Re: NKEs on Intel-based Macs
Re: NKEs on Intel-based Macs
- Subject: Re: NKEs on Intel-based Macs
- From: David A Rowland <email@hidden>
- Date: Tue, 15 Aug 2006 13:16:39 -0700
Title: Re: NKEs on Intel-based Macs
I never had a response to this, and I want to revisit it. You say
there is a bug, but I don't see it. I have to deliver a product, and
I'd appreciate some resolution to this.
At 9:48 AM -0700 8/3/06, Josh Graessley
wrote:
Content-Type: multipart/signed;
micalg=sha1; boundary=Apple-Mail-6-222836159;
protocol="application/pkcs7-signature"
The KPIs are the same. The kernel sources are similar.
The one big gotcha is that the stack
swaps some fields in the ip header. We missed this, so if you write an
IP filter, the ip length and a few other fields may be in host byte
order instead of network byte order. Some other functions, such as
those that calculate checksums, expect the data to be in network byte
order. So...if you run in to some weirdness, check the byte order.
I added some diagnostic stuff to my
ipfilter and ran it. I don't see a problem. One machine is a Powerbook
PPC (Pismo), the other is an Intel/Mac Mini. Both run
10.4.7.
At the ipfilter point on the Intel/Mac,
the inbound packets all have a valid checksum, and nothing appears out
of order. The out bound packets look good but have no valid checksum.
It is evidently filled in later. The packets are ICMP, UDP or ESP, and
the upper level handshaking between the two machines seems to
work.
The only odd thing is a logged message
that appears for outbound packets: "cksum: out of data". It
must be generated by
mbuf_outbound_finalize, mbuf_inbound_modified or mbuf_clear_csum_requested. I'm
calling them as advised by Peter Sichel.
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden