• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: DNS from a Kernel Extension
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS from a Kernel Extension

  • Subject: Re: DNS from a Kernel Extension
  • From: Andrei Tchijov <email@hidden>
  • Date: Fri, 10 Nov 2006 21:46:09 -0500
Unless you are implementing some sort of "proxy" and/or analyzing actual data sent via sockets, "... remote endpoint address ..." is going to be address (not a host name)

or

am I missing something?


On Nov 10, 2006, at 9:30 PM, Curtis Jones wrote:

On 11/10/06, William Kucharski <email@hidden> wrote: 
WHY?  This is just wrong on so many levels...

If you ever need to do this type of thing, you need to take a step back
and figure out why you're trying to this from the KERNEL. I can't even
really think of one.

The right way to do this is to have a user space process do the DNS
resolution and pass the information to your kernel extension; better yet would
be for a user space daemon to do both the DNS resolution AND all network
communication. 

Thankfully in this case I'm not so masochistic as to want to do
network communication from within the kernel. A fun exercise perhaps,
but definitely not practical.

In this case I have a network kernel extension that is evaluating some
criteria ("rules") for each new socket connection (among other
things)*. One aspect of a rule is a remote endpoint address (or dns
name). So, this is where my need comes from to do the resolution. So
while I understand that I should do DNS resolution in the user space,
I would prefer to block as little as possible when within the data
path of a socket. Add a trip to user space and back is minor in
comparison with actually performing the DNS resolution, I know. I was
looking at each step and considering which could possibly be removed
for the sake of that aforementioned data path.

* Sounds like a firewall, I know. Similar concept; different application.


-Curtis
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40tchijov.com

This email sent to email@hidden 

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Re: DNS from a Kernel Extension

      • From: "Curtis Jones" <email@hidden>
      • 





References: 


 >DNS from a Kernel Extension (From: "Curtis Jones" <email@hidden>)


 >Re: DNS from a Kernel Extension (From: William Kucharski <email@hidden>)


 >Re: DNS from a Kernel Extension (From: "Curtis Jones" <email@hidden>)






    

  • Prev by Date:
Re: DNS from a Kernel Extension

    • 

  • Next by Date:
Re: Re: DNS from a Kernel Extension

    • 

  • Previous by thread:
Re: DNS from a Kernel Extension

    • 

  • Next by thread:
Re: Re: DNS from a Kernel Extension

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •