Re: How can I know a packet destination?
Re: How can I know a packet destination?
- Subject: Re: How can I know a packet destination?
- From: Joshua Graessley <email@hidden>
- Date: Thu, 2 Dec 2004 15:28:06 -0800
On Dec 2, 2004, at 3:15 PM, Vincent Pottier wrote:
Since the OS really doesn't care what process gets a chunk of data,
it does not do bookkeeping in a way that will work as you want.
Therefore, you have to look through kernel data structures and match
socket structures with per-process file descriptor entries to see
what processes are possible recipients. I don't believe there is any
other way.
All those concept looks a bit difficult for a newbie, i'll have a look
to lsof source code but it looks complicate.
Don't duplicate the lsof code. It relies on the layout of in-kernel
data structures. Those structures change from release to release. A new
lsof is shipped with each release, so in a way, it abstracts you from
the changes in the kernel.
Ultimately, from user space, there is no good way to know where data
from a packet is going to go.
From a socket filter implemented in a kernel extension, you can watch
data as it is appended to each socket. This gives you definitive
information about where the data ended up. It still won't tell you
which process read the data out of the socket for those sockets that
are shared between multiple processes.
-josh
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden