Device Sharing Rules
The sharing rules has almost the same ideology as pf.conf(5) rules (network packet filter present in macOS). It means the following:
- rule matches if all its filter specificators match
- last matched rule wins
- 'quick' keyword makes the rule win without evaluating next rules
By default, if there are no rules specified, all devices are blocked. All shared devices can be used locally after being shared until a client connects them.
The rule format is the following:
<action> [quick] <filters> <modifiers>
- Allow device to be used remotely.
- Deny remote device usage.
- host "ip[,ip[,ip...]]"|rdesk
- Client IP address or remote desktop connection.
- name is|contains "device name"
- Device name.
- Built-in devices, e.g. FaceTime HD Camera, BlueTooth.
- port h-h-h-p
- Port number. Device port can be found in the output of ctl dev list command.
- serial "serial number"
- USB device serial number
- hwid VID[:PID[:Rev]]
- Hardware Id. Values must be specified in HEX
- class Class[:Subclass[:Protocol]]
- Device class, subclass, protocol from device or interface descriptors
Symbol ! is used to revert the logic.
- override-serial "new serial"
- Specify new serial number.
- override-name "new name"
- Specify new device name.
- Clients can take away devices occupied by other clients.
Modifiers can be used for share-rules only.
Exact Device Rule
There is rule which describe exact device. It's added automatically when the user uses ctl dev share 0 or ctl dev block 5 commands. These commands result in the following rules added in the top:
share quick hwid 05ac:8511:7252 serial "CCG82540GBKH34FF3" block quick hwid 09da:000a:0014 port 13-1
So, if the device has serial number the rule contains it. If not, the device is bound to exact USB port.
### ### Share all not built-in devices and keyboard/mice to Remote Desktop session. ### block quick built-in share rdesk !class 3:1 takeaway ### ### Share exact Logitech camera for all clients ### quick share hwid 046d:0843:0013 serial "7F609CEE"