Re: DNS from a Kernel Extension
Re: DNS from a Kernel Extension
- Subject: Re: DNS from a Kernel Extension
- From: Joseph Oreste Bruni <email@hidden>
- Date: Fri, 10 Nov 2006 20:33:13 -0700
On Nov 10, 2006, at 7:55 PM, Curtis Jones wrote:
On 11/10/06, Andrei Tchijov <email@hidden> wrote:
Unless you are implementing some sort of "proxy" and/or analyzing
actual data sent via sockets, "... remote endpoint address ..." is
going to be address (not a host name)
or
am I missing something?
I'll provide more details. You tell me.
Prior to a socket connection being permitted, a set of rules is
analyzed. A matching rule can specify what will happen to that
connection. One criterion upon which a rule can match is that of a
host name. Thus the need to have access to the address(es) associated
with a given host name (and expeditiously, if possible).
Sounds like a darknet router.
You might have better luck implementing this entirely in userspace
coupled with ipfw to divert all traffic into your process for
analysis. ipfw is a very nice packet processor where you can hook
yourself into various places depending on what you are trying to do.
Joe
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden