Re: OT vs. socket calls on 10.2
Re: OT vs. socket calls on 10.2
- Subject: Re: OT vs. socket calls on 10.2
- From: Joshua Graessley <email@hidden>
- Date: Thu, 5 Sep 2002 10:02:59 -0700
On Thursday, September 5, 2002, at 09:01 AM, Peter Sichel wrote:
It is true that Protocol Filter NKEs do not see Classic IP
traffic, but this should not apply to ipfw which I presume
is implemented as an Interface Filter NKE in Jaguar.
This is slightly off topic but I thought I'd jump in here. ipfw is
actually based on the FreeBSD ipfw which has hooks in the IP stack
itself, above interfaces and protocol filters. The Classic NKE that is
implemented as a protocol filter and skims packets off of the IP
connection to the primary interface goes out of it's way to simulate
the environment in which ipfw is usually called in the IP stack. The
Classic NKE then calls ipfw directly to ask it to process packets
before the Classic NKE will pass packets between classic and X's stack.
The IPFirewall kext is the core logic of ipfw and fills in a few
function pointers in the stack. It doesn't actually use any of the
standard network filtering APIs.
Those were some great suggestions Peter Sichel had for debugging the
problem.
-josh
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.