site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Hello list, Thanks a lot for Your help, Jakub _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I am writing a socket filter NKE that will intercept any TCP connections, pass its data to user-space processing using SYS_PROTO_CONTROL and then re-inject them back. I have read many posts in Apple mailing lists and the guides discussing NKE and Kernel Programming and up to now everything worked great. Today I have found a problem with one-way traffic ended with FIN sequence. In this case, the TCP reacts on the FIN and a sf_detach_func is called to my filter, while I still have some data swallowed and waiting for user-space to process it. I can't reinject the packets as I don't want to leave any data unprocessed. If I drop the packets, the client won't get them all, leading to errors. Can anyone please point me to any documentation discussing the socket filters in more detail? Can I msleep in sf_notify_func or sf_detach_func to let user-space process finish the scanning? Or can I somehow deny the socket detach and do it myself later? This email sent to site_archiver@lists.apple.com