• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Tracking network traffic
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tracking network traffic

  • Subject: Re: Tracking network traffic
  • From: Ryan McGann <email@hidden>
  • Date: Wed, 04 Jun 2008 15:49:25 -0700
On Jun 3, 2008, at 1:13 PM, Peter Sichel wrote:

I read a similar warning recently about using Sysctl to access
kernel data structures such as the TCP PCB list.  Is this also
considered private? Notice sysctl() is a common UNIX paradigm found
in Stevens "UNIX Network Programming".

If Sysctl() access to kernel data structures is also considered
private, what is the supported API to retrieve protocol and
connection statistics?  [netstat?]

I'd appreciate any clarification around this. 

This is a tougher one to call as you pointed out that sysctl(3) is a
public API. They are parts of the sysctl variable subtree that are
not really for normal use.

Speaking for the networking sysctl sub-tree -- net.x.y -- we have
kept the data structures like the TCP PCB list backward compatible
to I think Mac OS X 10.3 Jaguar. This is done copying fields of the
actual kernel data structures into compatible version of the data
structures for userland consumption.

This copying is not very efficient and tends to bloat the OS. That's
why from time to time Apple obsolete some older API in new version
of the OS.


There is a slightly different take on this...

The in-kernel tcpcb is private and an internal implementation detail.
Some of the information in a tcpcb can be useful for third parties. To
provide third parties access to this information, we export a data
structure that will never change. For backwards compatibility, we
picked the old tcpcb. This is not the same (private) data structure
used in the kernel.

There is a small performance penalty copying this data out, but that
penalty is far outweighed by the benefit of having the freedom to
change the internal structure without breaking third parties. The
other downside is that any new information added in the tcpcb will be
unavailable to applications.
One thing that I have requested in the past, but not been successful lobbying for, is KPI access to the PCB list in the kernel. We _have_ to use the sysctl API sometimes because maintaining our own PCB list by monitoring KPI events is not practical, but some of the data in the pcb is quite useful. If there were a way to access the PCB from the kernel and do our own "translation" to private data structures, that would be much more useful for us anyway, and probably yield better performance for our users.

Ryan

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Deleting a TCP connection in Mac OS X

      • From: Peter Sichel <email@hidden>
      • 



    

  • Prev by Date:
Re: Socket connection drop

    • 

  • Next by Date:
tcp connection state information

    • 

  • Previous by thread:
Re: Tracking network traffic

    • 

  • Next by thread:
Deleting a TCP connection in Mac OS X

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •