• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Internet Block/Unblock on Client
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Internet Block/Unblock on Client

  • Subject: Internet Block/Unblock on Client
  • From: Rahulkumar Tibdewal <email@hidden>
  • Date: Wed, 10 Jun 2009 20:28:32 +0530
  • Acceptlanguage: en-US, en-IN
  • Thread-topic: Internet Block/Unblock on Client

Hi All,

 

Almost from a 3 weeks I am working of feature of my one software. It’s a client server application where server is able to block the internet of client.

For this I have created kext. Which gets loaded on client machine.

 

Using the kext I can block the internet of client machine. Below is the details of how the feature is implemented

 

1. Setup the tag value associated with this NKE in preparation for swallowing pack and re-injecting them using mbuf_tag_id_find()

2. Register the Network Kernel Extension, so it will attach the filter to every socket that system created using sflt_register()

3. Register the IPV4 with domain AF_INET, type of SOCK_STREAM and TCP protocol. Using sflt_register()

4. Register the IPV6 with domain AF_INET, type of SOCK_STREAM and TCP protocol. Using sflt_register()

5. Now we register our control structure so that we can be found/communicated by user level process. Using ctl_register()

-- this all is done in kext.

 

6. Now use setsockopt() so that block and unblock can be done. This is done Externally.

 

The feature works as below under different situations like with possible behavioral reasons,

 

If we consider how HTTP 1.1 works with its concept of "keep alive". Before "keep-alive", a browser would open up a connection for each part of a web page it was going to download, i.e web page, images, etc.

With keep alives, a browser may (and usually does) keep a connection open to the web server so that it avoids the overhead of re-connecting back to the same site if it is going to pull more data from it.

 

- Typing a link in browser is blocked right away - if we are going to a new site, a new connection would be required and we would catch that with the socket filter

- Using a link to go to another page is eventually blocked but takes longer - it might be that the browser is still using the old connection, eventually it grabs another connection and is blocked

- If on Google … - Again, the old connection is still to Google and search can happen and long as the browser is still maintaining the connection to Google. However, when clicking on a link, the browser is

 opening a connection to a different site and will be blocked.

 

So, it may be that we are not able attach our filter to these existing sockets and thus, web browsing can continue on the same site.

 

I hope you people would have got what problem I am facing.

 

Possible solution can be like,

1.       Breaking the existing connections. Without closing browser. I don’t have idea how to do this. (Please some Comments on this.)

2.       Redirecting a page some locally stored page like redirected.htm. Cannot use local proxy server. Everything should be from code.

 

Any form of help is greatly appreciated.

 

Note: Please give some comments only if you can help. This will help preventing main discussion of thread. Thanks for support.

 

 

Thanks

Rahul

 

 

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: NSURLCache _diskCacheSyncLoop crashing on Tiger
  • Next by Date: SMB: HowTo escape a-umlaut
  • Previous by thread: NSURLCache _diskCacheSyncLoop crashing on Tiger
  • Next by thread: SMB: HowTo escape a-umlaut
  • Index(es):
    • Date
    • Thread