Device Sharing Rules
The sharing rules has almost the same ideology as pf.conf(5) rules (network packet filter present in macOS). It means the following:
- rule matches if all its filter specificators match
- last matched rule wins
- 'quick' keyword makes the rule win without evaluating next rules
By default, if there are no rules specified, all devices are blocked. All shared devices can be used locally after being shared until a client connects them.
The rule format is the following:
<action> [quick] <filters> <modifiers>
share - allow device to be used remotely
block - deny remote device usage
host "ip[,ip[,ip...]]"|rdesk - client IP address or remote desktop connection
name is|contains "device name" - device name
built-in - built-in devices, e.g. FaceTime HD Camera, BlueTooth
port h-h-h-p - port number. Device port can be determined from ``ctl list''
serial "serial number" - USB serial number
hwid VID[:PID[:Rev]] - hardware Id. Values must be specified in HEX
class Class[:Subclass[:Protocol]] - device class, subclass, protocol from device or interface descriptors
Symbol ! is used to revert the logic.
override-serial "new serial" - specify new serial number
override-name "new name" - specify new device name
takeaway - clients can take away devices occupied by other clients
Modifiers can be used for share-rules only.
Exact Device Rule
There is rule which describe exact device. It's added automatically when the user uses ctl dev share 0 or ctl dev block 5 commands. These commands result in the following rules added in the top:
share quick hwid 05ac:8511:7252 serial "CCG82540GBKH34FF3" block quick hwid 09da:000a:0014 port 13-1
So, if the device has serial number the rule contains it. If not, the device is bound to exact USB port.
### ### Share all not built-in devices and keyboard/mice to Remote Desktop session. ### block quick built-in share rdesk !class 3:1 takeaway ### ### Share exact Logitech camera for all clients ### quick share hwid 046d:0843:0013 serial "7F609CEE"