• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Tracking network traffic
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tracking network traffic

  • Subject: Re: Tracking network traffic
  • From: Josh Graessley <email@hidden>
  • Date: Tue, 03 Jun 2008 15:59:41 -0500

On Jun 3, 2008, at 3:41 PM, Vincent Lubet wrote:

Peter,

On Jun 3, 2008, at 1:13 PM, Peter Sichel wrote:

I read a similar warning recently about using Sysctl to access kernel data structures such as the TCP PCB list. Is this also considered private? Notice sysctl() is a common UNIX paradigm found in Stevens "UNIX Network Programming".

If Sysctl() access to kernel data structures is also considered private, what is the supported API to retrieve protocol and connection statistics? [netstat?]

I'd appreciate any clarification around this.

This is a tougher one to call as you pointed out that sysctl(3) is a public API. They are parts of the sysctl variable subtree that are not really for normal use.

Speaking for the networking sysctl sub-tree -- net.x.y -- we have kept the data structures like the TCP PCB list backward compatible to I think Mac OS X 10.3 Jaguar. This is done copying fields of the actual kernel data structures into compatible version of the data structures for userland consumption.

This copying is not very efficient and tends to bloat the OS. That's why from time to time Apple obsolete some older API in new version of the OS. 

There is a slightly different take on this...

The in-kernel tcpcb is private and an internal implementation detail. Some of the information in a tcpcb can be useful for third parties. To provide third parties access to this information, we export a data structure that will never change. For backwards compatibility, we picked the old tcpcb. This is not the same (private) data structure used in the kernel.

There is a small performance penalty copying this data out, but that penalty is far outweighed by the benefit of having the freedom to change the internal structure without breaking third parties. The other downside is that any new information added in the tcpcb will be unavailable to applications.

-josh

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Tracking network traffic (From: Mark Thomas <email@hidden>)


 >Re: Tracking network traffic (From: Quinn <email@hidden>)


 >Re: Tracking network traffic (From: Vincent Lubet <email@hidden>)


 >Re: Tracking network traffic (From: Peter Sichel <email@hidden>)


 >Re: Tracking network traffic (From: Vincent Lubet <email@hidden>)






    

  • Prev by Date:
Re: Tracking network traffic

    • 

  • Next by Date:
Re: Socket connection drop

    • 

  • Previous by thread:
Re: Tracking network traffic

    • 

  • Next by thread:
Re: Tracking network traffic

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •