• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Socket Filter NKE
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Socket Filter NKE

  • Subject: Re: Socket Filter NKE
  • From: Vincent Lubet <email@hidden>
  • Date: Wed, 9 Dec 2009 11:31:29 -0800
Jakub,

Another idea would be to use an IP filter to intercept the incoming FIN packet and re-inject when you know the pending data have been processed.

Have a look at <netinet/kpi_ipfilter.h> for more information about IP filters.It's a lower level API than socket filter so you will have to match the addresses and ports with the corresponding socket.

Vincent

On Dec 9, 2009, at 7:09 AM, Jakub Bednar wrote:

> Hi Josh,
>
> thanks a lot for a fast response. I have run some tests with redirecting outgoing connections both on Leopard and Snow Leopard and it works just fine. I just wonder, can the NKE redirect also incoming connections?
>
> Jakub
>
> On Dec 3, 2009, at 7:20 PM, Josh Graessley wrote:
>
>>
>> The recommeded solution is to manipulate connections to connect to
>> your process instead of their intended destination. You may pass the
>> intended destination out of band to your processs and then relay the
>> data in user space between the socket connection from their process
>> and your socket connection to their intended destination.
>>
>> Sent from my iPhone
>>
>> On Dec 3, 2009, at 7:38, Jakub Bednar <email@hidden> wrote:
>>
>>> Hello list,
>>>
>>> I am writing a socket filter NKE that will intercept any TCP
>>> connections, pass its data to user-space processing using
>>> SYS_PROTO_CONTROL and then re-inject them back. I have read many
>>> posts in Apple mailing lists and the guides discussing NKE and
>>> Kernel Programming and up to now everything worked great.
>>>
>>> Today I have found a problem with one-way traffic ended with FIN
>>> sequence. In this case, the TCP reacts on the FIN and a
>>> sf_detach_func is called to my filter, while I still have some data
>>> swallowed and waiting for user-space to process it.
>>>
>>> I can't reinject the packets as I don't want to leave any data
>>> unprocessed.
>>> If I drop the packets, the client won't get them all, leading to
>>> errors.
>>>
>>> Can anyone please point me to any documentation discussing the
>>> socket filters in more detail? Can I msleep in sf_notify_func or
>>> sf_detach_func to let user-space process finish the scanning? Or can
>>> I somehow deny the socket detach and do it myself later?

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Socket Filter NKE (From: Jakub Bednar <email@hidden>)
 >Re: Socket Filter NKE (From: Josh Graessley <email@hidden>)
 >Re: Socket Filter NKE (From: Jakub Bednar <email@hidden>)

  • Prev by Date: Re: Socket Filter NKE
  • Next by Date: zero-fill and memory allocation size
  • Previous by thread: Re: Socket Filter NKE
  • Next by thread: Re: which pages of the file are in the cache
  • Index(es):
    • Date
    • Thread