Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

NKE kext: block established connection?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NKE kext: block established connection?

Subject: NKE kext: block established connection?
From: Craig Davison <email@hidden>
Date: Fri, 14 Jun 2013 17:26:10 -0600

Is there a way to block/interrupt an existing TCP connection from a NKE (network kernel extension)?

I have a socket filter registered that can prevent outbound/inbound connections from being made by returning nonzero from connect_out and accept handlers. But if I allow a connection to proceed, is there a way to block/reject it later?

I considered writing a PF rule, but am not sure if I can make it match on one connection specifically (ports, hosts, PID) and am not sure if it applies to already-established connections. Also I would have to be sure to clean up the rule when the process exits.

I also considered returning nonzero on all subsequent data_in/data_out socket operations, but I'm not sure how a userspace program would react to having all of its read/write calls on that socket suddenly start failing.

Thank you

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: NKE kext: block established connection?
  - From: Nick Blievers <email@hidden>

Prev by Date: Re: Darwin-kernel Digest, Vol 10, Issue 33
Next by Date: Re: NKE kext: block established connection?
Previous by thread: Re: Darwin-kernel Digest, Vol 10, Issue 33
Next by thread: Re: NKE kext: block established connection?
Index(es):
- Date
- Thread