On Tuesday, March 2, 2004, at 10:45 PM, Matt Jaffa wrote: Hi, Is there a way to determine which app that is running has control over a certain port. This is dealing with sockets, I have intercepted a raw_packet going out, and using the src_port I would like to know which app is listening, or owns it. Is there a way to do this within the Kernel, and /or within a daemon inside user space? The concept of "control" over a port does not exist. Ports in certain ranges are "allocated" by IANA to certain functions/services, but that is convention, and is locally dictated by things like "/etc/services" (if you decide to change that usage, of course, you end up breaking a lot of functionality, but that's a separate issue). In addition, an open socket can be handed to another process, and another UID, in a couple of ways: - parent forks, child and parent both have 'control' of an open socket - application execs a new executable (same process, different code) - process A can establish a local socket communication with process B, and then pass another open socket (say, INET4) to B - the UID of a process can change through system calls and the SETUID bit in the executable. Any number of processes, each running different code, can have the same socket open and be actively using it. Remember that a socket is a kernel structure that is treated like a file structure and shared among processes. Each proc table has an array of 'descriptors' that point to such things as socket structures, so the socket structure itself can't be "owned" by any one process. This has been discussed before, and you might benefit from trying to search the archives. For this kind of question, the ones to look at are darwin-kernel, darwin-development, and possibly the opendarwin lists. Depending on where your extension lives, you may be able to determine the identity of one of the users of the socket at the time it is accessed for read or write. That's the best you can hope for. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Some people have a mental | horizon of radius zero, and | call it their point of view. | -- David Hilbert *--------------------------------------*-------------------------------* _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.