RE: Logging NKE filter events, not working.
RE: Logging NKE filter events, not working.
- Subject: RE: Logging NKE filter events, not working.
- From: "Carl Smith" <email@hidden>
- Date: Mon, 7 Mar 2005 16:41:58 -0500
- Thread-topic: Logging NKE filter events, not working.
Well being new to this all, can you tell me how you specify a global or
programmatic filter? If you are referring to where do I set up the
structs, sockutil and sockif, they are global.
But from your statement one thing might be in some test cases I am not
running my user land app. I wanted to get the NKE to just load and start
filtering without the userland app being there. So does that mean I
would have to set up the socket from within the NKE?
Carl
-----Original Message-----
From: darwin-kernel-bounces+csmith=email@hidden
[mailto:darwin-kernel-bounces+csmith=email@hidden]
On Behalf Of Josh Graessley
Sent: Monday, March 07, 2005 4:30 PM
To: darwinKernel Dev
Subject: Re: Logging NKE filter events, not working.
Are you specifying a global filter or a programatic filter? If you
specify a global filter it will be attached to new sockets that match
the protows you attached your filter to. For programatic filters, your
filter will only ever be attached if someone uses the SO_NKE socket
option and specifies the handle for your socket filter.
-josh
On Mar 7, 2005, at 1:16 PM, Carl Smith wrote:
> I have been writing my NKE and so far have my userland and NKE
> talking back and forth. That works fine.
>
>
>
> Now I am trying to do some filtering using a combination of some of
> the techniques from SharedIP and TCPlogger.
>
>
>
> Basically I just put a bunch of printf statements in all my dispatch
> vector calls, struct sockif, and struct sockutil.
>
>
>
> I open my terminal window with tail -f /var/log/system.log. Now on
> other calls, like start stop, from my NKE I can see all my printf
> statements that I have inserted into these start/stop function, but
> now matter what I do I can not see any printf statements coming from
> my sockif/sockutil intercept calls. I am doing some pining, web
> searching and etc. so I would think I would see something. Of course
> there must be something wrong with the way I have the filtering set
> up.
>
>
>
> Following is the basic flow I use to get the filtering started.
>
>
>
> In the struct sockif I over-ride the soreceive, solisten, sosend,
> soconnect and so on. In the sockutil struct I just over ride the
> sbappend.
>
>
>
> To kick things off I do the pp = pffindproto(PF_NDRV, 0, SOCK_RAW),
> but I have tried many variations, i.e. (PF_INET, IPPROTO_RAW,
> SOCK_RAW), (PF_NDRV 0, SOCK_RAW) and so on.
>
>
>
> Then I do my register_sockfilter(&myNFDescriptor, 0, pp, &ctlref)
> trying both NFF_BEFORE and NFF_AFTER
>
>
>
> Then if all succeeds, I call my ctl_register(KernCtlReg ,0, g_ctlref);
>
>
>
> Now everything shows up as loading and unloading fine, using kextload
> and kextunload, but as I said I just do not see any of my intercepts
> being hit.
>
>
>
> Any suggestions?
>
>
>
> Thanks All.
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> 40apple.com
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden