Re: NKEs on Intel-based Macs
Re: NKEs on Intel-based Macs
- Subject: Re: NKEs on Intel-based Macs
- From: David A Rowland <email@hidden>
- Date: Tue, 8 Aug 2006 12:55:17 -0700
Title: Re: NKEs on Intel-based Macs
At 9:48 AM -0700 8/3/06, Josh Graessley wrote:
Content-Type: multipart/signed;
micalg=sha1; boundary=Apple-Mail-6-222836159;
protocol="application/pkcs7-signature"
The KPIs are the same. The kernel sources are similar.
The one big gotcha is that the stack
swaps some fields in the ip header. We missed this, so if you write an
IP filter, the ip length and a few other fields may be in host byte
order instead of network byte order. Some other functions, such as
those that calculate checksums, expect the data to be in network byte
order. So...if you run in to some weirdness, check the byte order.
I added some diagnostic stuff to my ipfilter and ran it. I don't
see a problem. One machine is a Powerbook PPC (Pismo), the other is an
Intel/Mac Mini. Both run 10.4.7.
At the ipfilter point on the Intel/Mac, the inbound packets all
have a valid checksum, and nothing appears out of order. The out bound
packets look good but have no valid checksum. It is evidently filled
in later. The packets are ICMP, UDP or ESP, and the upper level
handshaking between the two machines seems to work.
The only odd thing is a logged message that appears for outbound
packets: "cksum: out of data". It must be generated
by
mbuf_outbound_finalize, mbuf_inbound_modified or mbuf_clear_csum_requested. I'm
calling them as advised by Peter Sichel.
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden