driving Force — I/O Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737

APPENDIX

Welcome to the Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773

INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

www.it-ebooks.info

ffirs.indd i

9/29/2012 5:55:02 PM


www.it-ebooks.info

ffirs.indd ii

9/29/2012 5:55:03 PM


Mac OS® X and iOS Internals
TO THE APPLE’S CORE

Jonathan Levin


www.it-ebooks.info

ffirs.indd iii

9/29/2012 5:55:03 PM


Mac OS® X and iOS Internal
Published by
John Wiley & Sons, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256

www.wiley.com
Copyright © 2013 by Jonathan Levin
Published by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-11805765-0
ISBN: 978-1-11822225-6 (ebk)
ISBN: 978-1-11823605-5 (ebk)
ISBN: 978-1-11826094-4 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Sections 107 or 108
of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization
through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA
01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008,
or online at />Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with

respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is
sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional
services. If professional assistance is required, the services of a competent professional person should be sought. Neither
the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is
referred to in this work as a citation and/or a potential source of further information does not mean that the author or the
publisher endorses the information the organization or Web site may provide or recommendations it may make. Further,
readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this
work was written and when it is read.
For general information on our other products and services please contact our Customer Care Department within the
United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media
such as a CD or DVD that is not included in the version you purchased, you may download this material at
. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2011945020
Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Wrox Programmer to Programmer, and related trade dress are
trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affi liates, in the United States and other countries, and may not be used without written permission. Mac OS is a registered trademark of Apple, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor
mentioned in this book.

www.it-ebooks.info

ffirs.indd iv

9/29/2012 5:55:06 PM


To Steven Paul Jobs: From Mac OS’s very first
incarnation, to the present one, wherein the legacy of

NeXTSTEP still lives, his relationship with Apple is
forever entrenched in OS X (and iOS). People focus on
his effect on Apple as a company. No less of an effect,
though hidden to the naked eye, is on its architecture.
I resisted the pixie dust for 25 years, but he
finally made me love Mac OS... Just as soon as I got
my shell prompt.
— Jonathan Levin

www.it-ebooks.info

ffirs.indd v

9/29/2012 5:55:07 PM


CREDITS

ACQUISITIONS EDITOR

BUSINESS MANAGER

Mary James

Amy Knies

SENIOR PROJECT EDITOR

PRODUCTION MANAGER


Adaobi Obi Tulton

Tim Tate

DEVELOPMENT EDITOR

VICE PRESIDENT AND EXECUTIVE GROUP
PUBLISHER

Sydney Argenta

Richard Swadley
TECHNICAL EDITORS

Arie Haenel
Dwight Spivey

VICE PRESIDENT AND EXECUTIVE PUBLISHER

PRODUCTION EDITOR

ASSOCIATE PUBLISHER

Christine Mugnolo

Jim Minatel

COPY EDITORS

PROJECT COORDINATOR, COVER


Paula Lowell
Nancy Rapoport

Katie Crocker

Neil Edde

PROOFREADER

James Saturnio, Word One New York

EDITORIAL MANAGER

Mary Beth Wakefield
INDEXER
FREELANCER EDITORIAL MANAGER

Robert Swanson

Rosemarie Graham
COVER DESIGNER
ASSOCIATE DIRECTOR OF MARKETING

Ryan Sneed

David Mayhew
COVER IMAGE
MARKETING MANAGER


© Matt Jeacock / iStockPhoto

Ashley Zurcher

www.it-ebooks.info

ffirs.indd vi

9/29/2012 5:55:07 PM


ABOUT THE AUTHOR

JONATHAN LEVIN is a seasoned technical trainer and consultant focusing on the internals of the
“Big Three” (Windows, Linux, and Mac OS) as well as their mobile derivatives (Android and iOS).
Jonathan has been spreading the gospel of kernel engineering and hacking for 15 years, and has
given technical talks at DefCON as well as other technical conferences. He is the founder and CTO
of Technologeeks.com, a partnership of expert like-minded individuals, devoted to propagating
knowledge through technical training, and solving tough technical challenges through consulting.
Their areas of expertise cover real-time and other critical aspects of software architectures, system/
kernel-level programming, debugging, reverse engineering, and performance optimizations.

