site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Hi Josh, Jakub On Dec 3, 2009, at 7:20 PM, Josh Graessley wrote: The recommeded solution is to manipulate connections to connect to your process instead of their intended destination. You may pass the intended destination out of band to your processs and then relay the data in user space between the socket connection from their process and your socket connection to their intended destination. Sent from my iPhone On Dec 3, 2009, at 7:38, Jakub Bednar <jakub.bednar@avg.com> wrote: Hello list, I am writing a socket filter NKE that will intercept any TCP connections, pass its data to user-space processing using SYS_PROTO_CONTROL and then re-inject them back. I have read many posts in Apple mailing lists and the guides discussing NKE and Kernel Programming and up to now everything worked great. Today I have found a problem with one-way traffic ended with FIN sequence. In this case, the TCP reacts on the FIN and a sf_detach_func is called to my filter, while I still have some data swallowed and waiting for user-space to process it. I can't reinject the packets as I don't want to leave any data unprocessed. If I drop the packets, the client won't get them all, leading to errors. Can anyone please point me to any documentation discussing the socket filters in more detail? Can I msleep in sf_notify_func or sf_detach_func to let user-space process finish the scanning? Or can I somehow deny the socket detach and do it myself later? Thanks a lot for Your help, Jakub _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/jgraessley%40apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... thanks a lot for a fast response. I have run some tests with redirecting outgoing connections both on Leopard and Snow Leopard and it works just fine. I just wonder, can the NKE redirect also incoming connections? This email sent to jgraessley@apple.com This email sent to site_archiver@lists.apple.com