NKE (Network Kernel Extension) / dlil protocol filter
NKE (Network Kernel Extension) / dlil protocol filter
- Subject: NKE (Network Kernel Extension) / dlil protocol filter
- From: Nathan Lim <email@hidden>
- Date: Sat, 27 Sep 2003 09:17:38 -0400
I am trying to write an application that does the following:
A) URL logging (i.e. HTTP GET)
B) HTTP GET blocking (URLs will be logged to a separate server; if the URLs
can not be logged, then any GETs should be blocked immediately)
C) The application needs to be as resistant as possible to the user
disabling or killing the application. So I would much prefer if the
user/administrator could not simply kill -9 the application.
I have chosen the NKE (Network Kernel Extension) DLIL (Data Link Interface
Layer) Protocol Filter as the way to implement this logging and blocking in
conjunction with a user level process.
I have two questions:
1. I have been able to log/block the HTTP GET packets successfully using
dlil_attach_protocol_filter() by first calling dlil_find_dltag() to get the
dltag for the network interface. However, I discovered that
dlil_find_dltag() fails for APPLE_IF_FAM_PPP if the modem is not yet
connected.
How can I be notified/called whenever a new network interface is connected
or disconnected (e.g. when modem makes an internet connection) so I can set
up or cleanup the dlil protocol filter?
2. Is there a way to meet my application goals (above) entirely in
user-space? It would be great to avoid the pitfalls of kernel programming
and the possible instability in OS X that this application could introduce.
-Nate Lim
mailto:email@hidden
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.