site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Apr 23, 2009, at 3:14 PM, Kevin Brock wrote: -josh _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I have an interface filter KEXT. It has to be able to do a number of things with packets, creating, modifying etc. I've run into a problem with ifnet_input which seems odd, and is probably something pretty basic. Using it to inject modified packets fails. I've reduced it to a pretty simple either/or... If I take each incoming mbuf, create a brand new mbuf chain and call ifnet_input on the new mbuf chain, and return -1 from my iff_input_func so the caller frees the original mbuf() it works fine. The new packet is received by the appropriate application. If I do the same thing, but modify the TCP destination port so that it is headed for a different application, it fails. - The *only* things changing in the packet are the destination port and the checksum. - I am recalculating the TCP checksum using mbuf_inet_cksum(), and I've verified that the value calculated is correct. - Send works fine. If I call ifnet_output_raw() the packet makes it out onto the wire. - I see the packet again in my iff_input_func--it's tagged, so I can tell it's one of mine. - The firewall is completely disabled at the moment. - If I send a packet from another host directly to the port on which the application is listening, the application receives the packet, so I know the socket is accessible, and that the application is running. Anyone have any suggestions on this? Just a guess but have you tried mbuf_clear_csum_performed to clear any checksum flags/data the hardware may have set upon reception of the packet? This email sent to site_archiver@lists.apple.com