site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -josh On Jun 21, 2005, at 4:20 PM, Allan Hoeltje wrote: Specifically, I need a kernel extension to monitor SIP and encrypt RTP packets. Which KEXT is best suited for this, Interface or IP filter? -Allan "Quinn" <eskimo1@apple.com> wrote on 6/16/05 2:20 AM: At 18:39 -0700 15/6/05, Allan Hoeltje wrote: You should check out the enetlognke. <http://developer.apple.com/samplecode/enetlognke/enetlognke.html> This new, Tiger-based sample is not directly relevant (it intercepts at the Ethernet layer rather than the IP layer), but it does show general NKE concepts, including packaging, memory allocation, locking, and so on. It's also much easier to understand than the tcplognke (-: ps One of the reasons that the tcplognke isn't published yet is because socket-level filters are tricky to get exactly right. The packet oriented filters (IP and Ethernet) are much easier. S+E This email sent to jgraessley@apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com I would recommend an IP filter. You can also modify packets in the IP filter. The IP filter will give you IP traffic from all interfaces, so you don't have to worry about installing an interface filter on every interface. The IP filter will also pass you fully assembled IP packets. You don't have to deal with IP fragmentation, interface specific frame headers, or ARP packets. The enetlognke example is very helpful as an Interface filter but I am still puzzled by a couple things. The NKE documentation states that an Interface filter can observe as well as modify network traffic. Can an IP filter also be used to modify packets? If so, would the techniques shown in enetlognke (the code wrapped in "#if SWALLOW_PACKETS") also apply to an IP filter? Thanks for the quick reply. I know that tcplognke is a socket filter and even though I need an IP filter it would still be helpful to see some kind of sample code, Tiger or pre-Tiger, that uses KEXT. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/jgraessley% 40apple.com smime.p7s