On Thursday, July 18, 2002, at 06:52 PM, Mike Cashwell wrote: Greetings all! I have a new project in front of me involving network port authentication. From what I can tell, I'll have a data link NKE and a user-land daemon. My plan is to be a good citizen and keep the in-kernel portion as small and tightly focused as possible. I expect to use a startupitem to load the NKE and start the daemon. After a trip to Apple's documentation and this list's archives I keep finding references to a pdf file that discusses NKE development. The URL is http://developer.apple.com/techpubs/macosx/Darwin/Extensions/NKE.pdf but the file I get from it is only 1K in size and neither Acrobat Reader nor Preview can make sense of it. Does anyone know of or have a good copy of this file? I realize it's out of date but it must be better than nothing. There have been references to file:///Developer/Documentation/Darwin/Extensions/NKE.pdf, which is much bigger than 1K; check that out. While I'd like to read that pdf before peppering the list with a lot of questions, here's what I'm looking for: 1: Page 123 of the KernelProgramming.pdf shows that Data Link NKEs can be both above and below the DLIL. What's the difference between these two and why would I choose one over the other? And once that's decided, how do I in the code choose where my NKE plugs in? This is discussed briefly in the doc; the deal is: - above DLIL, it's a "protocol filter" NKE, and sits between a specific protocol stack and a specific device - below DLIL, it's an "interface filter" NKE, and sits above a specific device so the difference is in the former case, you get a look at all traffic to and from a specified device, of a specified protocol type; while in the latter, you get a look at all traffic to and from a specified device, period. The distinction in the code is made by the registration call you make. 2: Assuming my NKE/daemon approach is valid, how does the NKE find network interfaces (of interest) and insert itself so that traffic cannot bypass it? It will need to do this when the NKE first loads and deal with interfaces appearing and disappearing thereafter. Anyone have pointers for this? Is there only one "instance" of the NKE or is it one per interface? Check out the SharedIP NKE for an indication of how this is done. This NKE handles the support for sharing an IP address with the Classic (Streams) stack, so that a single IP address is needed for both environments. The Classic app gets a list of the devices of interest from the kernel, and sends the name of the device it wants to the NKE via an IOCTL. There are other ways to communicate with a "filter-type" NKE than IOCTL; this is used for SharedIP since the Classic app already has a socket open to the device (a PF_NDRV socket, giving it 'raw' access). See below. 3: And lastly, I will need the daemon and NKE to be able to communicate with each other. How does the daemon find the NKE (or NKEs if there must be one per interface)? How do they establish bidirectional communication? (I only need a small amount of data transferred infrequently. I'm not sending all network traffic out to user land and back!) Look for the NKEMgr NKE in the darwin repository; this is the (current) mechanism used to communicate with NKEs, although in the longer term, this will be incorporated into the base kernel. There's an NKE called TCPLogger, and a command called tcplog, in the repository which show how to use this scheme. My plan for this (following what documentation I can find) is to use syscall() for the daemon to send data to the NKE. But I will need to allow the NKE to send data or events back to the daemon independently (ie: no polling!). With the PF_NKE (as it's now called) scheme implemented by NKEMgr, you get what you want. This is currently a "hack", awaiting integration into the base system, but it will work. In the IOKit world with a userclient I'd have a daemon thread wait on a queue that it had made known to the NKE. But NKEs don't have workloops or userclients, right? Any guidance would be appreciated. Of course data link NKE sample code would probably answer most of this. Anyone ever seen any? SharedIP and VLan are two that are in the repository. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | If you're not confused, | You're not paying attention *--------------------------------------*-------------------------------* _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.