• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NKEs on Intel-based Macs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NKEs on Intel-based Macs

  • Subject: Re: NKEs on Intel-based Macs
  • From: Josh Graessley <email@hidden>
  • Date: Tue, 15 Aug 2006 13:50:04 -0700

I have done a little more digging and I had it backwards. The ip filter does pass the packets with the headers in network byte order as it should. The problem is that mbuf_outbound_finalize calls a function that expects the IP header to be in host byte order to calculate the checksums (in_delayed_cksum_offset). It looks like the best solution is to swap the bytes in the IP header to host byte order before calling mbuf_outbound_finalize and swapping them back after mbuf_outbound_finalize returns.

This should explain the messages you are seeing.

-josh

On Aug 15, 2006, at 1:16 PM, David A Rowland wrote:

I never had a response to this, and I want to revisit it. You say there is a bug, but I don't see it. I have to deliver a product, and I'd appreciate some resolution to this.


At 9:48 AM -0700 8/3/06, Josh Graessley wrote:
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-6-222836159;
   protocol="application/pkcs7-signature"


The KPIs are the same. The kernel sources are similar.
The one big gotcha is that the stack swaps some fields in the ip header. We missed this, so if you write an IP filter, the ip length and a few other fields may be in host byte order instead of network byte order. Some other functions, such as those that calculate checksums, expect the data to be in network byte order. So...if you run in to some weirdness, check the byte order.


I added some diagnostic stuff to my ipfilter and ran it. I don't see a problem. One machine is a Powerbook PPC (Pismo), the other is an Intel/Mac Mini. Both run 10.4.7.

At the ipfilter point on the Intel/Mac, the inbound packets all have a valid checksum, and nothing appears out of order. The out bound packets look good but have no valid checksum. It is evidently filled in later. The packets are ICMP, UDP or ESP, and the upper level handshaking between the two machines seems to work.

The only odd thing is a logged message that appears for outbound packets: "cksum: out of data". It must be generated bymbuf_outbound_finalize, mbuf_inbound_modified or mbuf_clear_csum_requested. I'm calling them as advised by Peter Sichel.

David



Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: NKEs on Intel-based Macs
      • From: "Peter Sichel" <email@hidden>
    • Re: NKEs on Intel-based Macs
      • From: Ron Hunsinger <email@hidden>
References: 
 >NKEs on Intel-based Macs (From: "Peter Lovell" <email@hidden>)
 >Re: NKEs on Intel-based Macs (From: Josh Graessley <email@hidden>)
 >Re: NKEs on Intel-based Macs (From: David A Rowland <email@hidden>)
 >Re: NKEs on Intel-based Macs (From: David A Rowland <email@hidden>)

  • Prev by Date: Re: NKEs on Intel-based Macs
  • Next by Date: Re: NKEs on Intel-based Macs
  • Previous by thread: Re: NKEs on Intel-based Macs
  • Next by thread: Re: NKEs on Intel-based Macs
  • Index(es):
    • Date
    • Thread