Socket Filter NKE
Socket Filter NKE
- Subject: Socket Filter NKE
- From: Jakub Bednar <email@hidden>
- Date: Thu, 3 Dec 2009 16:38:02 +0100
Hello list,
I am writing a socket filter NKE that will intercept any TCP
connections, pass its data to user-space processing using
SYS_PROTO_CONTROL and then re-inject them back. I have read many posts
in Apple mailing lists and the guides discussing NKE and Kernel
Programming and up to now everything worked great.
Today I have found a problem with one-way traffic ended with FIN
sequence. In this case, the TCP reacts on the FIN and a sf_detach_func
is called to my filter, while I still have some data swallowed and
waiting for user-space to process it.
I can't reinject the packets as I don't want to leave any data
unprocessed.
If I drop the packets, the client won't get them all, leading to errors.
Can anyone please point me to any documentation discussing the socket
filters in more detail? Can I msleep in sf_notify_func or
sf_detach_func to let user-space process finish the scanning? Or can I
somehow deny the socket detach and do it myself later?
Thanks a lot for Your help,
Jakub
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden