Re: Protocol filter vs. Socket filter
Re: Protocol filter vs. Socket filter
- Subject: Re: Protocol filter vs. Socket filter
- From: Joshua Graessley <email@hidden>
- Date: Mon, 22 Mar 2004 10:48:23 -0800
By using a PF_NDRV socket, classic is sending using using the PF_NDRV
protocol, not PF_INET. If you wanted to capture packets from classic,
you would need to install a protocol filter for PF_NDRV. You would
still need the PF_INET filter to capture inbound packets in addition to
any packets that the X stack was sending.
I would recommend using an interface filter. You will receive every
packet on the interface regardless of which protocol attachment was
used. If the packet is not an IP packet, return 0 immediately. There is
a bit more overhead since you have to inspect every packet, and you
have to know more about how to identify the packets.
-josh
On Mar 20, 2004, at 11:55 AM, Matt Jaffa wrote:
>
Hi,
>
>
I did some reading into the archives and it seems others had this
>
issue,
>
where the PF_NDRV socket didn't send the packets through the DLIL , so
>
no wonder my
>
program is not picking up the packets.
>
>
Well the posts said they were trying to get it into way back in 10.1.x,
>
>
Is this still not fixed, and if not I guess I must use a socket filter
>
on the Classic related stuff.
>
>
Or unless I am not filtering the DLIL right to get the classic traffic.
>
>
Anyone know what is up with this issue?
>
>
Thanks
[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.