Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Address Family of 26?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Address Family of 26?

Subject: Address Family of 26?
From: Todd Heberlein <email@hidden>
Date: Fri, 09 Apr 2010 15:38:01 -0700

(I sent this to a BSM mailing list, but I then realized Kernel coders might have a good idea of what is going on)

I am looking at some Snow Leopard BSM audit trails for web connection between two Snow Leopard machines. The accept() system call on the httpd shows an AUT_SOCKINET128 (socket-inet6) token with an address family of 26, not an address family of AF_INET (2) for IPv4 or AF_INET6 (30) for IPv6.

And the audit record's remote host's port number of 21984 doesn't appear to be anything like I was seeing via tcpdump (a port of 57429).

Does anyone have any idea what this is about?

Todd

praudit output:

header,100,11,accept(2),0,Fri Apr 9 14:13:10 2010, + 313 msec
argument,1,0x3,fd
socket-inet6,26,21984,::ffff:192.168.10.69
subject,-1,_www,_www,_www,_www,62,100000,0,0.0.0.0
return,success,14
trailer,100

tcpdump packet:

14:13:10.380312 IP 192.168.10.69.57429 > 192.168.10.101.80: Flags [S], seq 4279854411, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 425144908 ecr 0,sackOK,eol], length 0

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: Address Family of 26?
  - From: Todd Heberlein <email@hidden>

Prev by Date: Re: Convert UIO_USERSPACE64 uio to a UIO_USERSPACE32 uio
Next by Date: Re: Address Family of 26?
Previous by thread: Re: kext loading issue with OSX 10.6, sensitive to the number of symbols in the kext
Next by thread: Re: Address Family of 26?
Index(es):
- Date
- Thread