Re: Getting the PID
Re: Getting the PID
- Subject: Re: Getting the PID
- From: Justin Walker <email@hidden>
- Date: Wed, 10 Dec 2003 20:12:40 -0800
On Wednesday, December 10, 2003, at 07:09 PM, Matt Jaffa wrote:
Well
I have patched the Systemcall table, the sendto method, and so I
needed a process id to go with the socket decsriptor to get back the
socket,
but I believe patching the syscall table is not a smart idea.
Good call.
So now I am not concerned with this approach anymore.
If I use a nke to intercept network stuff, is it possible that if I
dont like where they are trying to access i can just drop the data?
Well, there will likely be differing opinions on this one. My feeling
is that just dropping packets is A Bad Thing. There are legitimate
reasons why network operations appear to hang, but they are difficult
to track down. Adding another one makes it that much more difficult.
You should probably return an error when you see a bad (i.e.,
administratively prohibited) address. The error EHOSTUNREACH is a
possibility. So is EADDRNOTAVAIL.
Depending on your specific goals, you might want to avoid blanket
rejection of datagrams with offending addresses (again, it makes
debugging problems more difficult). For example, consider returning an
error for TCP connection requests (from either end), but not for other
datagrams. That way, things like ping and traceroute will continue to
work, but web browsing will not work.
Regards,
Justin
--
/~\ The ASCII Justin C. Walker, Curmudgeon-at-Large
\ / Ribbon Campaign
X Help cure HTML Email
/ \
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.