• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: interception of socket connections?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: interception of socket connections?

  • Subject: Re: interception of socket connections?
  • From: "Justin C. Walker" <email@hidden>
  • Date: Tue, 26 Aug 2003 17:20:02 -0700
On Tuesday, August 26, 2003, at 03:40 PM, Apple Developer wrote:

Hi,

A question came up that I thought I would ask here (I have sent an email to Quinn and Christophe as well). I knew how to get the raw data stream in OS 9 using Autopush. Now I wanted to do something "kind of the same" on OS X.

On the Windows platform, Winsock Layered Service Provider (LSP) allows interception of socket connections. One can identify that it is for a POP3 connection and go from there.

What I need to do on OS X, is come up with a way to intercept the traffic coming in and handle *only* POP3 traffic.

Is interception of socket connections possible on OS X? and if so, where is the documentation/code samples which describe interception of socket connections on OS X before they are handled upstream by the local applications.

PeterL has pointed you to the available doc. There is a KEXT floating around (TCPLogger) that shows roughly what to do, but it has fallen into disrepair (sheer laziness on the part of the author). If you want, I can send you a tarball with the pieces, and perhaps it will be instructive to bring it up to date with the latest version of Mac OS X :-}.

You will (as previously mentioned) want to use a socket NKE. It may be simplest to assume that you are loaded early in the game, and intercept the 'listen' for the POP server (which you can only identify at the time of the listen).

Flags in the NKE permit the moral equivalent of "auto-push" operation, and you will get a chance to look at each new TCP connection (active or passive).

Regards,

Justin

--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | Some people have a mental
| horizon of radius zero, and
| call it their point of view.
| -- David Hilbert
*--------------------------------------*-------------------------------*
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
References: 
 >interception of socket connections? (From: Apple Developer <email@hidden>)

  • Prev by Date: Re: interception of socket connections?
  • Next by Date: Re: IP Multicast, MADCAP, etc.
  • Previous by thread: Re: interception of socket connections?
  • Next by thread: Panther and Firewall API?
  • Index(es):
    • Date
    • Thread