• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Browser filtering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Browser filtering

  • Subject: Re: Browser filtering
  • From: "Quinn \"The Eskimo!\"" <email@hidden>
  • Date: Thu, 9 Dec 2010 21:47:52 +0000
On 9 Dec 2010, at 20:55, eveningnick eveningnick wrote:

> does that mean that my application has to install a system-autostart
> agent (which will fork-exec the command "kextload mykextname.kext"),
> if it wants to have this kext to be started automatically everytime
> system boots?

Yes (assuming you meant "launchd daemon" rather than "system-autostart agent" :-).

> What kind of penalty?


A round trip into user space and then back into the kernel, typically once in each direction, which burns CPU cycles and increases latency.  The exact cost is hard to determine other than by testing.

But I wouldn't get too hung up on this cost.  In my experience network performance has a surprisingly minor impact on browser performance.

> Do you know some sources where i could read about it?


There's really no single place you can go to learn everything there is to know about this sort of issue.  However, a good starting point would be the "Mac OS X Internals" book, simply because a solid grounding in how the various components fit together will allow you to make sensible inferences.

<http://www.osxbook.com/>

> Does it influence all the traffic, or only the one which matches specified rules?


Only the traffic that's actually diverted.  The cost for non-diverted traffic is low.

> I am thinking with Windows analogies, where a proxy will be used only if it is specified explicitly in browser's settings.

Mac browsers tend to just use the system proxy settings.  In fact, if the browser is based on NSURLConnection (for example, Safari), it will use the system proxy and there's no way to disable that.  However, this doesn't stop a random application from just connecting to the network, or an alternative browser having its own proxy configuration UI.

> Or maybe i dont understand something.


Actually, I think it was me that didn't understand something (-:  I was assuming you were worried about needing admin privileges to install your software, but in reality you're worried about non-admin users being able to install alternative software.

IMO this is a two horse race between a socket filter NKE and ipfw.  In your situation I'd go with a socket filter, but I have lots of kernel programming experience (-:

S+E
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Browser filtering
      • From: eveningnick eveningnick <email@hidden>
References: 
 >Browser filtering (From: eveningnick eveningnick <email@hidden>)
 >Re: Browser filtering (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: Browser filtering (From: eveningnick eveningnick <email@hidden>)

  • Prev by Date: Re: Browser filtering
  • Next by Date: Re: Browser filtering
  • Previous by thread: Re: Browser filtering
  • Next by thread: Re: Browser filtering
  • Index(es):
    • Date
    • Thread