Hi, I have a NKE which is a socket filter. I am interested in the send function(sosend), that is the function that i am filtering within my app. I am using this to extract information out of the mbuf: int vi_send2(struct socket *so, struct sockaddr **addr, struct uio **uio, struct mbuf **top, struct mbuf **control, int *flags, register struct kextcb *kp) { int funnel_state; funnel_state = thread_funnel_set(network_flock, TRUE); char thiscmd[MAXCOMLEN + 1]; struct proc * testing; testing = current_proc(); printf("This process is communicating: %d\n",testing->p_pid); sprintf(thiscmd, "%s", testing->p_comm); thiscmd[MAXCOMLEN] = '\0'; printf("This is the proccess name: %s\n",thiscmd); struct ip * ipHeader; ipHeader = mtod(*top,struct ip *); u_short port; struct tcphdr * header = NULL; header = (struct tcphdr *)&((int32_t *)ipHeader)[ipHeader->ip_hl]; port = header->th_dport; printf("IP TCP :- TCP attempt by PID(%d) to %s (port %d)\n ",testing->p_pid,inet_ntoa(ipHeader->ip_dst),port); printf("The source port: %d\n", header->th_sport); ............. ........... ...... } but when It prints out the information to the syslog, it is all wrong, am i getting the ip header and the tcp header correctly out of the mbuf structure? Thanks, Matt _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.