site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=+gmSoYrYGWfvfg4hoHwc2y08On7T7kYNj6Q7MJU2cNM=; b=j7/g0COZdsAECPwqs6xY8Y0TreMfLHbPBfbSQcXrSn+eNmbidPjTZrL8yKGVofh6DE 9BnnSra//gnN4bNCOJX6J68eZ0k7jYU8NcS2yZAJERvEAOvjUovEndAynx725UDx74V5 I1+SAr/FZKmadovtK04uZWRggyktI3feIbRvU= Hello Vincent, Thanks for your response! I am not modifying the mbuf captured in the input_fn function by the IP filter in any way. In fact, if I re-inject the mbuf right after capturing it while I am still in the input_fn function, everything works out as expected. However, when I re-inject the same mbuf later (after receiving the processing result from user mode) I get an ENOTSUP error. Am I not allowed to hold on to the mbuf reference to re-inject it later?? Mike 2011/12/8 Vincent Lubet <vlubet@apple.com>:
Mike,
ENOTSUP is returned by ipf_inject_input() when the packet is not an IPv4 or IPv6 packet. You need to make sure the mbuf data pointer points to the start of the IPv4 or IPv6 packet.
Vincent
Le Dec 8, 2011 à 4:02 AM, Mike C. a écrit :
Hello,
I am working on a Network Kernel Extension that re-injects packets after they have been captured with an IP Filter. However, the re-injection doesn't work. ipf_inject_input always returns error code 45, which means "Operation not supported". What am I doing wrong? Here is my setup and (simplified) code:
mbuf_t *saved_packet = NULL;
// function called by ip filter when new ip packet arrives errno_t input_fn(void *cookie, mbuf_t *data, int offset, u_int8_t protocol) {
// test, if packet is interesting for us // [...]
if (saved_packet != NULL) { // Drop return -1; }
// keep reference to packet for later injection saved_packet = data;
// send packet to usermode for further processing mbuf_t new_mbuf; mbuf_dup(*data, MBUF_WAITOK, &new_mbuf); if (ctl_enqueuembuf(ctlref, ctrl_unit, new_mbuf, 0) != 0) { // error, drop packet saved_packet = NULL; retrun -1; }
// EJUSTRETURN = the packet will not be freed return EJUSTRETURN; }
// function called when usermode sends processing result back errno_t ctl_send_fn(kern_ctl_ref kctlref, u_int32_t unit, void *unitinfo, mbuf_t m, int flags) { int result; mbuf_copydata(m, 0, sizeof(result), &result);
if (result == 1) {
// the following call returns 45 ("Operation not supported") - WHY?? errno_t errno = ipf_inject_input(*saved_packet, installed_filter);
saved_packet = NULL; } else { // [...] }
return 0; }
Where is my mistake? Your help is greatly appreciated!
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com