Re: KEXT IP Filter sample code?
Re: KEXT IP Filter sample code?
- Subject: Re: KEXT IP Filter sample code?
- From: Allan Hoeltje <email@hidden>
- Date: Tue, 21 Jun 2005 16:20:06 -0700
The enetlognke example is very helpful as an Interface filter but I am still
puzzled by a couple things. The NKE documentation states that an Interface
filter can observe as well as modify network traffic. Can an IP filter also
be used to modify packets? If so, would the techniques shown in enetlognke
(the code wrapped in "#if SWALLOW_PACKETS") also apply to an IP filter?
Specifically, I need a kernel extension to monitor SIP and encrypt RTP
packets. Which KEXT is best suited for this, Interface or IP filter?
-Allan
"Quinn" <email@hidden> wrote on 6/16/05 2:20 AM:
> At 18:39 -0700 15/6/05, Allan Hoeltje wrote:
>> Thanks for the quick reply. I know that tcplognke is a socket filter and
>> even though I need an IP filter it would still be helpful to see some kind
>> of sample code, Tiger or pre-Tiger, that uses KEXT.
>
> You should check out the enetlognke.
>
> <http://developer.apple.com/samplecode/enetlognke/enetlognke.html>
>
> This new, Tiger-based sample is not directly relevant (it intercepts
> at the Ethernet layer rather than the IP layer), but it does show
> general NKE concepts, including packaging, memory allocation,
> locking, and so on. It's also much easier to understand than the
> tcplognke (-:
>
> ps One of the reasons that the tcplognke isn't published yet is
> because socket-level filters are tricky to get exactly right. The
> packet oriented filters (IP and Ethernet) are much easier.
>
> S+E
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden