I have been using sock_getsockname() in sf_notify_func() and getting local addresses successfully. Make sure the event is sock_evt_connecting when you make this call.
-Indu
From: Volodymyr Shcherbyna <email@hidden<mailto:email@hidden>>
Date: Friday, June 1, 2012 4:41 AM
To: "email@hidden<mailto:email@hidden>" <email@hidden<mailto:email@hidden>>
Subject: Re: Detecting TCP connection failure reason in socket level NKE
I did some research towards IP filter level NKEs.
The main idea was to combine socket level NKE with IP level NKE in one kext, so that each time I detect TCP connection at socket level, I would notify the IP level filter to examine the flags in TCP headers. The key point would be to identify the connection uniquely by a key based on [Protocol + Source IP + Source Port + Destination IP + Destination Port] so that I may maintain a sorted tree and access it with O(log n) speed at both levels.
However I see that at socket level filter I don't get the source (local) IP and Port because the transport level did not yet assigned local address. I.e., in my sf_notify_func if I call sock_getsockname it fails and returns me 0.0.0.0:0<http://0.0.0.0:0> as a local address and error code 22.
I may do a key on [Protocol + Destination Port + Destination IP] but this may overlap with another connections, i.e., let's assume that there is another process doing connection to the same IP and Port at nearly the same time - I may swap the context data for both items. My main goal is detect process which has the connection problems.
Any thoughts?
--
with best regards, Volodymyr.
2012/5/30 Volodymyr Shcherbyna <email@hidden<mailto:email@hidden>>
Hello Josh,
Thanks for replying. Yes, it is an interesting idea as well. I tried to call sock_getsockopt in sf_notify_func(...) when handling different events, but it always returns 0 as error value and 0 as a return value. I can't call this function in sf_detach_func(...) because at this time the socket is already gone.
I was also monitoring all options set events in sf_setoption_func(...) but SO_ERROR does not get set :'(. Approach of cookies in NKE is really great, but I luck the IRPs and Completion Routines from Windows :)
--
with best regards, Volodymyr.
2012/5/30 Josh Graessley <email@hidden<mailto:email@hidden>>
Have you tried calling sock_getsockopt(socket, SOL_SOCKET, SO_ERROR, &err, &optlen)?
I'm not certain the suggestion above will work, but that is where I'd start.
Hope this helps,
-josh
On May 30, 2012, at 8:49 AM, Volodymyr Shcherbyna <
email@hidden<mailto:
email@hidden>> wrote:
> Hello Everyone,
>
> I am trying to detect in socket level NKE failed TCP connections and to determine the reason why they are failed. I can see that successful TCP connections are generating sock_evt_connected event in sp_notify_func : this way I am able to distinguish between successful connections and failed one.
>
> The next step is to try to determine the reason of failure: is it a time out, or host is down, or port is closed, etc. It seems like I don't get any errors at socket level NKE. I was trying to see in sf_setopt_func any options which are set on a socket after connections is failed but I could not find any clue on what to filter out. Is there any chance to get this data at socket level NKE? I was hoping to get last error associated with a socket or something simular to GetLastError(...) functions under Windows.
>
> Otherwise, it seems like I have to use IP level filters for that? In this case it seems like it is complicating the task as I would have to have a state machine per each TCP connection and do some manipulations when frames are leaving my machine ...
>
> Thanks for any hints,
>
> --
> with best regards, Volodymyr.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list (email@hidden<mailto:email@hidden>)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden<mailto:email@hidden>