Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Interop between ipfilter kext and osx cisco ipsec vpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interop between ipfilter kext and osx cisco ipsec vpn

Subject: Interop between ipfilter kext and osx cisco ipsec vpn
From: Anand Choubey <email@hidden>
Date: Fri, 18 Apr 2014 06:35:34 -0700 (PDT)

Hi,

I developed ipfilter kext which captures packet at TX and RX path, does some packet inspection and re-inject to respective directions.

ipfilter kext works fine with all interfaces including l2tp vpn, wire/wireless and other 3rd party vpns except osx cisco ipsec vpn.

While running OSX cisco ipsec client (Server could be ASA or Strongswan does not matter).

I observe issue in Rx path. After creating mbuf and filling checksum, ipf_inject_input is used to inject packet RX path. ipf_inject_input method does not return any error but packet is not sent to upper layer.

e.g.

1. If I run client TCP application then ipfilter kext driver gets SYN(TX direction)->SYN_ACK(Rx)direction but never gets ACK. It means SYN_ACK is not received by TCP layer.

2. If I run ping, ipfilter kext gets outgoing icmp request/incoming icmp response but ping application never gets icmo reply.

Could anyone help/suggest me how to debug this problem?

Regards,

Anand Choubey

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Prev by Date: Re: NSStream and Out-of-band data
Next by Date: CFSockets client side blocking
Previous by thread: Re: NSStream and Out-of-band data
Next by thread: CFSockets client side blocking
Index(es):
- Date
- Thread