• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Application level firewall blocking kernel sockets
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Application level firewall blocking kernel sockets

  • Subject: Application level firewall blocking kernel sockets
  • From: Michael Tüxen <email@hidden>
  • Date: Mon, 4 Aug 2008 12:48:03 +0200
Dear all,

I have a network kernel extension which opens and reads on a kernel UDP socket.

The start function of the NKE does something like

error = sock_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP, callback, NULL, &so);
memset((void *)&addr, 0, sizeof(struct sockaddr_in));
addr.sin_len = sizeof(struct sockaddr_in);
addr.sin_family = AF_INET;
addr.sin_port = htons(PORT);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
error = sock_bind(so, (const struct sockaddr *)&addr);

and the callback function is similar to

	bzero((void *)&msg, sizeof(struct msghdr));
	bzero((void *)cmsgbuf, CMSG_SPACE(sizeof (struct in_addr)));

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_iov = NULL;
	msg.msg_iovlen = 0;
	msg.msg_control = (void *)cmsgbuf;
	msg.msg_controllen = CMSG_LEN(sizeof (struct in_addr));
	msg.msg_flags = 0;

	length = (1<<16);
	error = sock_receivembuf(so, &msg, &packet, 0, &length);
	...

However the application level firewall is blocking the reception
of packets for the kernel socket except for selecting
'Allow all incoming connections', which opens it up completely.

How can I tell the application level firewall that it is OK to allow
packets for an application called kernel or do I have to do more
than the above to tell the alf that accepting packets on that socket
is OK.

Best regards
Michael



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Next by Date:
mbufs, being processed by a socket filter.

    • 

  • Next by thread:
mbufs, being processed by a socket filter.

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •