Hi Josh,
On Dec 3, 2009, at 7:20 PM, Josh Graessley wrote:
The recommeded solution is to manipulate connections to connect to
your process instead of their intended destination. You may pass the
intended destination out of band to your processs and then relay the
data in user space between the socket connection from their process
and your socket connection to their intended destination.
I have encountered a problem with this suggested solution and video streaming using Silverlight. The scenario is as follows:
1. I'm on an IPv4 network, though my interface has an IPv6 address set. 2. Browser (Safari/Firefox) creates an AF_INET6 socket and initiates a connect attempt.
3a. If there is no IPv6 redirection to my scanning process, the connect returns EHOSTUNREACH directly to the browser and it then tries an IPv4 address. That succeeds and streaming works.
3b. If there is an IPv6 redirection, the connect is successful (going to my process). And the failure happens in my process. But browser thinks that IPv6 is a good choice as it was successfully connected and never tries IPv4, therefore the streaming does not work.
Interesting point is, that this happens only on Snow Leopard. On Leopard with the same version of Firefox, there is also creation of AF_INET6 sockets, but the streaming works. Most probably the EHOSTUNREACH is returned before even a connect_out callback is called to my NKE. (Reordering of operations in the kernel between OS versions??)
With my original solution with scanning data on the fly without redirecting, this could not happen as the connect went directly. (This is also the way how this filters are solved on Windows). I think this could be a good feature request for the next version of the OS.
My question is, can I determine from the NKE, that this destination address has not a valid route in routing table? Or is there another way how to solve this problem?
Thanks a lot for Your help,
Jakub
|