ipf_inject_input return error 45
Mike C.
I am working on a Network Kernel Extension that re-injects packets
after they have been captured with an IP Filter. However, the
re-injection doesn't work. ipf_inject_input always returns error code
45, which means "Operation not supported". What am I doing wrong? Here
is my setup and (simplified) code:
mbuf_t *saved_packet = NULL;
// function called by ip filter when new ip packet arrives
errno_t input_fn(void *cookie, mbuf_t *data, int offset, u_int8_t protocol) {
// test, if packet is interesting for us
// [...]
if (saved_packet != NULL) {
// Drop
return -1;
}
// keep reference to packet for later injection
saved_packet = data;
// send packet to usermode for further processing
mbuf_t new_mbuf;
mbuf_dup(*data, MBUF_WAITOK, &new_mbuf);
if (ctl_enqueuembuf(ctlref, ctrl_unit, new_mbuf, 0) != 0) {
// error, drop packet
saved_packet = NULL;
retrun -1;
}
// EJUSTRETURN = the packet will not be freed
return EJUSTRETURN;
}
// function called when usermode sends processing result back
errno_t ctl_send_fn(kern_ctl_ref kctlref, u_int32_t unit, void
*unitinfo, mbuf_t m, int flags) {
int result;
mbuf_copydata(m, 0, sizeof(result), &result);
if (result == 1) {
// the following call returns 45 ("Operation not supported") - WHY??
errno_t errno = ipf_inject_input(*saved_packet, installed_filter);
saved_packet = NULL;
} else {
// [...]
}
return 0;
}
Where is my mistake? Your help is greatly appreciated!
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (Darwin...@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-kernel/darwin-kernel-garchive-95844%40googlegroups.com
This email sent to darwin-kernel-...@googlegroups.com
Vincent Lubet
ENOTSUP is returned by ipf_inject_input() when the packet is not an IPv4 or IPv6 packet. You need to make sure the mbuf data pointer points to the start of the IPv4 or IPv6 packet.
Vincent
_______________________________________________
Mike C.
Thanks for your response!
I am not modifying the mbuf captured in the input_fn function by the
IP filter in any way. In fact, if I re-inject the mbuf right after
capturing it while I am still in the input_fn function, everything
works out as expected. However, when I re-inject the same mbuf later
(after receiving the processing result from user mode) I get an
ENOTSUP error. Am I not allowed to hold on to the mbuf reference to
re-inject it later??
Mike
2011/12/8 Vincent Lubet <vlu...@apple.com>:
Vincent Lubet
It's not clear to me what's going wrong but in case like these I use printf to show the detail of the mbuf. I would compare the saved_packet
mbuf before calling ctl_enqueuembuf() and before ipf_inject_input().
Vincent
Mike C.
I solved my problem by copying the mbuf with mbuf_dup before returning
from the input_fn function. When I later inject that copy everything
works as expected. I probably misinterpreted the documentation of
ipf_input_func [1]. I thought returning EJUSTRETURN means that I can
hold on to the mbuf to reinject it later. But as it turns out, someone
is messing with the memory of that mbuf making the injection fail.
Copying the mbuf solved the problem.
Thanks again for your help!
Mike