• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Attaching an NKE to Existing Sockets
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attaching an NKE to Existing Sockets

  • Subject: Re: Attaching an NKE to Existing Sockets
  • From: Josh Graessley <email@hidden>
  • Date: Tue, 29 Aug 2006 12:57:50 -0700

Hello Curtis,

The unfortunate answer is that there is no clean way to do this right now.

We have a bug tracking this, 4355398. One trick is to have your kext load at startup. There is a hook to let you start as soon as the network stack has finished initializing. The common trick is to create an IOKit kext that will get matched and loaded on startup early in the boot process and register the function to run when the network stack is done initializing.

In addition to the sockets you see associated with each process, there are sockets in the kernel that are not associated with any process. This makes it difficult to find all of the sockets. Most protocols have a protocol specific method of doing this. I don't think there is general linked list of all sockets.

-josh

On Aug 29, 2006, at 11:22 AM, Jones Curtis wrote:

I hope this is an appropriate place for this question; if not, if you have any good suggestions on where I might get an answer, let me know. I've searched all over and found very little.

Briefly, I would like to be able to attach a socket filter to sockets (including listeners) that were created prior to the loading of my NKE.

I looked at how netstat worked, using a sysctl to get at tcbinfo, and after digging through various structs, I wasn't convinced that I'd be able to get a socket_t out of that, even if I could figure out how to get at that symbol.

I also saw that every open socket is added to the associated proc struct (I think), but I wasn't sure how I could distinguish between sockets and non-sockets. And I thought I might be reduced to iterating through all possible pids, unless I could similarly get access to the pidhashtbl symbol.

And both of those ideas relied on symbols that I'm probably not supposed to be using, directly, anyway.

Anyway ... any help would be appreciated.

Thanks.


--
Curtis Jones
email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com

This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Attaching an NKE to Existing Sockets
      • From: Jones Curtis <email@hidden>
  • Prev by Date: Attaching an NKE to Existing Sockets
  • Next by Date: Re: Attaching an NKE to Existing Sockets
  • Previous by thread: Attaching an NKE to Existing Sockets
  • Next by thread: Re: Attaching an NKE to Existing Sockets
  • Index(es):
    • Date
    • Thread