site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Any chance that there is a way in which my kext can be made aware when a fork() occurs? I'm using kauth for purposes of exec() ... but it definitely doesn't appear to be applicable to simply fork()'ing. More generally, I would be content with simply knowing when a new process started. My real purpose: I'm trying to associate a process id and/or path-to-executable with incoming socket connections in my socket filter - as early in the process (ideally in the connect callback performed in the context of the listener) as possible. I use kauth so that I can (in limited but sufficient circumstances) know the path-to-executable for various processes. When one of those processes creates a listener, I can associate the two together. When that listener gets an incoming connection and the connect() callback is called in the context of that listener, I can then associate that incoming connection with a particular process ... until the annoyance of fork()'ing enters the picture. If I knew when fork() was called and the new pid, I could associate that new process with its parent process, and all would be well. Anyway ... I'm open to suggestions. Obviously if this were all working out the way I wanted it to, I wouldn't be posting this. ~ Josh _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Albeit somewhat brute-force, Jonathan Rentzsch's mach_override can solve a lot of tough problems. With some adaption, you could use it to override the kernel's pset_add_task(processor_set_t pset, task_t task) or similar function with your own version. In this case you would simply get the needed information out of the task_t before calling the real pset_add_task. Since mach_override would need adaption for use within the kernel, and it's also processor-dependent, you could write your own special-purpose overriding routine based on the same principles. This email sent to site_archiver@lists.apple.com