site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Nov 10, 2006, at 7:55 PM, Curtis Jones wrote: Unless you are implementing some sort of "proxy" and/or analyzing actual data sent via sockets, "... remote endpoint address ..." is going to be address (not a host name) or I'll provide more details. You tell me. Prior to a socket connection being permitted, a set of rules is analyzed. A matching rule can specify what will happen to that connection. One criterion upon which a rule can match is that of a host name. Thus the need to have access to the address(es) associated with a given host name (and expeditiously, if possible). Sounds like a darknet router. Joe _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com On 11/10/06, Andrei Tchijov <andrei@tchijov.com> wrote: am I missing something? You might have better luck implementing this entirely in userspace coupled with ipfw to divert all traffic into your process for analysis. ipfw is a very nice packet processor where you can hook yourself into various places depending on what you are trying to do. smime.p7s