site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 21, 2006, at 4:31 PM, Russell Seehafer (RIT Student) wrote: AF_INET, SOCK_STREAM, IPPROTO_TCP AF_INET, SOCK_DGRAM, IPPROTO_UDP AF_INET, SOCK_RAW, IPPROTO_ICMP AF_INET, SOCK_RAW, IPPROTO_RAW HTH. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFEmc8tedHYW7bHtqIRAq0XAKD+5aU+vAP0J4tr7NupkkC/iA+eRQCfdWOU EkFz3v8MevQ0Hpe0DVFDgxA= =nayW -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I was wondering if there is a way to register a socket filter nke (such as the tcplognke sample) so that it is attached to both TCP and UDP sockets. Are there special values to specify for the domain, type, and protocol of the sflt_register function? Or, could it be possible to call sflt_register twice - once for udp and datagram sockets and once for stream and tcp sockets - from within the nke's start function? Any input would be greatly appreciated. You have to call register once for each protocol you want to filter. e.g., If you want IPv6 too, you'll have to register each protocol again for the AF_INET6 family. It'd be so much easier if you could just register once for all AF_INET, and once more for all AF_INET6, but that's not possible. This email sent to site_archiver@lists.apple.com