• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Socket NKE UDP filter
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Socket NKE UDP filter

  • Subject: Re: Socket NKE UDP filter
  • From: John Davidorff Pell <email@hidden>
  • Date: Fri, 17 Dec 2004 21:22:05 -0800
I am not an expert at the firewall, but I think that it is possible to defer sending a packet using the existing firewall. Then, a user-land app can determine if the packet should be sent (by asking the user) and then return to the kernel. Thus, there is no NKE needed. I am not sure though. If you have already investigated that, then I'm sorry for the noise. :-)

JP


On 17 Dec 2004, at 19:49, Matt Jaffa wrote:



Because I am writing an application based firewall.
With easy to configure rules, and alerts on an outgoing connection you don't have a rule for.

Matt

On Dec 17, 2004, at 8:45 PM, John Davidorff Pell wrote:


Why aren't you using the firewall?

JP

On 17 Dec 2004, at 19:36, Matt Jaffa wrote:




Hi,

I have written a Socket NKE filter that filters UDP traffic, in the send function I want to know
what the foreign ip address is and the port number.

I have tried a couple of ways, and both don't work: Here is what I have tried:

static int
tl_send2(struct socket *so, struct sockaddr **nam, struct uio **uio,
struct mbuf **m, struct mbuf **control, int *flags, struct kextcb *kp)
{
boolean_t funnel_state;
funnel_state = thread_funnel_set(network_flock, TRUE);
printf("UDP: %d\n",current_proc()->p_pid);

if(nam && *nam) {
struct sockaddr_in * jk = (struct sockaddr_in *)*nam;
printf("Here: %s\n", inet_ntoa(jk->sin_addr));
printf("Sorry: %u\n", jk->sin_addr.s_addr);
} else { // what to do if it falls in the else clause?
printf("Sorry: It is not null jaffa\n");
}

    (void)thread_funnel_set(network_flock, funnel_state);
    return 0;


}


I need to know what to do if it falls in the else statement of this if else.


Thanks,
Matt

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com

This email sent to email@hidden







--

 -
/~\  The ASCII
\ /  Ribbon Campaign
 X   Help cure HTML Email
/ \











--
"Faith: Belief without evidence in what is told by one who speaks without knowledge, of things without parallel." - A.B.



Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Socket NKE UDP filter (From: Matt Jaffa <email@hidden>)
 >Re: Socket NKE UDP filter (From: John Davidorff Pell <email@hidden>)
 >Re: Socket NKE UDP filter (From: Matt Jaffa <email@hidden>)

  • Prev by Date: Re: Socket NKE UDP filter
  • Next by Date: Where does AppleRaid kext reside in Mass Storage Driver Stack
  • Previous by thread: Re: Socket NKE UDP filter
  • Next by thread: Where does AppleRaid kext reside in Mass Storage Driver Stack
  • Index(es):
    • Date
    • Thread