Re: Socket Filter NKE
Re: Socket Filter NKE
- Subject: Re: Socket Filter NKE
- From: Josh Graessley <email@hidden>
- Date: Thu, 3 Dec 2009 10:20:08 -0800
The recommeded solution is to manipulate connections to connect to
your process instead of their intended destination. You may pass the
intended destination out of band to your processs and then relay the
data in user space between the socket connection from their process
and your socket connection to their intended destination.
Sent from my iPhone
On Dec 3, 2009, at 7:38, Jakub Bednar <email@hidden> wrote:
Hello list,
I am writing a socket filter NKE that will intercept any TCP
connections, pass its data to user-space processing using
SYS_PROTO_CONTROL and then re-inject them back. I have read many
posts in Apple mailing lists and the guides discussing NKE and
Kernel Programming and up to now everything worked great.
Today I have found a problem with one-way traffic ended with FIN
sequence. In this case, the TCP reacts on the FIN and a
sf_detach_func is called to my filter, while I still have some data
swallowed and waiting for user-space to process it.
I can't reinject the packets as I don't want to leave any data
unprocessed.
If I drop the packets, the client won't get them all, leading to
errors.
Can anyone please point me to any documentation discussing the
socket filters in more detail? Can I msleep in sf_notify_func or
sf_detach_func to let user-space process finish the scanning? Or can
I somehow deny the socket detach and do it myself later?
Thanks a lot for Your help,
Jakub
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden