site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Apr 24, 2009, at 9:30 AM, Kevin Brock <apple@kevin.com> wrote: On Apr 23, 2009, at 3:14 PM, Kevin Brock wrote: -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Michael Smith wrote: If I do the same thing, but modify the TCP destination port so that it is headed for a different application, it fails. Your description here is a bit brief, but I did want to ask the obvious; are you redirecting *all* of the TCP session to the new port, i.e. including the handshake? Yes. The big problem is that even the SYN doesn't get there. I've debugged up to tcp_input(), but it doesn't make it as far as the call to tcp_output() which would generate the SYN ACK response. As far as it's made it I can see that a) all of the IP header information was verified, and b) all of the TCP header information was verified. If not, you might be having issues with the sequence numbers... Since it starts from the SYN and I'm not changing packet sizes the sequence numbers won't be changing. Probably a dumb question, but you said you recalculated the IP checksum; did you also recalculated the TCP checksum, and did you do it first, before the IP checksum? Also, are you handling the source port redirect in the outbound SYN/ ACK? Maybe that's what's getting lost. If I were doing this, I'd be doing two machine debugging of the NKE, possibly even building my own kernel so I could add additional instrumentation to see where things are failing. This email sent to site_archiver@lists.apple.com