Re: interception of socket connections?
Re: interception of socket connections?
- Subject: Re: interception of socket connections?
- From: Quinn <email@hidden>
- Date: Wed, 27 Aug 2003 19:30:42 +0100
At 19:18 -0400 26/8/03, Peter Lovell wrote:
it is possible but it is not easy. It's done using "Network Kernel
Extensions" which, as the name suggests, are loaded into the kernel and
can intercept and deal with network traffic.
Another option is to use a firewall divert socket. This avoids the
need for messing around with NKEs (which is good for a number of
reasons, see below), at the cost of having to mess around with the
firewall (which, as I mentioned earlier today, has no useful API on
Mac OS X). "man ipfw" gives you more information about the
facilities of the firewall.
NKEs are problematic for a number of reasons:
1. They live in the kernel and, as a general rule, you should avoid
running code in the kernel if you can.
2. They're part of the BSD subsystem, which currently has no binary
compatibility guarantee. Apple is planning on adding a binary
compatibility promise to the BSD parts of the kernel in the future
(we discussed this Kernel Programming Interfaces (KPI) effort at WWDC
this year), but for now NKE developers often have to rev when the
system revs.
S+E
--
Quinn "The Eskimo!" <
http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.