ABOUT THE TECHNICAL EDITORS

ARIE HAENEL is a security and internals expert at NDS Ltd. (now part of Cisco). Mr. Haenel has

vast experience in data and device security across the board. He holds a Bachelor of Science Engineering in Computer Science from the Jerusalem College of Technology, Israel and an MBA from the
University of Poitiers, France. His hobbies include learning Talmud, judo, and solving riddles. He
lives in Jerusalem, Israel.
DWIGHT SPIVEY is the author of several Mac books, including OS X Mountain Lion Portable

Genius and OS X Lion Portable Genius. He is also a product manager for Konica Minolta, where
he has specialized in working with Mac operating systems, applications, and hardware, as well as
color and monochrome laser printers. He teaches classes on Mac usage, writes training and support
materials for Konica Minolta, and is a member of the Apple Developer Program. Dwight lives on
the Gulf Coast of Alabama with his beautiful wife Cindy and their four amazing children, Victoria,
Devyn, Emi, and Reid. He studies theology, draws comic strips, and roots for the Auburn Tigers
(“War Eagle!”) in his ever-decreasing spare time.

www.it-ebooks.info

ffirs.indd vii

9/29/2012 5:55:07 PM


www.it-ebooks.info

ffirs.indd viii

9/29/2012 5:55:07 PM


ACKNOWLEDGMENTS

“Y’KNOW, JOHNNY,” said my friend Yoav, taking a puff from his cigarette on a warm summer night
in Shanghai, “Why don’t you write a book?”

And that’s how it started. It was Yoav (Yobo) Chernitz who planted the seed to write my own book,
for a change, after years of reading others’. From that moment, in the Far, Middle, and US East (and
the countless fl ights in between), the idea began to germinate, and this book took form. I had little

idea it would turn into the magnum opus it has become, at times taking on a life of its own, and
becoming quite the endeavor. With so many unforeseen complications and delays, it’s hard to believe
it is now done. I tried to illuminate the darkest reaches of this monumental edifice, to delineate
them, and leave no stone unturned. Whether or not I have succeeded, you be the judge. But know, I
couldn’t have done it without the following people:
Arie Haenel, my longtime friend — a natural born hacker, and no small genius. Always
among my harshest critics, and an obvious choice for a technical reviewer.
Moshe Kravchik — whose insights and challenging questions as the book’s fi rst reader hopefully made it a lot more readable for all those who follow.
Yuval Navon — from down under in Melbourne, Australia, who has shown me that friendship knows no geographical bounds.
And last, but hardly least, to my darling Amy, who was patient enough to endure my all-too-frequent travels, more than understanding enough to support me to no end, and infi nitely wise enough
to constantly remind me not only of the important deadlines and obligations. I had with this book,
but of the things that are truly the most important in life.

— Jonathan Levin

www.it-ebooks.info

ffirs.indd ix

9/29/2012 5:55:07 PM


www.it-ebooks.info

ffirs.indd x

9/29/2012 5:55:07 PM


CONTENTS


INTRODUCTION

xxv

PART I: FOR POWER USERS
CHAPTER 1: DARWINISM: THE EVOLUTION OF OS X

The Pre-Darwin Era: Mac OS Classic
The Prodigal Son: NeXTSTEP
Enter: OS X
OS X Versions, to Date
10.0 — Cheetah and the First Foray
10.1 — Puma — a Stronger Feline, but . . .
10.2 — Jaguar — Getting Better
10.3 — Panther and Safari
10.4 — Tiger and Intel Transition
10.5 — Leopard and UNIX
10.6 — Snow Leopard
10.7 — Lion
10.8 — Mountain Lion

iOS — OS X Goes Mobile

3

3
4
4
5

5
6
6
6
6
7
7
8
9

10

1.x — Heavenly and the First iPhone
2.x — App Store, 3G and Corporate Features
3.x — Farewell, 1st gen, Hello iPad
4.x — iPhone 4, Apple TV, and the iPad 2
5.x — To the iPhone 4S and Beyond
iOS vs. OS X

