unsubscribe
unsubscribe
- Subject: unsubscribe
- From: Brian Dols <email@hidden>
- Date: Thu, 25 Nov 2010 17:48:14 -0500
On Thu, Nov 25, 2010 at 12:05:37PM -0800, email@hidden wrote:
> Send Darwin-kernel mailing list submissions to
> email@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.apple.com/mailman/listinfo/darwin-kernel
> or, via email, send a message with subject or body 'help' to
> email@hidden
>
> You can reach the person managing the list at
> email@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Darwin-kernel digest..."
>
>
> Today's Topics:
>
> 1. Determine process (name/PID) from NKE filter driver
> (eveningnick eveningnick)
> 2. Re: Determine process (name/PID) from NKE filter driver
> (Quinn "The Eskimo!")
> 3. Re: Determine process (name/PID) from NKE filter driver
> (Athanasios Douitsis)
> 4. Re: Determine process (name/PID) from NKE filter driver
> (Josh Graessley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 25 Nov 2010 00:30:56 +0200
> From: eveningnick eveningnick <email@hidden>
> Subject: Determine process (name/PID) from NKE filter driver
> To: email@hidden
> Message-ID:
> <email@hidden>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello!
> Is there a way to determine, which process tried to establish
> connection from an NKE driver, and if doesnt satisfy some condition
> (in my case - process name for example), deny the request? And, if
> yes, how could i be done?
> What should i read, to do this task? I am a newbie in BSD kernel
> programming, but there should be something to start with :)
> Thank you!
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 24 Nov 2010 22:39:14 +0000
> From: "Quinn \"The Eskimo!\"" <email@hidden>
> Subject: Re: Determine process (name/PID) from NKE filter driver
> To: email@hidden
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset=us-ascii
>
>
> On 24 Nov 2010, at 22:30, eveningnick eveningnick wrote:
>
> > Is there a way to determine, which process tried to establish
> > connection from an NKE driver
>
> What type of NKE? A socket filter NKE can reasonably get this information, but that's not true for other NKEs.
>
> S+E
> --
> Quinn "The Eskimo!" <http://www.apple.com/developer/>
> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 25 Nov 2010 01:49:43 +0200
> From: Athanasios Douitsis <email@hidden>
> Subject: Re: Determine process (name/PID) from NKE filter driver
> To: email@hidden
> Cc: email@hidden
> Message-ID:
> <AANLkTinEO9MOP5Y1pafyt1vcHzso1H9riu=email@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Thu, Nov 25, 2010 at 12:39 AM, Quinn "The Eskimo!" <email@hidden>wrote:
>
> >
> > On 24 Nov 2010, at 22:30, eveningnick eveningnick wrote:
> >
> > > Is there a way to determine, which process tried to establish
> > > connection from an NKE driver
> >
> > What type of NKE? A socket filter NKE can reasonably get this information,
> > but that's not true for other NKEs.
> >
> > S+E
> > --
> > Quinn "The Eskimo!" <http://www.apple.com/developer/>
> > Apple Developer Relations, Developer Technical Support, Core OS/Hardware
> >
> >
> > _______________________________________________
> > Do not post admin requests to the list. They will be ignored.
> > Darwin-kernel mailing list (email@hidden)
> > Help/Unsubscribe/Update your Subscription:
> >
> >
> Hi,
>
> Might I add that the excellent
> tcplognke<http://developer.apple.com/library/mac/#samplecode/tcplognke/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003669>example
> mentions the use of proc_selfpid at tcplognke:833. Look up proc_self
> (must be freed with proc_rele afterwards), proc_selfpid, proc_selfname (but
> read this:
> http://lists.apple.com/archives/darwin-kernel/2008/Mar/msg00086.html).
>
>
> Best Regards,
> Athanasios
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.apple.com/mailman/private/darwin-kernel/attachments/20101125/d77c4d71/attachment.html
>
> ------------------------------
>
> Message: 4
> Date: Wed, 24 Nov 2010 17:00:18 -0800
> From: Josh Graessley <email@hidden>
> Subject: Re: Determine process (name/PID) from NKE filter driver
> To: Quinn The Eskimo! <email@hidden>
> Cc: email@hidden
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset=us-ascii
>
>
> On Nov 24, 2010, at 2:39 PM, Quinn The Eskimo! wrote:
>
> >
> > On 24 Nov 2010, at 22:30, eveningnick eveningnick wrote:
> >
> >> Is there a way to determine, which process tried to establish
> >> connection from an NKE driver
> >
> > What type of NKE? A socket filter NKE can reasonably get this information, but that's not true for other NKEs.
>
> Also worth noting, even with a socket filter NKE, the current PID can be deceptive, especially for network file system sockets or sockets that are created for an incoming connection on a listening socket.
>
> -josh
>
>
>
> ------------------------------
>
> _______________________________________________
> Darwin-kernel mailing list
> email@hidden
> http://lists.apple.com/mailman/listinfo/darwin-kernel
>
> End of Darwin-kernel Digest, Vol 7, Issue 155
> *********************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden