General questions regarding iOS' cellular data network stack

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

General questions regarding iOS' cellular data network stack

Postby Cykey » Sat Aug 06, 2016 9:36 pm

Hi,

(Jonathan and I already had a discussion on this subject via e-mail, which is reproduced here below with some minor modifications to improve readability.)

1. How does cellular data networking on iOS work? Which network interface(s) does it use? I believe, from running ifconfig -l, that iOS uses the interface is pdp_ip0. Is this correct?

Yep. The kexts (com.apple.driver.usb.hsic.cellular if I'm not mistaken, but I can re-check if you need me to) calls ifnet_attach on pdp_ipXX.


2. Is it possible to know when iOS is routing Internet through LTE as opposed to Wi-Fi? In other words, how can I know when the networking stack is sending the packets through the baseband as opposed to the Wi-Fi chip? Is this information available or is it buried/abstracted deep into the kernel?

It's in the routing table. The kernel packet forwarding just goes by whichever interface (pdp or wlan) is cheaper. When wlan is connected, it is. When not, its metric is infinite.


3. Do CDMA devices use pdp_ip0 as well or do CDMA devices route cellular internet packets in a completely different way?
I'm almost sure it's the same interface. If you got me a shell onto a CDMA device, I can easily check.


UPDATE: Using a custom-made tool, I was able to confirm with a friend that CDMA iPhones also route packets through the pdp_ip0 network interface.

4. Do you know if it's possible to get a notification every time that a packet goes through the pip_ip0 network interface? In other words, is there a way to know when a packet goes through cellular data? Let's say, for example, that I'd like to display a UIAlertView when LTE is used, is this possible? This implies that I would need to know when a packet goes through the cellular network stack. I am not sure if this is possible. Do you have any clues you could throw at me? Perhaps I'd need to hook something?

Thanks,
David.
Cykey
 
Posts: 3
Joined: Sat Aug 06, 2016 9:24 pm

Re: General questions regarding iOS' cellular data network s

Postby morpheus » Sat Aug 06, 2016 10:57 pm

Non jailbroken device: Absolutely not. Well, at least not in theory. That would constitute a serious vuln. Read on.

Jailbroken device: assuming root, of course - many ways - here's a few:

One of my favorite ways involves the BPF, something I covered in the 1st Ed .

http://newosxbook.com/src.jl?tree=listi ... 7-25-bpf.c

which is designed for en0 (wlan0 in the case of iOS) but can be easily adapted (change interface name and encapsuation). That will get you not just notifications, but the packet proper. Might be too much of an overkill.

BUT ,there's something better - you can register with CommCenter for CoreTelephony notifications! It's a private API, it requires an entitlement (com.apple.CommCenter.fine-grained), but no hooking, and - can be run as mobile (well, sandbox notwithstanding since we've jailbroken :-) I actually have a great idea for an example I'm working on (for Volume II of the trilogy, which should explain to people why it's taking so much time, but is totally going to be worth the wait!). The specific calls you want is:

_CTServerConnectionRegisterForNotification

and also (if I recall)

kCTRegistrationDataStatusChangedNotification

to see when the link is used.

I'll post a working example soon - sooner than Volume II, surely. Just need to make it more presentable first. Also, it's a tad sensitive in that it can *cough* get private information, and I don't want AAPL to fix that flaw before iOS 10 is out.

(and nice to know I was right about pdp_ip0 in CDMA :-)
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: General questions regarding iOS' cellular data network s

Postby Cykey » Sun Aug 07, 2016 12:14 am

Thanks for the info.

Surely it is it not kCTRegistrationDataStatusChangedNotification, since I believe that this is posted when the data type switches from, like, Wi-Fi to LTE. I do not think that this notification gets posted every time that a packet goes through the cellular data network interface. In SpringBoard, SBDataConnectionTypeChangedNotification is posted when kCTRegistrationDataStatusChangedNotification is posted. Do you have any other idea for the notification name?

David
Cykey
 
Posts: 3
Joined: Sat Aug 06, 2016 9:24 pm

Re: General questions regarding iOS' cellular data network s

Postby morpheus » Sun Aug 07, 2016 2:10 am

I wasn't insinuating the notification (which again, I'm not sure about the name off top off my head) would be posted on *every* packet - this would be insane on Apple's part (and kill performance). But a notification enables you to then poll the link status and you see if it's active or not. You'd probe all four data links (in practice, only the first is ever used) and see by its status yay or nay.

If you want notification for every single packet, yikes - use BPF, tcpdump and the like. But be advised battery life will suffer.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: General questions regarding iOS' cellular data network s

Postby Cykey » Sun Aug 07, 2016 1:09 pm

Ah, you're right, that would be a massive battery drain.

I have done some investigation and it seems like the notification that is posted when LTE is used is kCTIndicatorRadioTransmitNotification. In the userInfo dictionary, you can check the kCTRadioTransmitDCHStatus key.

David
Cykey
 
Posts: 3
Joined: Sat Aug 06, 2016 9:24 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 4 guests

cron