• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Logging NKE filter events, not working.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logging NKE filter events, not working.

  • Subject: Re: Logging NKE filter events, not working.
  • From: Josh Graessley <email@hidden>
  • Date: Mon, 7 Mar 2005 13:29:37 -0800

Are you specifying a global filter or a programatic filter? If you specify a global filter it will be attached to new sockets that match the protows you attached your filter to. For programatic filters, your filter will only ever be attached if someone uses the SO_NKE socket option and specifies the handle for your socket filter.

-josh

On Mar 7, 2005, at 1:16 PM, Carl Smith wrote:

I have been writing my NKE and so far have my userland and NKE talking back and forth. That works fine.



Now I am trying to do some filtering using a combination of some of the techniques from SharedIP and TCPlogger.



Basically I just put a bunch of printf statements in all my dispatch vector calls, struct sockif, and struct sockutil.



I open my terminal window with tail –f /var/log/system.log. Now on other calls, like start stop, from my NKE I can see all my printf statements that I have inserted into these start/stop function, but now matter what I do I can not see any printf statements coming from my sockif/sockutil intercept calls. I am doing some pining, web searching and etc. so I would think I would see something. Of course there must be something wrong with the way I have the filtering set up.



Following is the basic flow I use to get the filtering started.



In the struct sockif I over-ride the soreceive, solisten, sosend, soconnect and so on. In the sockutil struct I just over ride the sbappend.



To kick things off I do the pp = pffindproto(PF_NDRV, 0, SOCK_RAW), but I have tried many variations, i.e. (PF_INET, IPPROTO_RAW, SOCK_RAW), (PF_NDRV 0, SOCK_RAW) and so on.



Then I do my register_sockfilter(&myNFDescriptor, 0, pp, &ctlref) trying both NFF_BEFORE and NFF_AFTER



Then if all succeeds, I call my ctl_register(KernCtlReg ,0, g_ctlref);



Now everything shows up as loading and unloading fine, using kextload and kextunload, but as I said I just do not see any of my intercepts being hit.



Any suggestions?



Thanks All.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com

This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Logging NKE filter events, not working. (From: "Carl Smith" <email@hidden>)

  • Prev by Date: Logging NKE filter events, not working.
  • Next by Date: RE: Logging NKE filter events, not working.
  • Previous by thread: Logging NKE filter events, not working.
  • Next by thread: RE: Logging NKE filter events, not working.
  • Index(es):
    • Date
    • Thread