site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Jakub, Another idea would be to use an IP filter to intercept the incoming FIN packet and re-inject when you know the pending data have been processed. Have a look at <netinet/kpi_ipfilter.h> for more information about IP filters.It's a lower level API than socket filter so you will have to match the addresses and ports with the corresponding socket. Vincent On Dec 9, 2009, at 7:09 AM, Jakub Bednar wrote:
Hi Josh,
thanks a lot for a fast response. I have run some tests with redirecting outgoing connections both on Leopard and Snow Leopard and it works just fine. I just wonder, can the NKE redirect also incoming connections?
Jakub
On Dec 3, 2009, at 7:20 PM, Josh Graessley wrote:
The recommeded solution is to manipulate connections to connect to your process instead of their intended destination. You may pass the intended destination out of band to your processs and then relay the data in user space between the socket connection from their process and your socket connection to their intended destination.
Sent from my iPhone
On Dec 3, 2009, at 7:38, Jakub Bednar <jakub.bednar@avg.com> wrote:
Hello list,
I am writing a socket filter NKE that will intercept any TCP connections, pass its data to user-space processing using SYS_PROTO_CONTROL and then re-inject them back. I have read many posts in Apple mailing lists and the guides discussing NKE and Kernel Programming and up to now everything worked great.
Today I have found a problem with one-way traffic ended with FIN sequence. In this case, the TCP reacts on the FIN and a sf_detach_func is called to my filter, while I still have some data swallowed and waiting for user-space to process it.
I can't reinject the packets as I don't want to leave any data unprocessed. If I drop the packets, the client won't get them all, leading to errors.
Can anyone please point me to any documentation discussing the socket filters in more detail? Can I msleep in sf_notify_func or sf_detach_func to let user-space process finish the scanning? Or can I somehow deny the socket detach and do it myself later?
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com
participants (1)
-
Vincent Lubet