The Future of OS X
Summary
References

11
11
11
11
12
12


15
16
16

CHAPTER 2: E PLURIBUS UNUM: ARCHITECTURE OF OS X AND IOS

OS X Architectural Overview
The User Experience Layer
Aqua
Quicklook
Spotlight

17

17
19
19
20
21

www.it-ebooks.info

ftoc.indd xi

9/29/2012 5:55:19 PM


CONTENTS

Darwin — The UNIX Core

The Shell
The File System

22
22
23

UNIX System Directories

24

OS X–Specific Directories
iOS File System Idiosyncrasies

Interlude: Bundles
Applications and Apps

25
25

26
26

Info.plist
Resources
NIB Files
Internationalization with .lproj Files
Icons (.icns)
CodeResources


Frameworks

28
30
30
31
31
31

34

Framework Bundle Format
List of OS X and iOS Public Frameworks

Libraries
Other Application Types
System Calls

34
37

44
46
48

POSIX
Mach System Calls

48
48


A High-Level View of XNU
Mach
The BSD Layer
libkern
I/O Kit

51
51
51
52
52

Summary
References

52
53

CHAPTER 3: ON THE SHOULDERS OF GIANTS: OS X
AND IOS TECHNOLOGIES

BSD Heirlooms

55

55

sysctl
kqueues

Auditing (OS X)
Mandatory Access Control

56
57
59
62

OS X- and iOS-Specific Technologies

65

User and Group Management (OS X)
System Configuration

65
67

xii

www.it-ebooks.info

ftoc.indd xii

9/29/2012 5:55:21 PM


CONTENTS

Logging

Apple Events and AppleScript
FSEvents
Notifications
Additional APIs of interest

OS X and iOS Security Mechanisms
Code Signing
Compartmentalization (Sandboxing)
Entitlements: Making the Sandbox Tighter Still
Enforcing the Sandbox

Summary
References

69
72
74
78
79

79
80
81
83
89

90
90

CHAPTER 4: PARTS OF THE PROCESS: MACH-O,

PROCESS, AND THREAD INTERNALS

91

A Nomenclature Refresher

91

Processes and Threads
The Process Lifecycle
UNIX Signals

91
92
95

Executables
Universal Binaries

98
99

Mach-O Binaries
Load Commands

102
106

Dynamic Libraries


111

Launch-Time Loading of Libraries
Runtime Loading of Libraries
dyld Features

Process Address Space

111
122
124

130

The Process Entry Point
Address Space Layout Randomization
32-Bit (Intel)
64-Bit
32-Bit (iOS)
Experiment: Using vmmap(1) to Peek Inside a Process’s
Address Space

Process Memory Allocation (User Mode)
Heap Allocations
Virtual Memory — The sysadmin Perspective

Threads

130
131

132
132
133
135

138
139
140

143

Unraveling Threads

143

References

146

xiii

www.it-ebooks.info

ftoc.indd xiii

9/29/2012 5:55:21 PM


CONTENTS


CHAPTER 5: NON SEQUITUR:
PROCESS TRACING AND DEBUGGING

DTrace

147

147

The D Language
dtruss
How DTrace Works

147
150
152

Other Profiling mechanisms
The Decline and Fall of CHUD
AppleProfileFamily: The Heir Apparent

Process Information

154
154
155

156

sysctl

proc_info

156
156

Process and System Snapshots

159

system_profiler(8)
sysdiagnose(1)
allmemory(1)
stackshot(1)
The stack_snapshot System Call

159
159
160
160
162

kdebug

165

kdebug-based Utilities
kdebug codes
Writing kdebug messages
Reading kdebug messages


Application Crashes

165
166
168
169

170

Application Hangs and Sampling
Memory Corruption Bugs

Memory Leaks

173
174

176

heap(1)
leaks(1)
malloc_history(1)

177
177
178

Standard UNIX Tools

178


Process listing with ps(1)
System-Wide View with top(1)
File Diagnostics with lsof(1) and fuser(1)

Using GDB

179
179
180

181

GDB Darwin Extensions
GDB on iOS
LLDB

181
182
182

Summary
References and Further Reading

182
182

xiv

www.it-ebooks.info


ftoc.indd xiv

9/29/2012 5:55:21 PM


CONTENTS

CHAPTER 6: ALONE IN THE DARK:
THE BOOT PROCESS: EFI AND IBOOT

183

Traditional Forms of Boot
EFI Demystified

183
185

Basic Concepts of EFI
The EFI Services
NVRAM Variables

186
188
192

OS X and boot.efi

194


Flow of boot.efi
Booting the Kernel
Kernel Callbacks into EFI
Boot.efi Changes in Lion
Boot Camp
Count Your Blessings
Experiment: Running EFI Programs on a Mac

iOS and iBoot

195
201
203
204
204
204
206

210

Precursor: The Boot ROM
Normal Boot
Recovery Mode
Device Firmware Update (DFU) Mode
Downgrade and Replay Attacks

Installation Images

210

211
212
213
213

214

OS X Installation Process
iOS File System Images (.ipsw)

214
219

Summary
References and Further Reading

225
225

CHAPTER 7: THE ALPHA AND THE OMEGA — LAUNCHD

launchd

227

227

Starting launchd
System-Wide Versus Per-User launchd
Daemons and Agents

The Many Faces of launchd

Lists of LaunchDaemons
GUI Shells

227
228
229
229

241
246

Finder (OS X)
SpringBoard (iOS)

247
248

XPC (Lion and iOS)
Summary
References and Further Reading

253
257
258

xv

www.it-ebooks.info


ftoc.indd xv

9/29/2012 5:55:21 PM


CONTENTS

PART II: THE KERNEL
CHAPTER 8: SOME ASSEMBLY REQUIRED:
KERNEL ARCHITECTURES

Kernel Basics

261

261

Kernel Architectures

262

User Mode versus Kernel Mode
Intel Architecture — Rings
ARM Architecture: CPSR

Kernel/User Transition Mechanisms
Trap Handlers on Intel
Voluntary kernel transition


System Call Processing

266
266
267

268
269
278

283

POSIX/BSD System calls
Mach Traps
Machine Dependent Calls
Diagnostic calls

XNU and hardware abstraction
Summary
References
CHAPTER 9: FROM THE CRADLE TO THE GRAVE —
KERNEL BOOT AND PANICS

The XNU Sources

284
287
292
292


295
297
297
299

299

Getting the Sources
Making XNU
One Kernel, Multiple Architectures
The XNU Source Tree

Booting XNU

299
300
302
305

308

The Bird’s Eye View
OS X: vstart
iOS: start
[i386|arm]_init
i386_init_slave()
machine_startup
kernel_bootstrap
kernel_bootstrap_thread
bsd_init

bsdinit_task
Sleeping and Waking Up

309
310
310
311
313
314
314
318
320
325
328

Boot Arguments

329

xvi

www.it-ebooks.info

ftoc.indd xvi

9/29/2012 5:55:21 PM


CONTENTS


Kernel Debugging

332

“Don’t Panic”
Implementation of Panic
Panic Reports

333
334
336

Summary
References

340
341

CHAPTER 10: THE MEDIUM IS THE MESSAGE: MACH PRIMITIVES

Introducing: Mach

343

344

The Mach Design Philosophy
Mach Design Goals

Mach Messages


344
345

346

Simple Messages
Complex messages
Sending Messages
Ports
The Mach Interface Generator (MIG)

IPC, in Depth

346
347
348
349
351

357

Behind the Scenes of Message Passing

359

Synchronization Primitives

360


Lock Group Objects
Mutex Object
Read-Write Lock Object
Spinlock Object
Semaphore Object
Lock Set Object

361
362
363
364
364
366

Machine Primitives

367

Clock Object
Processor Object
Processor Set Object

378
380
384

Summary
References

388

388

CHAPTER 11: TEMPUS FUGIT — MACH SCHEDULING

389

Scheduling Primitives

389

Threads
Tasks
Task and Thread APIs
Task APIs
Thread APIs

390
395
399
399
404

xvii

www.it-ebooks.info

ftoc.indd xvii

9/29/2012 5:55:22 PM



CONTENTS

Scheduling

408

The High-Level View
Priorities
Run Queues

408
409
412

Mach Scheduler Specifics
Asynchronous Software Traps (ASTs)
Scheduling Algorithms

Timer Interrupts

415
423
427

431

Interrupt-Driven Scheduling
Timer Interrupt Processing in XNU


Exceptions

431
432

436

The Mach Exception Model
Implementation Details
Experiment: Mach Exception Handling

Summary
References

436
437
440

446
446

CHAPTER 12: COMMIT TO MEMORY:
MACH VIRTUAL MEMORY

Virtual Memory Architecture
The 30,000-Foot View of Virtual Memory
The Bird’s Eye View
The User Mode View

Physical Memory Management

Mach Zones
The Mach Zone Structure
Zone Setup During Boot
Zone Garbage Collection
Zone Debugging

447

447
448
449
452

462
467
468
470
471
473

Kernel Memory Allocators

473

kernel_memory_allocate()
kmem_alloc() and Friends
kalloc
OSMalloc

473

477
477
479

Mach Pagers

480

The Mach Pager interface
Universal Page Lists
Pager Types

480
484
486

Paging Policy Management

494

The Pageout Daemon
Handling Page Faults
The dynamic_pager(8) (OS X)

495
497
498

xviii


www.it-ebooks.info

ftoc.indd xviii

9/29/2012 5:55:22 PM


CONTENTS

Summary
References

499
500

CHAPTER 13: BS”D — THE BSD LAYER

Introducing BSD

501

501

One Ring to Bind Them
What’s in the POSIX Standard?
Implementing BSD
XNU Is Not Fully BSD

Processes and Threads


502
503
503
504

504

BSD Process Structs
Process Lists and Groups
Threads
Mapping to Mach

504
507
508
510

Process Creation

512

The User Mode Perspective
The Kernel Mode Perspective
Loading and Executing Binaries
Mach-O Binaries

Process Control and Tracing

512
513

516
522

525

ptrace (#26)
proc_info (#336)
Policies
Process Suspension/Resumption

Signals

525
527
527
529

529

The UNIX Exception Handler
Hardware-Generated Signals
Software-Generated Signals
Signal Handling by the Victim

Summary
References

529
534
535

536

536
537

CHAPTER 14: SOMETHING OLD, SOMETHING NEW:
ADVANCED BSD ASPECTS

Memory Management

539

539

POSIX Memory and Page Management System Calls
BSD Internal Memory Functions
Memory Pressure
Jetsam (iOS)
Kernel Address Space Layout Randomization

Work Queues

540
541
545
546
548

550
xix


www.it-ebooks.info

ftoc.indd xix

9/29/2012 5:55:22 PM


CONTENTS

BSD Heirlooms Revisited

552

Sysctl
Kqueues
Auditing (OS X)
Mandatory Access Control

Apple’s Policy Modules
Summary
References

552
555
556
558

560
563

563

CHAPTER 15: FEE, FI-FO, FILE: FILE SYSTEMS AND THE VFS

Prelude: Disk Devices and Partitions
Partitioning Schemes

565

565
567

Generic File System Concepts
Files
Extended Attributes
Permissions
Timestamps
Shortcuts and Links

577
577
577
577
578
578

File Systems in the Apple Ecosystem
Native Apple File Systems
DOS/Windows File Systems
CD/DVD File Systems

Network-Based File Systems
Pseudo File Systems

579
579
580
581
582
583

Mounting File Systems (OS X only)
Disk Image Files

587
589

Booting from a Disk Image (Lion)

590

The Virtual File System Switch
The File System Entry
The Mount Entry
The vnode Object

