Re: Intercepting IPv6 ND packets
Re: Intercepting IPv6 ND packets
- Subject: Re: Intercepting IPv6 ND packets
- From: Jonathan Wood <email@hidden>
- Date: Tue, 1 Nov 2005 17:41:24 -0800
On Nov 1, 2005, at 1:22 PM, Peter Lovell wrote:
The reason the packets need to be processed in user space is because
the processing involves asymmetric crypto, X509 certificate chain
processing, and lots of ASN.1.
What's wrong with doing all this in-kernel ?? (duck)
:-)
Putting aside the issues of architectural cleanliness and porting
complexity...
I in fact already have the implementation complete for Linux and
FreeBSD,
and I am now looking at getting it working on OSX. (For the curious -
I am
implementing RFC3971, Secure Neighbor Discovery). The packet
interception
mechanism is the only missing piece; the rest of the code is portable
and
works fine on OSX.
What about a kext that sits between the network device and IP stack, and
exchanges packets with a user space process via a character device?
Would this work? Is there some cleaner way?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden