site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:mime-version:to:message-id:content-type:from:subject:date:x-mailer; b=JkgJz+bI4IBYkHV2b2qCT2htZhay8Zb/4tTM0bYhbKCBMjsKKFLKKstDeHRmx3CIa59kh7iPUmQdWb9OIvz9HNyglIL0N2t2eloY2HMpID9RxNe934G7+inAVVr5m300Nt5oJ5N2oV11X7dJlnN0Qg7O5Nl4EOPYr1d2cgVc75M= Anyway ... any help would be appreciated. Thanks. -- Curtis Jones curtis.jones@gmail.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com I hope this is an appropriate place for this question; if not, if you have any good suggestions on where I might get an answer, let me know. I've searched all over and found very little. Briefly, I would like to be able to attach a socket filter to sockets (including listeners) that were created prior to the loading of my NKE. I looked at how netstat worked, using a sysctl to get at tcbinfo, and after digging through various structs, I wasn't convinced that I'd be able to get a socket_t out of that, even if I could figure out how to get at that symbol. I also saw that every open socket is added to the associated proc struct (I think), but I wasn't sure how I could distinguish between sockets and non-sockets. And I thought I might be reduced to iterating through all possible pids, unless I could similarly get access to the pidhashtbl symbol. And both of those ideas relied on symbols that I'm probably not supposed to be using, directly, anyway. smime.p7s