591
591
592
595


FUSE — File Systems in USEr Space
File I/O from Processes
Summary
References and Further Reading
CHAPTER 16: TO B (-TREE) OR NOT TO BE —
THE HFS+ FILE SYSTEMS

HFS+ File System Concepts
Timestamps
Access Control Lists

597
600
605
605
607

607
607
608

xx

www.it-ebooks.info

ftoc.indd xx

9/29/2012 5:55:22 PM



CONTENTS

Extended Attributes
Forks
Compression
Unicode Support
Finder integration
Case Sensitivity (HFSX)
Journaling
Dynamic Resizing
Metadata Zone
Hot Files
Dynamic Defragmentation

608
611
612
617
617
619
619
620
620
621
622

HFS+ Design Concepts

624


B-Trees: The Basics

624

Components

630

The HFS+ Volume Header
The Catalog File
The Extent Overflow
The Attribute B-Tree
The Hot File B-Tree
The Allocation File
HFS Journaling

631
633
640
640
641
642
642

VFS and Kernel Integration

645

fsctl(2) integration
sysctl(2) integration

File System Status Notifications

Summary
References

645
646
647

647
648

CHAPTER 17: ADHERE TO PROTOCOL: THE NETWORKING STACK

User Mode Revisited

649

650

UNIX Domain Sockets
IPv4 Networking
Routing Sockets
Network Driver Sockets
IPSec Key Management Sockets
IPv6 Networking
System Sockets

Socket and Protocol Statistics
Layer V: Sockets

Socket Descriptors
mbufs
Sockets in Kernel Mode

651
651
652
652
654
654
655

658
660
660
661
667
xxi

www.it-ebooks.info

ftoc.indd xxi

9/29/2012 5:55:22 PM


CONTENTS

Layer IV: Transport Protocols
Domains and Protosws

Initializing Domains

Layer III: Network Protocols
Layer II: Interfaces
Interfaces in OS X and iOS
The Data Link Interface Layer
The ifnet Structure
Case Study: utun

Putting It All Together: The Stack

668
669
673

676
678
678
680
680
682

686

Receiving Data
Sending Data

686
690


Packet Filtering

693

Socket Filters
ipfw(8)
The PF Packet Filter (Lion and iOS)
IP Filters
Interface Filters
The Berkeley Packet Filter

Traffic Shaping and QoS

694
696
697
698
701
701

705

The Integrated Services Model
The Differentiated Services Model
Implementing dummynet
Controlling Parameters from User Mode

Summary
References and Further Reading
CHAPTER 18: MODU(LU)S OPERANDI — KERNEL EXTENSIONS


Extending the Kernel

706
706
706
707

707
708
711

711

Securing Modular Architecture

Kernel Extensions (Kexts)
Kext Structure
Kext Security Requirements
Working with Kernel Extensions
Kernelcaches
Multi-Kexts
A Programmer’s View of Kexts
Kernel Kext Support

Summary
References

712


713
717
718
719
719
723
724
725

735
735

xxii

www.it-ebooks.info

ftoc.indd xxii

9/29/2012 5:55:22 PM


CONTENTS

CHAPTER 19: DRIVING FORCE — I/O KIT

Introducing I/O Kit

737

738


Device Driver Programming Constraints
What I/O Kit Is
What I/O Kit Isn’t

LibKern: The I/O Kit Base Classes
The I/O Registry
I/O Kit from User Mode
I/O Registry Access
Getting/Setting Driver Properties
Plug and Play (Notification Ports)
I/O Kit Power Management
Other I/O Kit Subsystems
I/O Kit Diagnostics

I/O Kit Kernel Drivers

738
738
741

742
743
746
747
749
750
751
753
753


755

Driver Matching
The I/O Kit Families
The I/O Kit Driver Model
The IOWorkLoop
Interrupt Handling
I/O Kit Memory Management

BSD Integration
Summary
References and Further Reading

755
757
761
764
765
769

769
771
771

APPENDIX: WELCOME TO THE MACHINE

773

INDEX


793

xxiii

www.it-ebooks.info

ftoc.indd xxiii

9/29/2012 5:55:23 PM