site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com User-agent: Mutt/1.5.9i On Thu, Nov 25, 2010 at 12:05:37PM -0800, darwin-kernel-request@lists.apple.com wrote:
Send Darwin-kernel mailing list submissions to darwin-kernel@lists.apple.com
To subscribe or unsubscribe via the World Wide Web, visit http://lists.apple.com/mailman/listinfo/darwin-kernel or, via email, send a message with subject or body 'help' to darwin-kernel-request@lists.apple.com
You can reach the person managing the list at darwin-kernel-owner@lists.apple.com
When replying, please edit your Subject line so it is more specific than "Re: Contents of Darwin-kernel digest..."
Today's Topics:
1. Determine process (name/PID) from NKE filter driver (eveningnick eveningnick) 2. Re: Determine process (name/PID) from NKE filter driver (Quinn "The Eskimo!") 3. Re: Determine process (name/PID) from NKE filter driver (Athanasios Douitsis) 4. Re: Determine process (name/PID) from NKE filter driver (Josh Graessley)
----------------------------------------------------------------------
Message: 1 Date: Thu, 25 Nov 2010 00:30:56 +0200 From: eveningnick eveningnick <eveningnick@gmail.com> Subject: Determine process (name/PID) from NKE filter driver To: darwin-kernel@lists.apple.com Message-ID: <AANLkTikzCUA+Vg_d0ihUkYVbEt1Tr6F35_S3s3+24DNM@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
Hello! Is there a way to determine, which process tried to establish connection from an NKE driver, and if doesnt satisfy some condition (in my case - process name for example), deny the request? And, if
yes, how could i be done? What should i read, to do this task? I am a newbie in BSD kernel programming, but there should be something to start with :) Thank you!
------------------------------
Message: 2 Date: Wed, 24 Nov 2010 22:39:14 +0000 From: "Quinn \"The Eskimo!\"" <eskimo1@apple.com> Subject: Re: Determine process (name/PID) from NKE filter driver To: darwin-kernel@lists.apple.com Message-ID: <B27D168A-0471-4E7F-B1FA-D8CBA2F9D774@apple.com> Content-Type: text/plain; charset=us-ascii
On 24 Nov 2010, at 22:30, eveningnick eveningnick wrote:
Is there a way to determine, which process tried to establish connection from an NKE driver
What type of NKE? A socket filter NKE can reasonably get this information, but that's not true for other NKEs.
S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
------------------------------
Message: 3 Date: Thu, 25 Nov 2010 01:49:43 +0200 From: Athanasios Douitsis <aduitsis@gmail.com> Subject: Re: Determine process (name/PID) from NKE filter driver To: eveningnick@gmail.com Cc: darwin-kernel@lists.apple.com Message-ID: <AANLkTinEO9MOP5Y1pafyt1vcHzso1H9riu=Tw+obApVf@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
On Thu, Nov 25, 2010 at 12:39 AM, Quinn "The Eskimo!" <eskimo1@apple.com>wrote:
On 24 Nov 2010, at 22:30, eveningnick eveningnick wrote:
Is there a way to determine, which process tried to establish connection from an NKE driver
What type of NKE? A socket filter NKE can reasonably get this information, but that's not true for other NKEs.
S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/aduitsis%40gmail.com
Hi,
Might I add that the excellent tcplognke<http://developer.apple.com/library/mac/#samplecode/tcplognke/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003669>example mentions the use of proc_selfpid at tcplognke:833. Look up proc_self (must be freed with proc_rele afterwards), proc_selfpid, proc_selfname (but read this: http://lists.apple.com/archives/darwin-kernel/2008/Mar/msg00086.html).
Best Regards, Athanasios
participants (1)
-
Brian Dols