On Wednesday, December 10, 2003, at 07:09 PM, Matt Jaffa wrote: Well I have patched the Systemcall table, the sendto method, and so I needed a process id to go with the socket decsriptor to get back the socket, but I believe patching the syscall table is not a smart idea. Good call. So now I am not concerned with this approach anymore. If I use a nke to intercept network stuff, is it possible that if I dont like where they are trying to access i can just drop the data? Well, there will likely be differing opinions on this one. My feeling is that just dropping packets is A Bad Thing. There are legitimate reasons why network operations appear to hang, but they are difficult to track down. Adding another one makes it that much more difficult. You should probably return an error when you see a bad (i.e., administratively prohibited) address. The error EHOSTUNREACH is a possibility. So is EADDRNOTAVAIL. Depending on your specific goals, you might want to avoid blanket rejection of datagrams with offending addresses (again, it makes debugging problems more difficult). For example, consider returning an error for TCP connection requests (from either end), but not for other datagrams. That way, things like ping and traceroute will continue to work, but web browsing will not work. Regards, Justin -- /~\ The ASCII Justin C. Walker, Curmudgeon-at-Large \ / Ribbon Campaign X Help cure HTML Email / \ _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.