• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: KEXT IP Filter sample code?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KEXT IP Filter sample code?

  • Subject: Re: KEXT IP Filter sample code?
  • From: Josh Graessley <email@hidden>
  • Date: Tue, 21 Jun 2005 16:33:32 -0700

I would recommend an IP filter. You can also modify packets in the IP filter. The IP filter will give you IP traffic from all interfaces, so you don't have to worry about installing an interface filter on every interface. The IP filter will also pass you fully assembled IP packets. You don't have to deal with IP fragmentation, interface specific frame headers, or ARP packets.

-josh

On Jun 21, 2005, at 4:20 PM, Allan Hoeltje wrote:

The enetlognke example is very helpful as an Interface filter but I am still
puzzled by a couple things. The NKE documentation states that an Interface
filter can observe as well as modify network traffic. Can an IP filter also
be used to modify packets? If so, would the techniques shown in enetlognke
(the code wrapped in "#if SWALLOW_PACKETS") also apply to an IP filter?

Specifically, I need a kernel extension to monitor SIP and encrypt RTP
packets.  Which KEXT is best suited for this, Interface or IP filter?

-Allan



"Quinn" <email@hidden> wrote on 6/16/05 2:20 AM:


At 18:39 -0700 15/6/05, Allan Hoeltje wrote:

Thanks for the quick reply. I know that tcplognke is a socket filter and
even though I need an IP filter it would still be helpful to see some kind
of sample code, Tiger or pre-Tiger, that uses KEXT.


You should check out the enetlognke.

<http://developer.apple.com/samplecode/enetlognke/enetlognke.html>

This new, Tiger-based sample is not directly relevant (it intercepts
at the Ethernet layer rather than the IP layer), but it does show
general NKE concepts, including packaging, memory allocation,
locking, and so on.  It's also much easier to understand than the
tcplognke (-:

ps One of the reasons that the tcplognke isn't published yet is
because socket-level filters are tricky to get exactly right.  The
packet oriented filters (IP and Ethernet) are much easier.

S+E


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com

This email sent to email@hidden


Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: KEXT IP Filter sample code? (From: Allan Hoeltje <email@hidden>)

  • Prev by Date: Re: KEXT IP Filter sample code?
  • Next by Date: disk filter driver
  • Previous by thread: Re: KEXT IP Filter sample code?
  • Next by thread: Processes running path
  • Index(es):
    • Date
    • Thread