site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -josh On Mar 7, 2005, at 1:16 PM, Carl Smith wrote: Following is the basic flow I use to get the filtering started. Then if all succeeds, I call my ctl_register(KernCtlReg ,0, g_ctlref); Any suggestions? Thanks All. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com Are you specifying a global filter or a programatic filter? If you specify a global filter it will be attached to new sockets that match the protows you attached your filter to. For programatic filters, your filter will only ever be attached if someone uses the SO_NKE socket option and specifies the handle for your socket filter. I have been writing my NKE and so far have my userland and NKE talking back and forth. That works fine. Now I am trying to do some filtering using a combination of some of the techniques from SharedIP and TCPlogger. Basically I just put a bunch of printf statements in all my dispatch vector calls, struct sockif, and struct sockutil. I open my terminal window with tail –f /var/log/system.log. Now on other calls, like start stop, from my NKE I can see all my printf statements that I have inserted into these start/stop function, but now matter what I do I can not see any printf statements coming from my sockif/sockutil intercept calls. I am doing some pining, web searching and etc. so I would think I would see something. Of course there must be something wrong with the way I have the filtering set up. In the struct sockif I over-ride the soreceive, solisten, sosend, soconnect and so on. In the sockutil struct I just over ride the sbappend. To kick things off I do the pp = pffindproto(PF_NDRV, 0, SOCK_RAW), but I have tried many variations, i.e. (PF_INET, IPPROTO_RAW, SOCK_RAW), (PF_NDRV 0, SOCK_RAW) and so on. Then I do my register_sockfilter(&myNFDescriptor, 0, pp, &ctlref) trying both NFF_BEFORE and NFF_AFTER Now everything shows up as loading and unloading fine, using kextload and kextunload, but as I said I just do not see any of my intercepts being hit. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/jgraessley% 40apple.com This email sent to jgraessley@apple.com smime.p7s